From david.hooton at gmail.com Sun May 1 17:24:09 2005 From: david.hooton at gmail.com (David Hooton) Date: Thu Jan 12 21:29:27 2006 Subject: 64-bit anyone? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4/26/05, Jason Balicki wrote: > Carl Boberg <> wrote: > > Hi, > > Just wondering if anybody has a MS installation running on an intel > > x64-bit os, like RedHat? Experiences, problems and such? > > I'm running on an AMD 64 bit box with CentOS 4 (RHEL clone) and > except for that one bit where Cthulhu demanded the fresh blood of > all my employees everything is fine. Don't get much outgoing mail > these days, though. How have you found the performance improvements between 32 & 64 Bit? Has anyone compared 2 similarly spec'd machines, one 32bit, one 64 while running MailScanner? -- Regards, David Hooton ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun May 1 17:27:03 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:27 2006 Subject: SV: maillog logging level Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, so there we are....telnet has revealed that you cannot make a connection. Do you get a connection refused type message? Probable causes: - You are running a firewall on the new MS machine that is blocking port 25 (this would probably be visible in the messages log or similar). Fix is to trim it so that it lets port 25/tcp through... "iptables -L" might show something (perhaps look at nat too) - Your sendmail isn't listening to the interface... This might be because a) you are telneting locally, and sendmail doesn't listen to localhost, or b) you are telneting from a remote host, but sendmail is only listening to the localhost. Look at your sendmail.mc and/or sendmail.cf (I'm no guru here, but perhaps someone else could help.... Perhaps something with the DaemonOptions or whatever). - Your sendmail is severly missconfigured and bombs out on any connection.....Yay!-). Would probably be visible in the logs, and perhaps leave corefile(s) behind... HtH -- Glenn . -----Ursprungligt meddelande----- FrÃ¥n: MailScanner mailing list genom Billy A. Pumphrey Skickat: fr 2005-04-29 17:49 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ã^Ämne: Re: maillog logging level --- NOTE: I erased the rest of the message to get by the "looks like a script" error" --- Ok, telnet To make it clear, I have a new MailScanner machine (the one that I am trying to get working) and the one in production that is out of date on software and hardware. Anyway, I know that sendmail is having problems because when I telnet to the new one it looks like it tries and just comes back to the command prompt. If I telnet to the old one a connection is made and shows some stuff. Now, Should I just reinstall sendmail on top of mine or something? I installed sendmail by selecting the package when installing centos4.0. The service appears to be running ok. I did the ch config that the book and web site talks about. A service MailScanner restart reads fine for the services starting (outgoing and incoming sendmail starts fine). If I look at the running services it has 1 sendmail running (under user smmsp) which is the one that is suppose to be running isn't it? I was comparing the service --status-all command between the 2 machines. The services looks the same as far as MailScanner and sendmail look. There is a sendmail running on each, and MailScanner running (MailScanner,incoming sendmail, outgoing sendmail) Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 1 17:30:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: 64-bit anyone? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Hooton wrote: >On 4/26/05, Jason Balicki wrote: > > >>Carl Boberg <> wrote: >> >> >>>Hi, >>>Just wondering if anybody has a MS installation running on an intel >>>x64-bit os, like RedHat? Experiences, problems and such? >>> >>> >>I'm running on an AMD 64 bit box with CentOS 4 (RHEL clone) and >>except for that one bit where Cthulhu demanded the fresh blood of >>all my employees everything is fine. Don't get much outgoing mail >>these days, though. >> >> > >How have you found the performance improvements between 32 & 64 Bit? > >Has anyone compared 2 similarly spec'd machines, one 32bit, one 64 >while running > > MailScanner? > > I've tried it, but not got any quantitative figures yet. It didn't make an enormous difference. Got about 700,000 messages per day through a dual-Opteron machine. This is only slightly higher than my dual-Xeon machine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun May 1 22:28:24 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:27 2006 Subject: Mailman and MailScanner Message-ID: Hi Doc! > And same thing here no mailboxes on the server. So guess I'll get to > hopping and install MailScanner and see how it does. > > I was jusy a little leary of running it with all the list and having > good list mail be tagged as spam. But this gives me a bit of > encouragement to run this on it. > > BTW: I'm running MailScanner on my secondary MX box with SA 3.0.2 (need > to upgrade that) and alls it does is catch spam. Works really well. Glad you like it! :) > MailScanner is one great piece of software. kudos to Julian! > > Thanks for the feedback, appreciate it. I also have some large lists running, and all get virus checked. But my setup is slightly different. We have 3 frontend picking up the load and then sending it clean/scanned to the listserver... Works ok. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun May 1 23:18:51 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you recomend using this for upgrading RHEL mailscanner rpm installations? Pete Julian Field wrote: > It turns out I'm a bit early, so I have just updated the > ClamAV+SpamAssassin installation package so it contains > > SpamAssassin 3.0.3 > ClamAV 0.84 > & all the modules they need to have installed. > > Using this package is enormously easier than installing everything by > hand yourself, as there are a lot of dependencies on other perl modules. > > Julian Field wrote: > >> Cool! >> I'm about to go out for an evening off, but hope that tomorrow I will >> build this into the ClamAV+SA tarball I make for you. >> >> I'm also planning on releasing the stable 4.41 tomorrow too. Assuming >> that it's the 1st May tomorrow (I've got a bit lost recently)... :-) >> >> Stephen Swaney wrote: >> >>> ClamAV 0.84 released >>> http://www.clamav.net >>> >>> Notes >>> Release Name: 0.84 >>> >>> Notes: >>> 0.84 >>> ---- >>> >>> This version improves detection of JPEG (MS04-028) based exploits, >>> introduces support for TNEF files and new detection mechanisms. Various >>> bugfixes (including problems with scanning of digest mail files) and >>> improvements have been made. >>> We encourage users to help testing the development versions, now with >>> rewritten RAR code and support for 3.0 archives! Visit >>> http://www.clamav.net/snapshot/ >>> >>> -) libclamav: >>> + JPEG exploit detector now also checks embedded Photoshop thumbnail >>> images >>> + archive meta-data scanner (improves malware detection within >>> encrypted >>> archives) >>> + support for TNEF (winmail.dat) decoding >>> + support for all tar archive formats >>> + MD5 implementation replaced with a slightly faster one >>> + improved database reloading with reference counter >>> + database updateable false positive eliminator >>> + speed improvements >>> + various bugfixes >>> -) clamd: >>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and >>> CLAM_VIRUSEVENT_VIRUSNAME >>> environment variables >>> -) clamav-milter: >>> + improved database update detection when not --external >>> -) clamscan: >>> + new options --include-dir and exclude-dir >>> + new option --max-dir-recursion >>> -) freshclam: >>> + new directive LocalIPAddress >>> -) contrib: >>> + clamdmon 1.0 - clamdwatch replacement written in C >>> -) 3rd party software: >>> + hMailServer - open source e-mail server for Microsoft Window >>> + pop3.proxy - proxy server for the POP3 protocol >>> + HTTP Anti Virus Proxy >>> + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail >>> Server >>> + smf-clamd - small & fast virus filter for Sendmail >>> + Squidclam - replacement for SquidClamAV-Redirector.py written in C >>> + QtClamAVclient - remote clamd client based on the Qt Toolkit >>> + qpsmtp - flexible smtpd daemon written in Perl >>> >>> Steve >>> >>> Steve Swaney >>> President >>> Fortress Systems Ltd. >>> www.fsl.com >>> steve.swaney@fsl.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sub at ICCONSULTING.COM.AU Mon May 2 03:14:54 2005 From: sub at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:29:27 2006 Subject: mytob worm only picked up by clamav Message-ID: Hi, I have 4 virus scanners running, and only clamav is picking this up. Luckily the .pif file extensions is also killing it. What engines are you using that can pick this up, for linux, and I'll go buy another engine? How about bitdefender, does it pick it up? Scott sfarrell@icconsulting.com.au The following e-mail messages were found to have viruses in them: Sender: james@xxxxxxxxx.com.au IP Address: 202.164.195.253 Recipient: jimmy@xxxxx.com.au Subject: STATUS MessageID: j421vrp2007602 Report: jttjg.zip contains Worm.Mytob.S jttjg.txt .pif contains Worm.Mytob.S Shortcuts to MS-Dos programs are very dangerous in email (jttjg.txt .pif) Report: jttjg.txt .pif contains Worm.Mytob.S Shortcuts to MS-Dos programs are very dangerous in email (jttjg.txt .pif) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gib at TMISNET.COM Mon May 2 03:23:47 2005 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:29:27 2006 Subject: Failed MailScanner 4.40.11 Install Message-ID: Hi All. Just tried updating from 4.32.4 to 4.40.11 (which is the latest FreeBSD Port). I used the port deinstall and port install method of upgrading. After following the final instructions after the upgrade I tried starting MailScanner and it failed because it couldn't find BinHex.pm. I have looked through the archives and can't find anything matching this situation. I tried installing the module through CPan but get the following error message. Any ideas? === Running make test PERL_DL_NONLAZY=1 /usr/bin/perl5 "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Body...........ok t/Decoder........ok t/Entity.........ok t/Gauntlet.......ok t/Head...........ok t/Misc...........FAILED tests 4-5, 7-11 Failed 7/14 tests, 50.00% okay t/Parser.........ok t/Ref............ok t/WordDecoder....ok t/Words..........ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Misc.t 14 7 50.00% 4-5 7-11 Failed 1/10 test scripts, 90.00% okay. 7/231 subtests failed, 96.97% okay. *** Error code 35 Stop in /root/.cpan/build/MIME-tools-5.417. /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force === Thanks for any help you might be able to pass this way. gib Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's Friendly ISP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derrilh at gmail.com Mon May 2 04:41:54 2005 From: derrilh at gmail.com (Derril Hedk) Date: Thu Jan 12 21:29:27 2006 Subject: SpamAssassin Error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I don't if anyone else has had this problem, but i've upgraded both MailScanner and SpamAssassin and now i'm receiving this error every time mail is processed. The mail still goes through, but this msg is generated in the log. Any ideas how to fix this? May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 321, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 210, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 212, line 77. May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm line 213, line 77. May 1 20:45:40 admin2 spamd[7329]: error: Can't locate Net/DNS/RR/A.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/5.8.1/i386-linux-thread-multi /usr/lib/perl5/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval 47) line 3, line 77._ No such file or directory, continuing ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon May 2 04:41:38 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:27 2006 Subject: Failed MailScanner 4.40.11 Install Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 2 May 2005 12:23 pm, Gib Gilbertson Jr. wrote: > Hi All. > > Just tried updating from 4.32.4 to 4.40.11 (which is the latest FreeBSD > Port). I used the port deinstall and port install method of upgrading. > After following the final instructions after the upgrade I tried starting > MailScanner and it failed because it couldn't find BinHex.pm. Have you tried "make reinstall" instead of "make install"?? I use the tarball versions of MailScanner in FreeBSD - but that's just me. Ports isn't usually far behind the latest release, but I prefer doing things by hand with MailScanner. Cheers, James -- BOFH excuse #37: heavy gravity fluctuation, move computer to floor rapidly ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon May 2 06:13:43 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:27 2006 Subject: mytob worm only picked up by clamav Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 2 May 2005 12:14 pm, Scott Farrell wrote: > Hi, > > I have 4 virus scanners running, and only clamav is picking this up. > > Luckily the .pif file extensions is also killing it. > > What engines are you using that can pick this up, for linux, and I'll go > buy another engine? > > How about bitdefender, does it pick it up? I've been catching it with both ClamAV (0.84) and McAfee/NAI VirusScan (engine 4.40.0). Given NAI's lack of speed in releasing signature updates, I don't think they are the best option in terms of bangs-for-bucks. They do release "extra" files when an outbreak occurrs, but these are a pain to deal with in any automated fashion HTH, James -- Athena Desktop Environment! In your hearts, you *know* it's the right choice! :) * Knghtbrd THWAPS xtifr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon May 2 08:37:35 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:27 2006 Subject: Failed MailScanner 4.40.11 Install Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried installing p5-Mime-Tools from the port collection? If a port exists, (and it does for p5-Mime-Tools) it's usually better to try the port before CPAN. I didn't have any problems installing it from the port on FreeBSD 4.11. Adri. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Gib Gilbertson Jr. > Sent: 02 May, 2005 04:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Failed MailScanner 4.40.11 Install > > > Hi All. > > Just tried updating from 4.32.4 to 4.40.11 (which is the > latest FreeBSD > Port). I used the port deinstall and port install method of upgrading. > After following the final instructions after the upgrade I > tried starting > MailScanner and it failed because it couldn't find BinHex.pm. > > I have looked through the archives and can't find anything > matching this > situation. > > I tried installing the module through CPan but get the following error > message. Any ideas? > > === > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl5 "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Body...........ok > t/Decoder........ok > t/Entity.........ok > t/Gauntlet.......ok > t/Head...........ok > t/Misc...........FAILED tests 4-5, 7-11 > Failed 7/14 tests, 50.00% okay > t/Parser.........ok > t/Ref............ok > t/WordDecoder....ok > t/Words..........ok > Failed Test Stat Wstat Total Fail Failed List of Failed > -------------------------------------------------------------- > ----------------- > t/Misc.t 14 7 50.00% 4-5 7-11 > Failed 1/10 test scripts, 90.00% okay. 7/231 subtests failed, > 96.97% okay. > *** Error code 35 > > Stop in /root/.cpan/build/MIME-tools-5.417. > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > === > > Thanks for any help you might be able to pass this way. > > gib > > > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's Friendly ISP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Mon May 2 08:42:59 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:27 2006 Subject: Hardware platform ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, What is the "recommended" configuration for a MailScanner platform (plus Postfix, SA, MySQL and MailWatch, everything will run on it) ? The target environment deals with something like 50 000 mails per month. Thanks, NB. __________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon May 2 08:50:15 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:27 2006 Subject: Hardware platform ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Almost anything will run that and leave you room to handle outbreaks. Certainly any p3 and fair chunk of RAM and preferably a SCSI HDD. Checkout the maq for a list of machines current users have. Pete Nestor Burma wrote: > Hello, > > What is the "recommended" configuration for a > MailScanner platform (plus Postfix, SA, MySQL and > MailWatch, everything will run on it) ? The target > environment deals with something like 50 000 mails per > month. > > Thanks, > > NB. > > > > > > > __________________________________________________________________ > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 10:26:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I tend to rpm -e the packages for clamav and SA, then install from the tarball. Your alternative is Dag Wieers rpm packages, they are usually up to date and complete. Peter Russell wrote: > Do you recomend using this for upgrading RHEL mailscanner rpm > installations? > > Pete > > Julian Field wrote: > >> It turns out I'm a bit early, so I have just updated the >> ClamAV+SpamAssassin installation package so it contains >> >> SpamAssassin 3.0.3 >> ClamAV 0.84 >> & all the modules they need to have installed. >> >> Using this package is enormously easier than installing everything by >> hand yourself, as there are a lot of dependencies on other perl modules. >> >> Julian Field wrote: >> >>> Cool! >>> I'm about to go out for an evening off, but hope that tomorrow I will >>> build this into the ClamAV+SA tarball I make for you. >>> >>> I'm also planning on releasing the stable 4.41 tomorrow too. Assuming >>> that it's the 1st May tomorrow (I've got a bit lost recently)... :-) >>> >>> Stephen Swaney wrote: >>> >>>> ClamAV 0.84 released >>>> http://www.clamav.net >>>> >>>> Notes >>>> Release Name: 0.84 >>>> >>>> Notes: >>>> 0.84 >>>> ---- >>>> >>>> This version improves detection of JPEG (MS04-028) based exploits, >>>> introduces support for TNEF files and new detection mechanisms. >>>> Various >>>> bugfixes (including problems with scanning of digest mail files) and >>>> improvements have been made. >>>> We encourage users to help testing the development versions, now with >>>> rewritten RAR code and support for 3.0 archives! Visit >>>> http://www.clamav.net/snapshot/ >>>> >>>> -) libclamav: >>>> + JPEG exploit detector now also checks embedded Photoshop >>>> thumbnail >>>> images >>>> + archive meta-data scanner (improves malware detection within >>>> encrypted >>>> archives) >>>> + support for TNEF (winmail.dat) decoding >>>> + support for all tar archive formats >>>> + MD5 implementation replaced with a slightly faster one >>>> + improved database reloading with reference counter >>>> + database updateable false positive eliminator >>>> + speed improvements >>>> + various bugfixes >>>> -) clamd: >>>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and >>>> CLAM_VIRUSEVENT_VIRUSNAME >>>> environment variables >>>> -) clamav-milter: >>>> + improved database update detection when not --external >>>> -) clamscan: >>>> + new options --include-dir and exclude-dir >>>> + new option --max-dir-recursion >>>> -) freshclam: >>>> + new directive LocalIPAddress >>>> -) contrib: >>>> + clamdmon 1.0 - clamdwatch replacement written in C >>>> -) 3rd party software: >>>> + hMailServer - open source e-mail server for Microsoft Window >>>> + pop3.proxy - proxy server for the POP3 protocol >>>> + HTTP Anti Virus Proxy >>>> + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail >>>> Server >>>> + smf-clamd - small & fast virus filter for Sendmail >>>> + Squidclam - replacement for SquidClamAV-Redirector.py written >>>> in C >>>> + QtClamAVclient - remote clamd client based on the Qt Toolkit >>>> + qpsmtp - flexible smtpd daemon written in Perl >>>> >>>> Steve >>>> >>>> Steve Swaney >>>> President >>>> Fortress Systems Ltd. >>>> www.fsl.com >>>> steve.swaney@fsl.com >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 10:33:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: SpamAssassin Error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That error is not anything to do with MailScanner. For some reason you have some other setup in place (possibly procmail?) that is calling SpamAssassin via spamc/spamd. You want to stop it doing this, then switch off the spamd service completely. MailScanner does not use it, it works in a more efficient way. Derril Hedk wrote: >Hello, > >I don't if anyone else has had this problem, but i've upgraded both >MailScanner and SpamAssassin and now i'm receiving this error every >time mail is processed. The mail still goes through, but this msg is >generated in the log. Any ideas how to fix this? > >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 321, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 322, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 322, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 321, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 322, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in hash >element at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 322, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in >pattern match (m//) at >/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 210, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in >pattern match (m//) at >/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 212, line 77. >May 1 20:45:40 admin2 spamd[7329]: Use of uninitialized value in >concatenation (.) or string at >/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Message/Metadata/Received.pm >line 213, line 77. >May 1 20:45:40 admin2 spamd[7329]: error: Can't locate >Net/DNS/RR/A.pm in @INC (@INC contains: ../lib >/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi >/usr/lib/perl5/site_perl/5.8.1 >/usr/lib/perl5/5.8.1/i386-linux-thread-multi /usr/lib/perl5/5.8.1 >/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi >/usr/lib/perl5/vendor_perl/5.8.1 >/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval >47) line 3, line 77._ No such file or directory, continuing > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 2 12:23:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:27 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti > Sent: den 29 april 2005 16:16 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Can't get rid of the .header files in the incoming > directory.... Take 2, more info... > (snip) > > I am not an expert, but I think it's unlinking with > the wrong filename.... > > Could have to do with this code in WorkArea.pm, sub > ClearAll : > # Clean up the whole thing > while($f = $dirhandle->read()) { > #print STDERR "Studying \"$f\"\n"; > next if $f =~ /^\./; > # Needs untaint: > $f =~ /([-\w]+\.header)$/ and unlink "$1"; > # And delete core files > $f =~ /^core$/ and unlink "core"; > # Also needs untaint... sledgehammer. nut. > $f =~ /(.*)/; > push @ToDelete, $1 if -d "$1"; > } > $dirhandle->close(); > > Maybe due to the fact that you added a new header > section in the name for Postfix queue files ? I dont > think your regexp will match names like : > 377DC50192.2C0F7.header > > I could also be totally wrong ;-) I just took a very > quick look... No, you are exactly right Spike... Not a big deal perhaps, since the directories (and their content) would be cleared upon MS restart (every ... second or so:-), but since the "postfix queue ID fix", the header files would be left behind. Fix is simple: just add a "." to the RE (as "-" is for exim IDs): $f =~ /([-.\w]+\.header)$/ and unlink "$1"; .... and all would be well. Julian, could you do that please (if you haven't already)? -- Glenn > > Spike > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 12:33:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well found, guys! Someone can read my code? I have added the fix and it will be in the next release. Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti >>Sent: den 29 april 2005 16:16 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Can't get rid of the .header files in the incoming >>directory.... Take 2, more info... >> >> >> >(snip) > > >>I am not an expert, but I think it's unlinking with >>the wrong filename.... >> >>Could have to do with this code in WorkArea.pm, sub >>ClearAll : >> # Clean up the whole thing >> while($f = $dirhandle->read()) { >> #print STDERR "Studying \"$f\"\n"; >> next if $f =~ /^\./; >> # Needs untaint: >> $f =~ /([-\w]+\.header)$/ and unlink "$1"; >> # And delete core files >> $f =~ /^core$/ and unlink "core"; >> # Also needs untaint... sledgehammer. nut. >> $f =~ /(.*)/; >> push @ToDelete, $1 if -d "$1"; >> } >> $dirhandle->close(); >> >>Maybe due to the fact that you added a new header >>section in the name for Postfix queue files ? I dont >>think your regexp will match names like : >>377DC50192.2C0F7.header >> >>I could also be totally wrong ;-) I just took a very >>quick look... >> >> >No, you are exactly right Spike... Not a big deal perhaps, since >the directories (and their content) would be cleared upon MS >restart (every ... second or so:-), but since the "postfix queue >ID fix", the header files would be left behind. >Fix is simple: just add a "." to the RE (as "-" is for exim IDs): > $f =~ /([-.\w]+\.header)$/ and unlink "$1"; >.... and all would be well. > >Julian, could you do that please (if you haven't already)? > >-- Glenn > > > >>Spike >> >> >>__________________________________________________ >>Do You Yahoo!? >>Tired of spam? Yahoo! Mail has the best spam protection around >>http://mail.yahoo.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 12:40:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you want a patch for this, try this: -----SNIP----- --- WorkArea.pm.old Wed Apr 20 10:47:16 2005 +++ WorkArea.pm Mon May 2 11:52:08 2005 @@ -230,7 +230,7 @@ #print STDERR "Studying \"$f\"\n"; next if $f =~ /^\./; # Needs untaint: - $f =~ /([-\w]+\.header)$/ and unlink "$1"; + $f =~ /([-.\w]+\.header)$/ and unlink "$1"; # And delete core files $f =~ /^core$/ and unlink "core"; # Also needs untaint... sledgehammer. nut. -----SNIP----- Julian Field wrote: > Well found, guys! > Someone can read my code? > > I have added the fix and it will be in the next release. > > Steen, Glenn wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti >>> Sent: den 29 april 2005 16:16 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Can't get rid of the .header files in the incoming >>> directory.... Take 2, more info... >>> >>> >>> >> (snip) >> >> >>> I am not an expert, but I think it's unlinking with >>> the wrong filename.... >>> >>> Could have to do with this code in WorkArea.pm, sub >>> ClearAll : >>> # Clean up the whole thing >>> while($f = $dirhandle->read()) { >>> #print STDERR "Studying \"$f\"\n"; >>> next if $f =~ /^\./; >>> # Needs untaint: >>> $f =~ /([-\w]+\.header)$/ and unlink "$1"; >>> # And delete core files >>> $f =~ /^core$/ and unlink "core"; >>> # Also needs untaint... sledgehammer. nut. >>> $f =~ /(.*)/; >>> push @ToDelete, $1 if -d "$1"; >>> } >>> $dirhandle->close(); >>> >>> Maybe due to the fact that you added a new header >>> section in the name for Postfix queue files ? I dont >>> think your regexp will match names like : >>> 377DC50192.2C0F7.header >>> >>> I could also be totally wrong ;-) I just took a very >>> quick look... >>> >>> >> No, you are exactly right Spike... Not a big deal perhaps, since >> the directories (and their content) would be cleared upon MS >> restart (every ... second or so:-), but since the "postfix queue >> ID fix", the header files would be left behind. >> Fix is simple: just add a "." to the RE (as "-" is for exim IDs): >> $f =~ /([-.\w]+\.header)$/ and unlink "$1"; >> .... and all would be well. >> >> Julian, could you do that please (if you haven't already)? >> >> -- Glenn >> >> >> >>> Spike >>> >>> >>> __________________________________________________ >>> Do You Yahoo!? >>> Tired of spam? Yahoo! Mail has the best spam protection around >>> http://mail.yahoo.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon May 2 12:54:18 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just installed the new package, and when I run a SpamAssassin lint it shows version 3.0.2 for me... What could be the problem? I already searched and don't have the rpm verison installed, only the tarball one... ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, April 30, 2005 2:07 PM Subject: Re: ClamAV 0.84 released > It turns out I'm a bit early, so I have just updated the > ClamAV+SpamAssassin installation package so it contains > > SpamAssassin 3.0.3 > ClamAV 0.84 > & all the modules they need to have installed. > > Using this package is enormously easier than installing everything by > hand yourself, as there are a lot of dependencies on other perl modules. > > Julian Field wrote: > > > Cool! > > I'm about to go out for an evening off, but hope that tomorrow I will > > build this into the ClamAV+SA tarball I make for you. > > > > I'm also planning on releasing the stable 4.41 tomorrow too. Assuming > > that it's the 1st May tomorrow (I've got a bit lost recently)... :-) > > > > Stephen Swaney wrote: > > > >> ClamAV 0.84 released > >> http://www.clamav.net > >> > >> Notes > >> Release Name: 0.84 > >> > >> Notes: > >> 0.84 > >> ---- > >> > >> This version improves detection of JPEG (MS04-028) based exploits, > >> introduces support for TNEF files and new detection mechanisms. Various > >> bugfixes (including problems with scanning of digest mail files) and > >> improvements have been made. > >> We encourage users to help testing the development versions, now with > >> rewritten RAR code and support for 3.0 archives! Visit > >> http://www.clamav.net/snapshot/ > >> > >> -) libclamav: > >> + JPEG exploit detector now also checks embedded Photoshop thumbnail > >> images > >> + archive meta-data scanner (improves malware detection within > >> encrypted > >> archives) > >> + support for TNEF (winmail.dat) decoding > >> + support for all tar archive formats > >> + MD5 implementation replaced with a slightly faster one > >> + improved database reloading with reference counter > >> + database updateable false positive eliminator > >> + speed improvements > >> + various bugfixes > >> -) clamd: > >> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and > >> CLAM_VIRUSEVENT_VIRUSNAME > >> environment variables > >> -) clamav-milter: > >> + improved database update detection when not --external > >> -) clamscan: > >> + new options --include-dir and exclude-dir > >> + new option --max-dir-recursion > >> -) freshclam: > >> + new directive LocalIPAddress > >> -) contrib: > >> + clamdmon 1.0 - clamdwatch replacement written in C > >> -) 3rd party software: > >> + hMailServer - open source e-mail server for Microsoft Window > >> + pop3.proxy - proxy server for the POP3 protocol > >> + HTTP Anti Virus Proxy > >> + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail > >> Server > >> + smf-clamd - small & fast virus filter for Sendmail > >> + Squidclam - replacement for SquidClamAV-Redirector.py written in C > >> + QtClamAVclient - remote clamd client based on the Qt Toolkit > >> + qpsmtp - flexible smtpd daemon written in Perl > >> > >> Steve > >> > >> Steve Swaney > >> President > >> Fortress Systems Ltd. > >> www.fsl.com > >> steve.swaney@fsl.com > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 13:05:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you sure you don't have 2 perls installed? Do a locate or a find for SpamAssassin.pm and see if it finds more than 1. Roger Jochem wrote: >I just installed the new package, and when I run a SpamAssassin lint it >shows version 3.0.2 for me... What could be the problem? > >I already searched and don't have the rpm verison installed, only the >tarball one... > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Saturday, April 30, 2005 2:07 PM >Subject: Re: ClamAV 0.84 released > > > > >>It turns out I'm a bit early, so I have just updated the >>ClamAV+SpamAssassin installation package so it contains >> >>SpamAssassin 3.0.3 >>ClamAV 0.84 >>& all the modules they need to have installed. >> >>Using this package is enormously easier than installing everything by >>hand yourself, as there are a lot of dependencies on other perl modules. >> >>Julian Field wrote: >> >> >> >>>Cool! >>>I'm about to go out for an evening off, but hope that tomorrow I will >>>build this into the ClamAV+SA tarball I make for you. >>> >>>I'm also planning on releasing the stable 4.41 tomorrow too. Assuming >>>that it's the 1st May tomorrow (I've got a bit lost recently)... :-) >>> >>>Stephen Swaney wrote: >>> >>> >>> >>>>ClamAV 0.84 released >>>>http://www.clamav.net >>>> >>>>Notes >>>>Release Name: 0.84 >>>> >>>>Notes: >>>>0.84 >>>>---- >>>> >>>>This version improves detection of JPEG (MS04-028) based exploits, >>>>introduces support for TNEF files and new detection mechanisms. Various >>>>bugfixes (including problems with scanning of digest mail files) and >>>>improvements have been made. >>>>We encourage users to help testing the development versions, now with >>>>rewritten RAR code and support for 3.0 archives! Visit >>>>http://www.clamav.net/snapshot/ >>>> >>>>-) libclamav: >>>> + JPEG exploit detector now also checks embedded Photoshop thumbnail >>>>images >>>> + archive meta-data scanner (improves malware detection within >>>>encrypted >>>>archives) >>>> + support for TNEF (winmail.dat) decoding >>>> + support for all tar archive formats >>>> + MD5 implementation replaced with a slightly faster one >>>> + improved database reloading with reference counter >>>> + database updateable false positive eliminator >>>> + speed improvements >>>> + various bugfixes >>>>-) clamd: >>>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and >>>>CLAM_VIRUSEVENT_VIRUSNAME >>>> environment variables >>>>-) clamav-milter: >>>> + improved database update detection when not --external >>>>-) clamscan: >>>> + new options --include-dir and exclude-dir >>>> + new option --max-dir-recursion >>>>-) freshclam: >>>> + new directive LocalIPAddress >>>>-) contrib: >>>> + clamdmon 1.0 - clamdwatch replacement written in C >>>>-) 3rd party software: >>>> + hMailServer - open source e-mail server for Microsoft Window >>>> + pop3.proxy - proxy server for the POP3 protocol >>>> + HTTP Anti Virus Proxy >>>> + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail >>>>Server >>>> + smf-clamd - small & fast virus filter for Sendmail >>>> + Squidclam - replacement for SquidClamAV-Redirector.py written in C >>>> + QtClamAVclient - remote clamd client based on the Qt Toolkit >>>> + qpsmtp - flexible smtpd daemon written in Perl >>>> >>>>Steve >>>> >>>>Steve Swaney >>>>President >>>>Fortress Systems Ltd. >>>>www.fsl.com >>>>steve.swaney@fsl.com >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon May 2 13:12:36 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found just one located in /usr/lib/perl/site_perl/5.0.8/Mail ----- Original Message ----- From: "Julian Field" To: Sent: Monday, May 02, 2005 9:05 AM Subject: Re: ClamAV 0.84 released > Are you sure you don't have 2 perls installed? > Do a locate or a find for SpamAssassin.pm and see if it finds more than 1. > > Roger Jochem wrote: > > >I just installed the new package, and when I run a SpamAssassin lint it > >shows version 3.0.2 for me... What could be the problem? > > > >I already searched and don't have the rpm verison installed, only the > >tarball one... > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Saturday, April 30, 2005 2:07 PM > >Subject: Re: ClamAV 0.84 released > > > > > > > > > >>It turns out I'm a bit early, so I have just updated the > >>ClamAV+SpamAssassin installation package so it contains > >> > >>SpamAssassin 3.0.3 > >>ClamAV 0.84 > >>& all the modules they need to have installed. > >> > >>Using this package is enormously easier than installing everything by > >>hand yourself, as there are a lot of dependencies on other perl modules. > >> > >>Julian Field wrote: > >> > >> > >> > >>>Cool! > >>>I'm about to go out for an evening off, but hope that tomorrow I will > >>>build this into the ClamAV+SA tarball I make for you. > >>> > >>>I'm also planning on releasing the stable 4.41 tomorrow too. Assuming > >>>that it's the 1st May tomorrow (I've got a bit lost recently)... :-) > >>> > >>>Stephen Swaney wrote: > >>> > >>> > >>> > >>>>ClamAV 0.84 released > >>>>http://www.clamav.net > >>>> > >>>>Notes > >>>>Release Name: 0.84 > >>>> > >>>>Notes: > >>>>0.84 > >>>>---- > >>>> > >>>>This version improves detection of JPEG (MS04-028) based exploits, > >>>>introduces support for TNEF files and new detection mechanisms. Various > >>>>bugfixes (including problems with scanning of digest mail files) and > >>>>improvements have been made. > >>>>We encourage users to help testing the development versions, now with > >>>>rewritten RAR code and support for 3.0 archives! Visit > >>>>http://www.clamav.net/snapshot/ > >>>> > >>>>-) libclamav: > >>>> + JPEG exploit detector now also checks embedded Photoshop thumbnail > >>>>images > >>>> + archive meta-data scanner (improves malware detection within > >>>>encrypted > >>>>archives) > >>>> + support for TNEF (winmail.dat) decoding > >>>> + support for all tar archive formats > >>>> + MD5 implementation replaced with a slightly faster one > >>>> + improved database reloading with reference counter > >>>> + database updateable false positive eliminator > >>>> + speed improvements > >>>> + various bugfixes > >>>>-) clamd: > >>>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and > >>>>CLAM_VIRUSEVENT_VIRUSNAME > >>>> environment variables > >>>>-) clamav-milter: > >>>> + improved database update detection when not --external > >>>>-) clamscan: > >>>> + new options --include-dir and exclude-dir > >>>> + new option --max-dir-recursion > >>>>-) freshclam: > >>>> + new directive LocalIPAddress > >>>>-) contrib: > >>>> + clamdmon 1.0 - clamdwatch replacement written in C > >>>>-) 3rd party software: > >>>> + hMailServer - open source e-mail server for Microsoft Window > >>>> + pop3.proxy - proxy server for the POP3 protocol > >>>> + HTTP Anti Virus Proxy > >>>> + SmarterMail Filter - ClamAV based plugin for SmarterMail Mail > >>>>Server > >>>> + smf-clamd - small & fast virus filter for Sendmail > >>>> + Squidclam - replacement for SquidClamAV-Redirector.py written in C > >>>> + QtClamAVclient - remote clamd client based on the Qt Toolkit > >>>> + qpsmtp - flexible smtpd daemon written in Perl > >>>> > >>>>Steve > >>>> > >>>>Steve Swaney > >>>>President > >>>>Fortress Systems Ltd. > >>>>www.fsl.com > >>>>steve.swaney@fsl.com > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>>-- > >>>Julian Field > >>>www.MailScanner.info > >>>Buy the MailScanner book at www.MailScanner.info/store > >>>Professional Support Services at www.MailScanner.biz > >>>MailScanner thanks transtec Computers for their support > >>> > >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon May 2 13:22:47 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:27 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] install it via cpan > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: Monday, May 02, 2005 2:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV 0.84 released > > > Found just one located in /usr/lib/perl/site_perl/5.0.8/Mail > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Monday, May 02, 2005 9:05 AM > Subject: Re: ClamAV 0.84 released > > > > Are you sure you don't have 2 perls installed? > > Do a locate or a find for SpamAssassin.pm and see if it > finds more than 1. > > > > Roger Jochem wrote: > > > > >I just installed the new package, and when I run a > SpamAssassin lint it > > >shows version 3.0.2 for me... What could be the problem? > > > > > >I already searched and don't have the rpm verison > installed, only the > > >tarball one... > > > > > >----- Original Message ----- > > >From: "Julian Field" > > >To: > > >Sent: Saturday, April 30, 2005 2:07 PM > > >Subject: Re: ClamAV 0.84 released > > > > > > > > > > > > > > >>It turns out I'm a bit early, so I have just updated the > > >>ClamAV+SpamAssassin installation package so it contains > > >> > > >>SpamAssassin 3.0.3 > > >>ClamAV 0.84 > > >>& all the modules they need to have installed. > > >> > > >>Using this package is enormously easier than installing > everything by > > >>hand yourself, as there are a lot of dependencies on > other perl modules. > > >> > > >>Julian Field wrote: > > >> > > >> > > >> > > >>>Cool! > > >>>I'm about to go out for an evening off, but hope that > tomorrow I will > > >>>build this into the ClamAV+SA tarball I make for you. > > >>> > > >>>I'm also planning on releasing the stable 4.41 tomorrow > too. Assuming > > >>>that it's the 1st May tomorrow (I've got a bit lost > recently)... :-) > > >>> > > >>>Stephen Swaney wrote: > > >>> > > >>> > > >>> > > >>>>ClamAV 0.84 released > > >>>>http://www.clamav.net > > >>>> > > >>>>Notes > > >>>>Release Name: 0.84 > > >>>> > > >>>>Notes: > > >>>>0.84 > > >>>>---- > > >>>> > > >>>>This version improves detection of JPEG (MS04-028) > based exploits, > > >>>>introduces support for TNEF files and new detection mechanisms. > Various > > >>>>bugfixes (including problems with scanning of digest > mail files) and > > >>>>improvements have been made. > > >>>>We encourage users to help testing the development > versions, now with > > >>>>rewritten RAR code and support for 3.0 archives! Visit > > >>>>http://www.clamav.net/snapshot/ > > >>>> > > >>>>-) libclamav: > > >>>> + JPEG exploit detector now also checks embedded Photoshop > thumbnail > > >>>>images > > >>>> + archive meta-data scanner (improves malware > detection within > > >>>>encrypted > > >>>>archives) > > >>>> + support for TNEF (winmail.dat) decoding > > >>>> + support for all tar archive formats > > >>>> + MD5 implementation replaced with a slightly faster one > > >>>> + improved database reloading with reference counter > > >>>> + database updateable false positive eliminator > > >>>> + speed improvements > > >>>> + various bugfixes > > >>>>-) clamd: > > >>>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and > > >>>>CLAM_VIRUSEVENT_VIRUSNAME > > >>>> environment variables > > >>>>-) clamav-milter: > > >>>> + improved database update detection when not --external > > >>>>-) clamscan: > > >>>> + new options --include-dir and exclude-dir > > >>>> + new option --max-dir-recursion > > >>>>-) freshclam: > > >>>> + new directive LocalIPAddress > > >>>>-) contrib: > > >>>> + clamdmon 1.0 - clamdwatch replacement written in C > > >>>>-) 3rd party software: > > >>>> + hMailServer - open source e-mail server for > Microsoft Window > > >>>> + pop3.proxy - proxy server for the POP3 protocol > > >>>> + HTTP Anti Virus Proxy > > >>>> + SmarterMail Filter - ClamAV based plugin for > SmarterMail Mail > > >>>>Server > > >>>> + smf-clamd - small & fast virus filter for Sendmail > > >>>> + Squidclam - replacement for > SquidClamAV-Redirector.py written in > C > > >>>> + QtClamAVclient - remote clamd client based on the > Qt Toolkit > > >>>> + qpsmtp - flexible smtpd daemon written in Perl > > >>>> > > >>>>Steve > > >>>> > > >>>>Steve Swaney > > >>>>President > > >>>>Fortress Systems Ltd. > > >>>>www.fsl.com > > >>>>steve.swaney@fsl.com > > >>>> > > >>>>------------------------ MailScanner list > ------------------------ > > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>>>'leave mailscanner' in the body of the email. > > >>>>Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>>> > > >>>>Support MailScanner development - buy the book off the website! > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>-- > > >>>Julian Field > > >>>www.MailScanner.info > > >>>Buy the MailScanner book at www.MailScanner.info/store > > >>>Professional Support Services at www.MailScanner.biz > > >>>MailScanner thanks transtec Computers for their support > > >>> > > >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>> > > >>>------------------------ MailScanner list > ------------------------ > > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>>'leave mailscanner' in the body of the email. > > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>> > > >>>Support MailScanner development - buy the book off the website! > > >>> > > >>> > > >>> > > >>-- > > >>Julian Field > > >>www.MailScanner.info > > >>Buy the MailScanner book at www.MailScanner.info/store > > >>Professional Support Services at www.MailScanner.biz > > >>MailScanner thanks transtec Computers for their support > > >> > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> > > >>------------------------ MailScanner list ------------------------ > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>'leave mailscanner' in the body of the email. > > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> > > >>Support MailScanner development - buy the book off the website! > > >> > > >> > > > > > >------------------------ MailScanner list ------------------------ > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >'leave mailscanner' in the body of the email. > > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 2 13:41:14 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:27 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: Thank you. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 2 maj 2005 13:41 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Can't get rid of the .header files in the > incoming directory.... Take 2, more info... > > > If you want a patch for this, try this: > > -----SNIP----- > --- WorkArea.pm.old Wed Apr 20 10:47:16 2005 > +++ WorkArea.pm Mon May 2 11:52:08 2005 > @@ -230,7 +230,7 @@ > #print STDERR "Studying \"$f\"\n"; > next if $f =~ /^\./; > # Needs untaint: > - $f =~ /([-\w]+\.header)$/ and unlink "$1"; > + $f =~ /([-.\w]+\.header)$/ and unlink "$1"; > # And delete core files > $f =~ /^core$/ and unlink "core"; > # Also needs untaint... sledgehammer. nut. > -----SNIP----- > > > Julian Field wrote: > > > Well found, guys! > > Someone can read my code? > > > > I have added the fix and it will be in the next release. > > > > Steen, Glenn wrote: > > > >>> -----Original Message----- > >>> From: MailScanner mailing list > >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti > >>> Sent: den 29 april 2005 16:16 > >>> To: MAILSCANNER@JISCMAIL.AC.UK > >>> Subject: Can't get rid of the .header files in the incoming > >>> directory.... Take 2, more info... > >>> > >>> > >>> > >> (snip) > >> > >> > >>> I am not an expert, but I think it's unlinking with > >>> the wrong filename.... > >>> > >>> Could have to do with this code in WorkArea.pm, sub > >>> ClearAll : > >>> # Clean up the whole thing > >>> while($f = $dirhandle->read()) { > >>> #print STDERR "Studying \"$f\"\n"; > >>> next if $f =~ /^\./; > >>> # Needs untaint: > >>> $f =~ /([-\w]+\.header)$/ and unlink "$1"; > >>> # And delete core files > >>> $f =~ /^core$/ and unlink "core"; > >>> # Also needs untaint... sledgehammer. nut. > >>> $f =~ /(.*)/; > >>> push @ToDelete, $1 if -d "$1"; > >>> } > >>> $dirhandle->close(); > >>> > >>> Maybe due to the fact that you added a new header > >>> section in the name for Postfix queue files ? I dont > >>> think your regexp will match names like : > >>> 377DC50192.2C0F7.header > >>> > >>> I could also be totally wrong ;-) I just took a very > >>> quick look... > >>> > >>> > >> No, you are exactly right Spike... Not a big deal perhaps, since > >> the directories (and their content) would be cleared upon MS > >> restart (every ... second or so:-), but since the "postfix queue > >> ID fix", the header files would be left behind. > >> Fix is simple: just add a "." to the RE (as "-" is for exim IDs): > >> $f =~ /([-.\w]+\.header)$/ and unlink "$1"; > >> .... and all would be well. > >> > >> Julian, could you do that please (if you haven't already)? > >> > >> -- Glenn > >> > >> > >> > >>> Spike > >>> > >>> > >>> __________________________________________________ > >>> Do You Yahoo!? > >>> Tired of spam? Yahoo! Mail has the best spam protection around > >>> http://mail.yahoo.com > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spike_cacti at YAHOO.COM Mon May 2 14:03:12 2005 From: spike_cacti at YAHOO.COM (Spike Cacti) Date: Thu Jan 12 21:29:28 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: I saw Julian's reply and will apply the patch on my 4.40.11 for now. Thanks guys! BTW: The header files are not deleted every second or so, they are deleted every restart of mailscanner. Default is 14400 (4h) I think. So on my systems, it could have caused a problem since I'm running on a memory based filesystem. The directories are deleted but the header file is NOT in the directory ;-) Spike --- "Steen, Glenn" wrote: > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti > > Sent: den 29 april 2005 16:16 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Can't get rid of the .header files in the incoming > > directory.... Take 2, more info... > > > (snip) > > > > I am not an expert, but I think it's unlinking with > > the wrong filename.... > > > > Could have to do with this code in WorkArea.pm, sub > > ClearAll : > > # Clean up the whole thing > > while($f = $dirhandle->read()) { > > #print STDERR "Studying \"$f\"\n"; > > next if $f =~ /^\./; > > # Needs untaint: > > $f =~ /([-\w]+\.header)$/ and unlink "$1"; > > # And delete core files > > $f =~ /^core$/ and unlink "core"; > > # Also needs untaint... sledgehammer. nut. > > $f =~ /(.*)/; > > push @ToDelete, $1 if -d "$1"; > > } > > $dirhandle->close(); > > > > Maybe due to the fact that you added a new header > > section in the name for Postfix queue files ? I dont > > think your regexp will match names like : > > 377DC50192.2C0F7.header > > > > I could also be totally wrong ;-) I just took a very > > quick look... > No, you are exactly right Spike... Not a big deal perhaps, since > the directories (and their content) would be cleared upon MS > restart (every ... second or so:-), but since the "postfix queue > ID fix", the header files would be left behind. > Fix is simple: just add a "." to the RE (as "-" is for exim IDs): > $f =~ /([-.\w]+\.header)$/ and unlink "$1"; > .... and all would be well. > > Julian, could you do that please (if you haven't already)? > > -- Glenn > > > > > Spike > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon May 2 14:04:29 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:28 2006 Subject: ClamAV 0.84 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It worked! Thanks... ----- Original Message ----- From: "Dörfler Andreas" To: Sent: Monday, May 02, 2005 9:22 AM Subject: Re: ClamAV 0.84 released > install it via cpan > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > Sent: Monday, May 02, 2005 2:13 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: ClamAV 0.84 released > > > > > > Found just one located in /usr/lib/perl/site_perl/5.0.8/Mail > > > > ----- Original Message ----- > > From: "Julian Field" > > To: > > Sent: Monday, May 02, 2005 9:05 AM > > Subject: Re: ClamAV 0.84 released > > > > > > > Are you sure you don't have 2 perls installed? > > > Do a locate or a find for SpamAssassin.pm and see if it > > finds more than 1. > > > > > > Roger Jochem wrote: > > > > > > >I just installed the new package, and when I run a > > SpamAssassin lint it > > > >shows version 3.0.2 for me... What could be the problem? > > > > > > > >I already searched and don't have the rpm verison > > installed, only the > > > >tarball one... > > > > > > > >----- Original Message ----- > > > >From: "Julian Field" > > > >To: > > > >Sent: Saturday, April 30, 2005 2:07 PM > > > >Subject: Re: ClamAV 0.84 released > > > > > > > > > > > > > > > > > > > >>It turns out I'm a bit early, so I have just updated the > > > >>ClamAV+SpamAssassin installation package so it contains > > > >> > > > >>SpamAssassin 3.0.3 > > > >>ClamAV 0.84 > > > >>& all the modules they need to have installed. > > > >> > > > >>Using this package is enormously easier than installing > > everything by > > > >>hand yourself, as there are a lot of dependencies on > > other perl modules. > > > >> > > > >>Julian Field wrote: > > > >> > > > >> > > > >> > > > >>>Cool! > > > >>>I'm about to go out for an evening off, but hope that > > tomorrow I will > > > >>>build this into the ClamAV+SA tarball I make for you. > > > >>> > > > >>>I'm also planning on releasing the stable 4.41 tomorrow > > too. Assuming > > > >>>that it's the 1st May tomorrow (I've got a bit lost > > recently)... :-) > > > >>> > > > >>>Stephen Swaney wrote: > > > >>> > > > >>> > > > >>> > > > >>>>ClamAV 0.84 released > > > >>>>http://www.clamav.net > > > >>>> > > > >>>>Notes > > > >>>>Release Name: 0.84 > > > >>>> > > > >>>>Notes: > > > >>>>0.84 > > > >>>>---- > > > >>>> > > > >>>>This version improves detection of JPEG (MS04-028) > > based exploits, > > > >>>>introduces support for TNEF files and new detection mechanisms. > > Various > > > >>>>bugfixes (including problems with scanning of digest > > mail files) and > > > >>>>improvements have been made. > > > >>>>We encourage users to help testing the development > > versions, now with > > > >>>>rewritten RAR code and support for 3.0 archives! Visit > > > >>>>http://www.clamav.net/snapshot/ > > > >>>> > > > >>>>-) libclamav: > > > >>>> + JPEG exploit detector now also checks embedded Photoshop > > thumbnail > > > >>>>images > > > >>>> + archive meta-data scanner (improves malware > > detection within > > > >>>>encrypted > > > >>>>archives) > > > >>>> + support for TNEF (winmail.dat) decoding > > > >>>> + support for all tar archive formats > > > >>>> + MD5 implementation replaced with a slightly faster one > > > >>>> + improved database reloading with reference counter > > > >>>> + database updateable false positive eliminator > > > >>>> + speed improvements > > > >>>> + various bugfixes > > > >>>>-) clamd: > > > >>>> + VirusEvent now sets CLAM_VIRUSEVENT_FILENAME and > > > >>>>CLAM_VIRUSEVENT_VIRUSNAME > > > >>>> environment variables > > > >>>>-) clamav-milter: > > > >>>> + improved database update detection when not --external > > > >>>>-) clamscan: > > > >>>> + new options --include-dir and exclude-dir > > > >>>> + new option --max-dir-recursion > > > >>>>-) freshclam: > > > >>>> + new directive LocalIPAddress > > > >>>>-) contrib: > > > >>>> + clamdmon 1.0 - clamdwatch replacement written in C > > > >>>>-) 3rd party software: > > > >>>> + hMailServer - open source e-mail server for > > Microsoft Window > > > >>>> + pop3.proxy - proxy server for the POP3 protocol > > > >>>> + HTTP Anti Virus Proxy > > > >>>> + SmarterMail Filter - ClamAV based plugin for > > SmarterMail Mail > > > >>>>Server > > > >>>> + smf-clamd - small & fast virus filter for Sendmail > > > >>>> + Squidclam - replacement for > > SquidClamAV-Redirector.py written in > > C > > > >>>> + QtClamAVclient - remote clamd client based on the > > Qt Toolkit > > > >>>> + qpsmtp - flexible smtpd daemon written in Perl > > > >>>> > > > >>>>Steve > > > >>>> > > > >>>>Steve Swaney > > > >>>>President > > > >>>>Fortress Systems Ltd. > > > >>>>www.fsl.com > > > >>>>steve.swaney@fsl.com > > > >>>> > > > >>>>------------------------ MailScanner list > > ------------------------ > > > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >>>>'leave mailscanner' in the body of the email. > > > >>>>Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and > > > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >>>> > > > >>>>Support MailScanner development - buy the book off the website! > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>-- > > > >>>Julian Field > > > >>>www.MailScanner.info > > > >>>Buy the MailScanner book at www.MailScanner.info/store > > > >>>Professional Support Services at www.MailScanner.biz > > > >>>MailScanner thanks transtec Computers for their support > > > >>> > > > >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >>> > > > >>>------------------------ MailScanner list > > ------------------------ > > > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >>>'leave mailscanner' in the body of the email. > > > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >>> > > > >>>Support MailScanner development - buy the book off the website! > > > >>> > > > >>> > > > >>> > > > >>-- > > > >>Julian Field > > > >>www.MailScanner.info > > > >>Buy the MailScanner book at www.MailScanner.info/store > > > >>Professional Support Services at www.MailScanner.biz > > > >>MailScanner thanks transtec Computers for their support > > > >> > > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >> > > > >>------------------------ MailScanner list ------------------------ > > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >>'leave mailscanner' in the body of the email. > > > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >> > > > >>Support MailScanner development - buy the book off the website! > > > >> > > > >> > > > > > > > >------------------------ MailScanner list ------------------------ > > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >'leave mailscanner' in the body of the email. > > > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > Professional Support Services at www.MailScanner.biz > > > MailScanner thanks transtec Computers for their support > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 2 14:11:19 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:28 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti > Sent: den 2 maj 2005 15:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Can't get rid of the .header files in the > incoming directory.... Take 2, more info... > > > I saw Julian's reply and will apply the patch on my 4.40.11 for now. > Thanks guys! > > BTW: > The header files are not deleted every second or so, they are deleted > every restart of mailscanner. Default is 14400 (4h) I think. So on my > systems, it could have caused a problem since I'm running on a memory > based filesystem. The directories are deleted but the header file is > NOT in the directory ;-) Yep, exactly what I meant... I see your point about the tmpfs/inode- depletion problem though. Anyway, the problem's history now:-). Very good spot Spike. -- Glenn > > Spike > > --- "Steen, Glenn" wrote: > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti > > > Sent: den 29 april 2005 16:16 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Can't get rid of the .header files in the incoming > > > directory.... Take 2, more info... > > > > > (snip) > > > > > > I am not an expert, but I think it's unlinking with > > > the wrong filename.... > > > > > > Could have to do with this code in WorkArea.pm, sub > > > ClearAll : > > > # Clean up the whole thing > > > while($f = $dirhandle->read()) { > > > #print STDERR "Studying \"$f\"\n"; > > > next if $f =~ /^\./; > > > # Needs untaint: > > > $f =~ /([-\w]+\.header)$/ and unlink "$1"; > > > # And delete core files > > > $f =~ /^core$/ and unlink "core"; > > > # Also needs untaint... sledgehammer. nut. > > > $f =~ /(.*)/; > > > push @ToDelete, $1 if -d "$1"; > > > } > > > $dirhandle->close(); > > > > > > Maybe due to the fact that you added a new header > > > section in the name for Postfix queue files ? I dont > > > think your regexp will match names like : > > > 377DC50192.2C0F7.header > > > > > > I could also be totally wrong ;-) I just took a very > > > quick look... > > No, you are exactly right Spike... Not a big deal perhaps, since > > the directories (and their content) would be cleared upon MS > > restart (every ... second or so:-), but since the "postfix queue > > ID fix", the header files would be left behind. > > Fix is simple: just add a "." to the RE (as "-" is for exim IDs): > > $f =~ /([-.\w]+\.header)$/ and unlink "$1"; > > .... and all would be well. > > > > Julian, could you do that please (if you haven't already)? > > > > -- Glenn > > > > > > > > Spike > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Tired of spam? Yahoo! Mail has the best spam protection around > > > http://mail.yahoo.com > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Mon May 2 14:15:17 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: I upgrade as I always do using the Sophos install script that comes with MailScanner. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -----Original Message----- From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] Sent: Friday, April 29, 2005 2:53 AM Subject: Re: SophosSAVI Problems with MailScanner 4.38.10 Aaron How did you upgrade? Did you remember to do the upgrade using the Sophos install from the MailScanner distribution??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron Moore wrote: > I upgraded Sophos from version 3.92 to 3.93 earlier today. I've been > getting error 538 messages when MailScanner tries to scan the messages. > I've verified that SAVI is working okay by using the test scan.pl script > to scan some files. > > It has to be something with what mailscanner is scanning. > > Anyone have any ideas? > > I'm running MailScanner 4.38.10, with SAVI-Perl 0.30, and Sophos Linux > (libc6 glibc 2.2+) version 3.93. > > Thanks. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 2 14:20:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:28 2006 Subject: W32/MiMail.A Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby > Sent: den 29 april 2005 17:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: W32/MiMail.A > > > Actually we do...at least here in house. AV on the desktop, AV on the > mailbox servers (exchange), and AV on the email gateway. Been at this > biz for along time. I'm still waiting for one to appear in the > quarantine to see where it's coming from. Symantec just says it was > detecting it in the smtp queue and the server that is reporting it is > the one that all mail from the email (MailScanner) gateway uses to > deliver mail into the exchange system. > > Yeh the AV is on the exchange servers is stopping it, but the mail > gateway (MailScanner) also handles forwarding to other places > outside my > management control and I want to make sure that I'm not passing the > problem onto someone else. > > Before I turned on quaranteening on Symantec, the last one came thru > mentioned that the attachment "Mime.822" located in > message.... That is > kind of odd that the attachment is named that. I just wanted to send > out a quick feeler to gauge others. Are you running just ClamAV on the MX? It's good, but not foolproof... and it actually happens (quite frequently) that other AVs find a "new" virus a qouple of hours prior to clam doings so... If you run freebsd or linux, bitdefender is free... And (of course)... Are you sure these aren't FPs? I'm not sure how symantec does things, but wouldn't it quarantine something on the m-sexchange that you could test at jotti or virus total...? -- Glenn > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, April 29, 2005 11:42 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: W32/MiMail.A > > So the moral os this is.... > > you need virus proctection every windows desktop, because that's where > the problem is. > > like I've been saying for years really ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kevin Miller wrote: > > Rose, Bobby wrote: > > > >> Is anyone else seeing this slip thru? The symantec stuff > running on > >>our exchange servers is picking it up but it slipping thru > my current > >>MailScanner and ClamAV configured email router. Symantec is saying > >>that it found W32.Mimail.a@mm in Unknown0000000.data within > >>message.html. Yesterday I added that to the banned filename > types but > >>it still came thru so I'm wondering if it's another funky > mime/header > >>issue. > >> > >>I'm running ClamAV .83 and Mailscanner 4.40.11 on Solaris 8. The > >>clamav defs are up to date. I'm going to try to quarantine > one to get > > >>a look at it. > > > > > > Are you sure the messages are coming through your > MailScanner gateway? > > > I had a similar problem a year or so ago where Trend would pick up > > viruses on Exchange. Turned out that one of my users had pointed > > their Outlook client at their home ISP so they could check > non-local > > mail account. The viruses waltzed right in with nary so much as a > > 'howdy-do'. Fortunately, the bouncers from Trend took them in the > > back alley and pummelled them before they could cause a ruckus... > > > > ...Kevin > > -- > > Kevin Miller Registered Linux User No: 307357 > > CBJ MIS Dept. Network Systems Admin., Mail Admin. > > 155 South Seward Street ph: (907) 586-0242 > > Juneau, Alaska 99801 fax: (907 586-4500 > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > > archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to > whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at KATY.COM Mon May 2 15:04:34 2005 From: john at KATY.COM (John Schmerold) Date: Thu Jan 12 21:29:28 2006 Subject: greylisting configuration Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone care to share their greylisting configuration as used with Mailscanner ? I'm interested in finding out what MTA you used & how things went. It looks like a promising technique, my big fear is that it would somehow corrupt the mail queue &/or be incompatible with one of the significant (but uncommon) mail servers such as Groupwise, Interchange, Domino etc Greylisting is described at http://greylisting.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon May 2 15:28:11 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:28 2006 Subject: greylisting configuration Message-ID: I use milter-sender with sendmail-8.13.x and it works great. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Schmerold Sent: Monday, May 02, 2005 9:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: greylisting configuration Anyone care to share their greylisting configuration as used with Mailscanner ? I'm interested in finding out what MTA you used & how things went. It looks like a promising technique, my big fear is that it would somehow corrupt the mail queue &/or be incompatible with one of the significant (but uncommon) mail servers such as Groupwise, Interchange, Domino etc Greylisting is described at http://greylisting.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 2 15:31:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:28 2006 Subject: mytob worm only picked up by clamav Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James Gray > Sent: den 2 maj 2005 07:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mytob worm only picked up by clamav > > > On Mon, 2 May 2005 12:14 pm, Scott Farrell wrote: > > Hi, > > > > I have 4 virus scanners running, and only clamav is picking this up. > > > > Luckily the .pif file extensions is also killing it. > > > > What engines are you using that can pick this up, for > linux, and I'll go > > buy another engine? > > > > How about bitdefender, does it pick it up? BitDefender is a free download/install, so you should be using that already, regardless:-). Look in the wiki for instruktions http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdef ender:install (that should be on one line, if "auto-linewrap" mangles it:) > > I've been catching it with both ClamAV (0.84) and McAfee/NAI > VirusScan (engine > 4.40.0). Given NAI's lack of speed in releasing signature > updates, I don't > think they are the best option in terms of bangs-for-bucks. > They do release > "extra" files when an outbreak occurrs, but these are a pain > to deal with in > any automated fashion Very true about the extra.dat things. But... since a while back mcafee went to daily updates, so the slowness isn't as bad as it used to be. And there we have them, the three I use: clam, bdc and uvscan. Works ok for me. And if from time to time only one detects a certain virus, that isn't really a reason to "jump out of ones shorts"... As long as it gets caught and isn't a FP:-). -- Glenn > > HTH, > > James > -- > Athena Desktop Environment! In your hearts, you > *know* it's the > right choice! :) > * Knghtbrd THWAPS xtifr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From d.santos at barcelohotels.com.do Mon May 2 15:57:33 2005 From: d.santos at barcelohotels.com.do (Dywer Santos -- Barcelo Hotels) Date: Thu Jan 12 21:29:28 2006 Subject: clamav 0.84 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi. After upgrade the clamav intall, I'm can see the following message in the log Empty file". Please contact the authors! I found than changing the SweepVirus.pm line 2333 to: return 0 if /Empty file\.?$/; should correct the problem, but it does not. Dywer Santos NetAdmin Barceló Hotels, R.D. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon May 2 16:02:37 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:28 2006 Subject: clamav 0.84 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dywer Santos -- Barcelo Hotels > Sent: Monday, May 02, 2005 10:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamav 0.84 > > Hi. > > After upgrade the clamav intall, I'm can see the following message in the > log > > Empty file". Please contact the authors! > > I found than changing the SweepVirus.pm line 2333 to: return 0 if /Empty > file\.?$/; should correct the problem, but it does not. > > > Dywer Santos > NetAdmin > Barceló Hotels, R.D. I believe that Julian is aware of this problem so there should be an answer soon. In the meantime calling ClamAV with clamavmodule instead of clamav solved the problem with the error messages for me at two sites. Of course you must have the perl module Mail::ClamAV (0.17) installed to use clamavmodule. I don't believe there was ever a problem with the message being delivered - just the error message. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Mon May 2 16:09:04 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm trying to install the latest version of MailScanner on a fresh Debian Sarge-system, configured to run sendmail. And now the manual tells me to change the startup-configuration of sendmail, to use the mqueue.in-dir etc. But the debian-version of /etc/init.d/sendmail really confuses me, as I would'nt know which part to change. Can anyone perhaps help me out? Thanks a lot in advance! Regerds, Wietse Muizelaar This is the /etc/init.d/sendmail-file: #!/bin/sh -e # # $Sendmail: init.d,v 8.13.4 2005-03-28 03:33:42 cowboy Exp $ # # Sendmail rc script for Debian (/etc/init.d/sendmail) # all the work is done by the imbedded copy of /usr/share/sendmail/sendmail # # Copyright (c) 2001-2005, Richard Nelson . # # Notes (to all): # * *** Do not edit this file *** Instead edit /etc/mail/sendmail.conf # # Notes (to self): # * # set -e; PATH=/bin:/usr/bin:/sbin:/usr/sbin; #!/bin/sh -e #----------------------------------------------------------------------------- # $Sendmail: sm_helper.sh,v 8.13.4 2005-03-28 03:33:42 cowboy Exp $ # # Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved. # # Debian helper function script for Debian Sendmail # Note: this file supports 8.7.6 - 9.0.0 # # Notes (to all): # * # # Notes (to self): # * clean_queues fubar, esp wrt MSP # #----------------------------------------------------------------------------- # set -e; DEBUG=0; #------------------------------------------------------------------------------ # Parameters for the sendmail daemon # Do *NOT* touch these lines, instead, edit /etc/mail/sendmail.conf # The _PARMS lines are listed in precedence order #------------------------------------------------------------------------------ Get_Parameters () { # Main configuration parameters in /etc/mail/sendmail.conf DAEMON_MODE='Daemon'; DAEMON_PARMS=''; DAEMON_UID='root'; QUEUE_MODE="$DAEMON_MODE"; QUEUE_INTERVAL='10m'; QUEUE_PARMS=''; MSP_MODE="$QUEUE_MODE"; MSP_INTERVAL="$QUEUE_INTERVAL"; MSP_PARMS=""; MISC_PARMS=''; CRON_PARMS=''; LOG_CMDS='No'; # Secondary (non-documented) parameters in /etc/mail/sendmail.conf # Caveat Emptor: change these at your own risk - they impact several # disjoint pieces parts... SENDMAIL_ROOT='/var/run/sendmail'; MTA_DAEMON='/usr/sbin/sendmail-mta'; MTA_COMMAND='/usr/sbin/sendmail-mta'; MTA_A='-Am'; MTAL_L='-L sm-mta'; MTAL_L_QUEUE='-L sm-mta-queue'; MTAL_L_RUNQ='-L sm-mta-runq'; MTA_ROOT="${SENDMAIL_ROOT}/mta"; MTAL_PIDFILE="${MTA_ROOT}/sendmail.pid"; MTAL_SOCKET="${MTA_ROOT}/smsocket"; MTAL_CNTL="${MTA_ROOT}/smcontrol"; MTAQ_L='-L sm-que'; MTAQ_L_RUNQ='-L sm-que-runq'; MTAQ_PIDFILE="${MTA_ROOT}/queue.pid"; MTAQ_SOCKET="${MTA_ROOT}/qusocket"; MTAQ_CNTL="${MTA_ROOT}/qucontrol"; MSP_DAEMON='/usr/sbin/sendmail-msp'; MSP_COMMAND='/usr/sbin/sendmail-msp'; MSP_A='-Ac'; MSP_L='-L sm-msp'; MSP_L_QUEUE='-L sm-msp-queue'; MSP_ROOT="${SENDMAIL_ROOT}/msp"; MSP_PIDFILE="${MSP_ROOT}/sendmail.pid"; MSP_SOCKET="${MSP_ROOT}/smsocket"; MSP_CNTL="${MSP_ROOT}/smcontrol"; # Pull in any user modified variables if [ -f /etc/mail/sendmail.conf ]; then . /etc/mail/sendmail.conf; fi; # Sanitize some keyword entries DAEMON_MODE=$(echo "$DAEMON_MODE" | tr '[:upper:]' '[:lower:]'); QUEUE_MODE=$(echo "$QUEUE_MODE" | tr '[:upper:]' '[:lower:]'); MSP_MODE=$(echo "$MSP_MODE" | tr '[:upper:]' '[:lower:]'); # These can't be user customized SM_Get_Parameters='yes'; PATH='/bin:/usr/bin:/sbin:/usr/sbin'; STAMP_DIR="${SENDMAIL_ROOT}/stampdir"; START_MTAL_CMD="start-stop-daemon \ --pidfile $MTAL_PIDFILE \ --exec $MTA_DAEMON \ --startas $MTA_COMMAND \ --start"; STOP_MTAL_CMD="start-stop-daemon \ --pidfile $MTAL_PIDFILE \ --name sendmail-mta \ --stop"; SIGNAL_MTAL_CMD="start-stop-daemon \ --pidfile $MTAL_PIDFILE \ --name sendmail-mta \ --stop"; START_MTAQ_CMD="start-stop-daemon \ --pidfile $MTAQ_PIDFILE \ --make-pidfile \ --exec $MTA_DAEMON \ --startas $MTA_COMMAND \ --start"; STOP_MTAQ_CMD="start-stop-daemon \ --pidfile $MTAQ_PIDFILE \ --name sendmail-mta \ --stop"; SIGNAL_MTAQ_CMD="start-stop-daemon \ --pidfile $MTAQ_PIDFILE \ --name sendmail-mta \ --stop"; START_MSP_CMD="start-stop-daemon \ --pidfile $MSP_PIDFILE \ --exec $MSP_DAEMON \ --startas $MSP_COMMAND \ --chuid smmsp \ --start"; STOP_MSP_CMD="start-stop-daemon \ --pidfile $MSP_PIDFILE \ --name sendmail-msp \ --stop"; SIGNAL_MSP_CMD="start-stop-daemon \ --pidfile $MSP_PIDFILE \ --name sendmail-msp \ --stop"; NAME='sendmail'; FLAGS='defaults 50'; # Support for coexistance with smtpd package SMTPD='/usr/sbin/smtpd'; # See if we can share the listener and queue-runner daemon: # * Both must be in daemon mode # * They must have the same (possibly empty) parameters if [ "$DAEMON_MODE" = "daemon" \ -a \( \( "$QUEUE_MODE" = "cron" -o "$QUEUE_MODE" = "none" \) \ -o \( "$QUEUE_MODE" != "cron" \ -a "$QUEUE_MODE" != "none" \ -a "$DAEMON_PARMS" = "$QUEUE_PARMS" \ \) \ \) ]; then SPLIT_DAEMON=0; else SPLIT_DAEMON=1; fi; # Version dependant support: # 8.12.0+ M{TA,MSP}_A if [ ! -f /usr/share/sendmail/cf/feature/msp.m4 ]; then MTA_A=''; MTAL_L=''; MTAL_L_QUEUE=''; MSP_A=''; MSP_L=''; MSP_L_QUEUE=''; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # enhanced sendmail startup #------------------------------------------------------------------------------ start_mta () { # # Make sure /var/run/sendmail/ exists check_dirs; # # If already running, don't start it... if is_running mta; then echo 'MTA is already running.'; return; fi; # # Check if we're going to run a daemon (and how many): daemon_check; # # Mark restarted for communication betwixt here and /etc/mail/Makefile touch $STAMP_DIR/reload; # if [ "$DAEMON_MODE" = "daemon" ]; then # # Allow Unix (local) connections betwixt MSP/MTA: touch $MTAL_SOCKET; # # We can only afford to clean the MTA queues if running daemon mode, # otherwise, there is a chance that a cronjob might still be using # the queue... Thats also why we don't clean the MSP queues herein. clean_queues; # # cd to a safe place to stash core files... cd $MTA_ROOT; CMD="$START_MTAL_CMD -- $MTAL_PARMS"; if [ "$LOG_CMDS" = "Yes" ]; then logger -i -p mail.debug -- "$0 $CMD"; fi; $CMD & # # Update permissions on smsocket sleep 2; chown $DAEMON_UID:smmsp $MTAL_SOCKET; chmod 0666 $MTAL_SOCKET; fi; # # Check for split daemon mode (separate listener/queue runner) if [ "$SPLIT_DAEMON" -eq 1 ]; then CMD="$START_MTAQ_CMD -- $MTAQ_PARMS"; if [ "$LOG_CMDS" = "Yes" ]; then logger -i -p mail.debug -- "$0 $CMD"; fi; $CMD & sleep 2; qp=`expr "${MTAQ_PARMS}" : '.*\(-qp[0-9]*[smhdw]\)'` || true; if [ -z "$qp" ]; then chmod 0664 $MTAQ_PIDFILE; else qc=`ps --no-headers -fCsendmail \ | egrep -e 'Queue control' \ | awk '{print $2}'`; if [ -z "$qc" ]; then rm -f $MTAQ_PIDFILE; else chmod 0664 $MTAQ_PIDFILE; printf "$qc\n$MTA_COMMAND $MTAQ_PARMS" > $MTAQ_PIDFILE; fi; fi; fi; # # if running split service, run the client queues (just to make sure) if check_msp; then $MSP_COMMAND -q $MSP_A $MSP_L_QUEUE $MSP_PARMS $MISC_PARMS; fi; }; start_msp () { # # Make sure /var/run/sendmail/ exists check_dirs; # # If already running, don't start it... if is_running msp; then echo 'MSP is already running.'; return; fi; # # Check to see if MSP mode is indeed available if ! check_msp; then return; fi; # # Check if we're going to run a daemon: if [ "$MSP_MODE" != 'daemon' ]; then return; fi; # # We can only afford to clean the MSP queues if running daemon mode, # otherwise, there is a chance that a cronjob might still be using # the queue... Thats also why we don't clean the MTA queues herein. #clean_queues /var/spool/mqueue-client; # # cd to a safe place to stash core files... cd $MSP_ROOT; $START_MSP_CMD -- \ $MSP_A $MSP_L -q${MSP_INTERVAL} $MSP_PARMS $MISC_PARMS & }; start_sendmail () { start_mta; if check_msp; then start_msp; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # enhanced sendmail reload #------------------------------------------------------------------------------ reload_mta () { # # Make sure /var/run/sendmail/ exists check_dirs; # # reload (signal -HUP) is *much* better/faster than stop/start # # Mark restarted for communication betwixt here and /etc/mail/Makefile touch $STAMP_DIR/reload; # # If not running, just start it... if ! is_running mta; then start_mta; fi; # # Is running, must signal it... $SIGNAL_MTAL_CMD --signal HUP --oknodo --quiet || true; sleep 2; chown $DAEMON_UID:smmta $MTAL_SOCKET; chmod 0666 $MTAL_SOCKET; # # Check for split daemon mode (separate listener/queue runner) if [ "$SPLIT_DAEMON" -eq 1 ]; then $SIGNAL_MTAQ_CMD --signal HUP --oknodo --quiet || true; fi; }; reload_msp () { # # Make sure /var/run/sendmail/ exists check_dirs; # # reload (signal -HUP) is *much* better/faster than stop/start # # If not running, just start it... if ! is_running msp; then start_msp; fi; # # Is running, must signal it... $SIGNAL_MSP_CMD --signal HUP --oknodo --quiet || true; }; reload_sendmail () { reload_mta; if check_msp; then reload_msp; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # enhanced sendmail shutdown #------------------------------------------------------------------------------ stop_mta () { local cnt; stopped=0; # # Make sure /var/run/sendmail/ exists check_dirs; # # If not running, don't stop it... if ! is_running mta; then return; fi; # # Is running, must stop it... $STOP_MTAL_CMD --signal TERM --quiet --oknodo > /dev/null; # # Now we have to wait until sendmail has _really_ stopped. # sleep 2; if $STOP_MTAL_CMD --signal TERM --quiet > /dev/null; then echo -n ' Waiting .'; cnt=0; while $STOP_MTAL_CMD --signal TERM --quiet > /dev/null; do cnt=`expr $cnt + 1`; if [ $cnt -gt 60 ]; then # # Waited 120 seconds now. Fail. # echo -n ' Failed '; stopped=1; break; fi; sleep 2; echo -n '.'; done; echo -n ' Done '; fi; # Remove pidfile iff stopped if ! $STOP_MTAL_CMD --signal TERM --quiet > /dev/null; then rm -f "$MTAL_PIDFILE"; fi }; stop_queue () { local cnt; stopped=0; # # Make sure /var/run/sendmail/ exists check_dirs; # # If not running, don't stop it... if ! is_running queue; then return; fi; # # Is running, must stop it... $STOP_MTAQ_CMD --signal TERM --quiet --oknodo > /dev/null; # # Now we have to wait until sendmail has _really_ stopped. # sleep 2; if $STOP_MTAQ_CMD --signal TERM --quiet > /dev/null; then echo -n ' Waiting .'; cnt=0; while $STOP_MTAQ_CMD --signal TERM --quiet > /dev/null; do cnt=`expr $cnt + 1`; if [ $cnt -gt 60 ]; then # # Waited 120 seconds now. Fail. # echo -n ' Failed '; stopped=1; break; fi; sleep 2; echo -n '.'; done; echo -n ' Done '; fi; # Remove pidfile iff stopped if ! $STOP_MTAQ_CMD --signal TERM --quiet > /dev/null; then rm -f "$MTAQ_PIDFILE"; fi }; stop_msp () { local cnt; stopped=0; # # Make sure /var/run/sendmail/ exists check_dirs; # # If not running, don't stop it... if ! is_running msp; then return; fi; # # Is running, must stop it... $STOP_MSP_CMD --signal TERM --quiet --oknodo > /dev/null; # # Now we have to wait until sendmail has _really_ stopped. # sleep 2; if $STOP_MSP_CMD --signal TERM --quiet > /dev/null; then echo -n 'Waiting .'; cnt=0; while $STOP_MSP_CMD --signal TERM --quiet > /dev/null; do cnt=`expr $cnt + 1`; if [ $cnt -gt 60 ]; then # # Waited 120 seconds now. Fail. # echo -n ' Failed '; stopped=1; break; fi; sleep 2; echo -n '.'; done; echo -n ' Done '; fi; # Remove pidfile iff stopped if ! $STOP_MSP_CMD --signal TERM --quiet > /dev/null; then rm -f "$MSP_PIDFILE"; fi; }; stop_sendmail () { if check_msp; then stop_msp; fi; stop_mta; stop_queue; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Check to see if sendmail is running #------------------------------------------------------------------------------ is_running () { local result; result=1; # # Make sure /var/run/sendmail/ exists check_dirs; # # Determine proper pidfile to check who=$(echo "$1" | tr '[:upper:]' '[:lower:]'); case $who in mta) PIDFILE="$MTAL_PIDFILE"; ;; queue) PIDFILE="$MTAQ_PIDFILE"; ;; msp) PIDFILE="$MSP_PIDFILE"; ;; *) PIDFILE="$1"; ;; esac; # # If no pidfile, not running # Extract pid/command and see if still running # Remove pidfile if app didn't # Also remove any control sockets if [ -s $PIDFILE ]; then PID=`head -n 1 $PIDFILE 2>/dev/null`; COMMAND=`tail -n 1 $PIDFILE`; if [ ! -z "`ps --no-heading $PID`" ]; then result=0; else rm -f $PIDFILE; case $who in mta) rm -f $MTAL_SOCKET $MTAL_CNTL; ;; queue) rm -f $MTAQ_SOCKET $MTAQ_CNTL; ;; msp) rm -f $MSP_SOCKET $MSP_CNTL; esac; fi; fi; return $result; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Check to see if running split service (MTA, MSP) # Must be at 8.12.0+ for this support #------------------------------------------------------------------------------ check_msp () { local result; result=1; if [ ! -f /usr/share/sendmail/cf/feature/msp.m4 ]; then result=1; elif [ -s /etc/mail/submit.cf ] \ && [ -s /etc/mail/submit.mc ]; then if grep -qEe "^[[:space:]]*\`?FEATURE\([[:space:]]*\`?msp" \ /etc/mail/submit.mc; then result=0; fi; fi; return $result; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Miscellaneous sendmail command support for MSP/MTA split # mailstats, mailq, runq #------------------------------------------------------------------------------ newaliases () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # $MTA_COMMAND $MTA_A -bi $*; }; hoststat () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # $MTA_COMMAND $MTA_A -bh $*; }; purgestat () { local parms; parms=$(echo "$1" | tr '[:upper:]' '[:lower:]'); case $parms in n*) # Now parms='-O Timeout.hoststatus=1s'; shift; ;; *) parms=''; ;; esac; # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # $MTA_COMMAND $MTA_A -bH $parms $*; }; mailstats () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # #if running split service, show the client status first if check_msp; then echo 'MSP statistics...'; #check if we have a status file for the MSP statusfile=$(grep -Ee '^O StatusFile=/.*' \ /etc/mail/submit.cf | cut -d= -f2); if [ -n $statusfile ]; then /usr/lib/sm.bin/mailstats -C \ /etc/mail/submit.cf $* || true; fi; echo 'MTA statistics...'; fi; #check if we have a status file for the MTA statusfile=$(grep -Ee '^O StatusFile=/.*' \ /etc/mail/sendmail.cf | cut -d= -f2); if [ -n $statusfile ]; then /usr/lib/sm.bin/mailstats $* || true; fi; }; mailq () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # # if running split service, show the client queues first if check_msp; then echo 'MSP Queue status...'; # # Check to see if shared memory is in use (8.12.0+) if grep -qEe "^[[:space:]]*\`?define\(\`?confSHAREDMEMORYKEY'?[[:space:]]*,[[:space:]]*\`?0*[1-9]+[0-9]*'?[[:space:]]*\)" \ /etc/mail/submit.mc; then $MSP_COMMAND -bP || true; fi; $MSP_COMMAND -bp $MSP_A $MISC_PARMS $* || true; echo 'MTA Queue status...'; fi; # # Check to see if shared memory is in use (8.12.0+) if grep -qEe "^[[:space:]]*\`?define\(\`?confSHAREDMEMORYKEY'?[[:space:]]*,[[:space:]]*\`?0*[1-9]+[0-9]*'?[[:space:]]*\)" \ /etc/mail/sendmail.mc; then $MTA_COMMAND -bP || true; fi; $MTA_COMMAND -bp $MTA_A $MISC_PARMS $* || true; }; runq () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # # if running split service, run the client queues first if check_msp; then echo 'Running the MSP queue...'; $MSP_COMMAND -q $MSP_A \ $MSP_L_QUEUE $MSP_PARMS $MISC_PARMS $* || true; echo 'Running the MTA queues...'; fi; if [ "$SPLIT_DAEMON" -eq 0 ]; then $MTA_COMMAND -q $MTA_A \ $MTAL_L_RUNQ $QUEUE_PARMS $MISC_PARMS $* || true; else $MTA_COMMAND -q $MTA_A \ $MTAQ_L_RUNQ $QUEUE_PARMS $MISC_PARMS $* || true; fi; }; control () { # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; local parms; parms="$*"; if [ -z "$parms" ]; then parms='help'; fi; if is_running mta; then /usr/share/sendmail/smcontrol.pl $parms; else echo 'MTA: is not running'; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Print status of running job(s) #------------------------------------------------------------------------------ status () { # # Make sure /var/run/sendmail/ exists check_dirs; # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # # if running split service, check the client status first if check_msp; then if is_running msp; then echo "MSP: $PID $COMMAND"; ps -fwp $PID; if [ -S ${MSP_CNTL} ]; then /usr/share/sendmail/smcontrol.pl \ -f ${MSP_CNTL} status || true; fi; elif [ $MSP_MODE = 'cron' ]; then echo "MSP: is run via cron ($MSP_INTERVAL)"; elif [ $MSP_MODE = 'none' ]; then echo 'MSP: is disabled'; else echo 'MSP: is not running'; fi; fi; # # Check MTA listener if is_running mta; then echo "MTA: $PID $COMMAND"; ps -fwp $PID; if [ -S ${MTAL_CNTL} ]; then /usr/share/sendmail/smcontrol.pl \ -f ${MTAL_CNTL} status || true; fi; elif [ $DAEMON_MODE = 'inetd' ]; then echo 'MTA: is run via inetd'; elif [ $DAEMON_MODE = 'none' ]; then echo 'MTA: is disabled'; else echo 'MTA: is not running'; fi; # # Check for split daemon mode (separate listener/queue runner) if is_running queue; then echo "QUE: $PID $COMMAND"; ps -fwp $PID; if [ -S ${MTAQ_CNTL} ]; then /usr/share/sendmail/smcontrol.pl \ -f ${MTAQ_CNTL} status || true; fi; elif [ $QUEUE_MODE = 'cron' ]; then echo "QUE: is run via cron ($QUEUE_INTERVAL)"; elif [ $QUEUE_MODE = 'none' ]; then echo 'QUE: is disabled'; elif [ "$SPLIT_DAEMON" -eq 0 ]; then echo "QUE: Same as MTA"; else echo 'QUE: is not running'; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Cronjob handling #------------------------------------------------------------------------------ cron_mta () { # # Make sure /var/run/sendmail/ exists check_dirs; # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # # If cron not needed, don't do queue running (though it wouldn't hurt) if [ $QUEUE_MODE = 'cron' ]; then # # If running a split (MTA/MSP) setup, we need to make sure that # messages not immediately accepted by the MTA get delivered. # Only run the MSP queue if MSP_MODE=none if check_msp; then if [ $MSP_MODE = 'none' ]; then # Make sure only *ONE* cronjob at a time if [ ! -f $STAMP_DIR/cron_msp ]; then touch $STAMP_DIR/cron_msp; #clean_queues /var/spool/mqueue-client; $MSP_COMMAND -q $MSP_A $MSP_L_QUEUE \ $MSP_PARMS $MISC_PARMS \ $CRON_PARMS || true; rm -f $STAMP_DIR/cron_msp; fi; fi; fi; # Make sure only *ONE* cronjob at a time if [ ! -f $STAMP_DIR/cron_mta ]; then touch $STAMP_DIR/cron_mta; $MTA_COMMAND -q $MTA_A $MTAL_L_QUEUE \ $QUEUE_PARMS $MISC_PARMS $CRON_PARMS || true; rm -f $STAMP_DIR/cron_mta; fi; fi; }; cron_msp () { # # Make sure /var/run/sendmail/ exists check_dirs; # # Obtain parameters IFF needed if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; # # If cron not needed, don't do queue running (though it wouldn't hurt) if [ $MSP_MODE = 'cron' ]; then # # If running a split (MTA/MSP) setup, we need to make sure that # messages not immediately accepted by the MTA get delivered. if check_msp; then # Make sure only *ONE* cronjob at a time if [ ! -f $STAMP_DIR/cron_msp ]; then touch $STAMP_DIR/cron_msp; #clean_queues /var/spool/mqueue-client; $MSP_COMMAND -q $MSP_A $MSP_L_QUEUE \ $MSP_PARMS $MISC_PARMS \ $CRON_PARMS || true; rm -f $STAMP_DIR/cron_msp; fi; fi; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Determine how to run sendmail mta daemon # * No daemon # * As listener # * As queue runner # * As both listener and queue runner #------------------------------------------------------------------------------ daemon_check () { local run_daemon; # # Skip daemon run for the following: # * sendmail hasn't been configured # * smptd, a firewall frontend for sendmail, is installed # * DAEMON_MODE = (none | inet) & QUEUE_MODE = (none | cron) if [ ! -s /etc/mail/sendmail.cf ] || \ [ ! -s /etc/mail/sendmail.mc ]; then echo 'sendmail has not been configured, not started.'; echo 'To configure sendmail, type sendmailconfig'; exit 1; elif [ -x $SMTPD ]; then echo 'sendmail mta daemon not needed, not started.'; exit 0; fi; MTAL_PARMS="$MTA_A $MTAL_L"; MTAQ_PARMS="$MTA_A $MTAQ_L"; run_daemon=3; case "$DAEMON_MODE" in none* | \ inetd*) run_daemon=`expr $run_daemon - 1`; ;; daemon* | \ *) MTAL_PARMS="$MTAL_PARMS -bd $DAEMON_PARMS"; ;; esac; case "$QUEUE_MODE" in none* | \ cron*) run_daemon=`expr $run_daemon - 1`; ;; daemon* | \ *) # Check for split daemon mode (separate listener/queue runner) if [ $SPLIT_DAEMON -eq 0 ]; then if [ ! -z "$QUEUE_INTERVAL" ]; then MTAL_PARMS="$MTAL_PARMS -q${QUEUE_INTERVAL}"; fi; MTAL_PARMS="$MTAL_PARMS $QUEUE_PARMS"; else if [ ! -z "$QUEUE_INTERVAL" ]; then MTAQ_PARMS="$MTAQ_PARMS -q${QUEUE_INTERVAL}"; fi; MTAQ_PARMS="$MTAQ_PARMS $QUEUE_PARMS"; fi; ;; esac; # Add any miscellanous (ie debugging) parameters MTAL_PARMS="$MTAL_PARMS $MISC_PARMS"; MTAQ_PARMS="$MTAQ_PARMS $MISC_PARMS"; # Add PidFile override for MTA queue runner MTAQ_PARMS="$MTAQ_PARMS -O PidFile=$MTAQ_PIDFILE"; MTAQ_PARMS="$MTAQ_PARMS -O ControlSocketName=$MTAQ_CNTL"; if [ $run_daemon -lt 2 ]; then echo 'sendmail listen/queue daemon not desired.'; exit 0; fi; }; #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # Clean sendmail queues (somewhat): does *not* support split qf/df/xf dirs. # NOTE: This whole thing sucks with queue-groups, need to redo it!!! # NOTE: Check for race conditions betwixt this code and queue-runners #------------------------------------------------------------------------------ clean_queues () { local QUEUE_ROOT QUEUE QUIET # Obtain queue root directory if [ -z "$1" ]; then QUEUE_ROOT=/var/spool/mqueue QUEUE=/var/spool/mqueue QUIET='' else QUEUE_ROOT="$1" QUEUE="$1" QUIET='1' fi # remove lock files left because of kill/crash # rm -f $QUEUE/[lnx]f* doesn't work with a plethora of files ;-( for i in A B C D E F G H I J K L M N O P Q R S T U V W X Y Z \ a b c d e f g h i j k l m n o p q r s t u v w x y z; do rm -f $QUEUE/[lnx]f${i}* done # remove zero length qf files #for qffile in $QUEUE/qf*; do for qffile in $(find $QUEUE_ROOT -type f -name 'qf*'); do if [ -r "$qffile" ] && [ ! -s "$qffile" ]; then if [ ! -z "$QUIET" ]; then echo -n " "; fi rm -f "$qffile" fi done # rename tf files to be qf if the qf does not exist for tffile in $QUEUE/tf*; do qffile=`echo "$tffile" | sed 's/t/q/'` if [ -r "$tffile" ] && [ ! -f "$qffile" ]; then if [ ! -z "$QUIET" ]; then echo -n " "; fi mv "$tffile" "$qffile" elif [ -f "$tffile" ]; then echo -n " " rm -f "$tffile" fi done # remove df files with no corresponding qf files for dffile in $QUEUE/df*; do qffile=`echo "$dffile" | sed 's/d/q/'` if [ -r "$dffile" ] && [ ! -f "$qffile" ]; then if [ ! -s "$dffile" ]; then rm -f "$dffile" else if [ ! -z "$QUIET" ]; then echo -n " "; fi mv "$dffile" `echo $dffile | sed 's/d/D/'` fi fi done # announce files that have been saved during disaster recovery for xffile in $QUEUE/[A-Z]f*; do if [ -f "$xffile" ]; then if [ ! -z "$QUIET" ]; then echo -n " "; fi fi done } #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # check_dirs: Make sure /var/run/sendmail/{mta,msp,stampdir} exist #------------------------------------------------------------------------------ check_dirs () { if [ ! -d "${SENDMAIL_ROOT}" ]; then mkdir -p "${SENDMAIL_ROOT}"; chown root:smmta "${SENDMAIL_ROOT}"; chmod 02755 "${SENDMAIL_ROOT}"; fi; if [ ! -d "${MTA_ROOT}" ]; then mkdir -p "${MTA_ROOT}"; chown $DAEMON_UID:smmta "${MTA_ROOT}"; chmod 02755 "${MTA_ROOT}"; fi; if [ ! -d "${MSP_ROOT}" ]; then mkdir -p "${MSP_ROOT}"; chown smmsp:smmsp "${MSP_ROOT}"; chmod 02775 "${MSP_ROOT}"; fi; if [ ! -d "${STAMP_DIR}" ]; then mkdir -p "${STAMP_DIR}"; chown root:smmsp "${STAMP_DIR}"; chmod 02775 "${STAMP_DIR}"; fi; } #------------------------------------------------------------------------------ # Why are we here ? #------------------------------------------------------------------------------ # Some requisite initialization if [ -z "$SM_Get_Parameters" ]; then Get_Parameters; fi; if [ "$LOG_CMDS" = "Yes" ]; then logger -i -p mail.debug -- "$0 $@"; fi; #------------------------------------------------------------------------------ # Handle being called via an alias #------------------------------------------------------------------------------ case $(basename $0) in newaliases) newaliases $*; exit $?; ;; hoststat) hoststat $*; exit $?; ;; purgestat) purgestat $*; exit $?; ;; mailstats) mailstats $*; exit $?; ;; mailq) mailq $*; exit $?; ;; runq) runq $*; exit $?; ;; control|smcontrol) control $*; exit $?; ;; status) status $* exit $? ;; *) ;; esac; #------------------------------------------------------------------------------ # Handle being called via /etc/init.d/sendmail or directly #------------------------------------------------------------------------------ # Ok, why are we here... case "$1" in #----------------------------------------------------------------------- # Debian required/optional targets: #----------------------------------------------------------------------- start) echo -n 'Starting Mail Transport Agent: sendmail'; start_sendmail; echo '.' ;; stop|force-stop) echo -n 'Stopping Mail Transport Agent: sendmail'; stop_sendmail; echo '.' ;; restart) echo -n 'Restarting Transport Agent: sendmail'; # reload is equivalent (but faster) than stop/start ! # but... it doesn't honor changes to /etc/mail/sendmail.conf #reload_sendmail; stop_sendmail; start_sendmail; echo '.'; ;; restart-if-running) if ! is_running mta && ! is_running msp; then echo 'Mail Transport Agent: sendmail is not running'; else $0 restart; fi; ;; reload-if-running) if ! is_running mta && ! is_running msp; then echo 'Mail Transport Agent: sendmail is not running'; else $0 reload; fi; ;; reload|force-reload) echo -n 'Reloading Mail Transport Agent configuration: sendmail'; reload_sendmail; echo '.'; ;; #----------------------------------------------------------------------- # Local targets (sendmail commands/aliases) for MSP/MTA split support # These targets will pass along any provided parameters #----------------------------------------------------------------------- newaliases) shift; newaliases $*; ;; hoststat) shift; hoststat $*; ;; purgestat) shift; purgestat $*; ;; mailstats) shift; mailstats $*; ;; mailq) shift; mailq $*; ;; runq) shift; runq $*; ;; control|smcontrol) shift; control $*; ;; #----------------------------------------------------------------------- # Local targets for extended support/debugging #----------------------------------------------------------------------- status) shift; status $*; ;; debug) # # If not running, can't debug if is_running msp; then echo -n 'Dumping MSP state...'; $SIGNAL_MSP_CMD --signal USR1; echo 'done.'; fi; if is_running mta; then echo -n 'Dumping MTA state...'; $SIGNAL_MTAL_CMD --signal USR1; echo 'done.'; fi; ;; clean|clean_que*|clean-que*) # # If running, don't clean the queues... if is_running mta; then echo 'MTA is running, queue cleaning ill advised...'; else echo -n 'Cleaning up the queues...'; clean_queues; echo 'done.'; fi; ;; #----------------------------------------------------------------------- # Local targets for cronjob support #----------------------------------------------------------------------- cron-msp) cron_msp; ;; cron-mta) cron_mta; ;; #----------------------------------------------------------------------- # Default target - bitch and moan #----------------------------------------------------------------------- *) echo "Invalid command <$1>"; echo "Usage: $0 "; echo ' Where is one of the following'; echo ' start|stop|restart|restart-if-running'; echo ' reload-if-running|reload|force-reload'; echo ' newaliases|hoststat|purgestat|mailstats|mailq|runq|control'; echo ' status|debug|clean'; exit 1; ;; esac; exit 0; -- Regards, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Drieharingstraat 5-31, 3511 BH Utrecht Telefoon: +31 (0)30 - 2394030 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon May 2 16:28:40 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: On Mon, 02 May 2005 17:09:04 +0200, Wietse Muizelaar writes: >I'm trying to install the latest version of MailScanner on a fresh Debian >Sarge-system, configured to run sendmail. >And now the manual tells me to change the startup-configuration of sendmail, >to use the mqueue.in-dir etc. But the debian-version of /etc/init.d/sendmail >really confuses me, as I would'nt know which part to change. > >Can anyone perhaps help me out? sendmail.conf: DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; I think that was all that was needed. cheers, &rw -- -- Men - can't live with them, can't hide the bodies fast enough. -- - Lee Ann Goldstein ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Mon May 2 16:54:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: Can't get rid of the .header files in the incoming directory.... Take 2, more info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spike Cacti >>Sent: den 2 maj 2005 15:03 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Can't get rid of the .header files in the >>incoming directory.... Take 2, more info... >> >> >>I saw Julian's reply and will apply the patch on my 4.40.11 for now. >>Thanks guys! >> >>BTW: >>The header files are not deleted every second or so, they are deleted >>every restart of mailscanner. Default is 14400 (4h) I think. So on my >>systems, it could have caused a problem since I'm running on a memory >>based filesystem. The directories are deleted but the header file is >>NOT in the directory ;-) > > Yep, exactly what I meant... I see your point about the tmpfs/inode- > depletion problem though. Anyway, the problem's history now:-). > Very good spot Spike. Hurray for open source and brilliant people!! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 2 16:56:53 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: W32/MiMail.A Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > So the moral os this is.... > > you need virus proctection every windows desktop, because that's where > the problem is. > > like I've been saying for years really ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kevin Miller wrote: > >> Rose, Bobby wrote: >> >>> Is anyone else seeing this slip thru? The symantec stuff running on >>> our exchange servers is picking it up but it slipping thru my current >>> MailScanner and ClamAV configured email router. Symantec is saying >>> that it found W32.Mimail.a@mm in Unknown0000000.data within >>> message.html. Yesterday I added that to the banned filename types but >>> it still came thru so I'm wondering if it's another funky mime/header >>> issue. >>> >>> I'm running ClamAV .83 and Mailscanner 4.40.11 on Solaris 8. The >>> clamav defs are up to date. I'm going to try to quarantine one to >>> get a look at it. >> >> >> >> Are you sure the messages are coming through your MailScanner gateway? I >> had a similar problem a year or so ago where Trend would pick up >> viruses on >> Exchange. Turned out that one of my users had pointed their Outlook >> client >> at their home ISP so they could check non-local mail account. The >> viruses >> waltzed right in with nary so much as a 'howdy-do'. Fortunately, the >> bouncers from Trend took them in the back alley and pummelled them before >> they could cause a ruckus... I swear I have some user problems that could only be solved with a time machine and a box of condoms! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 2 17:11:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: mytob worm only picked up by clamav Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > On Mon, 2 May 2005 12:14 pm, Scott Farrell wrote: > >>Hi, >> >>I have 4 virus scanners running, and only clamav is picking this up. >> >>Luckily the .pif file extensions is also killing it. >> >>What engines are you using that can pick this up, for linux, and I'll go >>buy another engine? >> >>How about bitdefender, does it pick it up? > > > I've been catching it with both ClamAV (0.84) and McAfee/NAI VirusScan (engine > 4.40.0). Given NAI's lack of speed in releasing signature updates, I don't > think they are the best option in terms of bangs-for-bucks. They do release > "extra" files when an outbreak occurrs, but these are a pain to deal with in > any automated fashion McAfee has been updating daily since the latter part of February. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 2 17:09:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: ClamAV Perl module not found Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > It does return /usr/bin/perl. This started happening after I upgraded > from FC2 to FC3. > > -Devon > > On 4/30/05, *Julian Field* > wrote: > > Type "which perl". If it doesn't return "/usr/bin/perl" then you have > installed the ClamAV module into 1 perl installation, which MailScanner > is using a different one (/usr/bin/perl). > > Devon Harding wrote: > > > No one knows how to fix this? > > > > On 4/27/05, *Devon Harding* > > >> > wrote: > > > > Anyone? > > > > > > On 4/27/05, *Devon Harding* < devonharding@gmail.com > > > >> wrote: > > > > Did anyone ever fix this? I'm having the same issue. Here is > > the content of my /usr/lib/perl5 dir. > > > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.0 > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.1 > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.2 > > drwxr-xr-x 4 root root 4.0K Apr 26 18:47 5.8.3 > > drwxr-xr-x 3 root root 4.0K Apr 26 18:47 5.8.4 > > drwxr-xr-x 43 root root 4.0K Apr 26 18:47 5.8.5 > > drwxr-xr-x 8 root root 4.0K Apr 26 18:47 site_perl > > drwxr-xr-x 2 root root 4.0K Apr 27 02:03 Text > > drwxr-xr-x 8 root root 4.0K Apr 26 18:47 vendor_perl > > > > > > On 12/14/04, *Mike Kercher* < mike@camaross.net > > > >> wrote: > > > > Chris Trudeau wrote: > >> List, > >> > >> Installing ClamAV module via CPAN on machine running > > MailScanner > >> 4.36-4 stable. The install of the module goes fine, but when > >> starting MailScanner with Virus Scanners = clamavmodule > > the log > >> returns the message: > >> > >> ClamAV Perl module not found, did you install it? > >> > >> I verified using CPAN install that it is in fact > > installed and > >> uptodate. > >> > >> Any ideas? > >> > >> CT > > > > Do you have more than one version of perl installed? > > > > Mike > > > > ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > > ( http://www.mailscanner.biz/maq/) and > > the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ). > > > > Support MailScanner development - buy the book off the > > website! Look and see if your upgrade left some residual from the previous perl install. I have been hit by this in the past with RedHat upgrades. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 2 17:19:42 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: maillog logging level Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > --- > NOTE: I erased the rest of the message to get by the "looks like a > script" error" > --- > > Ok, telnet > > To make it clear, I have a new MailScanner machine (the one that I am > trying to get working) and the one in production that is out of date on > software and hardware. > > Anyway, I know that sendmail is having problems because when I telnet to > the new one it looks like it tries and just comes back to the command > prompt. If I telnet to the old one a connection is made and shows some > stuff. > > Now, > Should I just reinstall sendmail on top of mine or something? I > installed sendmail by selecting the package when installing centos4.0. > The service appears to be running ok. I did the ch config that the book > and web site talks about. A service MailScanner restart reads fine > for the services starting (outgoing and incoming sendmail starts fine). > If I look at the running services it has 1 sendmail running (under user > smmsp) which is the one that is suppose to be running isn't it? > > I was comparing the service --status-all command between the 2 machines. > The services looks the same as far as MailScanner and sendmail look. > There is a sendmail running on each, and MailScanner running > (MailScanner,incoming sendmail, outgoing sendmail) The default on ALL RedHat based sendmail installs is to only accept local connections (IE.. from and to 127.0.0.1) You will have to fix this. It is commented well in the sendmail.mc file. Look for the section with; dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl Your default will be different, as this has already been changed. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon May 2 17:59:16 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:28 2006 Subject: maillog logging level Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----------------------- Sendmail listened on 127.0.0.1 only ----------------------- That helped. Sendmail is only listening on the local ip address. If I do telnet server 25 on the local machine I get in, if I do it from another machine it doesn't work. I found this: http://www.aei.ca/~pmatulis/pub/sendmail-intro.html#address I changed this: O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA To: O DaemonPortOptions=Port=smtp, Name=MTA Now if I do a lsof -I 4tcp:25 -nP I get: I got this to finally work where this command returns: [root@WoodenMS domain]# lsof -i 4tcp:25 -nP COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sendmail 8406 root 4u IPv4 240247 TCP *:25 (LISTEN) So it looks like sendmail is listening to all ip address now instead of just 127.0.0.1 like it was before. ----------------------- MailScanner restart error ----------------------- I have now messed something up to where I do a MailScanner restart I get the following: [root@WoodenMS domain]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: OK ] incoming sendmail: OK ] outgoing sendmail: OK ] Starting MailScanner daemons: incoming sendmail: Warning: Option: AuthOptions requires SASL support ( -DSASL) OK ] outgoing sendmail: Warning: Option: AuthOptions requires SASL support ( -DSASL) OK ] MailScanner: OK ] I looked in the sendmail.mc file and seen options where to turn it off. I am looking at configs and searching the net at the moment to try and figure this on out, however if there is a easy answer please tell me :) ----------------------- M4 command ----------------------- Between a combination of not seeing that my command of m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf working and going ahead and going against the rules and editing the sendmail.cf directly. What is the proper command to use the sendmail.mc? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Sunday, May 01, 2005 11:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: maillog logging level > > Ok, so there we are....telnet has revealed that you cannot make a > connection. Do you get a connection refused type message? > Probable causes: > - You are running a firewall on the new MS machine that is blocking port > 25 (this would probably be visible in the messages log or similar). Fix is > to trim it so that it lets port 25/tcp through... "iptables -L" might show > something (perhaps look at nat too) > - Your sendmail isn't listening to the interface... This might be because > a) you are telneting locally, and sendmail doesn't listen to localhost, or > b) you are telneting from a remote host, but sendmail is only listening to > the localhost. Look at your sendmail.mc and/or sendmail.cf (I'm no guru > here, but perhaps someone else could help.... Perhaps something with the > DaemonOptions or whatever). > - Your sendmail is severly missconfigured and bombs out on any > connection.....Yay!-). Would probably be visible in the logs, and perhaps > leave corefile(s) behind... > > HtH > > -- Glenn > . > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Billy A. Pumphrey > Skickat: fr 2005-04-29 17:49 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: maillog logging level > > > > --- > NOTE: I erased the rest of the message to get by the "looks like a > script" error" > --- > > Ok, telnet > > To make it clear, I have a new MailScanner machine (the one that I > am > trying to get working) and the one in production that is out of date > on > software and hardware. > > Anyway, I know that sendmail is having problems because when I > telnet to > the new one it looks like it tries and just comes back to the > command > prompt. If I telnet to the old one a connection is made and shows > some > stuff. > > Now, > Should I just reinstall sendmail on top of mine or something? I > installed sendmail by selecting the package when installing > centos4.0. > The service appears to be running ok. I did the ch config that the > book > and web site talks about. A service MailScanner restart reads > fine > for the services starting (outgoing and incoming sendmail starts > fine). > If I look at the running services it has 1 sendmail running (under > user > smmsp) which is the one that is suppose to be running isn't it? > > I was comparing the service --status-all command between the 2 > machines. > The services looks the same as far as MailScanner and sendmail look. > There is a sendmail running on each, and MailScanner running > (MailScanner,incoming sendmail, outgoing sendmail) > > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon May 2 18:01:20 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:28 2006 Subject: maillog logging level Message-ID: Thanks for the answer. I just commented this line out: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl Sendmail seems to work, along with the change that I did in my other response. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: Monday, May 02, 2005 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog logging level > > Billy A. Pumphrey wrote: > > --- > > NOTE: I erased the rest of the message to get by the "looks like a > > script" error" > > --- > > > > Ok, telnet > > > > To make it clear, I have a new MailScanner machine (the one that I am > > trying to get working) and the one in production that is out of date on > > software and hardware. > > > > Anyway, I know that sendmail is having problems because when I telnet to > > the new one it looks like it tries and just comes back to the command > > prompt. If I telnet to the old one a connection is made and shows some > > stuff. > > > > Now, > > Should I just reinstall sendmail on top of mine or something? I > > installed sendmail by selecting the package when installing centos4.0. > > The service appears to be running ok. I did the ch config that the book > > and web site talks about. A service MailScanner restart reads fine > > for the services starting (outgoing and incoming sendmail starts fine). > > If I look at the running services it has 1 sendmail running (under user > > smmsp) which is the one that is suppose to be running isn't it? > > > > I was comparing the service --status-all command between the 2 machines. > > The services looks the same as far as MailScanner and sendmail look. > > There is a sendmail running on each, and MailScanner running > > (MailScanner,incoming sendmail, outgoing sendmail) > > The default on ALL RedHat based sendmail installs is to only accept > local connections (IE.. from and to 127.0.0.1) > You will have to fix this. It is commented well in the sendmail.mc file. > Look for the section with; > > dnl # The following causes sendmail to only listen on the IPv4 loopback > address > dnl # 127.0.0.1 and not on any other network devices. Remove the loopback > dnl # address restriction to accept email from the internet or intranet. > dnl # > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > Your default will be different, as this has already been changed. > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 2 18:10:10 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Aaron Moore > Sent: Thursday, April 28, 2005 3:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SophosSAVI Problems with MailScanner 4.38.10 > > > I upgraded Sophos from version 3.92 to 3.93 earlier today. I've been > getting error 538 messages when MailScanner tries to scan the messages. > I've verified that SAVI is working okay by using the test scan.pl script > to scan some files. > > It has to be something with what mailscanner is scanning. > > Anyone have any ideas? > > I'm running MailScanner 4.38.10, with SAVI-Perl 0.30, and Sophos Linux > (libc6 glibc 2.2+) version 3.93. > > Thanks. If it's happening with .rar files, you will find this has been addressed in the latest MailScanner release. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon May 2 18:45:16 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:28 2006 Subject: Hardware platform ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Almost anything will run that and leave you room to handle outbreaks. > Certainly any p3 and fair chunk of RAM and preferably a SCSI HDD. > > Checkout the maq for a list of machines current users have. He's right, 50k/month is pretty low volume. I have a fairly similar mail volume, so I figured I'd post up some info on the hardware I'm using and the load I see. Hardware: p4 celeron 2gig 512mb ram scsi raid1 disk setup Load measurements from mailscanner-mrtg samples every 5 mins: - max recorded load average of 1.5 in the past week. Average LA over 1wk is 0.3 - Average CPU utilization is about 20%, most days peak is 75%. Two days last week it peaked up to 99% for a short time. Mail volume: 2.4k msgs per day on weekdays 1.2k on saturday/sunday Works out to under 60k/month Configuration: I run sendmail with mailscanner, and mail gets relayed to/from an internal groupware server virus scanners: command, bitdefender, and clamav spamassassin 2.64 (bayes, razor, dcc, rbls, URIBLS from surbl.org, custom rules) This box also runs some other services with modest volume: bind named (average over 1wk: 50 queries/min) Apache webserver (low volume avg 40 hits/hour, 12/hr of which are a monitoring tool) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at MYSTERIOUSPLANET.CO.UK Mon May 2 18:55:41 2005 From: dean at MYSTERIOUSPLANET.CO.UK (Dean Liversidge) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >On Mon, 02 May 2005 17:09:04 +0200, Wietse Muizelaar writes: > > >>I'm trying to install the latest version of MailScanner on a fresh Debian >>Sarge-system, configured to run sendmail. >>And now the manual tells me to change the startup-configuration of sendmail, >>to use the mqueue.in-dir etc. But the debian-version of /etc/init.d/sendmail >>really confuses me, as I would'nt know which part to change. >> >>Can anyone perhaps help me out? >> >> > >sendmail.conf: >DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; > >I think that was all that was needed. > >cheers, >&rw > > That should do it, no need to touch the init.d scripts. But dont forget to set the sendmail paths in MailScanner.conf though, i think the default package is setup for exim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at boudisque.nl Mon May 2 19:01:20 2005 From: wietse at boudisque.nl (Wietse Muizelaar) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: Hi, On Mon, May 02, 2005 at 06:55:41PM +0100, Dean Liversidge wrote: > Robert Waldner wrote: > > >On Mon, 02 May 2005 17:09:04 +0200, Wietse Muizelaar writes: > > > > > >>I'm trying to install the latest version of MailScanner on a fresh Debian > >>Sarge-system, configured to run sendmail. > >>And now the manual tells me to change the startup-configuration of > >>sendmail, > >>to use the mqueue.in-dir etc. But the debian-version of > >>/etc/init.d/sendmail > >>really confuses me, as I would'nt know which part to change. > >> > >>Can anyone perhaps help me out? > >> > >sendmail.conf: > >DAEMON_PARMS="-ODeliveryMode=queueonly > >-OQueueDirectory=/var/spool/mqueue.in"; > > > >I think that was all that was needed. It was! Thnx! > That should do it, no need to touch the init.d scripts. > But dont forget to set the sendmail paths in MailScanner.conf though, i > think the default package is setup for exim Well, I did use the tar.gz-distribution, not the .deb-file. And I just succesfully sent a test-message through this machine, and the logs tell me MailScanner was scanning the mail succesfully, so I'm a happy person now. Thnx! -- Regards, Wietse Muizelaar ------------------------------------------- Wietse Muizelaar Boudisque Webmaster / ICT Haringpakkerssteeg 10-18, 1012 LR Amsterdam Telefoon: 020-6232603 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon May 2 18:28:24 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:28 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am getting spam with a very low score. Can any one tell me why this e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. I know I can change scores but I wonder why it is so low. The score was from these: SpamAssassin (score=1.597,required 3.75) (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT FEDERAL COMPLEX TINUBU SQUARE, Lagos- Nigeria. Tel/Fax: Our Ref: ACG/FGN/543WS 234-1803-7127318 Email: moha_ibru@yahoo.com Attn: I am Dr. mohammed, Director, Central Computer Auditing/Monitoring Unit office of the Accountant General of Federation. Your payment file was referred to my desk for approvals before the cash-processing unit was authorized to make cash payment to you. Ever since, I have been following up your case,but when it was obvious that your fund was about to be revoked, I took immediate action to safeguard the funds from not being confiscated. Because l was deeply touched that until now you have not received your contract payment The difficulties we are encountering in your contract file is highly complicated, as a letter of affidavit was sent to this office requesting for a change of your account details to a bank in Stuttgart Germany by your attorney and Partners. The payment investigation /advisory board found out that there are irregularities in the signatures and according to information gathered from the bank computer networks, you have been waiting for a long time to receive your money without success. And you have almost met all the statutory requirements of the CBN in respect to your contract payment; your problem is that of interest group. A lot of people are interested in your payment and those people are merely doing paper works with you and that explains why you receive fax and phone messages from different people in Nigeria everyday. Following the prevailing dishonoring of our remittance instructions and treatment of our credit advice with gross indifference by most recipients to overseas banks in addition to some fraudulent activities going on in the Central Bank, which we have already sent out publications on that effect. If you had not authorized the change of your bank account in respect of your outstanding Contract Payment, the change of your bank account notification/ declaration was supported with a sworn affidavit from Lagos high court ref: Ilk /jj/20522/k2004,dated 15th September 2004 and signed by one Manfred Alex Klingler who claim and stated in the sworn declaration that you authorized him to claim the contract fund on your behalf. The new account is in BANK OF VALLETTA PLC, MALTA, a/c no.40012849840, we have already advised our corresponding bank overseas to release your approved outstanding contract payment in your favor before the affidavit to change your bank account number was submitted to this office. You are therefore advised in your own interest to confirm to this office, notifying us if you are aware of this new development as our office will not be liable for miss-crediting of client's account. You have to reconfirm your full contract / banking co-ordinates information including your telephone, fax and your postal address also your contract numbers. Please acknowledge the receipt of this message, as this will guide us on what step to take because I have decided to help you by using diplomatic courier means to deliver your contract sum to you through our affiliate office. In that case, you have to compensate me with anything you deem neccessary, after you must have received your contract payment. Please, maintain topmost secrecy as it may cause a lot of problem, if it is found out that we are using this way to help you, do not ever tell anybody about this until you have secured your money. As you can see that this is the only way to help you receive your fund.Therefore, if you accept this method call me on the above phone number. Yours Faithfully, Dr. mohammed yahyah. DIRECTOR, CENTRAL COMPUTER AUDITING/MONITORING UNIT OFFICE OF THE ACCOUNTANT GENERAL OF THE FEDERATION. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doko at CS.TU-BERLIN.DE Mon May 2 19:57:57 2005 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: Robert Waldner writes: > > On Mon, 02 May 2005 17:09:04 +0200, Wietse Muizelaar writes: > >I'm trying to install the latest version of MailScanner on a fresh Debian > >Sarge-system, configured to run sendmail. > >And now the manual tells me to change the startup-configuration of sendmail, > >to use the mqueue.in-dir etc. But the debian-version of /etc/init.d/sendmail > >really confuses me, as I would'nt know which part to change. > > > >Can anyone perhaps help me out? > > sendmail.conf: > DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; > > I think that was all that was needed. would you mind submitting a README.sendmail, similiar to the README.exim4 for inclusion in the Debian package? Thanks, Matthias ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 20:06:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:28 2006 Subject: clamav 0.84 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Dywer Santos -- Barcelo Hotels >>Sent: Monday, May 02, 2005 10:58 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: clamav 0.84 >> >>Hi. >> >>After upgrade the clamav intall, I'm can see the following message in the >>log >> >> Empty file". Please contact the authors! >> >>I found than changing the SweepVirus.pm line 2333 to: return 0 if /Empty >>file\.?$/; should correct the problem, but it does not. >> >> >>Dywer Santos >>NetAdmin >>Barceló Hotels, R.D. >> >> > >I believe that Julian is aware of this problem so there should be an answer >soon. In the meantime calling ClamAV with clamavmodule instead of clamav >solved the problem with the error messages for me at two sites. Of course >you must have the perl module Mail::ClamAV (0.17) installed to use >clamavmodule. > >I don't believe there was ever a problem with the message being delivered - >just the error message. > > You need to be running 4.41 for support of ClamAV 0.84 in this respect. The warning message is quite harmless, but 4.41 is quieter. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From timb at VWG.COM Mon May 2 20:38:44 2005 From: timb at VWG.COM (Timothy Barhorst) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: I am running MailScanner-4.35.11-1 on a RH ES 2.1 system. Out of the blue. –this afternoon I started receiving many messages that say: Report: F-Prot: /var/spool/MailScanner/incoming/4958/j42J8XdD005496/msg-4958-7.html Infection: HTML/ObjData@expl After querying users, it seems these messages could be false negatives. I am using both Clam AV and F-Prot – however ONLY F-Prot reports on this. (If I turn off F-Prot – no messages) I proceeded to update Clam AV to the latest version .84 and F-Prot to the latest 4.5.4. with the same result. Is this a MailScanner issue or is this a genuine Infection that F-Prot is seeing? Or maybe I should update MailScanner? ----------------------------------------------------------------------- Tim Barhorst ---------------------------------------------------------------------- ^@------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon May 2 20:27:18 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:28 2006 Subject: Installing MailScanner on Debian Sarge Message-ID: On Mon, 02 May 2005 20:57:57 +0200, Matthias Klose writes: Your MUA is b0rken wrt. honoring Reply-To. >> sendmail.conf: >> DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; >> >> I think that was all that was needed. >would you mind submitting a README.sendmail, similiar to the >README.exim4 for inclusion in the Debian package? I'll see what I can do, would need to find a machine to do a complete new test-install (I'm mostly using postfix now, the sendmail install is pure legacy). cheers, &rw -- -- Microsofa: n. A piece of furniture that, while it looked fine -- in the showroom, gradually begins to dominate the living room, -- eventually forcing you to replace all the other furniture, -- including the TV, to be "compatible". [Earl T. Cohen, Fremont] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Mon May 2 20:26:19 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:28 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I am getting spam with a very low score. Can any one tell me why this > e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and > MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In > postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, > opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. > > I know I can change scores but I wonder why it is so low. > > > The score was from these: > SpamAssassin (score=1.597,required 3.75) > (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, > SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) > > > OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION > PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT > FEDERAL COMPLEX TINUBU SQUARE, > Lagos- Nigeria. > Tel/Fax: > Our Ref: ACG/FGN/543WS 234-1803-7127318 > Email: moha_ibru@yahoo.com This is the old Nigerian scam. Are you sure your rules are up to date and in the proper path? Is your rules_du_joir script up to date? What does spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf show? -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 2 21:04:27 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: Hi! > Report: F-Prot: > /var/spool/MailScanner/incoming/4958/j42J8XdD005496/msg-4958-7.html > Infection: HTML/ObjData@expl > > After querying users, it seems these messages could be false negatives. > > I am using both Clam AV and F-Prot - however ONLY F-Prot reports on > this. > (If I turn off F-Prot - no messages) Most likely related to: 196 (first @ 19:01:16, last = 21:53:36) Worm.Sober.P Started about the same time 2047 (first @ 19:06:47, last = 21:57:20) HTML/ObjData@expl > I proceeded to update Clam AV to the latest version .84 and F-Prot to > the latest 4.5.4. with the same result. > > Is this a MailScanner issue or is this a genuine Infection that F-Prot > is seeing? As far as we could tell, yes. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Mon May 2 21:34:19 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: At 04:04 PM 5/2/2005, you wrote: >Hi! > >>Report: F-Prot: >>/var/spool/MailScanner/incoming/4958/j42J8XdD005496/msg-4958-7.html >>Infection: HTML/ObjData@expl >> >>After querying users, it seems these messages could be false negatives. >> >>I am using both Clam AV and F-Prot - however ONLY F-Prot reports on >>this. >>(If I turn off F-Prot - no messages) > >Most likely related to: > >196 (first @ 19:01:16, last = 21:53:36) Worm.Sober.P > >Started about the same time > >2047 (first @ 19:06:47, last = 21:57:20) HTML/ObjData@expl > >>I proceeded to update Clam AV to the latest version .84 and F-Prot to >>the latest 4.5.4. with the same result. >> >>Is this a MailScanner issue or is this a genuine Infection that F-Prot >>is seeing? > >As far as we could tell, yes. > >Bye, >Raymond. Raymond.. as far as you could tell.. what? A genuine infection? I am seeing this too. It's almost as if something is attaching these .HTML attachments to valid mail. Thanks, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 2 21:53:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From the name "objdata" I would think it is an "Object Data" tag which is also caught by MailScanner in the "Object Codebase" trap. DNSAdmin wrote: > At 04:04 PM 5/2/2005, you wrote: > >> Hi! >> >>> Report: F-Prot: >>> /var/spool/MailScanner/incoming/4958/j42J8XdD005496/msg-4958-7.html >>> Infection: HTML/ObjData@expl >>> >>> After querying users, it seems these messages could be false negatives. >>> >>> I am using both Clam AV and F-Prot - however ONLY F-Prot reports on >>> this. >>> (If I turn off F-Prot - no messages) >> >> >> Most likely related to: >> >> 196 (first @ 19:01:16, last = 21:53:36) Worm.Sober.P >> >> Started about the same time >> >> 2047 (first @ 19:06:47, last = 21:57:20) HTML/ObjData@expl >> >>> I proceeded to update Clam AV to the latest version .84 and F-Prot to >>> the latest 4.5.4. with the same result. >>> >>> Is this a MailScanner issue or is this a genuine Infection that F-Prot >>> is seeing? >> >> >> As far as we could tell, yes. >> >> Bye, >> Raymond. > > Raymond.. as far as you could tell.. what? A genuine infection? > > I am seeing this too. It's almost as if something is attaching these > .HTML > attachments to valid mail. > > Thanks, > Glenn > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > http://www.sng.ecs.soton.ac.uk/mailscanner/ > Configuration by Glenn Parsons dnsadmin-at-1bigthink.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Tue May 3 01:19:07 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] DNSAdmin wrote: > At 05:05 PM 5/2/2005, you wrote: > >> Hi! >> >>> Raymond.. as far as you could tell.. what? A genuine infection? >>> >>> I am seeing this too. It's almost as if something is attaching these >>> .HTML >>> attachments to valid mail. >> >> >> We have picked up some from quarantine, seems like f-prot is mioxing >> things up. You also use f-prot i guess? Its all attachments made by >> MS-Word. Mostly people that mail HTML style. Allthough i agree its >> like a >> virus sending people HTML mail i think f-prot fucked up a update >> today. We >> are switching off f-prot till they get this fixed. > > > Yep, F-Prot and ClamAV. I'm turning off F-Prot too. > > Thanks! I tried to send this message but it was detected as being infected. So, once again with a little editing.... This has got to be a bug in f-prot's signature updates. I've narrowed it down to a line that looks like this. Note that you have to split the line at the string "(*Split-line-here*)".

 

... that causes f-prot to detect it. If you join it like so...

 

... you no longer get the error. We have reported it to f-prot. -- Rich -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "rich.vcf") 13 lines. ] [ Unable to print this part. ] From brose at MED.WAYNE.EDU Mon May 2 22:31:29 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:28 2006 Subject: ClamAV and MailScanner Bug Message-ID: Last week, I reported a problem that I thought was limited to a particular virus but my testing seems to elude to a bigger problem. If MailScanner is using clamav for it's scanner, viruses are being detected but MailScanner isn't properly acting on it and is delivering it as a uninfected message. It's not a config issue because I've tried it on two different Solaris 8 systems and if I switch to clamavmodule or sophos then MailScanner acts appropiately. I've even updated to 4.11.3 today which was in the plans anyway. I used to use sophos and clamav with MailScanner but the license for Sophos is just too much and stopped using it about two months ago. And since the viruses were still being detecting, from a stats side it looked like things were fine. For now, I'm switched to clamavmodule but this looks like a bug. I've been a MailScanner user since 2002 so exclude me from the newbie filters and comments and let's check this out. ClamAV May 2 16:58:56 apollo.med.wayne.edu MailScanner[9100]: Spam Checks: Starting May 2 16:58:56 apollo.med.wayne.edu MailScanner[9100]: Message j42Kwc1L009131 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 16:59:09 apollo.med.wayne.edu MailScanner[9100]: Spam Checks completed at 133 bytes per second May 2 16:59:09 apollo.med.wayne.edu MailScanner[9100]: Virus and Content Scanning: Starting May 2 16:59:13 apollo.med.wayne.edu MailScanner[9100]: /tmp/9100/./j42Kwc1L009131/eicar.doc: Eicar-Test-Signature FOUND May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning: ClamAV found 1 infections May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning: Found 1 viruses May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning completed at 347 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Uninfected: Delivered 1 messages May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Processing completed at 1739 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Disinfection completed at 1739 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Batch completed at 96 bytes per second (1739 / 18) ClamAVModule May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: New Batch: Scanning 1 messages, 1742 bytes May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: MCP Checks completed at 1742 bytes per second May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: Spam Checks: Starting May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: Message j42L8iA5009328 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 17:09:16 apollo.med.wayne.edu MailScanner[9312]: Spam Checks completed at 91 bytes per second May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus and Content Scanning: Starting May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./j42L8iA5009328/eicar.doc May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning: ClamAV Module found 1 infections May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Infected message j42L8iA5009328 came from 146.9.3.57 May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning: Found 1 viruses May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning completed at 871 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Notices: Warned about 1 messages May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Virus Processing completed at 217 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Disinfection completed at 1742 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Batch completed at 60 bytes per second (1742 / 29) ClamAV and Sophos May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: New Batch: Scanning 1 messages, 1743 bytes May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: MCP Checks completed at 1743 bytes per second May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: Spam Checks: Starting May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: Message j42L1svo009212 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 17:02:08 apollo.med.wayne.edu MailScanner[9207]: Spam Checks completed at 249 bytes per second May 2 17:02:09 apollo.med.wayne.edu MailScanner[9207]: Virus and Content Scanning: Starting May 2 17:02:17 apollo.med.wayne.edu MailScanner[9207]: >>> Virus 'EICAR-AV-Test' found in file ./j42L1svo009212/eicar.doc May 2 17:02:17 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: Sophos found 1 infections May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: /tmp/9207/./j42L1svo009212/eicar.doc: Eicar-Test-Signature FOUND May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: ClamAV found 1 infections May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Infected message j42L1svo009212 came from 146.9.3.57 May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: Found 1 viruses May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning completed at 134 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Notices: Warned about 1 messages May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Virus Processing completed at 217 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Disinfection completed at 1743 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Batch completed at 62 bytes per second (1743 / 28) Bobby Rose Senior Systems Administrator MSIS Network Operations Wayne State University School of Medicine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Mon May 2 22:31:23 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: At 05:05 PM 5/2/2005, you wrote: >Hi! > >>Raymond.. as far as you could tell.. what? A genuine infection? >> >>I am seeing this too. It's almost as if something is attaching these .HTML >>attachments to valid mail. > >We have picked up some from quarantine, seems like f-prot is mioxing >things up. You also use f-prot i guess? Its all attachments made by >MS-Word. Mostly people that mail HTML style. Allthough i agree its like a >virus sending people HTML mail i think f-prot fucked up a update today. We >are switching off f-prot till they get this fixed. Yep, F-Prot and ClamAV. I'm turning off F-Prot too. Thanks! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Mon May 2 22:32:13 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: At 05:06 PM 5/2/2005, you wrote: >Hi Julian, > >> From the name "objdata" I would think it is an "Object Data" tag which >>is also caught by MailScanner in the "Object Codebase" trap. > >If you like i have some samples, but it looks all like legit mail to me >the ones i looked up. > >2924 (first @ 19:06:47, last = 23:02:55) HTML/ObjData@expl > >Pretty annoying. We are disabling f-prot as i type this. > >Bye, >Raymond. I looked at mine and knew it was legit mail. Thanks! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 2 22:06:44 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: Hi Julian, > From the name "objdata" I would think it is an "Object Data" tag which > is also caught by MailScanner in the "Object Codebase" trap. If you like i have some samples, but it looks all like legit mail to me the ones i looked up. 2924 (first @ 19:06:47, last = 23:02:55) HTML/ObjData@expl Pretty annoying. We are disabling f-prot as i type this. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 2 22:05:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: Hi! > Raymond.. as far as you could tell.. what? A genuine infection? > > I am seeing this too. It's almost as if something is attaching these .HTML > attachments to valid mail. We have picked up some from quarantine, seems like f-prot is mioxing things up. You also use f-prot i guess? Its all attachments made by MS-Word. Mostly people that mail HTML style. Allthough i agree its like a virus sending people HTML mail i think f-prot fucked up a update today. We are switching off f-prot till they get this fixed. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Tue May 3 08:15:52 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:28 2006 Subject: New errors in logs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, We very recently (yesterday) upgraded ClamAv to 0.84 release. This morning, in our logs, we found this kind of messages : MailScanner[12984]: /var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/msg-12984-18.txt: Empty file MailScanner[12984]: ProcessClamAVOutput: unrecognised line "/var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/msg-12984-18.txt: Empty file". Please contact the authors! So ,well, we do contact the authors :-) If more data is needed to pinpoint the problem, just ask for it. MailScanner is 4.39.5-1. Thanks, NB. __________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 09:43:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: Getting similar problems here with Eudora mbx files..... turning off the real-time scanner seems to work around the issue, but I'm about to fire off and email to f-prot with a bug report.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Richard Lynch wrote: > DNSAdmin wrote: > >> At 05:05 PM 5/2/2005, you wrote: >> >>> Hi! >>> >>>> Raymond.. as far as you could tell.. what? A genuine infection? >>>> >>>> I am seeing this too. It's almost as if something is attaching these >>>> .HTML >>>> attachments to valid mail. >>> >>> >>> >>> We have picked up some from quarantine, seems like f-prot is mioxing >>> things up. You also use f-prot i guess? Its all attachments made by >>> MS-Word. Mostly people that mail HTML style. Allthough i agree its >>> like a >>> virus sending people HTML mail i think f-prot fucked up a update >>> today. We >>> are switching off f-prot till they get this fixed. >> >> >> >> Yep, F-Prot and ClamAV. I'm turning off F-Prot too. >> >> Thanks! > > > I tried to send this message but it was detected as being infected. So, > once again with a little editing.... > > > This has got to be a bug in f-prot's signature updates. I've narrowed > it down to a line that looks like this. Note that you have to split the > line at the string "(*Split-line-here*)". > >

style=3D'font-size:(*Split-line-here*)10.0pt;font-family:Arial;color:navy'> 

> > > ... that causes f-prot to detect it. If you join it like so... > >

style=3D'font-size:10.0pt;font-family:Arial;color:navy'> 

> > > ... you no longer get the error. We have reported it to f-prot. > > -- Rich > > -- > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Tue May 3 09:59:17 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:28 2006 Subject: New errors in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please upgrade your MailScanner and the problem will go away. If you cannot do that for some reason, I will work out a patch for this, it's a 1-line change. On 3 May 2005, at 08:15, Nestor Burma wrote: > Hello, > > We very recently (yesterday) upgraded ClamAv to 0.84 > release. This morning, in our logs, we found this kind > of messages : > > MailScanner[12984]: > /var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/ > msg-12984-18.txt: > Empty file > MailScanner[12984]: ProcessClamAVOutput: unrecognised > line > "/var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/ > msg-12984-18.txt: > Empty file". Please contact the authors! > > So ,well, we do contact the authors :-) > If more data is needed to pinpoint the problem, just > ask for it. MailScanner is 4.39.5-1. > > Thanks, > > NB. > > > > > > > > __________________________________________________________________ > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour > vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Tue May 3 09:59:43 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: Today i have upgrade Sophos from 3.92 to 3.93 May 3 10:48:58 server MailScanner[25983]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j438mni26033/msg-25983-3.txt May 3 10:48:59 server MailScanner[25983]: Virus Scanning: SophosSAVI found 1 infections Versions This is MailScanner version 4.40.11 0.20 SAVI There was no infections ... just a text test file .. Any idea ? Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue May 3 10:01:14 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:28 2006 Subject: Invalid argument Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] HI there , I have a MS server that when I send e-mail to route through it I get an error in the email log The error says that the message is delayed and deffered:invalid argument does anyone have a clue? Mailscanner 4.40.2 installed on suse 9.2 running sendmail Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue May 3 10:08:43 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:28 2006 Subject: Invalid argument Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] mail us the syslog entry ... > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Tuesday, May 03, 2005 11:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Invalid argument > > > HI there , > > I have a MS server that when I send e-mail to route through > it I get an > error in the email log > > The error says that the message is delayed and > deffered:invalid argument > does anyone have a clue? > > Mailscanner 4.40.2 installed on suse 9.2 running sendmail > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 10:10:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: Uwe running 3.93 and sweep CLI (not savi) and it's working fine for me on 4.41.3 ..... this is on FreeBSD 4.10 maybe there's an issue with this months release on Linux. does sweep work OK? Also from someones testing I seem to remember little difference in performance when using the savi interface vs the command line interface, so it might be worth moving to sophos rather then sophossavi as the virus scanner.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Uwe.Krause@FEP.FRAUNHOFER.DE wrote: > Today i have upgrade Sophos from 3.92 to 3.93 > > May 3 10:48:58 server MailScanner[25983]: SophosSAVI::ERROR:: Sweep > could not proceed, the file was corrupted (538):: > ./j438mni26033/msg-25983-3.txt > May 3 10:48:59 server MailScanner[25983]: Virus Scanning: SophosSAVI > found 1 infections > > > Versions > > This is MailScanner version 4.40.11 > 0.20 SAVI > > > There was no infections ... just a text test file .. > Any idea ? > > > Uwe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue May 3 12:07:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: Martin, On a tangent... Could you do the merciful thing and create a wiki entry for documentation:anti_virus:sophos? Seeing as you actually use it:-) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 3 maj 2005 11:11 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SophosSAVI Problems with MailScanner 4.38.10 > > > Uwe > > running 3.93 and sweep CLI (not savi) and it's working fine for me on > 4.41.3 ..... this is on FreeBSD 4.10 > > maybe there's an issue with this months release on Linux. does sweep > work OK? Also from someones testing I seem to remember little > difference > in performance when using the savi interface vs the command line > interface, so it might be worth moving to sophos rather then > sophossavi > as the virus scanner.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Uwe.Krause@FEP.FRAUNHOFER.DE wrote: > > Today i have upgrade Sophos from 3.92 to 3.93 > > > > May 3 10:48:58 server MailScanner[25983]: SophosSAVI::ERROR:: Sweep > > could not proceed, the file was corrupted (538):: > > ./j438mni26033/msg-25983-3.txt > > May 3 10:48:59 server MailScanner[25983]: Virus Scanning: > SophosSAVI > > found 1 infections > > > > > > Versions > > > > This is MailScanner version 4.40.11 > > 0.20 SAVI > > > > > > There was no infections ... just a text test file .. > > Any idea ? > > > > > > Uwe > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Tue May 3 10:15:13 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/5/3, Martin Hepworth : > running 3.93 and sweep CLI (not savi) and it's working fine for me on > 4.41.3 ..... this is on FreeBSD 4.10 Running LinuX, 2.4 Kernel ... > does sweep work OK? Hmm, sorry, not testet, but sophos runs usally like a charm since months. Thanks Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue May 3 13:08:50 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:28 2006 Subject: Zip Zip error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Moved our MX to our new server. We were running on a Redhat 9 boxen, now on Redhat AS 3.1. Fresh install of MS 4.40.11 and let her go. I started getting funny calls from from my fellow employees about receiving funny zip files. Being lazy I just talk with them on the phone and was able to assist them with opening the zipped attachment using Outlook. Well we sent our payroll files yesterday and the company receiving them refused to work with them because both files had been changed from something.zip to something.zip.zip. Wanted to get paid next Friday I decided to take this seriously. This is what I saw in the maillog: May 2 15:25:33 mail postfix/cleanup[4461]: 5426B88BE3: message-id=<6D5E737DEACE694C99EDA7EFD5638AD10706B8@hpmail01.caiden.local> May 2 15:25:34 mail MailScanner[2371]: ClamAVModule::ERROR:: Input/Output error:: ./5426B88BE3.37B7E/hc05012005Hr.zip.zip May 2 15:25:34 mail MailScanner[2371]: ClamAVModule::ERROR:: Input/Output error:: ./5426B88BE3.37B7E/hc05012005Sal.zip.zip May 2 15:25:34 mail MailScanner[2371]: ClamAVModule::ERROR:: Input/Output error:: ./5426B88BE3.37B7E/hc05012005Hr.zip May 2 15:25:34 mail MailScanner[2371]: ClamAVModule::ERROR:: Input/Output error:: ./5426B88BE3.37B7E/hc05012005Sal.zip May 2 15:25:34 mail MailScanner[2371]: Requeue: 5426B88BE3.37B7E to D743488C32 This was with clamavmodule, so I switched to clamav and then got this error: May 2 15:56:02 mail MailScanner[5321]: Virus and Content Scanning: Starting May 2 15:56:02 mail MailScanner[5321]: /var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.zip.zip: Input/Output error May 2 15:56:02 mail MailScanner[5321]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.zip.zip: Input/Output e rror". Please contact the authors! May 2 15:56:02 mail MailScanner[5321]: extracting: `&A² May 2 15:56:03 mail MailScanner[5321]: ProcessClamAVOutput: unrecognised line " extracting: `&A² ". Please contact the authors! May 2 15:56:03 mail MailScanner[5321]: extracting: PA¢J May 2 15:56:03 mail MailScanner[5321]: ProcessClamAVOutput: unrecognised line " extracting: PA¢J ". Please contact the authors! May 2 15:56:03 mail MailScanner[5321]: /var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.zip: Input/Output error May 2 15:56:03 mail MailScanner[5321]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.zip: Input/Output error ". Please contact the authors! May 2 15:56:03 mail MailScanner[5321]: /var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.dts: Empty file May 2 15:56:03 mail MailScanner[5321]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/5321/./E2D0B88B8E.9E68F/hc04172005Hr.dts: Empty file". Pleas e contact the authors! May 2 15:56:03 mail MailScanner[5321]: Requeue: EE6BD88B9A.1133D to DB6D088B87 May 2 15:56:03 mail MailScanner[5321]: Requeue: E2D0B88B8E.9E68F to 255D188B9A May 2 15:56:03 mail MailScanner[5321]: Requeue: 0554188B9B.37C34 to D78DC88B8E May 2 15:56:03 mail MailScanner[5321]: Requeue: D758A88B8D.01D74 to 1A32588B9B In both cases the files where delivered, but an extra '.zip' was added to both files. So I upgraded to the latest stable and still get the same errors. Any ideas? Version info: [root@mail MailScanner]# MailScanner -v Running on Linux mail 2.4.21-27.0.4.ELsmp #1 SMP Sat Apr 16 18:43:06 EDT 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux ES release 3 (Taroon Update 4) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.41.3 -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue May 3 13:13:42 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: Hi! >> I am seeing this too. It's almost as if something is attaching these .HTML >> attachments to valid mail. > We have picked up some from quarantine, seems like f-prot is mioxing things > up. You also use f-prot i guess? Its all attachments made by MS-Word. Mostly > people that mail HTML style. Allthough i agree its like a virus sending > people HTML mail i think f-prot fucked up a update today. We are switching > off f-prot till they get this fixed. There is a update available now, seems its fixed. Bye, Raymond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 14:08:21 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: Glenn yeah on my stuff todo.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steen, Glenn wrote: > Martin, > > On a tangent... Could you do the merciful thing and create a wiki > entry for documentation:anti_virus:sophos? Seeing as you actually > use it:-) > > -- Glenn > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: den 3 maj 2005 11:11 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SophosSAVI Problems with MailScanner 4.38.10 >> >> >>Uwe >> >>running 3.93 and sweep CLI (not savi) and it's working fine for me on >>4.41.3 ..... this is on FreeBSD 4.10 >> >>maybe there's an issue with this months release on Linux. does sweep >>work OK? Also from someones testing I seem to remember little >>difference >> in performance when using the savi interface vs the command line >>interface, so it might be worth moving to sophos rather then >>sophossavi >>as the virus scanner.. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Uwe.Krause@FEP.FRAUNHOFER.DE wrote: >> >>>Today i have upgrade Sophos from 3.92 to 3.93 >>> >>>May 3 10:48:58 server MailScanner[25983]: SophosSAVI::ERROR:: Sweep >>>could not proceed, the file was corrupted (538):: >>>./j438mni26033/msg-25983-3.txt >>>May 3 10:48:59 server MailScanner[25983]: Virus Scanning: >> >>SophosSAVI >> >>>found 1 infections >>> >>> >>>Versions >>> >>>This is MailScanner version 4.40.11 >>>0.20 SAVI >>> >>> >>>There was no infections ... just a text test file .. >>>Any idea ? >>> >>> >>>Uwe >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 14:17:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: Strange Virus Detected Messages Message-ID: just tried it, seems to fix the problem.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > >>> I am seeing this too. It's almost as if something is attaching these >>> .HTML >>> attachments to valid mail. > > >> We have picked up some from quarantine, seems like f-prot is mioxing >> things >> up. You also use f-prot i guess? Its all attachments made by MS-Word. >> Mostly >> people that mail HTML style. Allthough i agree its like a virus sending >> people HTML mail i think f-prot fucked up a update today. We are >> switching >> off f-prot till they get this fixed. > > > There is a update available now, seems its fixed. > > Bye, > Raymond ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue May 3 14:13:50 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anybody else facing problems updating Clamav and McAfee today, or is just me? The only update working for me today is BitDefender. I'm also not able to acess www.clamav.net . Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Tue May 3 14:39:32 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: Yes, my Mcafee won't update to 4482 either, at least using MailScanner's scripts. This new Virus is tremendous too. I was getting ready to install the clamavmodule, but your note about ClamAV is really scary. Regards Michael Baird > Anybody else facing problems updating Clamav and McAfee today, or is > just me? The only update working for me today is BitDefender. > > I'm also not able to acess www.clamav.net . > > Roger Jochem > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 14:43:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: Hi clamav.net access works for me..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael Baird wrote: > Yes, my Mcafee won't update to 4482 either, at least using MailScanner's > scripts. This new Virus is tremendous too. I was getting ready to > install the clamavmodule, but your note about ClamAV is really scary. > > Regards > Michael Baird > > >>Anybody else facing problems updating Clamav and McAfee today, or is >>just me? The only update working for me today is BitDefender. >> >>I'm also not able to acess www.clamav.net . >> >>Roger Jochem >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue May 3 14:45:41 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: No, no problems here: May 3 15:31:34 mail update.virus.scanners: Found bitdefender installed May 3 15:31:34 mail update.virus.scanners: Running autoupdate for bitdefender May 3 15:32:43 mail update.virus.scanners: Found clamav installed May 3 15:32:43 mail update.virus.scanners: Running autoupdate for clamav May 3 15:32:43 mail ClamAV-autoupdate[14727]: ClamAV did not need updating May 3 15:32:43 mail update.virus.scanners: Found generic installed May 3 15:32:43 mail update.virus.scanners: Running autoupdate for generic May 3 15:32:44 mail update.virus.scanners: Found mcafee installed May 3 15:32:44 mail update.virus.scanners: Running autoupdate for mcafee May 3 15:32:46 mail update.virus.scanners: Found panda installed (note the long-ish time for bitdefender...) [root@mail root]# bdc -info BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Engine signatures: 149210 Scan engines: 13 Archive engines: 39 Unpack engines: 3 Mail engines: 6 System engines: 0 [root@mail root]# uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4482 created May 02 2005 Scanning for 125168 viruses, trojans and variants. [root@mail root]# clamscan --version ClamAV 0.84/865/Tue May 3 01:16:49 2005 ... and I can reach www.clamav.net too (I'm in Sweden, if that matters, using swedish mirrors where applicable). -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: den 3 maj 2005 15:14 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Update Virus Scanners Anybody else facing problems updating Clamav and McAfee today, or is just me? The only update working for me today is BitDefender. I'm also not able to acess www.clamav.net . Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 14:48:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:28 2006 Subject: [Fwd: SpamAssassin 3.0.3 Released] Message-ID: I note it's still not as high the 2.x, I'll leave mine as they are I think.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Lee wrote: > On Fri, 29 Apr 2005, Julian Field wrote: > >> I'm running it in production now. No problems whatsoever, as long as you >> have Digest::SHA1 installed, which my ClamAV-SA package installs for you >> anyway. I'll get ClamAV-SA updated next. >> Watch the output of the "perl Makefile.PL" command. > > > We, too, have been running it in production since about 10:00 UK time > (that's 5+ hours) on machines that handle 60K msgs per day. Nothing > eventful (so far...). > > It seems to have better (higher) BAYES_95 and BAYES_99. (The previous > version (3.0.2) had these surprisingly low, and so we had applied our own > higher overrride values, which I should now (3.0.3) be able to remove.) > > Hope that helps. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue May 3 15:13:49 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:28 2006 Subject: Zip Zip error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok I've narrowed it down. I only get this error when using Outlook 2000 or Outlook 2003. When I use Thunderbird to connect to our Exhange server and send zip files this doesn't happen. Only when using an Outlook client and since moving to Redhat AS 3.1. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue May 3 14:45:40 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the info. Maybe it's a regional problem... ----- Original Message ----- From: "Martin Hepworth" To: Sent: Tuesday, May 03, 2005 10:43 AM Subject: Re: Update Virus Scanners > Hi > > clamav.net access works for me..... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Michael Baird wrote: > > Yes, my Mcafee won't update to 4482 either, at least using MailScanner's > > scripts. This new Virus is tremendous too. I was getting ready to > > install the clamavmodule, but your note about ClamAV is really scary. > > > > Regards > > Michael Baird > > > > > >>Anybody else facing problems updating Clamav and McAfee today, or is > >>just me? The only update working for me today is BitDefender. > >> > >>I'm also not able to acess www.clamav.net . > >> > >>Roger Jochem > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) > >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Tue May 3 15:02:34 2005 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:29:28 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > Anybody else facing problems updating Clamav and McAfee today, or is just me? The only update working for me today is BitDefender. > > I'm also not able to acess www.clamav.net . > > Roger Jochem Last clamav update at 8:43 EST, just hit the website with no problems. Don't use McAfee. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue May 3 15:22:06 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:28 2006 Subject: SuSE 9.3 Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Kevin Miller > >Anybody installed on 9.3 yet? Any gotchas? I've ordered a copy which >should be here in a week or so. (I'll be dumping Postfix and running >Sendmail instead) so any 'heads up' are appreaciated... Yes, I got it installed and MS is running perfectly. SuSE 9.3 comes with spamassassin 3.0.2. I haven't tried to manually install sa 3.0.3, yet. The only problems I ran into are not (really) MS related: - MailWatch.pm problem. SuSE 9.3 installs perl-DBD-mysql-2.9004, so you need the updated MailWatch.pm (see MailWatch mailinglist archive, or contact me off list); - milter-sender/libsnert problem. Compiling with the default Berkeley DB 4.3 failed. After changing some files, compiling worked, but milter-sender segfaults. Tracked down the problem, with Andrew Howe, and solved it (see milters mailinglist archive, or contact me off list). Hope this helps. >...Kevin Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue May 3 15:49:06 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:28 2006 Subject: Invalid argument Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Attached is the maillog after a restart Lance Doerfler Andreas wrote: mail us the syslog entry ... -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue May 3 16:18:54 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:29 2006 Subject: SuSE 9.3 Message-ID: Mike wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Kevin Miller >> >> Anybody installed on 9.3 yet? Any gotchas? I've ordered a copy >> which should be here in a week or so. (I'll be dumping Postfix and >> running Sendmail instead) so any 'heads up' are appreaciated... > > Yes, I got it installed and MS is running perfectly. SuSE 9.3 comes > with spamassassin 3.0.2. I haven't tried to manually install sa > 3.0.3, yet. > > The only problems I ran into are not (really) MS related: > > - MailWatch.pm problem. SuSE 9.3 installs perl-DBD-mysql-2.9004, so > you need the updated MailWatch.pm (see MailWatch mailinglist archive, > or contact me off list); > - milter-sender/libsnert problem. Compiling with the default Berkeley > DB 4.3 failed. After changing some files, compiling worked, but > milter-sender segfaults. Tracked down the problem, with Andrew Howe, > and solved it (see milters mailinglist archive, or contact me off > list). Thanks Mike, Still waiting for my 9.3 to arrive and it'll probably be a bit before I get a chance to install it, but appreciate the heads up. I've never implemented MailWatch but it's something that I've wanted to do as well as milter-sender and milter-ahead so I'm sure I'll avail myself of your offer... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 16:11:07 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: New errors in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nestor Burma wrote: > Hello, > > We very recently (yesterday) upgraded ClamAv to 0.84 > release. This morning, in our logs, we found this kind > of messages : > > MailScanner[12984]: > /var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/msg-12984-18.txt: > Empty file > MailScanner[12984]: ProcessClamAVOutput: unrecognised > line > "/var/spool/mailscanner/incoming/12984/./C1F0E5E8CB.2F61C/msg-12984-18.txt: > Empty file". Please contact the authors! > > So ,well, we do contact the authors :-) > If more data is needed to pinpoint the problem, just > ask for it. MailScanner is 4.39.5-1. > > Thanks, > Since you don't have a problem upgrading, you might as well upgrade MailScanner also. Whenever you upgrade one piece in a puzzle, you will have to expect the other pieces might "not quite fit". -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 16:17:25 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > Anybody else facing problems updating Clamav and McAfee today, or is > just me? The only update working for me today is BitDefender. > > I'm also not able to acess www.clamav.net . > > Roger Jochem OK here. Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4482 created May 02 2005 Scanning for 125168 viruses, trojans and variants. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spike_cacti at YAHOO.COM Tue May 3 16:09:17 2005 From: spike_cacti at YAHOO.COM (Spike Cacti) Date: Thu Jan 12 21:29:29 2006 Subject: BitDefender updates using a proxy not working.... Message-ID: A little off-topic but.... Anyone got the updates to work with a proxy setting ? I tried : UpdateHttpProxy = http://proxy:port and UpdateHttpProxy = proxy:port in bdc.ini But no go... It still tries to connect directly using port 80... Spike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Tue May 3 03:16:53 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV Perl module not found Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How would I check for this? On 5/2/05, Scott Silva wrote: Devon Harding wrote: > It does return /usr/bin/perl. This started happening after I upgraded > from FC2 to FC3. > > -Devon > > On 4/30/05, *Julian Field* < MailScanner@ecs.soton.ac.uk > > wrote: > > Type "which perl". If it doesn't return "/usr/bin/perl" then you have > installed the ClamAV module into 1 perl installation, which MailScanner > is using a different one (/usr/bin/perl). > > Devon Harding wrote: > > > No one knows how to fix this? > > > > On 4/27/05, *Devon Harding* > > >> > wrote: > > > > Anyone? > > > > > > On 4/27/05, *Devon Harding* < devonharding@gmail.com > > > >> wrote: > > > > Did anyone ever fix this? I'm having the same issue. Here is > > the content of my /usr/lib/perl5 dir. > > > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.0 > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.1 > > drwxr-xr-x 3 root root 4.0K Oct 12 2004 5.8.2 > > drwxr-xr-x 4 root root 4.0K Apr 26 18:47 5.8.3 > > drwxr-xr-x 3 root root 4.0K Apr 26 18:47 5.8.4 > > drwxr-xr-x 43 root root 4.0K Apr 26 18:47 5.8.5 > > drwxr-xr-x 8 root root 4.0K Apr 26 18:47 site_perl > > drwxr-xr-x 2 root root 4.0K Apr 27 02:03 Text > > drwxr-xr-x 8 root root 4.0K Apr 26 18:47 vendor_perl > > > > > > On 12/14/04, *Mike Kercher* < mike@camaross.net > > > >> wrote: > > > > Chris Trudeau wrote: > >> List, > >> > >> Installing ClamAV module via CPAN on machine running > > MailScanner > >> 4.36-4 stable. The install of the module goes fine, but when > >> starting MailScanner with Virus Scanners = clamavmodule > > the log > >> returns the message: > >> > >> ClamAV Perl module not found, did you install it? > >> > >> I verified using CPAN install that it is in fact > > installed and > >> uptodate. > >> > >> Any ideas? > >> > >> CT > > > > Do you have more than one version of perl installed? > > > > Mike > > > > ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > > ( http://www.mailscanner.biz/maq/) and > > the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ). > > > > Support MailScanner development - buy the book off the > > website! Look and see if your upgrade left some residual from the previous perl install. I have been hit by this in the past with RedHat upgrades. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue May 3 16:43:22 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's working again now. Maybe some temporary routing problem in Brazil... ----- Original Message ----- From: "Scott Silva" To: Sent: Tuesday, May 03, 2005 12:17 PM Subject: Re: Update Virus Scanners > Roger Jochem wrote: > > Anybody else facing problems updating Clamav and McAfee today, or is > > just me? The only update working for me today is BitDefender. > > > > I'm also not able to acess www.clamav.net . > > > > Roger Jochem > > > OK here. > Virus Scan for Linux v4.40.0 > Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights > reserved. > (408) 988-3832 LICENSED COPY - Sep 23 2004 > > Scan engine v4.4.00 for Linux. > Virus data file v4482 created May 02 2005 > Scanning for 125168 viruses, trojans and variants. > > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 3 16:49:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV Perl module not found Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You may find that the new version of perl you got with FC3 is not searching all the perl paths that were used with FC2. If so, the easiest solution is to re-install all the perl modules you need. On 3 May 2005, at 03:16, Devon Harding wrote: How would I check for this? On 5/2/05, Scott Silva wrote: Devon Harding wrote: > It does return /usr/bin/perl.  This started happening after I upgraded > from FC2 to FC3. > > -Devon > > On 4/30/05, *Julian Field* < MailScanner@ecs.soton.ac.uk > > wrote: > >     Type "which perl". If it doesn't return "/usr/bin/perl" then you have >     installed the ClamAV module into 1 perl installation, which MailScanner >     is using a different one (/usr/bin/perl). > >     Devon Harding wrote: > >     > No one knows how to fix this? >     > >     > On 4/27/05, *Devon Harding*      >     > >> >     wrote: >     > >     >     Anyone? >     > >     > >     >     On 4/27/05, *Devon Harding* < devonharding@gmail.com >     >     >          >> wrote: >     > >     >         Did anyone ever fix this?  I'm having the same issue.  Here is >     >         the content of my /usr/lib/perl5 dir. >     > >     >         drwxr-xr-x   3 root root 4.0K Oct 12  2004 5.8.0 >     >         drwxr-xr-x   3 root root 4.0K Oct 12  2004 5.8.1 >     >         drwxr-xr-x   3 root root 4.0K Oct 12  2004 5.8.2 >     >         drwxr-xr-x   4 root root 4.0K Apr 26 18:47 5.8.3 >     >         drwxr-xr-x   3 root root 4.0K Apr 26 18:47 5.8.4 >     >         drwxr-xr-x  43 root root 4.0K Apr 26 18:47 5.8.5 >     >         drwxr-xr-x   8 root root 4.0K Apr 26 18:47 site_perl >     >         drwxr-xr-x   2 root root 4.0K Apr 27 02:03 Text >     >         drwxr-xr-x   8 root root 4.0K Apr 26 18:47 vendor_perl >     > >     > >     >         On 12/14/04, *Mike Kercher* < mike@camaross.net >     >     >         >> wrote: >     > >     >             Chris Trudeau wrote: >     >> List, >     >> >     >> Installing ClamAV module via CPAN on machine running >     >             MailScanner >     >> 4.36-4 stable.  The install of the module goes fine, but when >     >> starting MailScanner with Virus Scanners = clamavmodule >     >             the log >     >> returns the message: >     >> >     >> ClamAV Perl module not found, did you install it? >     >> >     >> I verified using CPAN install that it is in fact >     >             installed and >     >> uptodate. >     >> >     >> Any ideas? >     >> >     >> CT >     > >     >             Do you have more than one version of perl installed? >     > >     >             Mike >     > >     >             ------------------------ MailScanner list >     >             ------------------------ >     >             To unsubscribe, email jiscmail@jiscmail.ac.uk >     >     >                  > with the words: >     >             'leave mailscanner' in the body of the email. >     >             Before posting, read the MAQ >     >             ( http://www.mailscanner.biz/maq/) and >     >             the archives ( >     >             http://www.jiscmail.ac.uk/lists/mailscanner.html >     >     >             ). >     > >     >             Support MailScanner development - buy the book off the >     >             website! Look and see if your upgrade left some residual from the previous perl install. I have been hit by this in the past with RedHat upgrades. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 16:58:52 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV Perl module not found Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > How would I check for this? > > On 5/2/05, *Scott Silva* > wrote: > > Devon Harding wrote: > > It does return /usr/bin/perl. This started happening after I upgraded > > from FC2 to FC3. > > > > -Devon > > Look in /usr/lib/perl5 and see if there is an extra perl directory. You should have ; vendor_perl site_perl and a directory with your perl version. Mine is 5.8.0 Then inside site_perl and vendor_perl should be one subdirectory with the version number. Again on mine is 5.8.0 If you find other perl version directories, you probably want to scan the rest of the file system for similar bad entries. I think I finally just rpm -e'd all the perl stuff, killed the directories, and re-installed the perl stuff I had. You also want to make sure any rpm's you use are for your version of redhat. Some of them have hard coded directories that can bite you in the ... well you get the picture. This bit me back in an upgrade from 7.3 to 9. If you have this problem, you will have to carefully remove the extra stuff and re-install anything that was in the wrong place. This is the reason the docs caution against multiple perl versions. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue May 3 17:22:31 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:29 2006 Subject: Attachment to big Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello! I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. Is MailScanner checking the size of the uncompressed zip instead of the original attachment? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 3 17:33:36 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: Just about there. --- MailScanner works now :) thank you --- To get my sendmail to work, I had to comment out the AuthOption=A in the sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. I just couldn't figure out how to change the sendmail.cf file using m4 and the sendmail.mc file --- Mailwatch problem --- After searching the mailwatch archives and finding a little bit of information concerning the error that I am getting, I have not yet found an answer to this problem. I also subscribed to the mailing list but they are not really active. May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: Cannot insert row: MySQL server has gone away Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Monday, May 02, 2005 12:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog logging level > > Thanks for the answer. I just commented this line out: > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > Sendmail seems to work, along with the change that I did in my other > response. > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Scott Silva > > Sent: Monday, May 02, 2005 11:20 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: maillog logging level > > > > Billy A. Pumphrey wrote: > > > --- > > > NOTE: I erased the rest of the message to get by the "looks like a > > > script" error" > > > --- > > > > > > Ok, telnet > > > > > > To make it clear, I have a new MailScanner machine (the one that I > am > > > trying to get working) and the one in production that is out of date > on > > > software and hardware. > > > > > > Anyway, I know that sendmail is having problems because when I > telnet to > > > the new one it looks like it tries and just comes back to the > command > > > prompt. If I telnet to the old one a connection is made and shows > some > > > stuff. > > > > > > Now, > > > Should I just reinstall sendmail on top of mine or something? I > > > installed sendmail by selecting the package when installing > centos4.0. > > > The service appears to be running ok. I did the ch config that the > book > > > and web site talks about. A service MailScanner restart reads > fine > > > for the services starting (outgoing and incoming sendmail starts > fine). > > > If I look at the running services it has 1 sendmail running (under > user > > > smmsp) which is the one that is suppose to be running isn't it? > > > > > > I was comparing the service --status-all command between the 2 > machines. > > > The services looks the same as far as MailScanner and sendmail look. > > > There is a sendmail running on each, and MailScanner running > > > (MailScanner,incoming sendmail, outgoing sendmail) > > > > The default on ALL RedHat based sendmail installs is to only accept > > local connections (IE.. from and to 127.0.0.1) > > You will have to fix this. It is commented well in the sendmail.mc > file. > > Look for the section with; > > > > dnl # The following causes sendmail to only listen on the IPv4 > loopback > > address > > dnl # 127.0.0.1 and not on any other network devices. Remove the > loopback > > dnl # address restriction to accept email from the internet or > intranet. > > dnl # > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > Your default will be different, as this has already been changed. > > > > -- > > "If you have ever eaten crow, > > It don't taste like chicken!!" > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 3 17:32:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: Attachment to big Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ooh, you may well be right.I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello!   I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb.   The attachment is a zip file, that decompressed gives me a txt file with 90 Mb.   Is MailScanner checking the size of the uncompressed zip instead of the original attachment?   --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue May 3 17:36:17 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:29 2006 Subject: Attachment to big Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, May 03, 2005 1:32 PM Subject: Re: Attachment to big Ooh, you may well be right. I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. Is MailScanner checking the size of the uncompressed zip instead of the original attachment? -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 3 17:51:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: Billy this looks like a known problem with the current DBD::mysql and Mailwatch.pm from 0.5.1. You need a new mailwatch.pm from the MW list archives - October 6 2004 by Walker Aumann. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Billy A. Pumphrey wrote: > Just about there. > > --- > MailScanner works now :) thank you > --- > To get my sendmail to work, I had to comment out the AuthOption=A in the > sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. > I just couldn't figure out how to change the sendmail.cf file using m4 > and the sendmail.mc file > > --- > Mailwatch problem > --- > After searching the mailwatch archives and finding a little bit of > information concerning the error that I am getting, I have not yet found > an answer to this problem. I also subscribed to the mailing list but > they are not really active. > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: > Cannot insert row: MySQL server has gone away > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Billy A. Pumphrey >>Sent: Monday, May 02, 2005 12:01 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: maillog logging level >> >>Thanks for the answer. I just commented this line out: >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl >> >>Sendmail seems to work, along with the change that I did in my other >>response. >> >>Billy Pumphrey >>IT Manager >>Wooden & McLaughlin >> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > On > >>>Behalf Of Scott Silva >>>Sent: Monday, May 02, 2005 11:20 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: maillog logging level >>> >>>Billy A. Pumphrey wrote: >>> >>>>--- >>>>NOTE: I erased the rest of the message to get by the "looks like a >>>>script" error" >>>>--- >>>> >>>>Ok, telnet >>>> >>>>To make it clear, I have a new MailScanner machine (the one that I >> >>am >> >>>>trying to get working) and the one in production that is out of > > date > >>on >> >>>>software and hardware. >>>> >>>>Anyway, I know that sendmail is having problems because when I >> >>telnet to >> >>>>the new one it looks like it tries and just comes back to the >> >>command >> >>>>prompt. If I telnet to the old one a connection is made and shows >> >>some >> >>>>stuff. >>>> >>>>Now, >>>>Should I just reinstall sendmail on top of mine or something? I >>>>installed sendmail by selecting the package when installing >> >>centos4.0. >> >>>>The service appears to be running ok. I did the ch config that > > the > >>book >> >>>>and web site talks about. A service MailScanner restart reads >> >>fine >> >>>>for the services starting (outgoing and incoming sendmail starts >> >>fine). >> >>>>If I look at the running services it has 1 sendmail running (under >> >>user >> >>>>smmsp) which is the one that is suppose to be running isn't it? >>>> >>>>I was comparing the service --status-all command between the 2 >> >>machines. >> >>>>The services looks the same as far as MailScanner and sendmail > > look. > >>>>There is a sendmail running on each, and MailScanner running >>>>(MailScanner,incoming sendmail, outgoing sendmail) >>> >>>The default on ALL RedHat based sendmail installs is to only accept >>>local connections (IE.. from and to 127.0.0.1) >>>You will have to fix this. It is commented well in the sendmail.mc >> >>file. >> >>>Look for the section with; >>> >>>dnl # The following causes sendmail to only listen on the IPv4 >> >>loopback >> >>>address >>>dnl # 127.0.0.1 and not on any other network devices. Remove the >> >>loopback >> >>>dnl # address restriction to accept email from the internet or >> >>intranet. >> >>>dnl # >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl >>>Your default will be different, as this has already been changed. >>> >>>-- >>>"If you have ever eaten crow, >>>It don't taste like chicken!!" >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 3 19:14:46 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: I tried searching the archives and found this: http://www.windischmann.de/ If that is the answer I do not know how to use a bz2 file. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Tuesday, May 03, 2005 11:52 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog logging level > > Billy > > this looks like a known problem with the current DBD::mysql and > Mailwatch.pm from 0.5.1. > > You need a new mailwatch.pm from the MW list archives - October 6 2004 > by Walker Aumann. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Billy A. Pumphrey wrote: > > Just about there. > > > > --- > > MailScanner works now :) thank you > > --- > > To get my sendmail to work, I had to comment out the AuthOption=A in the > > sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. > > I just couldn't figure out how to change the sendmail.cf file using m4 > > and the sendmail.mc file > > > > --- > > Mailwatch problem > > --- > > After searching the mailwatch archives and finding a little bit of > > information concerning the error that I am getting, I have not yet found > > an answer to this problem. I also subscribed to the mailing list but > > they are not really active. > > > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > > attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: > > Cannot insert row: MySQL server has gone away > > > > Billy Pumphrey > > IT Manager > > Wooden & McLaughlin > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Billy A. Pumphrey > >>Sent: Monday, May 02, 2005 12:01 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: maillog logging level > >> > >>Thanks for the answer. I just commented this line out: > >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > >> > >>Sendmail seems to work, along with the change that I did in my other > >>response. > >> > >>Billy Pumphrey > >>IT Manager > >>Wooden & McLaughlin > >> > >>>-----Original Message----- > >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > > On > > > >>>Behalf Of Scott Silva > >>>Sent: Monday, May 02, 2005 11:20 AM > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: maillog logging level > >>> > >>>Billy A. Pumphrey wrote: > >>> > >>>>--- > >>>>NOTE: I erased the rest of the message to get by the "looks like a > >>>>script" error" > >>>>--- > >>>> > >>>>Ok, telnet > >>>> > >>>>To make it clear, I have a new MailScanner machine (the one that I > >> > >>am > >> > >>>>trying to get working) and the one in production that is out of > > > > date > > > >>on > >> > >>>>software and hardware. > >>>> > >>>>Anyway, I know that sendmail is having problems because when I > >> > >>telnet to > >> > >>>>the new one it looks like it tries and just comes back to the > >> > >>command > >> > >>>>prompt. If I telnet to the old one a connection is made and shows > >> > >>some > >> > >>>>stuff. > >>>> > >>>>Now, > >>>>Should I just reinstall sendmail on top of mine or something? I > >>>>installed sendmail by selecting the package when installing > >> > >>centos4.0. > >> > >>>>The service appears to be running ok. I did the ch config that > > > > the > > > >>book > >> > >>>>and web site talks about. A service MailScanner restart reads > >> > >>fine > >> > >>>>for the services starting (outgoing and incoming sendmail starts > >> > >>fine). > >> > >>>>If I look at the running services it has 1 sendmail running (under > >> > >>user > >> > >>>>smmsp) which is the one that is suppose to be running isn't it? > >>>> > >>>>I was comparing the service --status-all command between the 2 > >> > >>machines. > >> > >>>>The services looks the same as far as MailScanner and sendmail > > > > look. > > > >>>>There is a sendmail running on each, and MailScanner running > >>>>(MailScanner,incoming sendmail, outgoing sendmail) > >>> > >>>The default on ALL RedHat based sendmail installs is to only accept > >>>local connections (IE.. from and to 127.0.0.1) > >>>You will have to fix this. It is commented well in the sendmail.mc > >> > >>file. > >> > >>>Look for the section with; > >>> > >>>dnl # The following causes sendmail to only listen on the IPv4 > >> > >>loopback > >> > >>>address > >>>dnl # 127.0.0.1 and not on any other network devices. Remove the > >> > >>loopback > >> > >>>dnl # address restriction to accept email from the internet or > >> > >>intranet. > >> > >>>dnl # > >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > >>>Your default will be different, as this has already been changed. > >>> > >>>-- > >>>"If you have ever eaten crow, > >>>It don't taste like chicken!!" > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 3 19:46:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Find a copy of bunzip2. Billy A. Pumphrey wrote: >I tried searching the archives and found this: >http://www.windischmann.de/ > >If that is the answer I do not know how to use a bz2 file. > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Martin Hepworth >>Sent: Tuesday, May 03, 2005 11:52 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: maillog logging level >> >>Billy >> >>this looks like a known problem with the current DBD::mysql and >>Mailwatch.pm from 0.5.1. >> >>You need a new mailwatch.pm from the MW list archives - October 6 2004 >>by Walker Aumann. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Billy A. Pumphrey wrote: >> >> >>>Just about there. >>> >>>--- >>>MailScanner works now :) thank you >>>--- >>>To get my sendmail to work, I had to comment out the AuthOption=A in >>> >>> >the > > >>>sendmail.cf and take out the 127.0.0.1 out of the line in >>> >>> >sendmail.cf. > > >>>I just couldn't figure out how to change the sendmail.cf file using >>> >>> >m4 > > >>>and the sendmail.mc file >>> >>>--- >>>Mailwatch problem >>>--- >>>After searching the mailwatch archives and finding a little bit of >>>information concerning the error that I am getting, I have not yet >>> >>> >found > > >>>an answer to this problem. I also subscribed to the mailing list >>> >>> >but > > >>>they are not really active. >>> >>>May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure >>>attempting to re-connect May 3 04:02:23 WoodenMS >>> >>> >MailScanner[13105]: > > >>>Cannot insert row: MySQL server has gone away >>> >>>Billy Pumphrey >>>IT Manager >>>Wooden & McLaughlin >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >>>> >On > > >>>>Behalf Of Billy A. Pumphrey >>>>Sent: Monday, May 02, 2005 12:01 PM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: maillog logging level >>>> >>>>Thanks for the answer. I just commented this line out: >>>>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl >>>> >>>>Sendmail seems to work, along with the change that I did in my other >>>>response. >>>> >>>>Billy Pumphrey >>>>IT Manager >>>>Wooden & McLaughlin >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>> >>>>> >>>On >>> >>> >>> >>>>>Behalf Of Scott Silva >>>>>Sent: Monday, May 02, 2005 11:20 AM >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: maillog logging level >>>>> >>>>>Billy A. Pumphrey wrote: >>>>> >>>>> >>>>> >>>>>>--- >>>>>>NOTE: I erased the rest of the message to get by the "looks like a >>>>>>script" error" >>>>>>--- >>>>>> >>>>>>Ok, telnet >>>>>> >>>>>>To make it clear, I have a new MailScanner machine (the one that I >>>>>> >>>>>> >>>>am >>>> >>>> >>>> >>>>>>trying to get working) and the one in production that is out of >>>>>> >>>>>> >>>date >>> >>> >>> >>>>on >>>> >>>> >>>> >>>>>>software and hardware. >>>>>> >>>>>>Anyway, I know that sendmail is having problems because when I >>>>>> >>>>>> >>>>telnet to >>>> >>>> >>>> >>>>>>the new one it looks like it tries and just comes back to the >>>>>> >>>>>> >>>>command >>>> >>>> >>>> >>>>>>prompt. If I telnet to the old one a connection is made and shows >>>>>> >>>>>> >>>>some >>>> >>>> >>>> >>>>>>stuff. >>>>>> >>>>>>Now, >>>>>>Should I just reinstall sendmail on top of mine or something? I >>>>>>installed sendmail by selecting the package when installing >>>>>> >>>>>> >>>>centos4.0. >>>> >>>> >>>> >>>>>>The service appears to be running ok. I did the ch config that >>>>>> >>>>>> >>>the >>> >>> >>> >>>>book >>>> >>>> >>>> >>>>>>and web site talks about. A service MailScanner restart reads >>>>>> >>>>>> >>>>fine >>>> >>>> >>>> >>>>>>for the services starting (outgoing and incoming sendmail starts >>>>>> >>>>>> >>>>fine). >>>> >>>> >>>> >>>>>>If I look at the running services it has 1 sendmail running (under >>>>>> >>>>>> >>>>user >>>> >>>> >>>> >>>>>>smmsp) which is the one that is suppose to be running isn't it? >>>>>> >>>>>>I was comparing the service --status-all command between the 2 >>>>>> >>>>>> >>>>machines. >>>> >>>> >>>> >>>>>>The services looks the same as far as MailScanner and sendmail >>>>>> >>>>>> >>>look. >>> >>> >>> >>>>>>There is a sendmail running on each, and MailScanner running >>>>>>(MailScanner,incoming sendmail, outgoing sendmail) >>>>>> >>>>>> >>>>>The default on ALL RedHat based sendmail installs is to only accept >>>>>local connections (IE.. from and to 127.0.0.1) >>>>>You will have to fix this. It is commented well in the sendmail.mc >>>>> >>>>> >>>>file. >>>> >>>> >>>> >>>>>Look for the section with; >>>>> >>>>>dnl # The following causes sendmail to only listen on the IPv4 >>>>> >>>>> >>>>loopback >>>> >>>> >>>> >>>>>address >>>>>dnl # 127.0.0.1 and not on any other network devices. Remove the >>>>> >>>>> >>>>loopback >>>> >>>> >>>> >>>>>dnl # address restriction to accept email from the internet or >>>>> >>>>> >>>>intranet. >>>> >>>> >>>> >>>>>dnl # >>>>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl >>>>>Your default will be different, as this has already been changed. >>>>> >>>>>-- >>>>>"If you have ever eaten crow, >>>>>It don't taste like chicken!!" >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Tue May 3 19:53:02 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] McAfee is updating just fine on my servers, for whatever that is worth. That being said, the stock mcafee-autoupdate script supplied with MailScanner seems to have a PREFIX=/opt/uvscan or something along those lines, as mine is in /usr/local/uvscan, I had to edit the script. For whatever that is worth :) uvscan --version Virus Scan for Linux v4.32.0 Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Nov 27 2003 Scan engine v4.3.20 for Linux. Virus data file v4483 created May 03 2005 Scanning for 125222 viruses, trojans and variants. Tracy Greggs Oklahoma Network Consulting ----- Original Message ----- From: "Michael Baird" To: Sent: Tuesday, May 03, 2005 8:39 AM Subject: Re: Update Virus Scanners > Yes, my Mcafee won't update to 4482 either, at least using MailScanner's > scripts. This new Virus is tremendous too. I was getting ready to > install the clamavmodule, but your note about ClamAV is really scary. > > Regards > Michael Baird > >> Anybody else facing problems updating Clamav and McAfee today, or is >> just me? The only update working for me today is BitDefender. >> >> I'm also not able to acess www.clamav.net . >> >> Roger Jochem >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 3 20:05:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You don't need to edit the script at all. All the -autoupdate scripts expect to be given the installation directory (as taken from /etc/MailScanner/virus.scanners.conf) as the first parameter on the command-line. If you just use my update_virus_scanners script that I provide, it does all of this for you. You really don't need to edit my code. Tracy Greggs wrote: > McAfee is updating just fine on my servers, for whatever that is worth. > > That being said, the stock mcafee-autoupdate script supplied with > MailScanner seems to have a PREFIX=/opt/uvscan or something along those > lines, as mine is in /usr/local/uvscan, I had to edit the script. > > For whatever that is worth :) > > > uvscan --version > > Virus Scan for Linux v4.32.0 > Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights > reserved. > (408) 988-3832 LICENSED COPY - Nov 27 2003 > > Scan engine v4.3.20 for Linux. > Virus data file v4483 created May 03 2005 > Scanning for 125222 viruses, trojans and variants. > > > Tracy Greggs > Oklahoma Network Consulting > > > > ----- Original Message ----- > From: "Michael Baird" > To: > Sent: Tuesday, May 03, 2005 8:39 AM > Subject: Re: Update Virus Scanners > > >> Yes, my Mcafee won't update to 4482 either, at least using MailScanner's >> scripts. This new Virus is tremendous too. I was getting ready to >> install the clamavmodule, but your note about ClamAV is really scary. >> >> Regards >> Michael Baird >> >>> Anybody else facing problems updating Clamav and McAfee today, or is >>> just me? The only update working for me today is BitDefender. >>> >>> I'm also not able to acess www.clamav.net . >>> >>> Roger Jochem >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cpd at UNIVAP.BR Tue May 3 20:16:08 2005 From: cpd at UNIVAP.BR (Vladimir M Costa) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Or downgrade Perl DBD-MySQL to version 2.1028 see: http://mailwatch.sourceforge.net/faq.html Vladimir Costa On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote > Billy > > this looks like a known problem with the current DBD::mysql and > Mailwatch.pm from 0.5.1. > > You need a new mailwatch.pm from the MW list archives - October 6 2004 > by Walker Aumann. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Billy A. Pumphrey wrote: > > Just about there. > > > > --- > > MailScanner works now :) thank you > > --- > > To get my sendmail to work, I had to comment out the AuthOption=A in the > > sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. > > I just couldn't figure out how to change the sendmail.cf file using m4 > > and the sendmail.mc file > > > > --- > > Mailwatch problem > > --- > > After searching the mailwatch archives and finding a little bit of > > information concerning the error that I am getting, I have not yet found > > an answer to this problem. I also subscribed to the mailing list but > > they are not really active. > > > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > > attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: > > Cannot insert row: MySQL server has gone away > > > > Billy Pumphrey > > IT Manager > > Wooden & McLaughlin > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Billy A. Pumphrey > >>Sent: Monday, May 02, 2005 12:01 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: maillog logging level > >> > >>Thanks for the answer. I just commented this line out: > >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > >> > >>Sendmail seems to work, along with the change that I did in my other > >>response. > >> > >>Billy Pumphrey > >>IT Manager > >>Wooden & McLaughlin > >> > >>>-----Original Message----- > >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > > On > > > >>>Behalf Of Scott Silva > >>>Sent: Monday, May 02, 2005 11:20 AM > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: maillog logging level > >>> > >>>Billy A. Pumphrey wrote: > >>> > >>>>--- > >>>>NOTE: I erased the rest of the message to get by the "looks like a > >>>>script" error" > >>>>--- > >>>> > >>>>Ok, telnet > >>>> > >>>>To make it clear, I have a new MailScanner machine (the one that I > >> > >>am > >> > >>>>trying to get working) and the one in production that is out of > > > > date > > > >>on > >> > >>>>software and hardware. > >>>> > >>>>Anyway, I know that sendmail is having problems because when I > >> > >>telnet to > >> > >>>>the new one it looks like it tries and just comes back to the > >> > >>command > >> > >>>>prompt. If I telnet to the old one a connection is made and shows > >> > >>some > >> > >>>>stuff. > >>>> > >>>>Now, > >>>>Should I just reinstall sendmail on top of mine or something? I > >>>>installed sendmail by selecting the package when installing > >> > >>centos4.0. > >> > >>>>The service appears to be running ok. I did the ch config that > > > > the > > > >>book > >> > >>>>and web site talks about. A service MailScanner restart reads > >> > >>fine > >> > >>>>for the services starting (outgoing and incoming sendmail starts > >> > >>fine). > >> > >>>>If I look at the running services it has 1 sendmail running (under > >> > >>user > >> > >>>>smmsp) which is the one that is suppose to be running isn't it? > >>>> > >>>>I was comparing the service --status-all command between the 2 > >> > >>machines. > >> > >>>>The services looks the same as far as MailScanner and sendmail > > > > look. > > > >>>>There is a sendmail running on each, and MailScanner running > >>>>(MailScanner,incoming sendmail, outgoing sendmail) > >>> > >>>The default on ALL RedHat based sendmail installs is to only accept > >>>local connections (IE.. from and to 127.0.0.1) > >>>You will have to fix this. It is commented well in the sendmail.mc > >> > >>file. > >> > >>>Look for the section with; > >>> > >>>dnl # The following causes sendmail to only listen on the IPv4 > >> > >>loopback > >> > >>>address > >>>dnl # 127.0.0.1 and not on any other network devices. Remove the > >> > >>loopback > >> > >>>dnl # address restriction to accept email from the internet or > >> > >>intranet. > >> > >>>dnl # > >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > >>>Your default will be different, as this has already been changed. > >>> > >>>-- > >>>"If you have ever eaten crow, > >>>It don't taste like chicken!!" > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Universidade do Vale do Paraíba - UNIVAP. http://www.univap.br/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 20:04:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote: > McAfee is updating just fine on my servers, for whatever that is worth. > > That being said, the stock mcafee-autoupdate script supplied with > MailScanner seems to have a PREFIX=/opt/uvscan or something along those > lines, as mine is in /usr/local/uvscan, I had to edit the script. > > For whatever that is worth :) > > > uvscan --version > > Virus Scan for Linux v4.32.0 > Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights > reserved. > (408) 988-3832 LICENSED COPY - Nov 27 2003 > > Scan engine v4.3.20 for Linux. > Virus data file v4483 created May 03 2005 > Scanning for 125222 viruses, trojans and variants. > The update_virus_scanners script passes the proper paths automatically if your settings in /etc/MailScanner/virus.scanners.conf are correct. Otherwise your "adjustment" will not survive an upgrade. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Tue May 3 20:22:50 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:29 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I stand corrected :) It has been quite some time since I did that, it must have been because I was too lazy to manually update the dat files before firing up MailScanner for the 1st time, and running the mcafee-autoupdate script from the command line wasn't going to work unless I edited it. Tracy ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, May 03, 2005 2:05 PM Subject: Re: Update Virus Scanners > You don't need to edit the script at all. > > All the -autoupdate scripts expect to be given the installation > directory (as taken from /etc/MailScanner/virus.scanners.conf) as the > first parameter on the command-line. > > If you just use my update_virus_scanners script that I provide, it does > all of this for you. > > You really don't need to edit my code. -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Tue May 3 20:59:28 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:29 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6) X-MailScanner-From: derek@adcatanzaro.com X-CCLRC-SPAM-report: 0 : X-Scanned-By: MIMEDefang 2.39 Is it possible to have the emails in /var/spool/mqueue.in processed by MS without having the actual MS service running? I have quite a few emails in /var/spool/mqueue.in (I believe it's due to DNS issues) and I do not want any more email delivered to the server, however, I would like to have the current emails in /var/spool/mqueue.in processed by MS so it will run the SPAM checks and move them to /var/spool/mqueue and then I will force sendmail to route the emails. I get a ton of SPAM and if I just "mv /var/spool/mqueue.in * /var/spool/mqueue" because it was never processed by MS and my users will get a ton of SPAM and I am trying to prevent that. Thanks for your assistance. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Tue May 3 21:08:56 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:29 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) X-MailScanner-From: derek@adcatanzaro.com X-CCLRC-SPAM-report: 0 : X-Scanned-By: MIMEDefang 2.39 FC2 mailscanner-4.40.11-1 spamassassin-3.0.2-1 Is it possible to have the emails in /var/spool/mqueue.in processed by MS without having the actual MS service running? I have quite a few emails in /var/spool/mqueue.in (I believe it's due to DNS issues) and I do not want any more email delivered to the server, however, I would like to have the current emails in /var/spool/mqueue.in processed by MS so it will run the SPAM checks and move them to /var/spool/mqueue and then I will force sendmail to route the emails. I get a ton of SPAM and if I just "mv /var/spool/mqueue.in * /var/spool/mqueue" because it was never processed by MS and my users will get a ton of SPAM and I am trying to prevent that. Thanks for your assistance. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 3 21:24:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] service MailScanner stop (That will stop MailScanner and both the incoming and outgoing sendmails) service MailScanner startout (That will start the outgoing sendmail only) check_MailScanner (That will start MailScanner on its own) Then it will munch its way through the mqueue.in and deliver it all, once filtered. Once the mqueue.in is empty and everything in mqueue has been delivered, you can service MailScanner stop to shut it all down. Don't forget to chkconfig MailScanner off to ensure it won't start back up when the system is rebooted. Derek Catanzaro wrote: >Content-Type: text/plain; charset=ISO-8859-1; format=flowed >Content-Transfer-Encoding: 7bit >X-yoursite-MailScanner-Information: Please contact the ISP for more information >X-yoursite-MailScanner: Found to be clean >X-yoursite-MailScanner-SpamCheck: not spam, SpamAssassin (timed out) >X-MailScanner-From: derek@adcatanzaro.com >X-CCLRC-SPAM-report: 0 : >X-Scanned-By: MIMEDefang 2.39 > >FC2 >mailscanner-4.40.11-1 >spamassassin-3.0.2-1 > >Is it possible to have the emails in /var/spool/mqueue.in processed by >MS without having the actual MS service running? > >I have quite a few emails in /var/spool/mqueue.in (I believe it's due to >DNS issues) and I do not want any more email delivered to the server, >however, I would like to have the current emails in /var/spool/mqueue.in >processed by MS so it will run the SPAM checks and move them to >/var/spool/mqueue and then I will force sendmail to route the emails. I >get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >/var/spool/mqueue" because it was never processed by MS and my users >will get a ton of SPAM and I am trying to prevent that. > >Thanks for your assistance. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 3 21:39:12 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:29 2006 Subject: maillog logging level Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another good link: http://forum.ev1servers.net/showpost.php?p=332319&postcount=85 Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Vladimir M Costa > Sent: Tuesday, May 03, 2005 2:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog logging level > > Or downgrade Perl DBD-MySQL to version 2.1028 > > see: > http://mailwatch.sourceforge.net/faq.html > > > Vladimir Costa > > > > On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote > > Billy > > > > this looks like a known problem with the current DBD::mysql and > > Mailwatch.pm from 0.5.1. > > > > You need a new mailwatch.pm from the MW list archives - October 6 2004 > > by Walker Aumann. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > Billy A. Pumphrey wrote: > > > Just about there. > > > > > > --- > > > MailScanner works now :) thank you > > > --- > > > To get my sendmail to work, I had to comment out the AuthOption=A in > the > > > sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. > > > I just couldn't figure out how to change the sendmail.cf file using m4 > > > and the sendmail.mc file > > > > > > --- > > > Mailwatch problem > > > --- > > > After searching the mailwatch archives and finding a little bit of > > > information concerning the error that I am getting, I have not yet > found > > > an answer to this problem. I also subscribed to the mailing list but > > > they are not really active. > > > > > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > > > attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: > > > Cannot insert row: MySQL server has gone away > > > > > > Billy Pumphrey > > > IT Manager > > > Wooden & McLaughlin > > > > > > > > >>-----Original Message----- > > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > >>Behalf Of Billy A. Pumphrey > > >>Sent: Monday, May 02, 2005 12:01 PM > > >>To: MAILSCANNER@JISCMAIL.AC.UK > > >>Subject: Re: maillog logging level > > >> > > >>Thanks for the answer. I just commented this line out: > > >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > >> > > >>Sendmail seems to work, along with the change that I did in my other > > >>response. > > >> > > >>Billy Pumphrey > > >>IT Manager > > >>Wooden & McLaughlin > > >> > > >>>-----Original Message----- > > >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > > > > On > > > > > >>>Behalf Of Scott Silva > > >>>Sent: Monday, May 02, 2005 11:20 AM > > >>>To: MAILSCANNER@JISCMAIL.AC.UK > > >>>Subject: Re: maillog logging level > > >>> > > >>>Billy A. Pumphrey wrote: > > >>> > > >>>>--- > > >>>>NOTE: I erased the rest of the message to get by the "looks like a > > >>>>script" error" > > >>>>--- > > >>>> > > >>>>Ok, telnet > > >>>> > > >>>>To make it clear, I have a new MailScanner machine (the one that I > > >> > > >>am > > >> > > >>>>trying to get working) and the one in production that is out of > > > > > > date > > > > > >>on > > >> > > >>>>software and hardware. > > >>>> > > >>>>Anyway, I know that sendmail is having problems because when I > > >> > > >>telnet to > > >> > > >>>>the new one it looks like it tries and just comes back to the > > >> > > >>command > > >> > > >>>>prompt. If I telnet to the old one a connection is made and shows > > >> > > >>some > > >> > > >>>>stuff. > > >>>> > > >>>>Now, > > >>>>Should I just reinstall sendmail on top of mine or something? I > > >>>>installed sendmail by selecting the package when installing > > >> > > >>centos4.0. > > >> > > >>>>The service appears to be running ok. I did the ch config that > > > > > > the > > > > > >>book > > >> > > >>>>and web site talks about. A service MailScanner restart reads > > >> > > >>fine > > >> > > >>>>for the services starting (outgoing and incoming sendmail starts > > >> > > >>fine). > > >> > > >>>>If I look at the running services it has 1 sendmail running (under > > >> > > >>user > > >> > > >>>>smmsp) which is the one that is suppose to be running isn't it? > > >>>> > > >>>>I was comparing the service --status-all command between the 2 > > >> > > >>machines. > > >> > > >>>>The services looks the same as far as MailScanner and sendmail > > > > > > look. > > > > > >>>>There is a sendmail running on each, and MailScanner running > > >>>>(MailScanner,incoming sendmail, outgoing sendmail) > > >>> > > >>>The default on ALL RedHat based sendmail installs is to only accept > > >>>local connections (IE.. from and to 127.0.0.1) > > >>>You will have to fix this. It is commented well in the sendmail.mc > > >> > > >>file. > > >> > > >>>Look for the section with; > > >>> > > >>>dnl # The following causes sendmail to only listen on the IPv4 > > >> > > >>loopback > > >> > > >>>address > > >>>dnl # 127.0.0.1 and not on any other network devices. Remove the > > >> > > >>loopback > > >> > > >>>dnl # address restriction to accept email from the internet or > > >> > > >>intranet. > > >> > > >>>dnl # > > >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > >>>Your default will be different, as this has already been changed. > > >>> > > >>>-- > > >>>"If you have ever eaten crow, > > >>>It don't taste like chicken!!" > > >>> > > >>>------------------------ MailScanner list ------------------------ > > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>>'leave mailscanner' in the body of the email. > > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>> > > >>>Support MailScanner development - buy the book off the website! > > >> > > >>------------------------ MailScanner list ------------------------ > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>'leave mailscanner' in the body of the email. > > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> > > >>Support MailScanner development - buy the book off the website! > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > -- > Universidade do Vale do Paraíba - UNIVAP. > http://www.univap.br/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Tue May 3 22:47:10 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: So no one else is seeing this problem? I'm talking about onlying clamav as the scanner....no others and not clamavmodule. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Monday, May 02, 2005 5:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: ClamAV and MailScanner Bug Last week, I reported a problem that I thought was limited to a particular virus but my testing seems to elude to a bigger problem. If MailScanner is using clamav for it's scanner, viruses are being detected but MailScanner isn't properly acting on it and is delivering it as a uninfected message. It's not a config issue because I've tried it on two different Solaris 8 systems and if I switch to clamavmodule or sophos then MailScanner acts appropiately. I've even updated to 4.11.3 today which was in the plans anyway. I used to use sophos and clamav with MailScanner but the license for Sophos is just too much and stopped using it about two months ago. And since the viruses were still being detecting, from a stats side it looked like things were fine. For now, I'm switched to clamavmodule but this looks like a bug. I've been a MailScanner user since 2002 so exclude me from the newbie filters and comments and let's check this out. ClamAV May 2 16:58:56 apollo.med.wayne.edu MailScanner[9100]: Spam Checks: Starting May 2 16:58:56 apollo.med.wayne.edu MailScanner[9100]: Message j42Kwc1L009131 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 16:59:09 apollo.med.wayne.edu MailScanner[9100]: Spam Checks completed at 133 bytes per second May 2 16:59:09 apollo.med.wayne.edu MailScanner[9100]: Virus and Content Scanning: Starting May 2 16:59:13 apollo.med.wayne.edu MailScanner[9100]: /tmp/9100/./j42Kwc1L009131/eicar.doc: Eicar-Test-Signature FOUND May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning: ClamAV found 1 infections May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning: Found 1 viruses May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Scanning completed at 347 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Uninfected: Delivered 1 messages May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Virus Processing completed at 1739 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Disinfection completed at 1739 bytes per second May 2 16:59:14 apollo.med.wayne.edu MailScanner[9100]: Batch completed at 96 bytes per second (1739 / 18) ClamAVModule May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: New Batch: Scanning 1 messages, 1742 bytes May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: MCP Checks completed at 1742 bytes per second May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: Spam Checks: Starting May 2 17:08:57 apollo.med.wayne.edu MailScanner[9312]: Message j42L8iA5009328 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 17:09:16 apollo.med.wayne.edu MailScanner[9312]: Spam Checks completed at 91 bytes per second May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus and Content Scanning: Starting May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./j42L8iA5009328/eicar.doc May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning: ClamAV Module found 1 infections May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Infected message j42L8iA5009328 came from 146.9.3.57 May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning: Found 1 viruses May 2 17:09:18 apollo.med.wayne.edu MailScanner[9312]: Virus Scanning completed at 871 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Notices: Warned about 1 messages May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Virus Processing completed at 217 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Disinfection completed at 1742 bytes per second May 2 17:09:26 apollo.med.wayne.edu MailScanner[9312]: Batch completed at 60 bytes per second (1742 / 29) ClamAV and Sophos May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: New Batch: Scanning 1 messages, 1743 bytes May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: MCP Checks completed at 1743 bytes per second May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: Spam Checks: Starting May 2 17:02:01 apollo.med.wayne.edu MailScanner[9207]: Message j42L1svo009212 from 146.9.3.57 (root@apollo.med.wayne.edu) is whitelisted May 2 17:02:08 apollo.med.wayne.edu MailScanner[9207]: Spam Checks completed at 249 bytes per second May 2 17:02:09 apollo.med.wayne.edu MailScanner[9207]: Virus and Content Scanning: Starting May 2 17:02:17 apollo.med.wayne.edu MailScanner[9207]: >>> Virus 'EICAR-AV-Test' found in file ./j42L1svo009212/eicar.doc May 2 17:02:17 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: Sophos found 1 infections May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: /tmp/9207/./j42L1svo009212/eicar.doc: Eicar-Test-Signature FOUND May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: ClamAV found 1 infections May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Infected message j42L1svo009212 came from 146.9.3.57 May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning: Found 1 viruses May 2 17:02:21 apollo.med.wayne.edu MailScanner[9207]: Virus Scanning completed at 134 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Notices: Warned about 1 messages May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Virus Processing completed at 217 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Disinfection completed at 1743 bytes per second May 2 17:02:29 apollo.med.wayne.edu MailScanner[9207]: Batch completed at 62 bytes per second (1743 / 28) Bobby Rose Senior Systems Administrator MSIS Network Operations Wayne State University School of Medicine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon May 2 21:13:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:29 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [root@sbschools dns]# spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/home/dns/bin', which doesn't exist, dropping. debug: Final PATH set to:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.809 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.01 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.31 debug: diag: module installed: Razor2::Client::Agent, version 2.67 debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf debug: config: read file /etc/mail/spamassassin/70_sare_header.cf debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf debug: config: read file /etc/mail/spamassassin/70_sare_html.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/evilnumbers.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/tripwire.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) gmx.net... debug: looking up NS for 'gmx.net' debug: NS lookup of gmx.net succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) debug: running body-text per-line regexp tests; score so far=0.197 debug: running uri tests; score so far=0.197 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout May 02 16:12:35.522031 check[19071]: [ 5] computed razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, ident=/root/.razor/identity May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8 May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from /root/.razor/servers.catalogue.lst May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to folly.cloudmark.com May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to joy.cloudmark.com May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to shock.cloudmark.com May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from /root/.razor/server.folly.cloudmark.com.conf May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from /root/.razor/server.folly.cloudmark.com.conf May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest server discovery May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5078; computed min_cf=6, Server se: C8 May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8 May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5078 May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0, len 1339 May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a signature for mail 1.0 May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist May 02 16:12:35.554079 check[19071]: [ 5] Connecting to shock.cloudmark.com ... May 02 16:12:35.853955 check[19071]: [ 8] Connection established May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10 May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25 May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67 May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5078; computed min_cf=6, Server se: C8 May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8 May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52 May 02 16:12:35.862770 check[19071]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5 May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2 p=0 May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0: no-contention part, spam=0 May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam. May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server shock.cloudmark.com May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5 May 02 16:12:36.193393 check[19071]: [ 6] a=q debug: Using results from Razor v2.67 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=0.197 debug: running full-text regexp tests; score so far=0.197 debug: Razor2 is available debug: Current PATH is:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 19075: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 debug: leaving helper-app run mode debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 19076: ruid=0 euid=0 debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333 Fuz1=3415356 Fuz2=3415350 debug: leaving helper-app run mode debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2: 3415350 of 999999 debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) implements 'check_post_dnsbl' debug: running meta tests; score so far=1.57 debug: running header regexp tests; score so far=1.86 debug: running body-text per-line regexp tests; score so far=1.86 debug: running uri tests; score so far=1.86 debug: running raw-body-text per-line regexp tests; score so far=1.86 debug: running full-text regexp tests; score so far=1.86 debug: Running tests for priority: 1000 debug: running meta tests; score so far=1.86 debug: running header regexp tests; score so far=1.86 debug: using "/root/.spamassassin" for user state dir debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex debug: lock: 19071 trying to get lock on /root/.spamassassin/auto-whitelist with 30 timeout debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex debug: Post AWL score: 1.86 debug: running body-text per-line regexp tests; score so far=1.86 debug: running uri tests; score so far=1.86 debug: running raw-body-text per-line regexp tests; score so far=1.86 debug: running full-text regexp tests; score so far=1.86 debug: is spam? score=1.86 required=5 debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug:subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML HAS_MSG,__UNUSABLE_MSGID >>> ssilva@SGVWATER.COM 05/02 3:26 PM >>> David Curtis wrote: > I am getting spam with a very low score. Can any one tell me why this > e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and > MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In > postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, > opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. > > I know I can change scores but I wonder why it is so low. > > > The score was from these: > SpamAssassin (score=1.597,required 3.75) > (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, > SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) > > > OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION > PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT > FEDERAL COMPLEX TINUBU SQUARE, > Lagos- Nigeria. > Tel/Fax: > Our Ref: ACG/FGN/543WS 234-1803-7127318 > Email: moha_ibru@yahoo.com This is the old Nigerian scam. Are you sure your rules are up to date and in the proper path? Is your rules_du_joir script up to date? What does spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf show? -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 23:00:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rose, Bobby wrote: > So no one else is seeing this problem? I'm talking about onlying clamav > as the scanner....no others and not clamavmodule. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rose, Bobby > Sent: Monday, May 02, 2005 5:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ClamAV and MailScanner Bug > > Last week, I reported a problem that I thought was limited to a > particular virus but my testing seems to elude to a bigger problem. If > MailScanner is using clamav for it's scanner, viruses are being detected > but MailScanner isn't properly acting on it and is delivering it as a > uninfected message. > > It's not a config issue because I've tried it on two different Solaris 8 > systems and if I switch to clamavmodule or sophos then MailScanner acts > appropiately. I've even updated to 4.11.3 today which was in the plans > anyway. I used to use sophos and clamav with MailScanner but the > license for Sophos is just too much and stopped using it about two > months ago. And since the viruses were still being detecting, from a > stats side it looked like things were fine. For now, I'm switched to > clamavmodule but this looks like a bug. I've been a MailScanner user > since 2002 so exclude me from the newbie filters and comments and let's > check this out. > > ClamAV Maybe only a Solaris 8 problem. I couldn't tell you how many people are using Solaris. I know this isn't much help, but at least you know you aren't being ignored. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue May 3 23:18:21 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Rose, Bobby wrote: > >>So no one else is seeing this problem? I'm talking about onlying clamav >>as the scanner....no others and not clamavmodule. > Maybe only a Solaris 8 problem. No. I'm using Solaris with Clam and I'm not having any problems. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 3 23:20:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Only see one problem so far. See below David Curtis wrote: > [root@sbschools dns]# spamassassin --lint -D -p > /etc/MailScanner/spam.assassin.prefs.conf > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/home/dns/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin > debug: diag: module not installed: DBI ('require' failed) -------- Error says you need the DBI module Perl-DBI. Either see if it is included in your distribution or get from CPAN. Perl module for database access. See if this makes a difference, because it seems to be keeping you out of the bayes db. Maybe enough to taint scores? Maybe run MailScanner -v and look for any other problems. > debug: diag: module installed: DB_File, version 1.809 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.01 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.31 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/evilnumbers.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: running body-text per-line regexp tests; score so far=0.197 > debug: running uri tests; score so far=0.197 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)) > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf > May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > May 02 16:12:35.522031 check[19071]: [ 5] computed > razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, > ident=/root/.razor/identity > May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8 > May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to > folly.cloudmark.com > May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to > joy.cloudmark.com > May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to > shock.cloudmark.com > May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest > server discovery > May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5078 > May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject > May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from > 1376 bytes to 1339 > May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0, > len 1339 > May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file > (empty?): /root/.razor/razor-whitelist > May 02 16:12:35.554079 check[19071]: [ 5] Connecting to > shock.cloudmark.com ... > May 02 16:12:35.853955 check[19071]: [ 8] Connection established > May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36 > server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10 > May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25 > May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67 > May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig > May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries > May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches > May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52 > May 02 16:12:35.862770 check[19071]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5 > May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2 > p=0 > May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0: > no-contention part, spam=0 > May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam. > May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server > shock.cloudmark.com > May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5 > May 02 16:12:36.193393 check[19071]: [ 6] a=q > debug: Using results from Razor v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=0.197 > debug: running full-text regexp tests; score so far=0.197 > debug: Razor2 is available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin > debug: executable for pyzor was found at /usr/bin/pyzor > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 19075: ruid=0 euid=0 > debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > debug: leaving helper-app run mode > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is available: /usr/local/bin/dccproc > debug: entering helper-app run mode > debug: setuid: helper proc 19076: ruid=0 euid=0 > debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333 > Fuz1=3415356 Fuz2=3415350 > debug: leaving helper-app run mode > debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2: > 3415350 of 999999 > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=1.57 > debug: running header regexp tests; score so far=1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=1.86 > debug: running header regexp tests; score so far=1.86 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex > debug: lock: 19071 trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none > scores 0/0 > debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef, > IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex > debug: Post AWL score: 1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: is spam? score=1.86 required=5 > debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML_HAS_MSG,__UNUSABLE_MSGID > > >>>> ssilva@SGVWATER.COM 05/02 3:26 PM >>> > David Curtis wrote: >> I am getting spam with a very low score. Can any one tell me why this >> e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and >> MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In >> postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, >> opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. >> >> I know I can change scores but I wonder why it is so low. >> >> >> The score was from these: >> SpamAssassin (score=1.597,required 3.75) >> (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, >> SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) >> >> >> OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION >> PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT >> FEDERAL COMPLEX TINUBU SQUARE, >> Lagos- Nigeria. >> Tel/Fax: >> Our Ref: ACG/FGN/543WS 234-1803-7127318 >> Email: moha_ibru@yahoo.com > > This is the old Nigerian scam. Are you sure your rules are up to date > and in the proper path? > Is your rules_du_joir script up to date? > > What does > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > show? > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Wed May 4 00:16:59 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: > Scott Silva wrote: > > Rose, Bobby wrote: > >>So no one else is seeing this problem? I'm talking about onlying clamav > >>as the scanner....no others and not clamavmodule. > > > > Maybe only a Solaris 8 problem. > > No. I'm using Solaris with Clam and I'm not having any problems. I am seeing problems under OSX: May 3 18:56:29 g5 MailScanner[1898]: /private/var/spool/MailScanner/incoming/1898/./9F050BA0A85C/error-mail_info.zip: Worm.Sober.P FOUND May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at 37432 bytes per second May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at 74864 bytes per second May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at 74864 bytes per second Seems to only still deliver the Sober viruses - all the others are caught as above, but not delivered. This client is running MS 4.34.8 and ClamAV 0.83. Am going to have them update to the latest MS stable release and see if they still have this issue. Any other suggestions? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 4 00:33:09 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:29 2006 Subject: SV: maillog logging level Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] To solve the MW problem, do as Martin says, find Walkers message in the mailwatch list (I think it was october 6:th it was sent), cut and paste that into a MailWatch.pm ... and use that instead of the stock one. There might be some linewraps, so ... be on the lookout for that. Or get someone who isn't @home and replying via crummy webmail (ie not close to that file:-) to send it to you... I even think someone did that today (to this list or the MW one... I don't recall which, sorry). It really works very nice. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Billy A. Pumphrey Skickat: ti 2005-05-03 22:39 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: maillog logging level Another good link: http://forum.ev1servers.net/showpost.php?p=332319&postcount=85 Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Vladimir M Costa > Sent: Tuesday, May 03, 2005 2:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog logging level > > Or downgrade Perl DBD-MySQL to version 2.1028 > > see: > http://mailwatch.sourceforge.net/faq.html > > > Vladimir Costa > > > > On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote > > Billy > > > > this looks like a known problem with the current DBD::mysql and > > Mailwatch.pm from 0.5.1. > > > > You need a new mailwatch.pm from the MW list archives - October 6 2004 > > by Walker Aumann. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > Billy A. Pumphrey wrote: > > > Just about there. > > > > > > --- > > > MailScanner works now :) thank you > > > --- > > > To get my sendmail to work, I had to comment out the AuthOption=A in > the > > > sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. > > > I just couldn't figure out how to change the sendmail.cf file using m4 > > > and the sendmail.mc file > > > > > > --- > > > Mailwatch problem > > > --- > > > After searching the mailwatch archives and finding a little bit of > > > information concerning the error that I am getting, I have not yet > found > > > an answer to this problem. I also subscribed to the mailing list but > > > they are not really active. > > > > > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > > > attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: > > > Cannot insert row: MySQL server has gone away > > > > > > Billy Pumphrey > > > IT Manager > > > Wooden & McLaughlin > > > > > > > > >>-----Original Message----- > > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > >>Behalf Of Billy A. Pumphrey > > >>Sent: Monday, May 02, 2005 12:01 PM > > >>To: MAILSCANNER@JISCMAIL.AC.UK > > >>Subject: Re: maillog logging level > > >> > > >>Thanks for the answer. I just commented this line out: > > >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > >> > > >>Sendmail seems to work, along with the change that I did in my other > > >>response. > > >> > > >>Billy Pumphrey > > >>IT Manager > > >>Wooden & McLaughlin > > >> > > >>>-----Original Message----- > > >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > > > > On > > > > > >>>Behalf Of Scott Silva > > >>>Sent: Monday, May 02, 2005 11:20 AM > > >>>To: MAILSCANNER@JISCMAIL.AC.UK > > >>>Subject: Re: maillog logging level > > >>> > > >>>Billy A. Pumphrey wrote: > > >>> > > >>>>--- > > >>>>NOTE: I erased the rest of the message to get by the "looks like a > > >>>>script" error" > > >>>>--- > > >>>> > > >>>>Ok, telnet > > >>>> > > >>>>To make it clear, I have a new MailScanner machine (the one that I > > >> > > >>am > > >> > > >>>>trying to get working) and the one in production that is out of > > > > > > date > > > > > >>on > > >> > > >>>>software and hardware. > > >>>> > > >>>>Anyway, I know that sendmail is having problems because when I > > >> > > >>telnet to > > >> > > >>>>the new one it looks like it tries and just comes back to the > > >> > > >>command > > >> > > >>>>prompt. If I telnet to the old one a connection is made and shows > > >> > > >>some > > >> > > >>>>stuff. > > >>>> > > >>>>Now, > > >>>>Should I just reinstall sendmail on top of mine or something? I > > >>>>installed sendmail by selecting the package when installing > > >> > > >>centos4.0. > > >> > > >>>>The service appears to be running ok. I did the ch config that > > > > > > the > > > > > >>book > > >> > > >>>>and web site talks about. A service MailScanner restart reads > > >> > > >>fine > > >> > > >>>>for the services starting (outgoing and incoming sendmail starts > > >> > > >>fine). > > >> > > >>>>If I look at the running services it has 1 sendmail running (under > > >> > > >>user > > >> > > >>>>smmsp) which is the one that is suppose to be running isn't it? > > >>>> > > >>>>I was comparing the service --status-all command between the 2 > > >> > > >>machines. > > >> > > >>>>The services looks the same as far as MailScanner and sendmail > > > > > > look. > > > > > >>>>There is a sendmail running on each, and MailScanner running > > >>>>(MailScanner,incoming sendmail, outgoing sendmail) > > >>> > > >>>The default on ALL RedHat based sendmail installs is to only accept > > >>>local connections (IE.. from and to 127.0.0.1) > > >>>You will have to fix this. It is commented well in the sendmail.mc > > >> > > >>file. > > >> > > >>>Look for the section with; > > >>> > > >>>dnl # The following causes sendmail to only listen on the IPv4 > > >> > > >>loopback > > >> > > >>>address > > >>>dnl # 127.0.0.1 and not on any other network devices. Remove the > > >> > > >>loopback > > >> > > >>>dnl # address restriction to accept email from the internet or > > >> > > >>intranet. > > >> > > >>>dnl # > > >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > >>>Your default will be different, as this has already been changed. > > >>> > > >>>-- > > >>>"If you have ever eaten crow, > > >>>It don't taste like chicken!!" > > >>> > > >>>------------------------ MailScanner list ------------------------ > > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>>'leave mailscanner' in the body of the email. > > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>> > > >>>Support MailScanner development - buy the book off the website! > > >> > > >>------------------------ MailScanner list ------------------------ > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>'leave mailscanner' in the body of the email. > > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> > > >>Support MailScanner development - buy the book off the website! > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > -- > Universidade do Vale do Paraíba - UNIVAP. > http://www.univap.br/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 4 00:44:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:29 2006 Subject: SV: maillog logging level Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > To solve the MW problem, do as Martin says, find Walkers message in the mailwatch list (I think it was october 6:th it was sent), cut and paste that into a MailWatch.pm ... and use that instead of the stock one. There might be some linewraps, so ... be on the lookout for that. > Or get someone who isn't @home and replying via crummy webmail (ie not close to that file:-) to send it to you... I even think someone did that today (to this list or the MW one... I don't recall which, sorry). > > It really works very nice. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Billy A. Pumphrey > Skickat: ti 2005-05-03 22:39 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: maillog logging level > Another good link: > http://forum.ev1servers.net/showpost.php?p=332319&postcount=85 > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Vladimir M Costa >>Sent: Tuesday, May 03, 2005 2:16 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: maillog logging level >> >>Or downgrade Perl DBD-MySQL to version 2.1028 >> >>see: >>http://mailwatch.sourceforge.net/faq.html >> >> >>Vladimir Costa >> >> >> >>On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote >> >>>Billy >>> >>>this looks like a known problem with the current DBD::mysql and >>>Mailwatch.pm from 0.5.1. >>> >>>You need a new mailwatch.pm from the MW list archives - October 6 2004 >>>by Walker Aumann. >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>>Billy A. Pumphrey wrote: >>> >>>>Just about there. >>>> >>>>--- >>>>MailScanner works now :) thank you >>>>--- >>>>To get my sendmail to work, I had to comment out the AuthOption=A in >> >>the >> >>>>sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf. >>>>I just couldn't figure out how to change the sendmail.cf file using m4 >>>>and the sendmail.mc file >>>> >>>>--- >>>>Mailwatch problem >>>>--- >>>>After searching the mailwatch archives and finding a little bit of >>>>information concerning the error that I am getting, I have not yet >> >>found >> >>>>an answer to this problem. I also subscribed to the mailing list but >>>>they are not really active. >>>> >>>>May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure >>>>attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]: >>>>Cannot insert row: MySQL server has gone away >>>> >>>>Billy Pumphrey >>>>IT Manager >>>>Wooden & McLaughlin >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>Behalf Of Billy A. Pumphrey >>>>>Sent: Monday, May 02, 2005 12:01 PM >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: maillog logging level >>>>> >>>>>Thanks for the answer. I just commented this line out: >>>>>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl >>>>> >>>>>Sendmail seems to work, along with the change that I did in my other >>>>>response. >>>>> >>>>>Billy Pumphrey >>>>>IT Manager >>>>>Wooden & McLaughlin >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >>>>On >>>> >>>> >>>>>>Behalf Of Scott Silva >>>>>>Sent: Monday, May 02, 2005 11:20 AM >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: maillog logging level >>>>>> >>>>>>Billy A. Pumphrey wrote: >>>>>> >>>>>> >>>>>>>--- >>>>>>>NOTE: I erased the rest of the message to get by the "looks like a >>>>>>>script" error" >>>>>>>--- >>>>>>> >>>>>>>Ok, telnet >>>>>>> >>>>>>>To make it clear, I have a new MailScanner machine (the one that I >>>>> >>>>>am >>>>> >>>>> >>>>>>>trying to get working) and the one in production that is out of >>>> >>>>date >>>> >>>> >>>>>on >>>>> >>>>> >>>>>>>software and hardware. >>>>>>> >>>>>>>Anyway, I know that sendmail is having problems because when I >>>>> >>>>>telnet to >>>>> >>>>> >>>>>>>the new one it looks like it tries and just comes back to the >>>>> >>>>>command >>>>> >>>>> >>>>>>>prompt. If I telnet to the old one a connection is made and shows >>>>> >>>>>some >>>>> >>>>> >>>>>>>stuff. >>>>>>> >>>>>>>Now, >>>>>>>Should I just reinstall sendmail on top of mine or something? I >>>>>>>installed sendmail by selecting the package when installing >>>>> >>>>>centos4.0. >>>>> >>>>> >>>>>>>The service appears to be running ok. I did the ch config that >>>> >>>>the >>>> >>>> >>>>>book >>>>> >>>>> >>>>>>>and web site talks about. A service MailScanner restart reads >>>>> >>>>>fine >>>>> >>>>> >>>>>>>for the services starting (outgoing and incoming sendmail starts >>>>> >>>>>fine). >>>>> >>>>> >>>>>>>If I look at the running services it has 1 sendmail running (under >>>>> >>>>>user >>>>> >>>>> >>>>>>>smmsp) which is the one that is suppose to be running isn't it? >>>>>>> >>>>>>>I was comparing the service --status-all command between the 2 >>>>> >>>>>machines. >>>>> >>>>> >>>>>>>The services looks the same as far as MailScanner and sendmail >>>> >>>>look. >>>> >>>> >>>>>>>There is a sendmail running on each, and MailScanner running >>>>>>>(MailScanner,incoming sendmail, outgoing sendmail) >>>>>> >>>>>>The default on ALL RedHat based sendmail installs is to only accept >>>>>>local connections (IE.. from and to 127.0.0.1) >>>>>>You will have to fix this. It is commented well in the sendmail.mc >>>>> >>>>>file. >>>>> >>>>> >>>>>>Look for the section with; >>>>>> >>>>>>dnl # The following causes sendmail to only listen on the IPv4 >>>>> >>>>>loopback >>>>> >>>>> >>>>>>address >>>>>>dnl # 127.0.0.1 and not on any other network devices. Remove the >>>>> >>>>>loopback >>>>> >>>>> >>>>>>dnl # address restriction to accept email from the internet or >>>>> >>>>>intranet. >>>>> >>>>> >>>>>>dnl # >>>>>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl >>>>>>Your default will be different, as this has already been changed. >>>>>> >>>>>>-- >>>>>>"If you have ever eaten crow, >>>>>>It don't taste like chicken!!" >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>> >>>********************************************************************** >>> >>>This email and any files transmitted with it are confidential and >>>intended solely for the use of the individual or entity to whom they >>>are addressed. If you have received this email in error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has been swept >>>for the presence of computer viruses and is believed to be clean. >>> >>>********************************************************************** >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >> >>-- >>Universidade do Vale do Paraíba - UNIVAP. >>http://www.univap.br/ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] # # MailWatch for MailScanner # Copyright (C) 2003 Steve Freegard (smf@f2s.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # package MailScanner::CustomConfig; use strict; use DBI; use Sys::Hostname; use Storable(qw[freeze thaw]); use POSIX; use Socket; # Trace settings - uncomment this to debug # DBI->trace(2,'/root/dbitrace.log'); my($dbh); my($sth); my($hostname) = hostname; my $loop = inet_aton('127.0.0.1'); my $server_port = 11553; my $timeout = 120; # Modify this as necessary for your configuration my($db_name) = "mailscanner"; my($db_host) = "localhost"; my($db_user) = "mysql"; my($db_pass) = "I'm not sending my password to a mailing list!"; sub InitMailWatchLogging { my $pid = fork(); if ($pid) { # MailScanner child process waitpid $pid, 0; MailScanner::Log::InfoLog("Started SQL Logging child"); } else { # New process # Detach from parent, make connections, and listen for requests POSIX::setsid(); if (!fork()) { $SIG{HUP} = $SIG{INT} = $SIG{PIPE} = $SIG{TERM} = $SIG{ALRM} = \&ExitLogging; alarm $timeout; $0 = 'MailWatch SQL'; InitConnection(); ListenForMessages(); } exit; } } sub InitConnection { # Set up TCP/IP socket. We will start one server per MailScanner # child, but only one child will actually be able to get the socket. # The rest will die silently. When one of the MailScanner children # tries to log a message and fails to connect, it will start a new # server. socket(SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')); setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, 1); my $addr = sockaddr_in($server_port, $loop); bind(SERVER, $addr) or exit; listen(SERVER, SOMAXCONN) or exit; # Our reason for existence - the persistent connection to the database $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", $db_user, $db_pass, {PrintError => 0}); $sth = $dbh->prepare("INSERT INTO maillog (timestamp, id, size, from_address, to_address, subject, clientip, archive, isspam, ishighspam, issaspam, isrblspam, spamwhitelisted, spamblacklisted, sascore, spamreport, virusinfected, nameinfected, otherinfected, report, hostname, date, time, headers) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)") or MailScanner::Log::WarnLog($DBI::errstr); } sub ExitLogging { # Server exit - commit changes, close socket, and exit gracefully. close(SERVER); $dbh->commit; $dbh->disconnect; exit; } sub ListenForMessages { my $message; # Wait for messages while (my $cli = accept(CLIENT, SERVER)) { my($port, $packed_ip) = sockaddr_in($cli); my $dotted_quad = inet_ntoa($packed_ip); # reset emergency timeout - if we haven't heard anything in $timeout # seconds, there is probably something wrong, so we should clean up # and let another process try. alarm $timeout; # Make sure we're only receiving local connections if ($dotted_quad ne '127.0.0.1') { close CLIENT; next; } my @in; while () { # End of normal logging message last if /^END$/; # MailScanner child telling us to shut down ExitLogging if /^EXIT$/; chop; push @in, $_; } my $data = join '', @in; my $tmp = unpack("u", $data); $message = thaw $tmp; next unless defined $$message{id}; # Check to make sure DB connection is still valid InitConnection unless $dbh->ping; # Log message $sth->execute( $$message{timestamp}, $$message{id}, $$message{size}, $$message{from}, $$message{to}, $$message{subject}, $$message{clientip}, $$message{archiveplaces}, $$message{isspam}, $$message{ishigh}, $$message{issaspam}, $$message{isrblspam}, $$message{spamwhitelisted}, $$message{spamblacklisted}, $$message{sascore}, $$message{spamreport}, $$message{virusinfected}, $$message{nameinfected}, $$message{otherinfected}, $$message{reports}, $$message{hostname}, $$message{date}, $$message{'time'}, $$message{headers}); $message = undef; } } sub EndMailWatchLogging { # Tell server to shut down. Another child will start a new server # if we are here due to old age instead of administrative intervention socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')); my $addr = sockaddr_in($server_port, $loop); connect(TO_SERVER, $addr) or return; print TO_SERVER "EXIT\n"; close TO_SERVER; } sub MailWatchLogging { my($message) = @_; # Don't bother trying to do an insert if no message is passed-in return unless $message; # Get rid of control chars and tidy-up SpamAssassin report my $spamreport = $message->{spamreport}; $spamreport =~ s/\n/ /g; $spamreport =~ s/\t//g; # Get timestamp, and format it so it is suitable to use with MySQL my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(); my($timestamp) = sprintf("%d-%02d-%02d %02d:%02d:%02d", $year+1900,$mon+1,$mday,$hour,$min,$sec); my($date) = sprintf("%d-%02d-%02d",$year+1900,$mon+1,$mday); my($time) = sprintf("%02d:%02d:%02d",$hour,$min,$sec); # Also print 1 line for each report about this message. These lines # contain all the info above, + the attachment filename and text of # each report. my($file, $text, @report_array); while(($file, $text) = each %{$message->{allreports}}) { $file = "the entire message" if $file eq ""; # Use the sanitised filename to avoid problems caused by people forcing # logging of attachment filenames which contain nasty SQL instructions. $file = $message->{file2safefile}{$file} or $file; $text =~ s/\n/ /; # Make sure text report only contains 1 line $text =~ s/\t/ /; # and no tab characters push (@report_array, $text); } # Sanitize reports my $reports = join(",",@report_array); # Fix the $message->{clientip} for later versions of Exim # where $message->{clientip} contains ip.ip.ip.ip.port my $clientip = $message->{clientip}; $clientip =~ s/^(\d+\.\d+\.\d+\.\d+)(\.\d+)$/$1/; # Integrate SpamAssassin Whitelist/Blacklist reporting if($spamreport =~ /USER_IN_WHITELIST/) { $message->{spamwhitelisted} = 1; } if($spamreport =~ /USER_IN_BLACKLIST/) { $message->{spamblacklisted} = 1; } # Place all data into %msg my %msg; $msg{timestamp} = $timestamp; $msg{id} = $message->{id}; $msg{size} = $message->{size}; $msg{from} = $message->{from}; $msg{to} = join(',', @{$message->{to}}); $msg{subject} = $message->{subject}; $msg{clientip} = $clientip; $msg{archiveplaces} = join(',', @{$message->{archiveplaces}}); $msg{isspam} = $message->{isspam}; $msg{ishigh} = $message->{ishigh}; $msg{issaspam} = $message->{issaspam}; $msg{isrblspam} = $message->{isrblspam}; $msg{spamwhitelisted} = $message->{spamwhitelisted}; $msg{spamblacklisted} = $message->{spamblacklisted}; $msg{sascore} = $message->{sascore}; $msg{spamreport} = $spamreport; $msg{virusinfected} = $message->{virusinfected}; $msg{nameinfected} = $message->{nameinfected}; $msg{otherinfected} = $message->{otherinfected}; $msg{reports} = $reports; $msg{hostname} = $hostname; $msg{date} = $date; $msg{'time'} = $time; $msg{headers} = join('\n',@{$message->{headers}}); # Prepare data for transmission my $f = freeze \%msg; my $p = pack("u", $f); # Connect to server while (1) { socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')); my $addr = sockaddr_in($server_port, $loop); connect(TO_SERVER, $addr) and last; # Failed to connect - kick off new child, wait, and try again InitMailWatchLogging(); sleep 5; } # Pass data to server process MailScanner::Log::InfoLog("Logging message $msg{id} to SQL"); print TO_SERVER $p; print TO_SERVER "END\n"; close TO_SERVER; } 1; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed May 4 02:51:46 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:29 2006 Subject: Way OT: Vauxhall searching for a new "Q" Message-ID: Hi, I heard on the BBC World News at noon today that the group at Vauxhall (MI5) is looking for a new head gadget guru. This job was made famous as the role of "Q" in the Bond movies. See http://technology.timesonline.co.uk/article/0,,19509-1573702,00.html for more details. Julian immediately came to mind. Send in your resume... Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 4 08:57:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:29 2006 Subject: Any advice with score would be great. Message-ID: David you've got alot of the SARE rules etc that I run. Good. Doing the RBL's in MailScanner I find can produce alot of false positives, I'd move them to SpamAssassin. Can you put the email (headers included) to a url so I can see what scores I ge on my system. I've got mine reasonably well tuned so I may get a few more hits. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > [root@sbschools dns]# spamassassin --lint -D -p > /etc/MailScanner/spam.assassin.prefs.conf > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/home/dns/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin > debug: diag: module not installed: DBI ('require' failed) > debug: diag: module installed: DB_File, version 1.809 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.01 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.31 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/evilnumbers.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: running body-text per-line regexp tests; score so far=0.197 > debug: running uri tests; score so far=0.197 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)) > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf > May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > May 02 16:12:35.522031 check[19071]: [ 5] computed > razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, > ident=/root/.razor/identity > May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8 > May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to > folly.cloudmark.com > May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to > joy.cloudmark.com > May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to > shock.cloudmark.com > May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest > server discovery > May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5078 > May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject > May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from > 1376 bytes to 1339 > May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0, > len 1339 > May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file > (empty?): /root/.razor/razor-whitelist > May 02 16:12:35.554079 check[19071]: [ 5] Connecting to > shock.cloudmark.com ... > May 02 16:12:35.853955 check[19071]: [ 8] Connection established > May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36 > server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10 > May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25 > May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67 > May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig > May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries > May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches > May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52 > May 02 16:12:35.862770 check[19071]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5 > May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2 > p=0 > May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0: > no-contention part, spam=0 > May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam. > May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server > shock.cloudmark.com > May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5 > May 02 16:12:36.193393 check[19071]: [ 6] a=q > debug: Using results from Razor v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=0.197 > debug: running full-text regexp tests; score so far=0.197 > debug: Razor2 is available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin > debug: executable for pyzor was found at /usr/bin/pyzor > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 19075: ruid=0 euid=0 > debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > debug: leaving helper-app run mode > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is available: /usr/local/bin/dccproc > debug: entering helper-app run mode > debug: setuid: helper proc 19076: ruid=0 euid=0 > debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333 > Fuz1=3415356 Fuz2=3415350 > debug: leaving helper-app run mode > debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2: > 3415350 of 999999 > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=1.57 > debug: running header regexp tests; score so far=1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=1.86 > debug: running header regexp tests; score so far=1.86 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex > debug: lock: 19071 trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none > scores 0/0 > debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef, > IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex > debug: Post AWL score: 1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: is spam? score=1.86 required=5 > debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML_HAS_MSG,__UNUSABLE_MSGID > > > >>> ssilva@SGVWATER.COM 05/02 3:26 PM >>> > David Curtis wrote: > > I am getting spam with a very low score. Can any one tell me why this > > e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and > > MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In > > postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, > > opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. > > > > I know I can change scores but I wonder why it is so low. > > > > > > The score was from these: > > SpamAssassin (score=1.597,required 3.75) > > (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, > > SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) > > > > > > OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION > > PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT > > FEDERAL COMPLEX TINUBU SQUARE, > > Lagos- Nigeria. > > Tel/Fax: > > Our Ref: ACG/FGN/543WS 234-1803-7127318 > > Email: moha_ibru@yahoo.com > > This is the old Nigerian scam. Are you sure your rules are up to date > and in the proper path? > Is your rules_du_joir script up to date? > > What does > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > show? > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 09:04:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: On 4 May 2005, at 00:16, Chris Stone wrote: > On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: > >> Scott Silva wrote: >> >>> Rose, Bobby wrote: >>> >>>> So no one else is seeing this problem? I'm talking about >>>> onlying clamav >>>> as the scanner....no others and not clamavmodule. >>>> >>> >>> Maybe only a Solaris 8 problem. >>> >> >> No. I'm using Solaris with Clam and I'm not having any problems. >> > > I am seeing problems under OSX: > > May 3 18:56:29 g5 > MailScanner[1898]: /private/var/spool/MailScanner/incoming/ > 1898/./9F050BA0A85C/error-mail_info.zip: > Worm.Sober.P FOUND > May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 > infections > May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at > 37432 bytes > per second > May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to > C3AB7BA0A920 > May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages > May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at > 74864 > bytes per second > May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at > 74864 bytes > per second > > Seems to only still deliver the Sober viruses - all the others are > caught as > above, but not delivered. This client is running MS 4.34.8 and > ClamAV 0.83. > Am going to have them update to the latest MS stable release and > see if they > still have this issue. > Can someone send me one of the troublesome messages please? Easiest way is to put it on the web and mail me the URL. -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 09:19:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: ClamAV and MailScanner Bug Message-ID: Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about >>>>> onlying clamav >>>>> as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections >> May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 >> May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 >> messages >> May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as >> above, but not delivered. This client is running MS 4.34.8 and >> ClamAV 0.83. >> Am going to have them update to the latest MS stable release and >> see if they >> still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Wed May 4 09:29:28 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:29 2006 Subject: Strange Virus Detected Messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > > I had to disable F-prot on my server!! > > Info about f-prot: > F-PROT ANTIVIRUS > Program version: 4.5.4 > Engine version: 3.16.6 > > VIRUS SIGNATURE FILES > SIGN.DEF created 2 May 2005 > SIGN2.DEF created 2 May 2005 > MACRO.DEF created 2 May 2005 > I will also disable it now. What is strange is, that I've configured MailScanner to scan mail only for some domains, but mail for other domains get filtered to: Virus Scanning = /opt/MailScanner/etc/rules/virus.scan.rules FromOrTo: @bla yes FromOrTo: @blabla yes FromOrTo: @blablabla yes FromOrTo: default no Now I've set: To: @thisnot no FromOrTo: @bla yes FromOrTo: @blabla yes FromOrTo: @blablabla yes FromOrTo: default no Any ideas? - Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Wed May 4 09:34:41 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:29 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, today installed 3.93 again and used sophos instead of sophossavi interface in MS config file and it´s works fine for me ! debug : May 4 10:30:02 server MailScanner[23626]: Virus and Content Scanning: Starting May 4 10:30:02 server MailScanner[23626]: Commencing scanning by sophos... May 4 10:30:13 server MailScanner[23626]: Completed scanning by sophos Maybe a problem with sophossavi interface ?!?! thanks Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Wed May 4 09:50:08 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:29 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I made an update of Perl SAVI Module Version 0.30 but the same strange entries in the log file : May 4 10:45:29 server MailScanner[25024]: Commencing scanning by sophossavi... May 4 10:45:29 server MailScanner[25024]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j448jLi25029/msg-25024-1.txt May 4 10:45:29 server MailScanner[25024]: Completed scanning by sophossavi May 4 10:45:29 server MailScanner[25024]: Virus Scanning: SophosSAVI found 1 infections Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 10:01:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: Attachment to big Message-ID: Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Application/X-GZIP 756bytes. ] [ Unable to print this part. ] [ Part 2.3: "Attached Text" ] [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right.I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello!   I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb.   The attachment is a zip file, that decompressed gives me a txt file with 90 Mb.   Is MailScanner checking the size of the uncompressed zip instead of the original attachment?   --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed May 4 10:02:29 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:29 2006 Subject: Invalid argument Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>Attached is the maillog after a restart i didnt see the something attached :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Wed May 4 10:08:34 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:29:29 2006 Subject: Panda not working Message-ID: Hello. I can't get the panda-wrapper to work. It did work when i installed a server last year. Installing a new box today, panda-wrapper dosen't work, Clam works fine. Checking my old box and panda-wrapper isn't running there either. Checking a friends box, same thing there, Panda-wrapper isn't working. Any clue to get this working? /Andreas Svensson, Hallsbergs Kommun, Sweden. Ps. Glenn, did you get this to work? On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn wrote: >It needs the -aut -nso options (like MS will call it ... + the -aex). > >Otherwise it'll hang on user input (and "beep" its little heart out:-) > >We'll try work more on this next week, eh Paul. > >-- Glenn > > >-----Original Message----- >From: MailScanner mailing list on behalf of Paul Welsh >Sent: fr 2005-03-11 21:01 >To: MAILSCANNER@JISCMAIL.AC.UK >Cc: >Subject: Re: Panda not working >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh >> Sent: 11 March 2005 19:09 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Panda not working >> >Just tried the free Panda and called it with the wrapper. It just "hangs". >I used this command: > >/usr/lib/MailScanner/panda-wrapper /usr /tmp > >The rpm I installed the free ver from was: > >3878658 Aug 31 2004 pavcl_linux_i386.rpm > >The eval was: > >2352673 Mar 8 21:32 pavcl_linux_i386.rpm > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 4 10:14:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:29 2006 Subject: Panda not working Message-ID: Andreas There's issues with the latest version of Panda. I think Julian is working with Panda to resolve these. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andreas Svensson wrote: > Hello. > I can't get the panda-wrapper to work. > It did work when i installed a server last year. > Installing a new box today, panda-wrapper dosen't work, Clam works fine. > Checking my old box and panda-wrapper isn't running there either. > Checking a friends box, same thing there, Panda-wrapper isn't working. > > Any clue to get this working? > > /Andreas Svensson, Hallsbergs Kommun, Sweden. > > Ps. Glenn, did you get this to work? > > > On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn wrote: > > >>It needs the -aut -nso options (like MS will call it ... + the -aex). >> >>Otherwise it'll hang on user input (and "beep" its little heart out:-) >> >>We'll try work more on this next week, eh Paul. >> >>-- Glenn >> >> >>-----Original Message----- >>From: MailScanner mailing list on behalf of Paul Welsh >>Sent: fr 2005-03-11 21:01 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Cc: >>Subject: Re: Panda not working >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh >>>Sent: 11 March 2005 19:09 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Panda not working >>> >> >>Just tried the free Panda and called it with the wrapper. It just "hangs". >>I used this command: >> >>/usr/lib/MailScanner/panda-wrapper /usr /tmp >> >>The rpm I installed the free ver from was: >> >>3878658 Aug 31 2004 pavcl_linux_i386.rpm >> >>The eval was: >> >>2352673 Mar 8 21:32 pavcl_linux_i386.rpm >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 10:27:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:29 2006 Subject: Panda not working Message-ID: I discussed a selection of options for how they could improve their scanner and make it easier to use. They listened, said they would talk to the developers and then went very quiet. I haven't heard back from them since, so I don't know if they will actually do anything about it. In the mean time, I would have to discourage people from using Panda, it is a very poor product (for use with MailScanner). On 4 May 2005, at 10:14, Martin Hepworth wrote: > Andreas > > There's issues with the latest version of Panda. I think Julian is > working with Panda to resolve these. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Andreas Svensson wrote: > >> Hello. >> I can't get the panda-wrapper to work. >> It did work when i installed a server last year. >> Installing a new box today, panda-wrapper dosen't work, Clam works >> fine. >> Checking my old box and panda-wrapper isn't running there either. >> Checking a friends box, same thing there, Panda-wrapper isn't >> working. >> >> Any clue to get this working? >> >> /Andreas Svensson, Hallsbergs Kommun, Sweden. >> >> Ps. Glenn, did you get this to work? >> >> >> On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn >> wrote: >> >> >> >>> It needs the -aut -nso options (like MS will call it ... + the - >>> aex). >>> >>> Otherwise it'll hang on user input (and "beep" its little heart >>> out:-) >>> >>> We'll try work more on this next week, eh Paul. >>> >>> -- Glenn >>> >>> >>> -----Original Message----- >>> From: MailScanner mailing list on behalf of Paul Welsh >>> Sent: fr 2005-03-11 21:01 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Cc: >>> Subject: Re: Panda not working >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh >>>> Sent: 11 March 2005 19:09 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Panda not working >>>> >>>> >>> >>> Just tried the free Panda and called it with the wrapper. It >>> just "hangs". >>> I used this command: >>> >>> /usr/lib/MailScanner/panda-wrapper /usr /tmp >>> >>> The rpm I installed the free ver from was: >>> >>> 3878658 Aug 31 2004 pavcl_linux_i386.rpm >>> >>> The eval was: >>> >>> 2352673 Mar 8 21:32 pavcl_linux_i386.rpm >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Wed May 4 10:34:02 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:29:30 2006 Subject: Sv: Re: Panda not working Message-ID: Panda have their own boxed product for scanning mail. They will probably not make this work easier for us. /Andreas >>> MailScanner@ECS.SOTON.AC.UK 2005-05-04 11:27:01 >>> I discussed a selection of options for how they could improve their scanner and make it easier to use. They listened, said they would talk to the developers and then went very quiet. I haven't heard back from them since, so I don't know if they will actually do anything about it. In the mean time, I would have to discourage people from using Panda, it is a very poor product (for use with MailScanner). On 4 May 2005, at 10:14, Martin Hepworth wrote: > Andreas > > There's issues with the latest version of Panda. I think Julian is > working with Panda to resolve these. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Andreas Svensson wrote: > >> Hello. >> I can't get the panda-wrapper to work. >> It did work when i installed a server last year. >> Installing a new box today, panda-wrapper dosen't work, Clam works >> fine. >> Checking my old box and panda-wrapper isn't running there either. >> Checking a friends box, same thing there, Panda-wrapper isn't >> working. >> >> Any clue to get this working? >> >> /Andreas Svensson, Hallsbergs Kommun, Sweden. >> >> Ps. Glenn, did you get this to work? >> >> >> On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn >> wrote: >> >> >> >>> It needs the -aut -nso options (like MS will call it ... + the - >>> aex). >>> >>> Otherwise it'll hang on user input (and "beep" its little heart >>> out:-) >>> >>> We'll try work more on this next week, eh Paul. >>> >>> -- Glenn >>> >>> >>> -----Original Message----- >>> From: MailScanner mailing list on behalf of Paul Welsh >>> Sent: fr 2005-03-11 21:01 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Cc: >>> Subject: Re: Panda not working >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh >>>> Sent: 11 March 2005 19:09 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Panda not working >>>> >>>> >>> >>> Just tried the free Panda and called it with the wrapper. It >>> just "hangs". >>> I used this command: >>> >>> /usr/lib/MailScanner/panda-wrapper /usr /tmp >>> >>> The rpm I installed the free ver from was: >>> >>> 3878658 Aug 31 2004 pavcl_linux_i386.rpm >>> >>> The eval was: >>> >>> 2352673 Mar 8 21:32 pavcl_linux_i386.rpm >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 10:59:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: I have just tried re-creating this problem, and I can't. Using ClamAV 0.83 and 0.84 and sendmail, it handled this just fine. On 4 May 2005, at 09:19, Julian Field wrote: > Also, is it specific to one MTA? > Looks like you are using Postfix. What is anyone else with this > problem running? > > On 4 May 2005, at 09:04, Julian Field wrote: > > >> On 4 May 2005, at 00:16, Chris Stone wrote: >> >> >> >>> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >>> >>> >>> >>>> Scott Silva wrote: >>>> >>>> >>>> >>>>> Rose, Bobby wrote: >>>>> >>>>> >>>>> >>>>>> So no one else is seeing this problem? I'm talking about >>>>>> onlying clamav >>>>>> as the scanner....no others and not clamavmodule. >>>>>> >>>>>> >>>>>> >>>>> >>>>> Maybe only a Solaris 8 problem. >>>>> >>>>> >>>>> >>>> >>>> No. I'm using Solaris with Clam and I'm not having any problems. >>>> >>>> >>>> >>> >>> I am seeing problems under OSX: >>> >>> May 3 18:56:29 g5 >>> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >>> 1898/./9F050BA0A85C/error-mail_info.zip: >>> Worm.Sober.P FOUND >>> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >>> infections >>> May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at >>> 37432 bytes >>> per second >>> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >>> C3AB7BA0A920 >>> May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 >>> messages >>> May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at >>> 74864 >>> bytes per second >>> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >>> 74864 bytes >>> per second >>> >>> Seems to only still deliver the Sober viruses - all the others are >>> caught as >>> above, but not delivered. This client is running MS 4.34.8 and >>> ClamAV 0.83. >>> Am going to have them update to the latest MS stable release and >>> see if they >>> still have this issue. >>> >>> >>> >> >> Can someone send me one of the troublesome messages please? >> Easiest way is to put it on the web and mail me the URL. >> >> -- >> Julian Field >> jkf@ecs.soton.ac.uk >> Teaching Systems Manager >> Electronics & Computer Science >> University of Southampton >> SO17 1BJ, UK >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed May 4 11:55:54 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right. I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner >> is blocking it with the "attachment to big" message. My >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead >> of the original attachment? >> >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Wed May 4 12:15:12 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: Julian, I'm using sendmail 8.13.3. All I did to duplicate it was send a test message with an EICAR attachment. If I used clamav by itself, then the virus is detected but MS still says it's clean and delivers it. If I switch to clamavmodule, then the virus is detected and MS removes the message id from it's array of ones to be deliverer. If I used a sophos as a secondary scanner to clamav then virus is also detected and stopped but I think that is because it's acting on the sophos detection and not the clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 4:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about onlying >>>>> clamav as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >> completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >> Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as above, but not delivered. This client is running MS 4.34.8 >> and ClamAV 0.83. >> Am going to have them update to the latest MS stable release and see >> if they still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Wed May 4 13:36:24 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:29:30 2006 Subject: BitDefender updates using a proxy not working.. .. Message-ID: Spike, I have not been able to get BitDefender to use a proxy server for updates either. I emailed BitDefender about it, and they told me that proxy support was not available (at least not in the Linux version I was asking them about). Seems strange to have the option available in the .ini file, and not be able to use it ... Jase Spike Cacti wrote: > A little off-topic but.... > > Anyone got the updates to work with a proxy setting ? > > I tried : > UpdateHttpProxy = http://proxy:port > and > UpdateHttpProxy = proxy:port > in bdc.ini > > But no go... It still tries to connect directly using port 80... > > Spike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed May 4 13:39:03 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:30 2006 Subject: Update Virus Scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote: > uvscan --version > > Virus Scan for Linux v4.32.0 > Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights > reserved. > (408) 988-3832 LICENSED COPY - Nov 27 2003 > > Scan engine v4.3.20 for Linux. > Virus data file v4483 created May 03 2005 > Scanning for 125222 viruses, trojans and variants. > Tracy, You should upgrade the scanning engine on this server. The current and recommended one is 4.40.0. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From mailscanner at ELIQUID.COM Wed May 4 13:57:32 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also had quite a few viruses slip through this way in the past few days. I've applied Julian's patch to the VirusSweep.pm already, which grabs the empty files, but they still slip through. On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: Julian, I'm using sendmail 8.13.3. All I did to duplicate it was send a test message with an EICAR attachment. If I used clamav by itself, then the virus is detected but MS still says it's clean and delivers it. If I switch to clamavmodule, then the virus is detected and MS removes the message id from it's array of ones to be deliverer. If I used a sophos as a secondary scanner to clamav then virus is also detected and stopped but I think that is because it's acting on the sophos detection and not the clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 4:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about onlying >>>>> clamav as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >> completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >> Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as above, but not delivered. This client is running MS 4.34.8 >> and ClamAV 0.83. >> Am going to have them update to the latest MS stable release and see >> if they still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Wess Bechard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 14:31:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Application/X-GZIP 1KB. ] [ Unable to print this part. ] [ Part 2.3: "Attached Text" ] [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right.I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me   know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner   >> is blocking it with the "attachment to big" message. My   >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt   >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead   >> of the original attachment? >> >> > > --  > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Wed May 4 14:29:39 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:30 2006 Subject: Bad Content Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I do not want my users to receive the notifications regarding bad content, do I just REM out the lines below (#)? # Set where to find the message text sent to users when one of their # attachments has been deleted from a message. # These can also be the filenames of rulesets. Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt # Set where to find the message text sent to users when one of their # attachments has been deleted from a message and stored in the quarantine. # These can also be the filenames of rulesets. Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed May 4 14:51:10 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:30 2006 Subject: SophosSAVI Problems with MailScanner 4.38.10 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've had the same problem since a few days ago. I temporarily switched back to Sophos since Sophos SAVI has been giving me problems. I'm using SAVI-Perl 0.30 and haven't had any problems with it until now. I worked with the SAVI-Perl author on verifying if it was a problem with his module or MailScanner. He had me test it using his scan.pl test script in the examples directory, after adding to configuration parameters to it so that it could find the ides and pattern files. It worked flawlessly. It appears to be a problem with MailScanner. Someone suggested upgrading to the latest version, but I haven't had time for that. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -----Original Message----- From: Uwe [mailto:dl6mpg@GMAIL.COM] Sent: Wednesday, May 04, 2005 3:35 AM Subject: Re: SophosSAVI Problems with MailScanner 4.38.10 Hello, today installed 3.93 again and used sophos instead of sophossavi interface in MS config file and it´s works fine for me ! debug : May 4 10:30:02 server MailScanner[23626]: Virus and Content Scanning: Starting May 4 10:30:02 server MailScanner[23626]: Commencing scanning by sophos... May 4 10:30:13 server MailScanner[23626]: Completed scanning by sophos Maybe a problem with sophossavi interface ?!?! thanks Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed May 4 14:48:43 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  Should I patch the original SweepContent or the already patched one (with the earlier patch). ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:31 AM Subject: Re: Attachment to big This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right. I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner >> is blocking it with the "attachment to big" message. My >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead >> of the original attachment? >> >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ This patch is a whole lot more likely to work :-)  On 4 May 2005, at 11:55, Roger Jochem wrote: > I applied the patch, but the problem continues... > ----- Original Message ----- > From: Julian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 14:56:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The original one. On 4 May 2005, at 14:48, Roger Jochem wrote: Should I patch the original SweepContent or the already patched one (with the earlier patch). ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:31 AM Subject: Re: Attachment to big This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right.I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me   know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner   >> is blocking it with the "attachment to big" message. My   >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt   >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead   >> of the original attachment? >> >> > > --  > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ This patch is a whole lot more likely to work :-)  On 4 May 2005, at 11:55, Roger Jochem wrote: > I applied the patch, but the problem continues... > ----- Original Message ----- > From: Julian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 14:55:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Any reason why I might not be able to reproduce it? I used sendmail, the latest MailScanner code and ClamAV 0.83 and 0.84 and it happily detected both. So we are saying that on your system ClamAV 0.84 is not being properly handled and is missing *all* viruses, even eicar? Please can you put an eicar.com in a directory, along with a few other harmless files and run this: mkdir /tmp/clamav.temptemp chmod go-a /tmp/clamav.temptemp /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . Obviously the clamscan command should be all one 1 line, and don't forget the " ." at the end of the line. And if your clamscan is not in /usr/local/bin then adjust the command appropriately. Please send me the exact output of that. Also tell me what version of ClamAV you are running. On 4 May 2005, at 13:57, Wess Bechard wrote: I also had quite a few viruses slip through this way in the past few days.  I've applied Julian's patch to the VirusSweep.pm already, which grabs the empty files, but they still slip through. On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: Julian, I'm using sendmail 8.13.3. All I did to duplicate it was send a test message with an EICAR attachment. If I used clamav by itself, then the virus is detected but MS still says it's clean and delivers it. If I switch to clamavmodule, then the virus is detected and MS removes the message id from it's array of ones to be deliverer. If I used a sophos as a secondary scanner to clamav then virus is also detected and stopped but I think that is because it's acting on the sophos detection and not the clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 4:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about onlying >>>>> clamav as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >> completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >> Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as above, but not delivered. This client is running MS 4.34.8 >> and ClamAV 0.83. >> Am going to have them update to the latest MS stable release and see >> if they still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Wess Bechard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Wed May 4 15:28:57 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I upgraded to the latest version of MailScanner, and the problem seems to be solved. I was using 4.38.1 with the patch in SweepViruses.pm. On Wed, 2005-05-04 at 14:55 +0100, Julian Field wrote: Any reason why I might not be able to reproduce it? I used sendmail, the latest MailScanner code and ClamAV 0.83 and 0.84 and it happily detected both. So we are saying that on your system ClamAV 0.84 is not being properly handled and is missing *all* viruses, even eicar? Please can you put an eicar.com in a directory, along with a few other harmless files and run this: mkdir /tmp/clamav.temptemp chmod go-a /tmp/clamav.temptemp /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . Obviously the clamscan command should be all one 1 line, and don't forget the " ." at the end of the line. And if your clamscan is not in /usr/local/bin then adjust the command appropriately. Please send me the exact output of that. Also tell me what version of ClamAV you are running. On 4 May 2005, at 13:57, Wess Bechard wrote: I also had quite a few viruses slip through this way in the past few days. I've applied Julian's patch to the VirusSweep.pm already, which grabs the empty files, but they still slip through. On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: Julian, I'm using sendmail 8.13.3. All I did to duplicate it was send a test message with an EICAR attachment. If I used clamav by itself, then the virus is detected but MS still says it's clean and delivers it. If I switch to clamavmodule, then the virus is detected and MS removes the message id from it's array of ones to be deliverer. If I used a sophos as a secondary scanner to clamav then virus is also detected and stopped but I think that is because it's acting on the sophos detection and not the clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 4:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about onlying >>>>> clamav as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >> completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >> Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as above, but not delivered. This client is running MS 4.34.8 >> and ClamAV 0.83. >> Am going to have them update to the latest MS stable release and see >> if they still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Wess Bechard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Wess Bechard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed May 4 15:30:48 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  I thing I don't have the original one any more? Could you send me the entire SweepContent.pm file or is this not possible? I'm running 4.41.3-1 on RHEL 3 Linux. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:56 AM Subject: Re: Attachment to big The original one. On 4 May 2005, at 14:48, Roger Jochem wrote: Should I patch the original SweepContent or the already patched one (with the earlier patch). ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:31 AM Subject: Re: Attachment to big This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right. I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner >> is blocking it with the "attachment to big" message. My >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead >> of the original attachment? >> >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ This patch is a whole lot more likely to work :-)  On 4 May 2005, at 11:55, Roger Jochem wrote: > I applied the patch, but the problem continues... > ----- Original Message ----- > From: Julian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 15:43:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: Here is the whole file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Application/X-GZIP 10KB. ] [ Unable to print this part. ] [ Part 2.3: "Attached Text" ] [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4 May 2005, at 15:30, Roger Jochem wrote: I thing I don't have the original one any more? Could you send me the entire SweepContent.pm file or is this not possible? I'm running 4.41.3-1 on RHEL 3 Linux. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:56 AM Subject: Re: Attachment to big The original one. On 4 May 2005, at 14:48, Roger Jochem wrote: Should I patch the original SweepContent or the already patched one (with the earlier patch). ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:31 AM Subject: Re: Attachment to big This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right.I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me   know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner   >> is blocking it with the "attachment to big" message. My   >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt   >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead   >> of the original attachment? >> >> > > --  > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ________________________________________________________________________________ This patch is a whole lot more likely to work :-)  On 4 May 2005, at 11:55, Roger Jochem wrote: > I applied the patch, but the problem continues... > ----- Original Message ----- > From: Julian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 4 15:49:36 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Wess Bechard > Sent: Wednesday, May 04, 2005 8:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > I also had quite a few viruses slip through this way in the past few days. > I've applied Julian's patch to the VirusSweep.pm already, which grabs the > empty files, but they still slip through. > > On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: > > Julian, > > I'm using sendmail 8.13.3. All I did to duplicate it was send a > test > message with an EICAR attachment. If I used clamav by itself, then > the > virus is detected but MS still says it's clean and delivers it. If > I > switch to clamavmodule, then the virus is detected and MS removes > the > message id from it's array of ones to be deliverer. If I used a > sophos > as a secondary scanner to clamav then virus is also detected and > stopped > but I think that is because it's acting on the sophos detection and > not > the clamav. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On > Behalf Of Julian Field > Sent: Wednesday, May 04, 2005 4:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Also, is it specific to one MTA? > Looks like you are using Postfix. What is anyone else with this > problem > running? > > On 4 May 2005, at 09:04, Julian Field wrote: > Is your "Maximum Archive Depth = " set to "0". Yesterday we had to set this to a positive integer (we used the default of 3) to stop filenames like: "Winzipped-Text_Data.txt .exe" From roger at RUDNICK.COM.BR Wed May 4 15:52:48 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:30 2006 Subject: Attachment to big Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  It worked fine!! Thanks! Roger Jochem ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 11:43 AM Subject: Re: Attachment to big Here is the whole file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 15:30, Roger Jochem wrote: I thing I don't have the original one any more? Could you send me the entire SweepContent.pm file or is this not possible? I'm running 4.41.3-1 on RHEL 3 Linux. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:56 AM Subject: Re: Attachment to big The original one. On 4 May 2005, at 14:48, Roger Jochem wrote: Should I patch the original SweepContent or the already patched one (with the earlier patch). ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 10:31 AM Subject: Re: Attachment to big This patch is a whole lot more likely to work :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 4 May 2005, at 11:55, Roger Jochem wrote: I applied the patch, but the problem continues... ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, May 04, 2005 6:01 AM Subject: Re: Attachment to big Please can you try the attached patch for SweepContent.pm and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ On 3 May 2005, at 17:32, Julian Field wrote: Ooh, you may well be right. I'll check that out this evening and will let you know what I find. On 3 May 2005, at 17:22, Roger Jochem wrote: Hello! ? I'm attaching a zip file with 4 Mb in a message, and MailScanner is blocking it with the "attachment to big" message. My mailscanner.conf has this option set to 60 Mb. ? The attachment is a zip file, that decompressed gives me a txt file with 90 Mb. ? Is MailScanner checking the size of the uncompressed zip instead of the original attachment? ? --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --? Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Please can you try the attached patch for SweepContent.pm and let me know how you get on.  On 3 May 2005, at 17:32, Julian Field wrote: > Ooh, you may well be right. > I'll check that out this evening and will let you know what I find. > > On 3 May 2005, at 17:22, Roger Jochem wrote: > >> Hello! >> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner >> is blocking it with the "attachment to big" message. My >> mailscanner.conf has this option set to 60 Mb. >> >> The attachment is a zip file, that decompressed gives me a txt >> file with 90 Mb. >> >> Is MailScanner checking the size of the uncompressed zip instead >> of the original attachment? >> >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ This patch is a whole lot more likely to work :-)  On 4 May 2005, at 11:55, Roger Jochem wrote: > I applied the patch, but the problem continues... > ----- Original Message ----- > From: Julian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Here is the whole file.  On 4 May 2005, at 15:30, Roger Jochem wrote: > I thing I don't have the original one any more? Could you send me > the entire SweepContent.pm file or is this not possible? I'm > running 4.41.3-1 on RHEL 3 Linux. > ----- Original Message ----- > From: Julian Field > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Wednesday, May 04, 2005 10:56 AM > Subject: Re: Attachment to big > > The original one. > > On 4 May 2005, at 14:48, Roger Jochem wrote: > >> Should I patch the original SweepContent or the already patched >> one (with the earlier patch). >> ----- Original Message ----- >> From: Julian Field >> To: MAILSCANNER@JISCMAIL.AC.UK >> Sent: Wednesday, May 04, 2005 10:31 AM >> Subject: Re: Attachment to big >> >> This patch is a whole lot more likely to work :-) >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> On 4 May 2005, at 11:55, Roger Jochem wrote: >> >>> I applied the patch, but the problem continues... >>> ----- Original Message ----- >>> From: Julian Field >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Sent: Wednesday, May 04, 2005 6:01 AM >>> Subject: Re: Attachment to big >>> >>> Please can you try the attached patch for SweepContent.pm and let >>> me know how you get on. >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> On 3 May 2005, at 17:32, Julian Field wrote: >>> >>>> Ooh, you may well be right. >>>> I'll check that out this evening and will let you know what I find. >>>> >>>> On 3 May 2005, at 17:22, Roger Jochem wrote: >>>> >>>>> Hello! >>>>> ? >>>>> I'm attaching a zip file with 4 Mb in a message, and >>>>> MailScanner is blocking it with the "attachment to big" >>>>> message. My mailscanner.conf has this option set to 60 Mb. >>>>> ? >>>>> The attachment is a zip file, that decompressed gives me a txt >>>>> file with 90 Mb. >>>>> ? >>>>> Is MailScanner checking the size of the uncompressed zip >>>>> instead of the original attachment? >>>>> ? >>>>> >>>> >>>> --? >>>> Julian Field >>>> jkf@ecs.soton.ac.uk >>>> Teaching Systems Manager >>>> Electronics & Computer Science >>>> University of Southampton >>>> SO17 1BJ, UK >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>> and the archives (http://www.jiscmail.ac.uk/lists/ >>>> mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --? >>> Julian Field >>> jkf@ecs.soton.ac.uk >>> Teaching Systems Manager >>> Electronics & Computer Science >>> University of Southampton >>> SO17 1BJ, UK >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> Please can you try the attached patch for SweepContent.pm and let me >>> know how you get on. >>>  >>> On 3 May 2005, at 17:32, Julian Field wrote: >>> >>> > Ooh, you may well be right. >>> > I'll check that out this evening and will let you know what I >>> find. >>> > >>> > On 3 May 2005, at 17:22, Roger Jochem wrote: >>> > >>> >> Hello! >>> >> >>> >> I'm attaching a zip file with 4 Mb in a message, and MailScanner >>> >> is blocking it with the "attachment to big" message. My >>> >> mailscanner.conf has this option set to 60 Mb. >>> >> >>> >> The attachment is a zip file, that decompressed gives me a txt >>> >> file with 90 Mb. >>> >> >>> >> Is MailScanner checking the size of the uncompressed zip instead >>> >> of the original attachment? >>> >> >>> >> >>> > >>> > -- >>> > Julian Field >>> > jkf@ecs.soton.ac.uk >>> > Teaching Systems Manager >>> > Electronics & Computer Science >>> > University of Southampton >>> > SO17 1BJ, UK >>> > >>> > ------------------------ MailScanner list ------------------------ >>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> > 'leave mailscanner' in the body of the email. >>> > Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> > and the archives (http://www.jiscmail.ac.uk/lists/ >>> mailscanner.html). >>> > >>> > Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> jkf@ecs.soton.ac.uk >>> Teaching Systems Manager >>> Electronics & Computer Science >>> University of Southampton >>> SO17 1BJ, UK >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> jkf@ecs.soton.ac.uk >> Teaching Systems Manager >> Electronics & Computer Science >> University of Southampton >> SO17 1BJ, UK >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> This patch is a whole lot more likely to work :-) >>  >> >> On 4 May 2005, at 11:55, Roger Jochem wrote: >> >> > I applied the patch, but the problem continues... >> > ----- Original Message ----- >> > From: Julian ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed May 4 16:13:16 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:30 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't have a valid e-mail I can send. The end user already deleted it. >>> martinh@SOLID-STATE-LOGIC.COM 05/04 3:57 AM >>> David you've got alot of the SARE rules etc that I run. Good. Doing the RBL's in MailScanner I find can produce alot of false positives, I'd move them to SpamAssassin. Can you put the email (headers included) to a url so I can see what scores I ge on my system. I've got mine reasonably well tuned so I may get a few more hits. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > [root@sbschools dns]# spamassassin --lint -D -p > /etc/MailScanner/spam.assassin.prefs.conf > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/home/dns/bin', which doesn't exist, dropping. > debug: Final PATH set to: >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin > debug: diag: module not installed: DBI ('require' failed) > debug: diag: module installed: DB_File, version 1.809 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.01 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.31 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/evilnumbers.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: running body-text per-line regexp tests; score so far=0.197 > debug: running uri tests; score so far=0.197 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)) > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf > May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > May 02 16:12:35.522031 check[19071]: [ 5] computed > razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, > ident=/root/.razor/identity > May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8 > May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to > folly.cloudmark.com > May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to > joy.cloudmark.com > May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to > shock.cloudmark.com > May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest > server discovery > May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5078 > May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject > May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from > 1376 bytes to 1339 > May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0, > len 1339 > May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file > (empty?): /root/.razor/razor-whitelist > May 02 16:12:35.554079 check[19071]: [ 5] Connecting to > shock.cloudmark.com ... > May 02 16:12:35.853955 check[19071]: [ 8] Connection established > May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36 > server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10 > May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25 > May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67 > May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig > May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries > May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches > May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52 > May 02 16:12:35.862770 check[19071]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5 > May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2 > p=0 > May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0: > no-contention part, spam=0 > May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam. > May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server > shock.cloudmark.com > May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5 > May 02 16:12:36.193393 check[19071]: [ 6] a=q > debug: Using results from Razor v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=0.197 > debug: running full-text regexp tests; score so far=0.197 > debug: Razor2 is available > debug: Current PATH is: >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin > debug: executable for pyzor was found at /usr/bin/pyzor > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 19075: ruid=0 euid=0 > debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > debug: leaving helper-app run mode > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is available: /usr/local/bin/dccproc > debug: entering helper-app run mode > debug: setuid: helper proc 19076: ruid=0 euid=0 > debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333 > Fuz1=3415356 Fuz2=3415350 > debug: leaving helper-app run mode > debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2: > 3415350 of 999999 > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=1.57 > debug: running header regexp tests; score so far=1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=1.86 > debug: running header regexp tests; score so far=1.86 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex > debug: lock: 19071 trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none > scores 0/0 > debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef, > IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex > debug: Post AWL score: 1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: is spam? score=1.86 required=5 > debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: >subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML HAS_MSG,__UNUSABLE_MSGID > > > >>> ssilva@SGVWATER.COM 05/02 3:26 PM >>> > David Curtis wrote: > > I am getting spam with a very low score. Can any one tell me why this > > e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and > > MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In > > postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, > > opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. > > > > I know I can change scores but I wonder why it is so low. > > > > > > The score was from these: > > SpamAssassin (score=1.597,required 3.75) > > (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, > > SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) > > > > > > OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION > > PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT > > FEDERAL COMPLEX TINUBU SQUARE, > > Lagos- Nigeria. > > Tel/Fax: > > Our Ref: ACG/FGN/543WS 234-1803-7127318 > > Email: moha_ibru@yahoo.com > > This is the old Nigerian scam. Are you sure your rules are up to date > and in the proper path? > Is your rules_du_joir script up to date? > > What does > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > show? > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spike_cacti at yahoo.com Wed May 4 16:18:25 2005 From: spike_cacti at yahoo.com (Spike Cacti) Date: Thu Jan 12 21:29:30 2006 Subject: envelope recipient case problem Message-ID: Hi, I have this weird problem where one of our partners is using the "rcpt to:" address as some kind of authentication for a list. It contains both upper and lower case letters. (B11w33ds@partner). Postfix receives the mail correctly. MailScanner archives it ok. But when it is resent to the outbound queue of postfix, all letters are lowercase. I am talking about the envelope, not the To: field in the body. Is MailScanner modifying this ? It is probably RFC compliant to do so but I just want to know if it is possible to change that behaviour... Spike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Wed May 4 16:14:46 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:30 2006 Subject: Any advice with score would be great. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just installed the Perl-DBI. Thanks, well see what happens. Here is the MailScanner -v Running on Linux sbschools.net 2.6.10-1.770_FC3 #1 Thu Feb 24 14:00:06 EST 2005 i686 i686 i386 GNU/Linux This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.40.11 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000002 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI >>> ssilva@SGVWATER.COM 05/03 6:20 PM >>> Only see one problem so far. See below David Curtis wrote: > [root@sbschools dns]# spamassassin --lint -D -p > /etc/MailScanner/spam.assassin.prefs.conf > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/home/dns/bin', which doesn't exist, dropping. > debug: Final PATH set to: >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin > debug: diag: module not installed: DBI ('require' failed) -------- Error says you need the DBI module Perl-DBI. Either see if it is included in your distribution or get from CPAN. Perl module for database access. See if this makes a difference, because it seems to be keeping you out of the bayes db. Maybe enough to taint scores? Maybe run MailScanner -v and look for any other problems. > debug: diag: module installed: DB_File, version 1.809 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.01 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.31 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/evilnumbers.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)) > debug: running body-text per-line regexp tests; score so far=0.197 > debug: running uri tests; score so far=0.197 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)) > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf > May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > May 02 16:12:35.522031 check[19071]: [ 5] computed > razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, > ident=/root/.razor/identity > May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8 > May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to > folly.cloudmark.com > May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to > joy.cloudmark.com > May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to > shock.cloudmark.com > May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from > /root/.razor/server.folly.cloudmark.com.conf > May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest > server discovery > May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5078 > May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject > May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from > 1376 bytes to 1339 > May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0, > len 1339 > May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file > (empty?): /root/.razor/razor-whitelist > May 02 16:12:35.554079 check[19071]: [ 5] Connecting to > shock.cloudmark.com ... > May 02 16:12:35.853955 check[19071]: [ 8] Connection established > May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36 > server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10 > May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25 > May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67 > May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5078; computed min_cf=6, Server se: C8 > May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8 > May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig > May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries > May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches > May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52 > May 02 16:12:35.862770 check[19071]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5 > May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2 > p=0 > May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0: > no-contention part, spam=0 > May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam. > May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server > shock.cloudmark.com > May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5 > May 02 16:12:36.193393 check[19071]: [ 6] a=q > debug: Using results from Razor v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=0.197 > debug: running full-text regexp tests; score so far=0.197 > debug: Razor2 is available > debug: Current PATH is: >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local bin:/bin:/usr/bin:/usr/X11R6/bin > debug: executable for pyzor was found at /usr/bin/pyzor > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 19075: ruid=0 euid=0 > debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > debug: leaving helper-app run mode > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is available: /usr/local/bin/dccproc > debug: entering helper-app run mode > debug: setuid: helper proc 19076: ruid=0 euid=0 > debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333 > Fuz1=3415356 Fuz2=3415350 > debug: leaving helper-app run mode > debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2: > 3415350 of 999999 > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=1.57 > debug: running header regexp tests; score so far=1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=1.86 > debug: running header regexp tests; score so far=1.86 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex > debug: lock: 19071 trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none > scores 0/0 > debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef, > IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex > debug: Post AWL score: 1.86 > debug: running body-text per-line regexp tests; score so far=1.86 > debug: running uri tests; score so far=1.86 > debug: running raw-body-text per-line regexp tests; score so far=1.86 > debug: running full-text regexp tests; score so far=1.86 > debug: is spam? score=1.86 required=5 > debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: >subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML HAS_MSG,__UNUSABLE_MSGID > > >>>> ssilva@SGVWATER.COM 05/02 3:26 PM >>> > David Curtis wrote: >> I am getting spam with a very low score. Can any one tell me why this >> e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and >> MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In >> postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, >> opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net. >> >> I know I can change scores but I wonder why it is so low. >> >> >> The score was from these: >> SpamAssassin (score=1.597,required 3.75) >> (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64, >> SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67) >> >> >> OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION >> PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT >> FEDERAL COMPLEX TINUBU SQUARE, >> Lagos- Nigeria. >> Tel/Fax: >> Our Ref: ACG/FGN/543WS 234-1803-7127318 >> Email: moha_ibru@yahoo.com > > This is the old Nigerian scam. Are you sure your rules are up to date > and in the proper path? > Is your rules_du_joir script up to date? > > What does > spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf > show? > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Wed May 4 16:26:42 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:29:30 2006 Subject: envelope recipient case problem Message-ID: I ran into the same problem over a year ago. Sender email addresses were converted to all lower case when the messages came through postfix/MailScanner/postfix, but not internally when the mail filter systems were avoided. Still causes some problems (address books, vacation replies, etc), but people got used to it. hermit921 At 08:18 AM 5/4/2005, Spike Cacti wrote: >Hi, > >I have this weird problem where one of our partners is using the "rcpt >to:" address as some kind of authentication for a list. It contains >both upper and lower case letters. (B11w33ds@partner). Postfix receives >the mail correctly. MailScanner archives it ok. But when it is resent >to the outbound queue of postfix, all letters are lowercase. > >I am talking about the envelope, not the To: field in the body. > >Is MailScanner modifying this ? It is probably RFC compliant to do so >but I just want to know if it is possible to change that behaviour... > >Spike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed May 4 16:31:59 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:30 2006 Subject: maillog logging level Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Got it! It is now working! YIPEE! I got the file and edited the line break problem, then I put the file on my web server, http://www.indysmash.com/downlaods/MailWatch.pm So if someone wants to wget the file it is there. I don't know how long it will be there, a few years I suppose, but people can get it for a while. Now the only problem "Cannot open directory: /var/spool/MailScanner/quarantine I see that other have had this problem and I haven't searched real well on it yet, but I will start searching. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Tuesday, May 03, 2005 6:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: maillog logging level > > To solve the MW problem, do as Martin says, find Walkers message in the > mailwatch list (I think it was october 6:th it was sent), cut and paste > that into a MailWatch.pm ... and use that instead of the stock one. There > might be some linewraps, so ... be on the lookout for that. > Or get someone who isn't @home and replying via crummy webmail (ie not > close to that file:-) to send it to you... I even think someone did that > today (to this list or the MW one... I don't recall which, sorry). > > It really works very nice. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Billy A. Pumphrey > Skickat: ti 2005-05-03 22:39 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: maillog logging level > Another good link: > http://forum.ev1servers.net/showpost.php?p=332319&postcount=85 > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Vladimir M Costa > > Sent: Tuesday, May 03, 2005 2:16 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: maillog logging level > > > > Or downgrade Perl DBD-MySQL to version 2.1028 > > > > see: > > http://mailwatch.sourceforge.net/faq.html > > > > > > Vladimir Costa > > > > > > > > On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote > > > Billy > > > > > > this looks like a known problem with the current DBD::mysql and > > > Mailwatch.pm from 0.5.1. > > > > > > You need a new mailwatch.pm from the MW list archives - October 6 2004 > > > by Walker Aumann. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > Billy A. Pumphrey wrote: > > > > Just about there. > > > > > > > > --- > > > > MailScanner works now :) thank you > > > > --- > > > > To get my sendmail to work, I had to comment out the AuthOption=A in > > the > > > > sendmail.cf and take out the 127.0.0.1 out of the line in > sendmail.cf. > > > > I just couldn't figure out how to change the sendmail.cf file using > m4 > > > > and the sendmail.mc file > > > > > > > > --- > > > > Mailwatch problem > > > > --- > > > > After searching the mailwatch archives and finding a little bit of > > > > information concerning the error that I am getting, I have not yet > > found > > > > an answer to this problem. I also subscribed to the mailing list > but > > > > they are not really active. > > > > > > > > May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure > > > > attempting to re-connect May 3 04:02:23 WoodenMS > MailScanner[13105]: > > > > Cannot insert row: MySQL server has gone away > > > > > > > > Billy Pumphrey > > > > IT Manager > > > > Wooden & McLaughlin > > > > > > > > > > > >>-----Original Message----- > > > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On > > > >>Behalf Of Billy A. Pumphrey > > > >>Sent: Monday, May 02, 2005 12:01 PM > > > >>To: MAILSCANNER@JISCMAIL.AC.UK > > > >>Subject: Re: maillog logging level > > > >> > > > >>Thanks for the answer. I just commented this line out: > > > >>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > > >> > > > >>Sendmail seems to work, along with the change that I did in my other > > > >>response. > > > >> > > > >>Billy Pumphrey > > > >>IT Manager > > > >>Wooden & McLaughlin > > > >> > > > >>>-----Original Message----- > > > >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > > > > > > > > On > > > > > > > >>>Behalf Of Scott Silva > > > >>>Sent: Monday, May 02, 2005 11:20 AM > > > >>>To: MAILSCANNER@JISCMAIL.AC.UK > > > >>>Subject: Re: maillog logging level > > > >>> > > > >>>Billy A. Pumphrey wrote: > > > >>> > > > >>>>--- > > > >>>>NOTE: I erased the rest of the message to get by the "looks like a > > > >>>>script" error" > > > >>>>--- > > > >>>> > > > >>>>Ok, telnet > > > >>>> > > > >>>>To make it clear, I have a new MailScanner machine (the one that I > > > >> > > > >>am > > > >> > > > >>>>trying to get working) and the one in production that is out of > > > > > > > > date > > > > > > > >>on > > > >> > > > >>>>software and hardware. > > > >>>> > > > >>>>Anyway, I know that sendmail is having problems because when I > > > >> > > > >>telnet to > > > >> > > > >>>>the new one it looks like it tries and just comes back to the > > > >> > > > >>command > > > >> > > > >>>>prompt. If I telnet to the old one a connection is made and shows > > > >> > > > >>some > > > >> > > > >>>>stuff. > > > >>>> > > > >>>>Now, > > > >>>>Should I just reinstall sendmail on top of mine or something? I > > > >>>>installed sendmail by selecting the package when installing > > > >> > > > >>centos4.0. > > > >> > > > >>>>The service appears to be running ok. I did the ch config that > > > > > > > > the > > > > > > > >>book > > > >> > > > >>>>and web site talks about. A service MailScanner restart reads > > > >> > > > >>fine > > > >> > > > >>>>for the services starting (outgoing and incoming sendmail starts > > > >> > > > >>fine). > > > >> > > > >>>>If I look at the running services it has 1 sendmail running (under > > > >> > > > >>user > > > >> > > > >>>>smmsp) which is the one that is suppose to be running isn't it? > > > >>>> > > > >>>>I was comparing the service --status-all command between the 2 > > > >> > > > >>machines. > > > >> > > > >>>>The services looks the same as far as MailScanner and sendmail > > > > > > > > look. > > > > > > > >>>>There is a sendmail running on each, and MailScanner running > > > >>>>(MailScanner,incoming sendmail, outgoing sendmail) > > > >>> > > > >>>The default on ALL RedHat based sendmail installs is to only accept > > > >>>local connections (IE.. from and to 127.0.0.1) > > > >>>You will have to fix this. It is commented well in the sendmail.mc > > > >> > > > >>file. > > > >> > > > >>>Look for the section with; > > > >>> > > > >>>dnl # The following causes sendmail to only listen on the IPv4 > > > >> > > > >>loopback > > > >> > > > >>>address > > > >>>dnl # 127.0.0.1 and not on any other network devices. Remove the > > > >> > > > >>loopback > > > >> > > > >>>dnl # address restriction to accept email from the internet or > > > >> > > > >>intranet. > > > >> > > > >>>dnl # > > > >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > > >>>Your default will be different, as this has already been changed. > > > >>> > > > >>>-- > > > >>>"If you have ever eaten crow, > > > >>>It don't taste like chicken!!" > > > >>> > > > >>>------------------------ MailScanner list ------------------------ > > > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >>>'leave mailscanner' in the body of the email. > > > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >>> > > > >>>Support MailScanner development - buy the book off the website! > > > >> > > > >>------------------------ MailScanner list ------------------------ > > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > >>'leave mailscanner' in the body of the email. > > > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >> > > > >>Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > Universidade do Vale do Paraíba - UNIVAP. > > http://www.univap.br/ > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 4 17:05:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:30 2006 Subject: maillog logging level Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > Got it! > > It is now working! YIPEE! I got the file and edited the line break problem, then I put the file on my web server, http://www.indysmash.com/downlaods/MailWatch.pm > > So if someone wants to wget the file it is there. I don't know how long it will be there, a few years I suppose, but people can get it for a while. > > Now the only problem "Cannot open directory: /var/spool/MailScanner/quarantine > > I see that other have had this problem and I haven't searched real well on it yet, but I will start searching. > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > In the MailScanner config file is a setting for quarantine user. That needs to be set to the user that your web server runs as. Then set permissions accordingly in that directory. I think this will clear it up. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jmartin at GSI-KC.COM Wed May 4 17:26:13 2005 From: jmartin at GSI-KC.COM (Martin, Jeremy) Date: Thu Jan 12 21:29:30 2006 Subject: releasing from quarantine Message-ID: Hi, I am using MailWatch with MailScanner but I believe this is more MailScanner related, so I‘m asking here. In MailWatch when I try to release a message blocked because of the file types, it keeps getting re-quarantined. In my spam.whitelist.rules I am whitelisting the From: email address MailWatch is using when it releases the message. I am also whitelisting that address in virus.scanning.rules … and my MailScanner.conf definitely has it looking at those two rule sets. The status of the message in MailWatch is showing up as “W/L, Bad Content” .. One of the attachments is an .exe blocked by the filename.rules.conf and the two other files are .dll’s but not listed in filename.rules.conf … The report I’m getting emailed seems to be the stored.content.message.txt and it’s saying “At Wed May 4 09:13:21 2005 the virus scanner said: MailScanner: Executable DOS/Windows programs are dangerous in email (ExportBatchService.exe) MailScanner: Attempt to hide real filename extension (Dart.PowerTCP.Ftp.dll)” So how do I further whitelist the From email address these ‘release from quarantine’ emails are coming from, in addition to the current whitelist in my spam.whitelist.rules and virus.scanning.rules, so it doesn’t get re-quarantined? Thanks!! Jeremy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Wed May 4 17:44:23 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:29:30 2006 Subject: Everything autolearn=not spam Message-ID: My mailscanner/spamassassin box has developed a serious problem. It is autolearning everything as not spam. I have tried deleting bayes and starting over, restored bayes data, and MS config from last known good backup, upgraded to newest version of MS (I already have 3.03 of SA). This is running on Fedora Core 3. Any help is greatly appreciated! Thanks, Quintin Giesbrecht IT Professional, Hanover School Division ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Wed May 4 17:53:36 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:29:30 2006 Subject: Everything autolearn=not spam Message-ID: We had a problem with the bays being poisoned. What we did was give low values to BAYES_00 = -.04 and the like. By setting bays scores to not subtract much if it thinks it is a low probability, It helped us. I hope that you find this helpful. By the way, Be careful. The Sober virus is very active, we have been getting a lot of Sober viruses/worms that we have been blocking and placing in quarantine the last couple of days. John Crossan Systems Administrator Valley Presbyterian Hospital -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Quintin Giesbrecht Sent: Wednesday, May 04, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Everything autolearn=not spam My mailscanner/spamassassin box has developed a serious problem. It is autolearning everything as not spam. I have tried deleting bayes and starting over, restored bayes data, and MS config from last known good backup, upgraded to newest version of MS (I already have 3.03 of SA). This is running on Fedora Core 3. Any help is greatly appreciated! Thanks, Quintin Giesbrecht IT Professional, Hanover School Division ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed May 4 17:48:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:30 2006 Subject: Everything autolearn=not spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quintin Giesbrecht wrote: >My mailscanner/spamassassin box has developed a serious problem. It is >autolearning everything as not spam. > > Do you have most of your messages, including spam messages hitting ALL_TRUSTED? http://wiki.apache.org/spamassassin/TrustPath ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Wed May 4 18:01:05 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:30 2006 Subject: Need Recommendations Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2 MX servers with the following Dual 933Mhz 1 Gig of memory FC1 (mailscanner and spamassassin need to be upgraded) mailscanner-4.31.6-1 spamassassin-2.63 1.7Mhz 512 Memory (desktop) FC2 mailscanner-4.40.11-1 spamassassin-3.0.2-1 I am experiencing a slow down in the delivery/processing of email on my MailScanner servers. I receive roughly 50,000 emails on a daily basis and if there is a delay in the processing of any emails it can get backed up very quickly. I'm not sure if it is a DNS timing issue?, would anyone recommend using local DNS in this case, or does anyone use it and have they seen improvements? Can anyone recommend anything in the MailScanner.conf file that may help? I have "Max children" set to 10 on the server with dual process and 5 on the server with one processor, and "queue scan interval" is set to 6 on both servers as well. I am using Clamav as my virus scanner. Please let me know if you need additional info, and thanks in advance for your assistance. Derek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 18:09:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can someone do this? I can't fix it until I have some evidence to show what output you are getting. Also, while you are at it, please tell me what you have set in the "Incoming Work Directory" in MailScanner.conf. A change in how ClamAV follows directory paths would be an obvious change they might have made. Julian Field wrote: > Any reason why I might not be able to reproduce it? > > I used sendmail, the latest MailScanner code and ClamAV 0.83 and 0.84 > and it happily detected both. > > So we are saying that on your system ClamAV 0.84 is not being properly > handled and is missing *all* viruses, even eicar? > > Please can you put an eicar.com in a directory, along with a few other > harmless files and run this: > > mkdir /tmp/clamav.temptemp > chmod go-a /tmp/clamav.temptemp > /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb > ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . > > Obviously the clamscan command should be all one 1 line, and don't > forget the " ." at the end of the line. And if your clamscan is not in > /usr/local/bin then adjust the command appropriately. > > Please send me the exact output of that. > > Also tell me what version of ClamAV you are running. > > On 4 May 2005, at 13:57, Wess Bechard wrote: > >> I also had quite a few viruses slip through this way in the past few >> days. I've applied Julian's patch to the VirusSweep.pm already, >> which grabs the empty files, but they still slip through. >> >> On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: >> >>>Julian, >>> >>>I'm using sendmail 8.13.3. All I did to duplicate it was send a test >>>message with an EICAR attachment. If I used clamav by itself, then the >>>virus is detected but MS still says it's clean and delivers it. If I >>>switch to clamavmodule, then the virus is detected and MS removes the >>>message id from it's array of ones to be deliverer. If I used a sophos >>>as a secondary scanner to clamav then virus is also detected and stopped >>>but I think that is because it's acting on the sophos detection and not >>>the clamav. >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK ] On >>>Behalf Of Julian Field >>>Sent: Wednesday, May 04, 2005 4:19 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: ClamAV and MailScanner Bug >>> >>>Also, is it specific to one MTA? >>>Looks like you are using Postfix. What is anyone else with this problem >>>running? >>> >>>On 4 May 2005, at 09:04, Julian Field wrote: >>> >>>> On 4 May 2005, at 00:16, Chris Stone wrote: >>>> >>>> >>>>> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >>>>> >>>>> >>>>>> Scott Silva wrote: >>>>>> >>>>>> >>>>>>> Rose, Bobby wrote: >>>>>>> >>>>>>> >>>>>>>> So no one else is seeing this problem? I'm talking about onlying >>>>>>>> clamav as the scanner....no others and not clamavmodule. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Maybe only a Solaris 8 problem. >>>>>>> >>>>>>> >>>>>> >>>>>> No. I'm using Solaris with Clam and I'm not having any problems. >>>>>> >>>>>> >>>>> >>>>> I am seeing problems under OSX: >>>>> >>>>> May 3 18:56:29 g5 >>>>> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >>>>> 1898/./9F050BA0A85C/error-mail_info.zip: >>>>> Worm.Sober.P FOUND >>>>> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >>>>> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >>>>> completed at >>>>> 37432 bytes >>>>> per second >>>>> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >>>>> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >>>>> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >>>>> Processing completed at >>>>> 74864 >>>>> bytes per second >>>>> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >>>>> 74864 bytes >>>>> per second >>>>> >>>>> Seems to only still deliver the Sober viruses - all the others are >>>>> caught as above, but not delivered. This client is running MS 4.34.8 >>>>> and ClamAV 0.83. >>>>> Am going to have them update to the latest MS stable release and see >>>>> if they still have this issue. >>>>> >>>>> >>>> >>>> Can someone send me one of the troublesome messages please? >>>> Easiest way is to put it on the web and mail me the URL. >>>> >>>> -- >>>> Julian Field >>>> jkf@ecs.soton.ac.uk >>>> Teaching Systems Manager >>>> Electronics & Computer Science >>>> University of Southampton >>>> SO17 1BJ, UK >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>>-- >>>Julian Field >>>jkf@ecs.soton.ac.uk >>>Teaching Systems Manager >>>Electronics & Computer Science >>>University of Southampton >>>SO17 1BJ, UK >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >> -- >> Wess Bechard > >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed May 4 18:17:29 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:30 2006 Subject: Need Recommendations Message-ID: I would HIGHLY recommend a local caching nameserver on your MX boxen. You might also consider using the clamavmodule instead of straight clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Catanzaro Sent: Wednesday, May 04, 2005 12:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Need Recommendations 2 MX servers with the following Dual 933Mhz 1 Gig of memory FC1 (mailscanner and spamassassin need to be upgraded) mailscanner-4.31.6-1 spamassassin-2.63 1.7Mhz 512 Memory (desktop) FC2 mailscanner-4.40.11-1 spamassassin-3.0.2-1 I am experiencing a slow down in the delivery/processing of email on my MailScanner servers. I receive roughly 50,000 emails on a daily basis and if there is a delay in the processing of any emails it can get backed up very quickly. I'm not sure if it is a DNS timing issue?, would anyone recommend using local DNS in this case, or does anyone use it and have they seen improvements? Can anyone recommend anything in the MailScanner.conf file that may help? I have "Max children" set to 10 on the server with dual process and 5 on the server with one processor, and "queue scan interval" is set to 6 on both servers as well. I am using Clamav as my virus scanner. Please let me know if you need additional info, and thanks in advance for your assistance. Derek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed May 4 18:26:11 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: --On Wednesday, May 4, 2005 6:09 PM +0100 Julian Field wrote: > Please can someone do this? I can't fix it until I have some evidence to > show what output you are getting. > Also, while you are at it, please tell me what you have set in the > "Incoming Work Directory" in MailScanner.conf. A change in how ClamAV > follows directory paths would be an obvious change they might have made. Incoming Work Dir = /var/spool/MailScanner/incoming Something like this Julian ? ClamAV devel-20050504/867/Wed May 4 10:08:12 2005 [root@hemlock tmp]# /usr/local/bin/clamscan --unzip --jar --tgz --deb --tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . /tmp/./.807.68006d: OK /tmp/./McAfeeBusy.lock: OK /tmp/./BitdefenderBusy.lock: OK /tmp/./.807.680055: OK /tmp/./backhair.cf: OK /tmp/./FProtBusy.lock: OK /tmp/./.807.680061: OK /tmp/./weeds.cf: OK /tmp/./mangled.cf: OK /tmp/./session_mm_apache0.sem: Empty file /tmp/./.807.7d40a4: OK /tmp/./.807.680074: OK /tmp/./.807.680056: OK /tmp/./.807.680058: OK /tmp/./70_sare_evilnum0.cf: OK /tmp/./70_sare_evilnum1.cf: OK /tmp/./70_sare_evilnum2.cf: OK /tmp/./70_sare_header0.cf: OK /tmp/./70_sare_specific.cf: OK /tmp/./70_sare_adult.cf: OK /tmp/./72_sare_bml_post25x.cf: OK /tmp/./99_sare_fraud_post25x.cf: OK /tmp/./70_sare_spoof.cf: OK /tmp/./72_sare_redirect_post3.0.0.cf: OK /tmp/./70_sare_bayes_poison_nxm.cf: OK /tmp/./.807.464031: OK /tmp/./ClamAV.update.log: OK /tmp/./70_sare_oem.cf: OK /tmp/./70_sare_genlsubj0.cf: OK /tmp/./70_sare_uri0.cf: OK /tmp/./70_sare_uri_eng.cf: OK /tmp/./bogus-virus-warnings.cf: OK /tmp/./ClamAVBusy.lock: OK /tmp/./.807.680059: OK /tmp/./.807.680066: OK /tmp/./.807.68005c: OK /tmp/./.807.680060: OK /tmp/./.807.68006b: OK /tmp/./.807.7340e9: OK /tmp/./.807.680070: OK /tmp/./.807.680064: OK /tmp/./.807.680063: OK /tmp/./.807.6f40e5: OK /tmp/./.807.680057: OK /tmp/./.807.680073: OK /tmp/./.807.68006c: OK /tmp/./.807.680068: OK /tmp/./.807.680072: OK /tmp/./.807.680065: OK /tmp/./clamav.temptemp/20050504/j447Ihp4013026/message: HTML.Phishing.Pay-8 FOUND /tmp/./clamav.temptemp/20050504/j447Ihp4013026/msg-3914-54.html: HTML.Phishing.Pay-8 FOUND /tmp/./clamav.temptemp/20050504/j449Ar6U019205/message: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j449Ar6U019205/Winzipped-Text.pif: Empty file /tmp/./clamav.temptemp/20050504/j449Ar6U019205/our_secret.zip: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j449Ar6U019205/Winzipped-Text_Data.txt .pif: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j449f8aJ020807/message: HTML.Phishing.Pay-35 FOUND /tmp/./clamav.temptemp/20050504/j449f8aJ020807/msg-15153-24.html: HTML.Phishing.Pay-35 FOUND /tmp/./clamav.temptemp/20050504/j44BLqDt006202/message: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44BLqDt006202/word_doc.zip: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44BLqDt006202/details.txt .pif: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44BMbfM006269/message: Exploit.HTML.IFrame FOUND /tmp/./clamav.temptemp/20050504/j44BMbfM006269/msg-2327-33.html: Exploit.HTML.IFrame FOUND /tmp/./clamav.temptemp/20050504/j44BMbfM006269/message.scr: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44Curox014548/message: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44Curox014548/id43342.doc .pif: Worm.SomeFool.P FOUND /tmp/./clamav.temptemp/20050504/j44DfxGf019098/message: OK /tmp/./clamav.temptemp/20050504/j44DfxGf019098/Neverdisturbyourhusband.asf: OK /tmp/./clamav.temptemp/20050504/j44DtlWD020928/message: Worm.Mydoom.I FOUND /tmp/./clamav.temptemp/20050504/j44DtlWD020928/attachment.htm.scr: Worm.Mydoom.I FOUND /tmp/./clamav.temptemp/20050504/j44DtlWD020928/attachment.zip: Worm.Mydoom.I FOUND /tmp/./clamav.temptemp/20050504/j44E0Yxt021373/message: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44E0Yxt021373/Winzipped-Text.pif: Empty file /tmp/./clamav.temptemp/20050504/j44E0Yxt021373/Winzipped-Text_Data.txt .pif: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44E0Yxt021373/account_info-text.zip: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44E7Vvu022006/message: OK /tmp/./clamav.temptemp/20050504/j44E7Vvu022006/duhhh.asf: OK /tmp/./clamav.temptemp/20050504/j44EOc7I023771/message: HTML.Phishing.Bank-83 FOUND /tmp/./clamav.temptemp/20050504/j44EOc7I023771/msg-2304-191.html: HTML.Phishing.Bank-83 FOUND /tmp/./clamav.temptemp/20050504/j44Elq4T026297/message: HTML.Phishing.Bank-83 FOUND /tmp/./clamav.temptemp/20050504/j44Elq4T026297/msg-23839-16.html: HTML.Phishing.Bank-83 FOUND /tmp/./clamav.temptemp/20050504/j44FPIC4030854/message: OK /tmp/./clamav.temptemp/20050504/j44FPIC4030854/DOCUMENT.pif: OK /tmp/./clamav.temptemp/20050504/j44G0ous003158/message: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44G0ous003158/account_info.zip: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44G0ous003158/Winzipped-Text.pif: Empty file /tmp/./clamav.temptemp/20050504/j44G0ous003158/Winzipped-Text_Data.txt .pif: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44G59xC003769/message: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44G59xC003769/Winzipped-Text.pif: Empty file /tmp/./clamav.temptemp/20050504/j44G59xC003769/our_secret.zip: Worm.Sober.P FOUND /tmp/./clamav.temptemp/20050504/j44G59xC003769/Winzipped-Text_Data.txt .pif: Worm.Sober.P FOUND [root@hemlock tmp]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Wed May 4 18:28:12 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: In my first message, I sent some log excerpts. The first one was with Virus Scanners = clamav, the logs show that the virus was detected by clamav but it was treated as uninfected. If I set it to clamavmodule, the second log excerpt, it was detected and treated as infected by MailScanner. It happened on both .83 and .84 of clamav but since the MailScanner log entry shows the response by clamav in both cases, then it doesn't look like a clamav issue. Running /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb --tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . results in /export/home/root/a/./eicar.com: Eicar-Test-Signature FOUND /export/home/root/a/./my_rules_du_jour: OK /export/home/root/a/./note.txt: OK ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 9:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Any reason why I might not be able to reproduce it? I used sendmail, the latest MailScanner code and ClamAV 0.83 and 0.84 and it happily detected both. So we are saying that on your system ClamAV 0.84 is not being properly handled and is missing *all* viruses, even eicar? Please can you put an eicar.com in a directory, along with a few other harmless files and run this: mkdir /tmp/clamav.temptemp chmod go-a /tmp/clamav.temptemp /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . Obviously the clamscan command should be all one 1 line, and don't forget the " ." at the end of the line. And if your clamscan is not in /usr/local/bin then adjust the command appropriately. Please send me the exact output of that. Also tell me what version of ClamAV you are running. On 4 May 2005, at 13:57, Wess Bechard wrote: I also had quite a few viruses slip through this way in the past few days. I've applied Julian's patch to the VirusSweep.pm already, which grabs the empty files, but they still slip through. On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: Julian, I'm using sendmail 8.13.3. All I did to duplicate it was send a test message with an EICAR attachment. If I used clamav by itself, then the virus is detected but MS still says it's clean and delivers it. If I switch to clamavmodule, then the virus is detected and MS removes the message id from it's array of ones to be deliverer. If I used a sophos as a secondary scanner to clamav then virus is also detected and stopped but I think that is because it's acting on the sophos detection and not the clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 4:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Also, is it specific to one MTA? Looks like you are using Postfix. What is anyone else with this problem running? On 4 May 2005, at 09:04, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart wrote: >> >> >>> Scott Silva wrote: >>> >>> >>>> Rose, Bobby wrote: >>>> >>>> >>>>> So no one else is seeing this problem? I'm talking about onlying >>>>> clamav as the scanner....no others and not clamavmodule. >>>>> >>>>> >>>> >>>> Maybe only a Solaris 8 problem. >>>> >>>> >>> >>> No. I'm using Solaris with Clam and I'm not having any problems. >>> >>> >> >> I am seeing problems under OSX: >> >> May 3 18:56:29 g5 >> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >> 1898/./9F050BA0A85C/error-mail_info.zip: >> Worm.Sober.P FOUND >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >> infections May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning >> completed at >> 37432 bytes >> per second >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: Uninfected: >> Delivered 1 messages May 3 18:56:30 g5 MailScanner[1898]: Virus >> Processing completed at >> 74864 >> bytes per second >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >> 74864 bytes >> per second >> >> Seems to only still deliver the Sober viruses - all the others are >> caught as above, but not delivered. This client is running MS 4.34.8 >> and ClamAV 0.83. >> Am going to have them update to the latest MS stable release and see >> if they still have this issue. >> >> > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Wess Bechard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 18:47:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can someone with this problem give me remote root ssh access please? I cannot reproduce the fault on my systems, everything works fine. But it looks like we have a total failure of ClamAV on some systems, which I obviously need to look at. Please mail me off list if you can help me help you. Thanks. Rose, Bobby wrote: >In my first message, I sent some log excerpts. The first one was with >Virus Scanners = clamav, the logs show that the virus was detected by >clamav but it was treated as uninfected. If I set it to clamavmodule, >the second log excerpt, it was detected and treated as infected by >MailScanner. It happened on both .83 and .84 of clamav but since the >MailScanner log entry shows the response by clamav in both cases, then >it doesn't look like a clamav issue. > >Running >/usr/local/bin/clamscan --unzip --jar --tar --tgz --deb >--tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . >results in > >/export/home/root/a/./eicar.com: Eicar-Test-Signature FOUND >/export/home/root/a/./my_rules_du_jour: OK >/export/home/root/a/./note.txt: OK > > > >________________________________ > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, May 04, 2005 9:56 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ClamAV and MailScanner Bug > > >Any reason why I might not be able to reproduce it? > >I used sendmail, the latest MailScanner code and ClamAV 0.83 and 0.84 >and it happily detected both. > >So we are saying that on your system ClamAV 0.84 is not being properly >handled and is missing *all* viruses, even eicar? > >Please can you put an eicar.com in a directory, along with a few other >harmless files and run this: > >mkdir /tmp/clamav.temptemp >chmod go-a /tmp/clamav.temptemp >/usr/local/bin/clamscan --unzip --jar --tar --tgz --deb >----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . > >Obviously the clamscan command should be all one 1 line, and don't >forget the " ." at the end of the line. And if your clamscan is not in >/usr/local/bin then adjust the command appropriately. > >Please send me the exact output of that. > >Also tell me what version of ClamAV you are running. > >On 4 May 2005, at 13:57, Wess Bechard wrote: > > > I also had quite a few viruses slip through this way in the past >few days. I've applied Julian's patch to the VirusSweep.pm already, >which grabs the empty files, but they still slip through. > > On Wed, 2005-05-04 at 07:15 -0400, Rose, Bobby wrote: > > Julian, > > I'm using sendmail 8.13.3. All I did to duplicate it >was send a test > message with an EICAR attachment. If I used clamav by >itself, then the > virus is detected but MS still says it's clean and >delivers it. If I > switch to clamavmodule, then the virus is detected and >MS removes the > message id from it's array of ones to be deliverer. If >I used a sophos > as a secondary scanner to clamav then virus is also >detected and stopped > but I think that is because it's acting on the sophos >detection and not > the clamav. > > -----Original Message----- > From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, May 04, 2005 4:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Also, is it specific to one MTA? > Looks like you are using Postfix. What is anyone else >with this problem > running? > > On 4 May 2005, at 09:04, Julian Field wrote: > > > On 4 May 2005, at 00:16, Chris Stone wrote: > > > > > >> On Tuesday 03 May 2005 04:18 pm, Peter Bonivart >wrote: > >> > >> > >>> Scott Silva wrote: > >>> > >>> > >>>> Rose, Bobby wrote: > >>>> > >>>> > >>>>> So no one else is seeing this problem? I'm >talking about onlying > >>>>> clamav as the scanner....no others and not >clamavmodule. > >>>>> > >>>>> > >>>> > >>>> Maybe only a Solaris 8 problem. > >>>> > >>>> > >>> > >>> No. I'm using Solaris with Clam and I'm not having >any problems. > >>> > >>> > >> > >> I am seeing problems under OSX: > >> > >> May 3 18:56:29 g5 > >> MailScanner[1898]: >/private/var/spool/MailScanner/incoming/ > >> 1898/./9F050BA0A85C/error-mail_info.zip: > >> Worm.Sober.P FOUND > >> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: >ClamAV found 1 > >> infections May 3 18:56:30 g5 MailScanner[1898]: >Virus Scanning > >> completed at > >> 37432 bytes > >> per second > >> May 3 18:56:30 g5 MailScanner[1898]: Requeue: >9F050BA0A85C to > >> C3AB7BA0A920 May 3 18:56:30 g5 MailScanner[1898]: >Uninfected: > >> Delivered 1 messages May 3 18:56:30 g5 >MailScanner[1898]: Virus > >> Processing completed at > >> 74864 > >> bytes per second > >> May 3 18:56:30 g5 MailScanner[1898]: Disinfection >completed at > >> 74864 bytes > >> per second > >> > >> Seems to only still deliver the Sober viruses - all >the others are > >> caught as above, but not delivered. This client is >running MS 4.34.8 > >> and ClamAV 0.83. > >> Am going to have them update to the latest MS stable >release and see > >> if they still have this issue. > >> > >> > > > > Can someone send me one of the troublesome messages >please? > > Easiest way is to put it on the web and mail me the >URL. > > > > -- > > Julian Field > > jkf@ecs.soton.ac.uk > > Teaching Systems Manager > > Electronics & Computer Science > > University of Southampton > > SO17 1BJ, UK > > > > ------------------------ MailScanner list >------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the >words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki >(http://wiki.mailscanner.info/) and > > the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the >website! > > > > > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > ------------------------ MailScanner list >------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the >words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki >(http://wiki.mailscanner.info/) and > the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the >website! > > ------------------------ MailScanner list >------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the >words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki >(http://wiki.mailscanner.info/) and > the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the >website! > > > -- > Wess Bechard > ------------------------ MailScanner list >------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Wed May 4 19:24:05 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:29:30 2006 Subject: Everything autolearn=not spam Message-ID: By the way, I should point out that all mail is being tagged as "0" for spam score. There are no + points, or - points being assigned. Thanks again. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quintin Giesbrecht Sent: May 4, 2005 11:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Everything autolearn=not spam My mailscanner/spamassassin box has developed a serious problem. It is autolearning everything as not spam. I have tried deleting bayes and starting over, restored bayes data, and MS config from last known good backup, upgraded to newest version of MS (I already have 3.03 of SA). This is running on Fedora Core 3. Any help is greatly appreciated! Thanks, Quintin Giesbrecht IT Professional, Hanover School Division ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed May 4 19:32:48 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:30 2006 Subject: OT - Help sorting out relay rules, please Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I need help sorting out (in my mind) some rules for a pair or relays here. We host quite a few mail domains. The domains are on separate mail servers - all sendmail. A few of the aliases on each machine points to a user in another domain. For instance, user1@domain1.com -> user2@domain2.com. Sendmail which hosts Domain1.com and Domain2.com are on different servers. To avoid going through our firewalls, I have sendmail send to the IP of the other machine directly when ever need be, so if mail comes to the user1 above, it is relayed directly to the IP of sendmail on domain2.com and delivered to user2. Make sense? My problem is that when mail arrives on domain1 for user1, it is relayed immediately to user2 on the domain2.com server without being scanned by MS on the domain1 server. I whitelist mail that originates from domain1 to domain2, (by IP, not domain name), but this relay problem squirrels up the works, as now domain2 sees this relayed message as one that came from domain1's IP, so it gets whitelisted. Can anyone think of a solution for the WL/BL rules on both servers that would resolve this issue? Right now, I have set up an individual WL rule for any alias that will _not_ whitelist from the IP of the other server, but this circumvents the WL of real mail from users of domain1 to user2. I guess this is an example of an exception to the rule - WL by IP, not domain. Sorry, but I'm old and tired and just can't think straight. Any words of wisdom would be greatly appreciated. BTW - since this is OT: Mr Scott Silva, don't stop with your little pearls you sometimes slip in on a messge. The one about the time machine and condoms allowed me a very nice giggle and break from the grind. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed May 4 19:34:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:30 2006 Subject: Everything autolearn=not spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quintin Giesbrecht wrote: >By the way, I should point out that all mail is being tagged as "0" for >spam score. There are no + points, or - points being assigned. > > That sounds like some kind of massive problem parsing the rule files. Try running spamassassin --lint, see if that complains. If it doesn't try running spamassassin --lint -D, and see if the debug output gives any clues. In particular, make sure there's all the standard cf files are in the "default rules dir". ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Wed May 4 19:24:50 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:30 2006 Subject: mailscanner not processing exim queue Message-ID: Not sure what is wrong - my first attempt running mailscanner... I have exim now queing up mail in /var/spool/exim.in/input - which is what i have mailscanner set to look at for incoming mail... my /var/log/maillog shows only one thing ever: May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus Scanner version 4.31.2 starting... There are no errors or anything, but all my mail just sits in /var/spool/exim.in/input, and mailscanner doesn't scan/move them into the outgoing directory. I have browsed the archives and didn't see anyone having the same problem which makes me think its probably something simple, but I have been going back over the configs over and over and don't see what I'm missing.. any help is much appreciated. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Wed May 4 19:42:42 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:29:30 2006 Subject: Everything auto learn=not spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I sounds to me like it might be a rights issue. Do all the different processes (ClamAV, postfix, SpamAssassin, ...etc) have rights to the directories? John Crossan Systems Administrator Valley Presbyterian Hospital -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Matt Kettler Sent: Wednesday, May 04, 2005 11:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Everything autolearn=not spam Quintin Giesbrecht wrote: >By the way, I should point out that all mail is being tagged as "0" for >spam score. There are no + points, or - points being assigned. > > That sounds like some kind of massive problem parsing the rule files. Try running spamassassin --lint, see if that complains. If it doesn't try running spamassassin --lint -D, and see if the debug output gives any clues. In particular, make sure there's all the standard cf files are in the "default rules dir". ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 20:48:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:30 2006 Subject: mailscanner not processing exim queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check your Incoming Queue Directory point to /var/spool/exim.in/input and MTA = exim. Arif Malik wrote: > Not sure what is wrong - my first attempt running mailscanner... I > have exim now queing up mail in /var/spool/exim.in/input - which is > what i have mailscanner set to look at for incoming mail... my > /var/log/maillog shows only one thing ever: > > May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus > Scanner version 4.31.2 starting... > There are no errors or anything, but all my mail just sits in > /var/spool/exim.in/input, and mailscanner doesn't scan/move them into > the outgoing directory. I have browsed the archives and didn't see > anyone having the same problem which makes me think its probably > something simple, but I have been going back over the configs over and > over and don't see what I'm missing.. any help is much appreciated. > Thanks! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Wed May 4 20:54:06 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:31 2006 Subject: mailscanner not processing exim queue Message-ID: From MailScanner at ecs.soton.ac.uk Wed May 4 20:59:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: mailscanner not processing exim queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Run As User = exim Run As Group = exim Outgoing Queue Dir = /var/spool/exim/input ? Arif Malik wrote: >From my MailScanner.conf: > >Incoming Queue Dir = /var/spool/exim.in/input >... >MTA = exim > > >[root@filter etc]# ls -la !$ >ls -la /var/spool/exim.in/input >total 32 >drwxrwxrwx 2 exim exim 4096 May 4 10:56 . >drwxr-x--- 5 exim exim 4096 May 2 16:39 .. >-rw-r----- 1 exim exim 24 May 4 10:56 1DTO6X-0003mH-2u-D >-rw-r----- 1 exim exim 1556 May 4 10:56 1DTO6X-0003mH-2u-H > >anything else I can look for?? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, May 04, 2005 12:49 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: mailscanner not processing exim queue > >Check your Incoming Queue Directory point to /var/spool/exim.in/input >and MTA = exim. > >Arif Malik wrote: > > > >>Not sure what is wrong - my first attempt running mailscanner... I >>have exim now queing up mail in /var/spool/exim.in/input - which is >>what i have mailscanner set to look at for incoming mail... my >>/var/log/maillog shows only one thing ever: >> >>May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus >>Scanner version 4.31.2 starting... >>There are no errors or anything, but all my mail just sits in >>/var/spool/exim.in/input, and mailscanner doesn't scan/move them into >>the outgoing directory. I have browsed the archives and didn't see >>anyone having the same problem which makes me think its probably >>something simple, but I have been going back over the configs over and >> >> > > > >>over and don't see what I'm missing.. any help is much appreciated. >>Thanks! >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* >> >> > > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Wed May 4 21:20:44 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 04 May 2005 02:04 am, Julian Field wrote: > On 4 May 2005, at 00:16, Chris Stone wrote: > > I am seeing problems under OSX: > > > > May 3 18:56:29 g5 > > MailScanner[1898]: /private/var/spool/MailScanner/incoming/ > > 1898/./9F050BA0A85C/error-mail_info.zip: > > Worm.Sober.P FOUND > > May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 > > infections > > May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at > > 37432 bytes > > per second > > May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to > > C3AB7BA0A920 > > May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages > > May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at > > 74864 > > bytes per second > > May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at > > 74864 bytes > > per second > > Seems to only still deliver the Sober viruses - all the others are > > caught as > > above, but not delivered. This client is running MS 4.34.8 and > > ClamAV 0.83. > > Am going to have them update to the latest MS stable release and > > see if they > > still have this issue. > > Can someone send me one of the troublesome messages please? > Easiest way is to put it on the web and mail me the URL. I'll see if I can get one and do that. Since MS is not blocking them, I don't have the full messages on the server to pull - only the headers (using MailWatch). But, while other viruses are being properly blocked by MS, it's only these Worm.Sober.P viruses that ClamAV is detecting, MS is seeing that, but stating it's disinfected and queuing it up for delivery. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 21:32:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Stone wrote: >On Wednesday 04 May 2005 02:04 am, Julian Field wrote: > > >>On 4 May 2005, at 00:16, Chris Stone wrote: >> >> >>>I am seeing problems under OSX: >>> >>>May 3 18:56:29 g5 >>>MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >>>1898/./9F050BA0A85C/error-mail_info.zip: >>>Worm.Sober.P FOUND >>>May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >>>infections >>>May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at >>>37432 bytes >>>per second >>>May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >>>C3AB7BA0A920 >>>May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages >>>May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at >>>74864 >>>bytes per second >>>May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >>>74864 bytes >>>per second >>>Seems to only still deliver the Sober viruses - all the others are >>>caught as >>>above, but not delivered. This client is running MS 4.34.8 and >>>ClamAV 0.83. >>>Am going to have them update to the latest MS stable release and >>>see if they >>>still have this issue. >>> >>> >>Can someone send me one of the troublesome messages please? >>Easiest way is to put it on the web and mail me the URL. >> >> > >I'll see if I can get one and do that. Since MS is not blocking them, I don't >have the full messages on the server to pull - only the headers (using >MailWatch). > >But, while other viruses are being properly blocked by MS, it's only these >Worm.Sober.P viruses that ClamAV is detecting, MS is seeing that, but stating >it's disinfected and queuing it up for delivery. > > Aha! It's only the Worm.Sober.P viruses that are causing the problem. That's useful news. If you can get one, please do send it to me. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Wed May 4 21:36:07 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 04 May 2005 05:15 am, Rose, Bobby wrote: > I'm using sendmail 8.13.3. All I did to duplicate it was send a test > message with an EICAR attachment. If I used clamav by itself, then the > virus is detected but MS still says it's clean and delivers it. If I > switch to clamavmodule, then the virus is detected and MS removes the > message id from it's array of ones to be deliverer. If I used a sophos > as a secondary scanner to clamav then virus is also detected and stopped > but I think that is because it's acting on the sophos detection and not > the clamav. I have a couple of other servers (the only one with the problem is under OSX with ClamAV and Postfix) that are running sendmail 8.13 and using ClamAV and BitDefender - all are being blocked by MS and detected initially only by ClamAV until the update for BitDefender was received that also sees this one. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 4 21:57:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Chris Stone wrote: > >> On Wednesday 04 May 2005 02:04 am, Julian Field wrote: >> >> >>> On 4 May 2005, at 00:16, Chris Stone wrote: >>> >>> >>>> I am seeing problems under OSX: >>>> >>>> May 3 18:56:29 g5 >>>> MailScanner[1898]: /private/var/spool/MailScanner/incoming/ >>>> 1898/./9F050BA0A85C/error-mail_info.zip: >>>> Worm.Sober.P FOUND >>>> May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 >>>> infections >>>> May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at >>>> 37432 bytes >>>> per second >>>> May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to >>>> C3AB7BA0A920 >>>> May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages >>>> May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at >>>> 74864 >>>> bytes per second >>>> May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at >>>> 74864 bytes >>>> per second >>>> Seems to only still deliver the Sober viruses - all the others are >>>> caught as >>>> above, but not delivered. This client is running MS 4.34.8 and >>>> ClamAV 0.83. >>>> Am going to have them update to the latest MS stable release and >>>> see if they >>>> still have this issue. >>>> >>>> >>> Can someone send me one of the troublesome messages please? >>> Easiest way is to put it on the web and mail me the URL. >>> >>> >> >> I'll see if I can get one and do that. Since MS is not blocking them, >> I don't >> have the full messages on the server to pull - only the headers (using >> MailWatch). >> >> But, while other viruses are being properly blocked by MS, it's only >> these >> Worm.Sober.P viruses that ClamAV is detecting, MS is seeing that, but >> stating >> it's disinfected and queuing it up for delivery. >> >> > Aha! It's only the Worm.Sober.P viruses that are causing the problem. > That's useful news. > If you can get one, please do send it to me. I just tried it with 2 Worm.Sober.P messages from my own servers, and neither of them caused any problem whatsoever. Both caught just fine. Worked with Maximum Archive Depth = 0 and with = 2. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Wed May 4 22:16:11 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: > Julian Field wrote: > I just tried it with 2 Worm.Sober.P messages from my own servers, and > neither of them caused any problem whatsoever. Both caught just fine. > Worked with Maximum Archive Depth = 0 and with = 2. This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module (latest from CPAN). Max Archive Depth = 0. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed May 4 22:49:02 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: Hi! >> Aha! It's only the Worm.Sober.P viruses that are causing the problem. >> That's useful news. >> If you can get one, please do send it to me. > I just tried it with 2 Worm.Sober.P messages from my own servers, and > neither of them caused any problem whatsoever. Both caught just fine. > Worked with Maximum Archive Depth = 0 and with = 2. What we have seen is we also saw zips pass, but they were actually replaced crap by other virus scanners. Telling stuff like 'virus removed by blah blah blah'. Isnt this what the guy is seeing also? That new Sobig is cool, highest peak ever on one of our clusters 3.800.000 rejects ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Wed May 4 22:52:57 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:31 2006 Subject: releasing from quarantine Message-ID: Hi Jeremy, I also had issues with releasing mail, here is what I did and posted to the group: Regards Rabie ----snip---- Thanx too all, it works, herewith all the changes that where required for MailScanner 4.39. Also to make this more foolproof, one could add a 'AND From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the email address is of the sender of the quarantine proccess and should do this if you have users on the local box who send mail. Changes to MailScanner.conf: Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning = %rules-dir%/dangerous.content.scan.rules Filename Rules = %rules-dir%/filename.rules Filetype Rules = %rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules Files: virus.scan.rules: From: 127.0.0.1 no FromOrTo: default yes dangerous.content.scan.rules: From: 127.0.0.1 no FromOrTo: default yes spam.check.rules From: 127.0.0.1 no FromOrTo: default yes filename.rules From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf filetype.rules: From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf filename.rules.allowall.conf: allow .* - - filetype.rules.allowall.conf: allow .* - - Regards Rabie ----snip---- ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin, Jeremy Sent: 04 May 2005 18:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: releasing from quarantine Hi, I am using MailWatch with MailScanner but I believe this is more MailScanner related, so I'm asking here. In MailWatch when I try to release a message blocked because of the file types, it keeps getting re-quarantined. In my spam.whitelist.rules I am whitelisting the From: email address MailWatch is using when it releases the message. I am also whitelisting that address in virus.scanning.rules . and my MailScanner.conf definitely has it looking at those two rule sets. The status of the message in MailWatch is showing up as "W/L, Bad Content" .. One of the attachments is an .exe blocked by the filename.rules.conf and the two other files are .dll's but not listed in filename.rules.conf . The report I'm getting emailed seems to be the stored.content.message.txt and it's saying "At Wed May 4 09:13:21 2005 the virus scanner said: MailScanner: Executable DOS/Windows programs are dangerous in email (ExportBatchService.exe) MailScanner: Attempt to hide real filename extension (Dart.PowerTCP.Ftp.dll)" So how do I further whitelist the From email address these 'release from quarantine' emails are coming from, in addition to the current whitelist in my spam.whitelist.rules and virus.scanning.rules, so it doesn't get re-quarantined? Thanks!! Jeremy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 4 23:00:16 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Raymond Dijkxhoorn > Sent: Wednesday, May 04, 2005 5:49 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Hi! > > >> Aha! It's only the Worm.Sober.P viruses that are causing the problem. > >> That's useful news. > >> If you can get one, please do send it to me. > > > I just tried it with 2 Worm.Sober.P messages from my own servers, and > > neither of them caused any problem whatsoever. Both caught just fine. > > Worked with Maximum Archive Depth = 0 and with = 2. We are stopping thousands of these but we're sometimes seeing part of the zipped payload getting through. The infected file appears to contain three attachments: May 4 16:27:57 www1 MailScanner[6604]: Saved infected "error-mail_info.zip" to /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726 May 4 16:27:57 www1 MailScanner[6604]: Saved infected "Winzipped-Text_Data.txt .pif" to /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726 May 4 16:27:57 www1 MailScanner[6604]: Saved infected "Winzipped-Text_Data.txt .exe" to Sometimes only the one file: Winzipped-Text_Data.txt .exe" appears to be delivered. The PC version of BitDefender has caught three today that were delivered. BTW - The "real" filename appears to be: Winzipped-Text_Data.txt\ \ \ \ \ \ \ \ \ \ \ .exe" Any one else seeing this behavior? Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > > What we have seen is we also saw zips pass, but they were actually > replaced crap by other virus scanners. Telling stuff like 'virus removed > by blah blah blah'. Isnt this what the guy is seeing also? > > That new Sobig is cool, highest peak ever on one of our clusters 3.800.000 > rejects ;) > > Bye, > Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From huddlesj at otc.edu Wed May 4 23:02:57 2005 From: huddlesj at otc.edu (Jason Huddleston) Date: Thu Jan 12 21:29:31 2006 Subject: Silently dropping attachments Message-ID: I have been seeing several messages a day coming in that are infected with the Worm.Sober.P virus. These messages have an attachment that is a .pif file. I have Mail Scanner set up to drop files of this type. Is there a way to silently drop files of this or any extension??? Thanks, -- Jason Huddleston, CCSA Assistant Coordinator Internet Services and Security Ozarks Technical Community College huddlesj@otc.edu 417-447-7532 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Wed May 4 23:03:56 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:31 2006 Subject: Need Recommendations Message-ID: I agree, it's always best to have a caching nameserver close by, if not on the same server, then onsite close by, also have you checked if your boxes are under load? What's your disk I/O and CPU doing? You might need to tune it a little, play with the ammount of child processes etc etc. I have found more often than not, the disk is the bottle neck, esp if you are running on a desktop, or on a server with raid 5 and/or no battery backed up cache (you want writeback caching [I think, I always get them the wrong way round :) ]) You could also try and disable RBL maybe lookup is slow? Regards Rabie -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: 04 May 2005 19:17 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Need Recommendations I would HIGHLY recommend a local caching nameserver on your MX boxen. You might also consider using the clamavmodule instead of straight clamav. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Catanzaro Sent: Wednesday, May 04, 2005 12:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Need Recommendations 2 MX servers with the following Dual 933Mhz 1 Gig of memory FC1 (mailscanner and spamassassin need to be upgraded) mailscanner-4.31.6-1 spamassassin-2.63 1.7Mhz 512 Memory (desktop) FC2 mailscanner-4.40.11-1 spamassassin-3.0.2-1 I am experiencing a slow down in the delivery/processing of email on my MailScanner servers. I receive roughly 50,000 emails on a daily basis and if there is a delay in the processing of any emails it can get backed up very quickly. I'm not sure if it is a DNS timing issue?, would anyone recommend using local DNS in this case, or does anyone use it and have they seen improvements? Can anyone recommend anything in the MailScanner.conf file that may help? I have "Max children" set to 10 on the server with dual process and 5 on the server with one processor, and "queue scan interval" is set to 6 on both servers as well. I am using Clamav as my virus scanner. Please let me know if you need additional info, and thanks in advance for your assistance. Derek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed May 4 23:12:19 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: Hi! > We are stopping thousands of these but we're sometimes seeing part of the > zipped payload getting through. The infected file appears to contain three > attachments: > /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726 > May 4 16:27:57 www1 MailScanner[6604]: Saved infected > "Winzipped-Text_Data.txt .exe" to > > Sometimes only the one file: Winzipped-Text_Data.txt .exe" appears > to be delivered. The PC version of BitDefender has caught three today that > were delivered. > > BTW - The "real" filename appears to be: > Winzipped-Text_Data.txt\ \ \ \ \ \ \ \ \ \ \ .exe" > > Any one else seeing this behavior? What does Clam say about those, or virustotal.com, if you uplaod it there I mean, does Clam see them at all or isnt MS seeeing them? Like before when there were mime patches needed to detect some variants of another Sober. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu May 5 00:35:15 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Wednesday, May 04, 2005 3:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > > Chris Stone wrote: > > >On Wednesday 04 May 2005 02:04 am, Julian Field wrote: > > > > > >>On 4 May 2005, at 00:16, Chris Stone wrote: > >> > >> > >>>I am seeing problems under OSX: > >>> > >>>May 3 18:56:29 g5 > >>>MailScanner[1898]: /private/var/spool/MailScanner/incoming/ > >>>1898/./9F050BA0A85C/error-mail_info.zip: > >>>Worm.Sober.P FOUND > >>>May 3 18:56:29 g5 MailScanner[1898]: Virus Scanning: ClamAV found 1 > >>>infections > >>>May 3 18:56:30 g5 MailScanner[1898]: Virus Scanning completed at > >>>37432 bytes > >>>per second > >>>May 3 18:56:30 g5 MailScanner[1898]: Requeue: 9F050BA0A85C to > >>>C3AB7BA0A920 > >>>May 3 18:56:30 g5 MailScanner[1898]: Uninfected: Delivered 1 messages > >>>May 3 18:56:30 g5 MailScanner[1898]: Virus Processing completed at > >>>74864 > >>>bytes per second > >>>May 3 18:56:30 g5 MailScanner[1898]: Disinfection completed at > >>>74864 bytes > >>>per second > >>>Seems to only still deliver the Sober viruses - all the others are > >>>caught as > >>>above, but not delivered. This client is running MS 4.34.8 and > >>>ClamAV 0.83. > >>>Am going to have them update to the latest MS stable release and > >>>see if they > >>>still have this issue. > >>> > >>> > >>Can someone send me one of the troublesome messages please? > >>Easiest way is to put it on the web and mail me the URL. > >> > >> > > > >I'll see if I can get one and do that. Since MS is not blocking > them, I don't > >have the full messages on the server to pull - only the headers (using > >MailWatch). > > > >But, while other viruses are being properly blocked by MS, it's > only these > >Worm.Sober.P viruses that ClamAV is detecting, MS is seeing > that, but stating > >it's disinfected and queuing it up for delivery. > > > > > Aha! It's only the Worm.Sober.P viruses that are causing the problem. > That's useful news. > If you can get one, please do send it to me. > It seems to me it's got to be related to the format of the file name, It appears that MS removes the redundant spaces between the .txt and .exe|.pif when it creates the safe name. Is there a place in the code where the safe name and the actual name might get mixed up resulting in xxxx.txt.exe and xxxx.txt .exe being compared? These are also zip files... does $zip->extractMemberWithoutPaths($member, $safename) gracefully handle a filename with spaces in it? since member will be xxx.txt .exe|.pif? If that failed the a zero byte file would be created and the file passed by clam. I recall someone was catching these with filename rules rather than clam We have been catching Worm.Sober.P at the gateway with exim/exiscan/clamscan before it even gets to MailScanner, so I doubt the cause is clam it's self. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 00:51:31 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:31 2006 Subject: OT - Help sorting out relay rules, please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Campbell wrote: > I need help sorting out (in my mind) some rules for a pair or relays here. > > We host quite a few mail domains. The domains are on separate mail servers - > all sendmail. A few of the aliases on each machine points to a user in > another domain. For instance, user1@domain1.com -> user2@domain2.com. > Sendmail which hosts Domain1.com and Domain2.com are on different servers. > > To avoid going through our firewalls, I have sendmail send to the IP of the > other machine directly when ever need be, so if mail comes to the user1 > above, it is relayed directly to the IP of sendmail on domain2.com and > delivered to user2. Make sense? > > My problem is that when mail arrives on domain1 for user1, it is relayed > immediately to user2 on the domain2.com server without being scanned by MS > on the domain1 server. I whitelist mail that originates from domain1 to > domain2, (by IP, not domain name), but this relay problem squirrels up the > works, as now domain2 sees this relayed message as one that came from > domain1's IP, so it gets whitelisted. > > Can anyone think of a solution for the WL/BL rules on both servers that > would resolve this issue? Right now, I have set up an individual WL rule for > any alias that will _not_ whitelist from the IP of the other server, but > this circumvents the WL of real mail from users of domain1 to user2. I guess > this is an example of an exception to the rule - WL by IP, not domain. > > Sorry, but I'm old and tired and just can't think straight. Any words of > wisdom would be greatly appreciated. > > BTW - since this is OT: > > Mr Scott Silva, don't stop with your little pearls you sometimes slip in on > a messge. The one about the time machine and condoms allowed me a very nice > giggle and break from the grind. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > That is the only thing that keeps me sane on some of the "hair-pulling" days! -- ,---.____________________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get upset >----|===`------'I `---' I | |: | if you come home with / _ \ I I | |:' | another beer! / ( `-,-----============:__;: | / (_ O __) \_ : | ,,---.__________________/ (_______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 5 01:26:18 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: > -----Original Message----- > From: Stephen Swaney [mailto:steve.swaney@fsl.com] > Sent: Wednesday, May 04, 2005 6:00 PM > To: 'MailScanner mailing list' > Subject: RE: ClamAV and MailScanner Bug > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Raymond Dijkxhoorn > > Sent: Wednesday, May 04, 2005 5:49 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: ClamAV and MailScanner Bug > > > > Hi! > > > > >> Aha! It's only the Worm.Sober.P viruses that are causing the problem. > > >> That's useful news. > > >> If you can get one, please do send it to me. > > > > > I just tried it with 2 Worm.Sober.P messages from my own servers, and > > > neither of them caused any problem whatsoever. Both caught just fine. > > > Worked with Maximum Archive Depth = 0 and with = 2. > > We are stopping thousands of these but we're sometimes seeing part of the > zipped payload getting through. The infected file appears to contain three > attachments: > > May 4 16:27:57 www1 MailScanner[6604]: Saved infected "error- > mail_info.zip" to > /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726 > May 4 16:27:57 www1 MailScanner[6604]: Saved infected "Winzipped- > Text_Data.txt .pif" to > /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726 > May 4 16:27:57 www1 MailScanner[6604]: Saved infected "Winzipped- > Text_Data.txt .exe" to > > Sometimes only the one file: Winzipped-Text_Data.txt .exe" > appears to be delivered. The PC version of BitDefender has caught three > today that were delivered. > > BTW - The "real" filename appears to be: > Winzipped-Text_Data.txt\ \ \ \ \ \ \ \ \ \ \ .exe" > > Any one else seeing this behavior? > Never Mind :) This is really so silly that I'm embarrassed. A client sent us the file: "Winzipped-Text_Data.txt .exe" For analysis and I saved it to a network drive that is scanned by the PC version of BitDefender. And every time that BitDefender on the PC found the file it complained - in a popup window - that it had just found an infected file. So I though we had just gotten a email message that was infected :( I see no problem with this virus slipping through MailScanner. Live and learn - that's what makes job so exciting. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > > > > What we have seen is we also saw zips pass, but they were actually > > replaced crap by other virus scanners. Telling stuff like 'virus removed > > by blah blah blah'. Isnt this what the guy is seeing also? > > > > That new Sobig is cool, highest peak ever on one of our clusters > 3.800.000 > > rejects ;) > > > > Bye, > > Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Thu May 5 04:18:06 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:31 2006 Subject: Any experience with Webmin/Virtualmin/Usermin with MailScanner? Message-ID: Hello All, I'm setting up a new mail server for many virtual domains with sendmail on RedHat Linux ES 3.0. I would like to know about any gotchas with the combination of sendmail with the RH OS and the combination of Webmin, Virtualmin and Usermin. Thanks, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 08:54:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: On 4 May 2005, at 22:16, Chris Stone wrote: > On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: > >> Julian Field wrote: >> I just tried it with 2 Worm.Sober.P messages from my own servers, and >> neither of them caused any problem whatsoever. Both caught just fine. >> Worked with Maximum Archive Depth = 0 and with = 2. >> > > This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module > (latest from > CPAN). Max Archive Depth = 0. Chris, can you try with the latest MailScanner please. I still cannot find anything unusual whatsoever. You are running with Max Archive Depth = 0 Virus Scanners = clamavmodule ClamAV 0.83 (That's for my reference as people are not being clear as to whether they are using "clamav" or "clamavmodule". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 09:02:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: mailscanner not processing exim queue Message-ID: Arif in MailScanner.conf set both Debug values to 'YES' stop mailScanner and rune check_mailscanner and post the output to here if it doesn't make any sense. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > Not sure what is wrong - my first attempt running mailscanner... I have > exim now queing up mail in /var/spool/exim.in/input - which is what i > have mailscanner set to look at for incoming mail... my /var/log/maillog > shows only one thing ever: > > May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus > Scanner version 4.31.2 starting... > There are no errors or anything, but all my mail just sits in > /var/spool/exim.in/input, and mailscanner doesn't scan/move them into > the outgoing directory. I have browsed the archives and didn't see > anyone having the same problem which makes me think its probably > something simple, but I have been going back over the configs over and > over and don't see what I'm missing.. any help is much appreciated. Thanks! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 09:03:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: Need Recommendations Message-ID: Derek any difference in the rules you are running on the FC1 system to the FC2 system? Any extras in /etc/mail/spamassassin and any RBL's etc. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Derek Catanzaro wrote: > 2 MX servers with the following > > Dual 933Mhz 1 Gig of memory > FC1 (mailscanner and spamassassin need to be upgraded) > mailscanner-4.31.6-1 > spamassassin-2.63 > > 1.7Mhz 512 Memory (desktop) > FC2 > mailscanner-4.40.11-1 > spamassassin-3.0.2-1 > > I am experiencing a slow down in the delivery/processing of email on my > MailScanner servers. I receive roughly 50,000 emails on a daily basis > and if there is a delay in the processing of any emails it can get > backed up very quickly. I'm not sure if it is a DNS timing issue?, > would anyone recommend using local DNS in this case, or does anyone use > it and have they seen improvements? Can anyone recommend anything in > the MailScanner.conf file that may help? > > I have "Max children" set to 10 on the server with dual process and 5 on > the server with one processor, and "queue scan interval" is set to 6 on > both servers as well. I am using Clamav as my virus scanner. Please > let me know if you need additional info, and thanks in advance for your > assistance. > > Derek > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Thu May 5 09:27:47 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: New Beta: Re: ClamAV and MailScanner Bug Message-ID: Is there a possibility that ClamAV is failing to find the virus in the .zip file, but is finding it in the files inside the .zip file? If so, I have a fix for that which I would like you to try. I cannot reproduce the problem on my systems at all, so I'm having to take an educated guess. I have just posted a new beta release on www.mailscanner.info which I would like you to try. On 5 May 2005, at 08:54, Julian Field wrote: > On 4 May 2005, at 22:16, Chris Stone wrote: > > >> On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >> >> >>> Julian Field wrote: >>> I just tried it with 2 Worm.Sober.P messages from my own servers, >>> and >>> neither of them caused any problem whatsoever. Both caught just >>> fine. >>> Worked with Maximum Archive Depth = 0 and with = 2. >>> >>> >> >> This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module >> (latest from >> CPAN). Max Archive Depth = 0. >> > > Chris, can you try with the latest MailScanner please. I still cannot > find anything unusual whatsoever. You are running with > > Max Archive Depth = 0 > Virus Scanners = clamavmodule > ClamAV 0.83 > > (That's for my reference as people are not being clear as to whether > they are using "clamav" or "clamavmodule". > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 09:32:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: Silently dropping attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please look in filename.rules.conf and filetype.rules.conf in your /etc/MailScanner directory. On 4 May 2005, at 23:02, Jason Huddleston wrote: I have been seeing several messages a day coming in that are infected with the Worm.Sober.P virus. These messages have an attachment that is a .pif file. I have Mail Scanner set up to drop files of this type. Is there a way to silently drop files of this or any extension???   Thanks,   -- Jason Huddleston, CCSA Assistant Coordinator Internet Services and Security Ozarks Technical Community College huddlesj@otc.edu 417-447-7532 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu May 5 12:01:06 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: Sanity test Ignore unless you are bored Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 5 12:15:09 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: When I posted this issue others jumped on the thread about zip files and have taken this into another direction involving sober.p. The issue that I was reporting was with "Virus Scanners = clamav" and it didn't matter what the virus was. My tests was using eicar.doc which was eicar.com just renamed to avoid filename checks. I included log excerpts in my original message when using "Virus Scanners = clamav" and when "Virus Scanners = clamavmodule". If I use "Virus Scanners = clamavmodule", then everything works both detection and action. If I use "Virus Scanners = clamav" then the only thing that works is detection. It's not clamav since the virus is being detected and MailScannner is logging the detection. But it's what MailScanner is doing after detection when using clamav versus clamavmodule. If using clamavmodule, it's dropping, quarantining, warning, or whatever the actions may be. If using clamav, it's not doing anything. It says a the message is infected and then states 1 uninfected message was delivered. Bobby Rose Senior Systems Administrator MSIS Network Operations Wayne State University School of Medicine -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 05, 2005 3:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug On 4 May 2005, at 22:16, Chris Stone wrote: > On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: > >> Julian Field wrote: >> I just tried it with 2 Worm.Sober.P messages from my own servers, and >> neither of them caused any problem whatsoever. Both caught just fine. >> Worked with Maximum Archive Depth = 0 and with = 2. >> > > This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module (latest > from CPAN). Max Archive Depth = 0. Chris, can you try with the latest MailScanner please. I still cannot find anything unusual whatsoever. You are running with Max Archive Depth = 0 Virus Scanners = clamavmodule ClamAV 0.83 (That's for my reference as people are not being clear as to whether they are using "clamav" or "clamavmodule". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 5 12:38:52 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions said: > Sanity test In the immortal words of Black Adder, Wibble! > Ignore unless you are bored It's been strangely quite here on and off for a while. Even the latest Sober variant hardly turned a hair. Clearly Julian is doing far too good a job :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu May 5 12:52:18 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: > > In the immortal words of Black Adder, Wibble! Ah yes .. Nothing like it :) Series 1 was terrible though ... > >> Ignore unless you are bored > > It's been strangely quite here on and off for a while. Even > the latest Sober variant hardly turned a hair. Clearly Julian > is doing far too good a job :-) You must have been bored ! Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 13:44:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: Can you try the commands I posted a while ago: > mkdir /tmp/clamav.temptemp > chmod go-a /tmp/clamav.temptemp > /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb > ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . with a copy of EICAR in the directory along with a few uninfected files. Something is going seriously wrong with your copy of clamscan. Please tell me what the line in your /etc/MailScanner/ virus.scanners.conf says about clamav. Also please check that your Incoming Work Directory path has no links in it. This is by far the most common error and would explain your symptoms. On 5 May 2005, at 12:15, Rose, Bobby wrote: > When I posted this issue others jumped on the thread about zip > files and > have taken this into another direction involving sober.p. The issue > that I was reporting was with "Virus Scanners = clamav" and it didn't > matter what the virus was. My tests was using eicar.doc which was > eicar.com just renamed to avoid filename checks. I included log > excerpts in my original message when using "Virus Scanners = > clamav" and > when "Virus Scanners = clamavmodule". If I use "Virus Scanners = > clamavmodule", then everything works both detection and action. If I > use "Virus Scanners = clamav" then the only thing that works is > detection. It's not clamav since the virus is being detected and > MailScannner is logging the detection. But it's what MailScanner is > doing after detection when using clamav versus clamavmodule. If using > clamavmodule, it's dropping, quarantining, warning, or whatever the > actions may be. If using clamav, it's not doing anything. It says a > the message is infected and then states 1 uninfected message was > delivered. > > Bobby Rose > Senior Systems Administrator > MSIS Network Operations > Wayne State University School of Medicine > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 3:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > On 4 May 2005, at 22:16, Chris Stone wrote: > > >> On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >> >> >>> Julian Field wrote: >>> I just tried it with 2 Worm.Sober.P messages from my own servers, >>> and >>> > > >>> neither of them caused any problem whatsoever. Both caught just >>> fine. >>> Worked with Maximum Archive Depth = 0 and with = 2. >>> >>> >> >> This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module (latest >> from CPAN). Max Archive Depth = 0. >> > > Chris, can you try with the latest MailScanner please. I still cannot > find anything unusual whatsoever. You are running with > > Max Archive Depth = 0 > Virus Scanners = clamavmodule > ClamAV 0.83 > > (That's for my reference as people are not being clear as to whether > they are using "clamav" or "clamavmodule". > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 13:46:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: On 5 May 2005, at 12:52, Michele Neylon :: Blacknight Solutions wrote: >> >> In the immortal words of Black Adder, Wibble! >> > > Ah yes .. Nothing like it :) > Series 1 was terrible though ... But the very end of the series set in WW1 was an inspired bit of TV. It won the Golden Rose in the international tv festival held somewhere like Cannes every year. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 13:47:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rose, Bobby wrote: > When I posted this issue others jumped on the thread about zip files and > have taken this into another direction involving sober.p. The issue > that I was reporting was with "Virus Scanners = clamav" and it didn't > matter what the virus was. My tests was using eicar.doc which was > eicar.com just renamed to avoid filename checks. I included log > excerpts in my original message when using "Virus Scanners = clamav" and > when "Virus Scanners = clamavmodule". If I use "Virus Scanners = > clamavmodule", then everything works both detection and action. If I > use "Virus Scanners = clamav" then the only thing that works is > detection. It's not clamav since the virus is being detected and > MailScannner is logging the detection. But it's what MailScanner is > doing after detection when using clamav versus clamavmodule. If using > clamavmodule, it's dropping, quarantining, warning, or whatever the > actions may be. If using clamav, it's not doing anything. It says a > the message is infected and then states 1 uninfected message was > delivered. > > Bobby Rose > Senior Systems Administrator > MSIS Network Operations > Wayne State University School of Medicine > Bobby not specific to MS, also been seen with exim calling clamav without MS anywhere....if you can trap the thing please submit it to http://cgi.clamav.net/sendvirus.cgi -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 5 13:57:51 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: I did this earlier and replied with the results. If it's clamscan then why would MailScanner log that the virus has been detected? Running /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb --tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . results in /export/home/root/a/./eicar.com: Eicar-Test-Signature FOUND /export/home/root/a/./my_rules_du_jour: OK /export/home/root/a/./note.txt: OK -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 05, 2005 8:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Can you try the commands I posted a while ago: > mkdir /tmp/clamav.temptemp > chmod go-a /tmp/clamav.temptemp > /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb > ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . with a copy of EICAR in the directory along with a few uninfected files. Something is going seriously wrong with your copy of clamscan. Please tell me what the line in your /etc/MailScanner/ virus.scanners.conf says about clamav. Also please check that your Incoming Work Directory path has no links in it. This is by far the most common error and would explain your symptoms. On 5 May 2005, at 12:15, Rose, Bobby wrote: > When I posted this issue others jumped on the thread about zip files > and have taken this into another direction involving sober.p. The > issue that I was reporting was with "Virus Scanners = clamav" and it > didn't matter what the virus was. My tests was using eicar.doc which > was eicar.com just renamed to avoid filename checks. I included log > excerpts in my original message when using "Virus Scanners = clamav" > and > when "Virus Scanners = clamavmodule". If I use "Virus Scanners = > clamavmodule", then everything works both detection and action. If I > use "Virus Scanners = clamav" then the only thing that works is > detection. It's not clamav since the virus is being detected and > MailScannner is logging the detection. But it's what MailScanner is > doing after detection when using clamav versus clamavmodule. If using > clamavmodule, it's dropping, quarantining, warning, or whatever the > actions may be. If using clamav, it's not doing anything. It says a > the message is infected and then states 1 uninfected message was > delivered. > > Bobby Rose > Senior Systems Administrator > MSIS Network Operations > Wayne State University School of Medicine > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 3:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > On 4 May 2005, at 22:16, Chris Stone wrote: > > >> On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >> >> >>> Julian Field wrote: >>> I just tried it with 2 Worm.Sober.P messages from my own servers, >>> and >>> > > >>> neither of them caused any problem whatsoever. Both caught just >>> fine. >>> Worked with Maximum Archive Depth = 0 and with = 2. >>> >>> >> >> This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module (latest >> from CPAN). Max Archive Depth = 0. >> > > Chris, can you try with the latest MailScanner please. I still cannot > find anything unusual whatsoever. You are running with > > Max Archive Depth = 0 > Virus Scanners = clamavmodule > ClamAV 0.83 > > (That's for my reference as people are not being clear as to whether > they are using "clamav" or "clamavmodule". > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 5 14:08:48 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: The issue is not with "detection" nor is it with Sober.P or any particular virus. As I keep saying my testing is using EICAR. The virus is being detected my clamav and logged by MailScanner but when the virus scanners=clamav, MailScanner is just logging that a virus was detected and then turns around and delivers it as an uninfected messages. If all I change in MailScanner.conf is the the scanner to clamavmodule, the MailScanner works properly. People are associating my report with their own issues with Sober.P and is diluting my report. Check the archives of my first message on this thread, it has the log excerpts. Also, I'm not down because of this because all I'm doing now is using clamavmodule instead of clamav as the virusscanner, but I'm just reporting the problem and my findings. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, May 05, 2005 8:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Rose, Bobby wrote: > When I posted this issue others jumped on the thread about zip files > and have taken this into another direction involving sober.p. The > issue that I was reporting was with "Virus Scanners = clamav" and it > didn't matter what the virus was. My tests was using eicar.doc which > was eicar.com just renamed to avoid filename checks. I included log > excerpts in my original message when using "Virus Scanners = clamav" and > when "Virus Scanners = clamavmodule". If I use "Virus Scanners = > clamavmodule", then everything works both detection and action. If I > use "Virus Scanners = clamav" then the only thing that works is > detection. It's not clamav since the virus is being detected and > MailScannner is logging the detection. But it's what MailScanner is > doing after detection when using clamav versus clamavmodule. If using > clamavmodule, it's dropping, quarantining, warning, or whatever the > actions may be. If using clamav, it's not doing anything. It says a > the message is infected and then states 1 uninfected message was > delivered. > > Bobby Rose > Senior Systems Administrator > MSIS Network Operations > Wayne State University School of Medicine > Bobby not specific to MS, also been seen with exim calling clamav without MS anywhere....if you can trap the thing please submit it to http://cgi.clamav.net/sendvirus.cgi -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 5 14:22:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:31 2006 Subject: OT: test Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said: > On 5 May 2005, at 12:52, Michele Neylon :: Blacknight Solutions wrote: > >>> >>> In the immortal words of Black Adder, Wibble! >>> >> >> Ah yes .. Nothing like it :) >> Series 1 was terrible though ... > > But the very end of the series set in WW1 was an inspired bit of TV. > It won the Golden Rose in the international tv festival held > somewhere like Cannes every year. It's interesting watching the maturity through the series: The first wasn't that good, the second quite 'coarse' in it's humour (Remember that thingy shaped turnip) through Ben Elton's influence, the third was quite different due to the change of fortune of Edmund and the fourth very poinient and maintained a serious streak through the excellent humour. Loads of details can be found here http://www.blackadderhall.com As for being bored, can you guess how my day is going? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu May 5 14:29:15 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:31 2006 Subject: OT Blackadder was RE: test Message-ID: > > But the very end of the series set in WW1 was an inspired bit of TV. > It won the Golden Rose in the international tv festival held > somewhere like Cannes every year. It got better over time. I was watching it on DVD the other week and was surprised at how few episodes were actually made Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 14:34:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: It will say it has found something when it saw some likely looking output from clamscan. It is only later, when it tries to tie up all the reported filenames with the actual files in the email message, can it prove accurately whether the message was infected, and which bits were infected. On 5 May 2005, at 13:57, Rose, Bobby wrote: > I did this earlier and replied with the results. If it's clamscan > then > why would MailScanner log that the virus has been detected? > > Running > /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb > --tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . > results in > > /export/home/root/a/./eicar.com: Eicar-Test-Signature FOUND > /export/home/root/a/./my_rules_du_jour: OK > /export/home/root/a/./note.txt: OK > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 8:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Can you try the commands I posted a while ago: > > >> mkdir /tmp/clamav.temptemp >> chmod go-a /tmp/clamav.temptemp >> /usr/local/bin/clamscan --unzip --jar --tar --tgz --deb >> ----tempdir=/tmp/clamav.temptemp -r --disable-summary --stdout . >> > > with a copy of EICAR in the directory along with a few uninfected > files. > Something is going seriously wrong with your copy of clamscan. > > Please tell me what the line in your /etc/MailScanner/ > virus.scanners.conf says about clamav. Also please check that your > Incoming Work Directory path has no links in it. This is by far the > most > common error and would explain your symptoms. > > On 5 May 2005, at 12:15, Rose, Bobby wrote: > > >> When I posted this issue others jumped on the thread about zip files >> and have taken this into another direction involving sober.p. The >> issue that I was reporting was with "Virus Scanners = clamav" and it >> didn't matter what the virus was. My tests was using eicar.doc which >> was eicar.com just renamed to avoid filename checks. I included log >> excerpts in my original message when using "Virus Scanners = clamav" >> and >> when "Virus Scanners = clamavmodule". If I use "Virus Scanners = >> clamavmodule", then everything works both detection and action. If I >> use "Virus Scanners = clamav" then the only thing that works is >> detection. It's not clamav since the virus is being detected and >> MailScannner is logging the detection. But it's what MailScanner is >> doing after detection when using clamav versus clamavmodule. If >> using >> > > >> clamavmodule, it's dropping, quarantining, warning, or whatever the >> actions may be. If using clamav, it's not doing anything. It says a >> the message is infected and then states 1 uninfected message was >> delivered. >> >> Bobby Rose >> Senior Systems Administrator >> MSIS Network Operations >> Wayne State University School of Medicine >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: Thursday, May 05, 2005 3:55 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ClamAV and MailScanner Bug >> >> On 4 May 2005, at 22:16, Chris Stone wrote: >> >> >> >>> On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >>> >>> >>> >>>> Julian Field wrote: >>>> I just tried it with 2 Worm.Sober.P messages from my own servers, >>>> and >>>> >>>> >> >> >> >>>> neither of them caused any problem whatsoever. Both caught just >>>> fine. >>>> Worked with Maximum Archive Depth = 0 and with = 2. >>>> >>>> >>>> >>> >>> This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module >>> (latest >>> > > >>> from CPAN). Max Archive Depth = 0. >>> >>> >> >> Chris, can you try with the latest MailScanner please. I still cannot >> find anything unusual whatsoever. You are running with >> >> Max Archive Depth = 0 >> Virus Scanners = clamavmodule >> ClamAV 0.83 >> >> (That's for my reference as people are not being clear as to whether >> they are using "clamav" or "clamavmodule". >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store PGP footprint: >> EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP footprint: > EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 14:35:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: What is your Incoming Work Directory set to? Is it set to /export/home/root/a If not, then it should be. On 5 May 2005, at 14:08, Rose, Bobby wrote: > The issue is not with "detection" nor is it with Sober.P or any > particular virus. As I keep saying my testing is using EICAR. The > virus is being detected my clamav and logged by MailScanner but > when the > virus scanners=clamav, MailScanner is just logging that a virus was > detected and then turns around and delivers it as an uninfected > messages. If all I change in MailScanner.conf is the the scanner to > clamavmodule, the MailScanner works properly. > > People are associating my report with their own issues with Sober.P > and > is diluting my report. Check the archives of my first message on > this > thread, it has the log excerpts. Also, I'm not down because of this > because all I'm doing now is using clamavmodule instead of clamav > as the > virusscanner, but I'm just reporting the problem and my findings. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 05, 2005 8:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Rose, Bobby wrote: > >> When I posted this issue others jumped on the thread about zip files >> and have taken this into another direction involving sober.p. The >> issue that I was reporting was with "Virus Scanners = clamav" and it >> didn't matter what the virus was. My tests was using eicar.doc which >> was eicar.com just renamed to avoid filename checks. I included log >> excerpts in my original message when using "Virus Scanners = clamav" >> > and > >> when "Virus Scanners = clamavmodule". If I use "Virus Scanners = >> clamavmodule", then everything works both detection and action. If I >> use "Virus Scanners = clamav" then the only thing that works is >> detection. It's not clamav since the virus is being detected and >> MailScannner is logging the detection. But it's what MailScanner is >> doing after detection when using clamav versus clamavmodule. If >> using >> > > >> clamavmodule, it's dropping, quarantining, warning, or whatever the >> actions may be. If using clamav, it's not doing anything. It says a >> the message is infected and then states 1 uninfected message was >> delivered. >> >> Bobby Rose >> Senior Systems Administrator >> MSIS Network Operations >> Wayne State University School of Medicine >> >> > > Bobby > > not specific to MS, also been seen with exim calling clamav without MS > anywhere....if you can trap the thing please submit it to > http://cgi.clamav.net/sendvirus.cgi > > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic Ltd > tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom > they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 5 14:58:12 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: Confused by that My Incoming Work Dir = /var/spool/MailScanner/incoming Why would that have an effect if all I do is change the virus scanner from clamav to clamavmodule to get it to work? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 05, 2005 9:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug What is your Incoming Work Directory set to? Is it set to /export/home/root/a If not, then it should be. On 5 May 2005, at 14:08, Rose, Bobby wrote: > The issue is not with "detection" nor is it with Sober.P or any > particular virus. As I keep saying my testing is using EICAR. The > virus is being detected my clamav and logged by MailScanner but when > the virus scanners=clamav, MailScanner is just logging that a virus > was detected and then turns around and delivers it as an uninfected > messages. If all I change in MailScanner.conf is the the scanner to > clamavmodule, the MailScanner works properly. > > People are associating my report with their own issues with Sober.P > and > is diluting my report. Check the archives of my first message on > this > thread, it has the log excerpts. Also, I'm not down because of this > because all I'm doing now is using clamavmodule instead of clamav as > the virusscanner, but I'm just reporting the problem and my findings. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 05, 2005 8:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > Rose, Bobby wrote: > >> When I posted this issue others jumped on the thread about zip files >> and have taken this into another direction involving sober.p. The >> issue that I was reporting was with "Virus Scanners = clamav" and it >> didn't matter what the virus was. My tests was using eicar.doc which >> was eicar.com just renamed to avoid filename checks. I included log >> excerpts in my original message when using "Virus Scanners = clamav" >> > and > >> when "Virus Scanners = clamavmodule". If I use "Virus Scanners = >> clamavmodule", then everything works both detection and action. If I >> use "Virus Scanners = clamav" then the only thing that works is >> detection. It's not clamav since the virus is being detected and >> MailScannner is logging the detection. But it's what MailScanner is >> doing after detection when using clamav versus clamavmodule. If >> using >> > > >> clamavmodule, it's dropping, quarantining, warning, or whatever the >> actions may be. If using clamav, it's not doing anything. It says a >> the message is infected and then states 1 uninfected message was >> delivered. >> >> Bobby Rose >> Senior Systems Administrator >> MSIS Network Operations >> Wayne State University School of Medicine >> >> > > Bobby > > not specific to MS, also been seen with exim calling clamav without MS > anywhere....if you can trap the thing please submit it to > http://cgi.clamav.net/sendvirus.cgi > > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic Ltd > tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Thu May 5 15:20:46 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:29:31 2006 Subject: OT: DNS Configuration of Outbound Email Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've got a user who's complaining that they can't send email to a particular domain. They're rejecting our connections because our host as announced in the ehlo doesn't have an A or MX record. Does this seem like a reasonable thing to require? Anyone know if it is required by an RFC? Seems like overkill to me since an outbound mail host isn't necessarily used for inbound email as well. I'll change my ways if it's required by an RFC though. Thanks, Derek -------------------------------------- This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Thu May 5 15:16:17 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:29:31 2006 Subject: Everything auto learn=not spam Message-ID: I fixed it. I am still not sure what actually was wrong, but I moved the spamassassing rules directory (/usr/share/spamassassin), and then I reinstalled SA, and now everything is working again. If nothing else, the higher-ups now realize the awesome job this thing was doing, and to stop taking me for granted!! ;-) Quintin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Crossan Sent: May 4, 2005 1:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Everything auto learn=not spam I sounds to me like it might be a rights issue. Do all the different processes (ClamAV, postfix, SpamAssassin, ...etc) have rights to the directories? John Crossan Systems Administrator Valley Presbyterian Hospital -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Matt Kettler Sent: Wednesday, May 04, 2005 11:35 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Everything autolearn=not spam Quintin Giesbrecht wrote: >By the way, I should point out that all mail is being tagged as "0" for >spam score. There are no + points, or - points being assigned. > > That sounds like some kind of massive problem parsing the rule files. Try running spamassassin --lint, see if that complains. If it doesn't try running spamassassin --lint -D, and see if the debug output gives any clues. In particular, make sure there's all the standard cf files are in the "default rules dir". ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 15:33:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: OT: DNS Configuration of Outbound Email Message-ID: Derek could be someone doing some spam type checking - spf record etc - but being a bit strict about who it will talk to. the only rfc I know of is the outbound checking for the MX - it must be a name not an ip-address.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Derek Winkler wrote: > I've got a user who's complaining that they can't send email to a particular > domain. > > They're rejecting our connections because our host as announced in the ehlo > doesn't have an A or MX record. > > Does this seem like a reasonable thing to require? > > Anyone know if it is required by an RFC? > > Seems like overkill to me since an outbound mail host isn't necessarily used > for inbound email as well. > > I'll change my ways if it's required by an RFC though. > > Thanks, > > Derek > > -------------------------------------- > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please destroy, > and notify sender. Sender does not waive confidentiality or privilege. > Internet communications cannot be guaranteed to be timely, secure, error or > virus-free. Algorithmics does not accept liability for any errors or > omissions. Any commitment intended to bind Algorithmics must be reduced to > writing and signed by an authorized signatory. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Thu May 5 14:51:46 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:29:31 2006 Subject: OT: DNS Configuration of Outbound Email Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have seen a few ISP's like that. Most will reject it if your don't have a PTR to your IP address that resolves to your hostname. Chris > I've got a user who's complaining that they can't send email to a > particular > domain. > > They're rejecting our connections because our host as announced in the > ehlo > doesn't have an A or MX record. > > Does this seem like a reasonable thing to require? > > Anyone know if it is required by an RFC? > > Seems like overkill to me since an outbound mail host isn't necessarily > used > for inbound email as well. > > I'll change my ways if it's required by an RFC though. > > Thanks, > > Derek > > -------------------------------------- > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please > destroy, > and notify sender. Sender does not waive confidentiality or privilege. > Internet communications cannot be guaranteed to be timely, secure, error > or > virus-free. Algorithmics does not accept liability for any errors or > omissions. Any commitment intended to bind Algorithmics must be reduced > to > writing and signed by an authorized signatory. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > Thanks Chris Sweeney 513-290-8550 - Verizon csweeney05@vtext.com - Text MSG csweeney@osubucks.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 16:02:22 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: > Sanity test > > Ignore unless you are bored > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 > Tired of your current host? Save 15% when you move to us! > Somebody just threw in the gauntlet! I failed my sanity test twice!! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu May 5 16:22:55 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:31 2006 Subject: test Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >Sanity test > > Everybody knows there's no Sanity Clause. >Ignore unless you are bored > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >Hosting, co-location & domains >http://www.blacknight.ie/ >Tel. +353 59 9137101 | Fax. +353 59 9146970 >Tired of your current host? Save 15% when you move to us! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 16:28:06 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: releasing from quarantine Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeremy there's stuff in the Mailwatch archives about this, but you need to mak all the possible traps in mailScanner (Iframe checking etc etc) a ruleset. Then in the ruleset make sure that emails from 127.0.0.1 are excempt from the checks. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin, Jeremy wrote: > Hi, > > > > I am using MailWatch with MailScanner but I believe this is more > MailScanner related, so I^Ñm asking here. > > > > In MailWatch when I try to release a message blocked because of the file > types, it keeps getting re-quarantined. > > > > In my spam.whitelist.rules I am whitelisting the From: email address > MailWatch is using when it releases the message. I am also whitelisting > that address in virus.scanning.rules ^Å and my MailScanner.conf > definitely has it looking at those two rule sets. > > > > The status of the message in MailWatch is showing up as ^ÓW/L, Bad > Content^Ô .. One of the attachments is an .exe blocked by the > filename.rules.conf and the two other files are .dll^Òs but not listed in > filename.rules.conf ^Å The report I^Òm getting emailed seems to be the > stored.content.message.txt and it^Òs saying > > > > ^ÓAt Wed May 4 09:13:21 2005 the virus scanner said: > > MailScanner: Executable DOS/Windows programs are dangerous in email > (ExportBatchService.exe) > > MailScanner: Attempt to hide real filename extension > (Dart.PowerTCP.Ftp.dll)^Ô > > > > So how do I further whitelist the From email address these ^Ñrelease from > quarantine^Ò emails are coming from, in addition to the current whitelist > in my spam.whitelist.rules and virus.scanning.rules, so it doesn^Òt get > re-quarantined? > > > > Thanks!! > Jeremy > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 16:15:05 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:31 2006 Subject: OT: DNS Configuration of Outbound Email Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Winkler wrote: > I've got a user who's complaining that they can't send email to a particular > domain. > > They're rejecting our connections because our host as announced in the ehlo > doesn't have an A or MX record. > > Does this seem like a reasonable thing to require? > > Anyone know if it is required by an RFC? > > Seems like overkill to me since an outbound mail host isn't necessarily used > for inbound email as well. > > I'll change my ways if it's required by an RFC though. > > Thanks, > > Derek Although it is not required, an A record isn't too much to ask for a mail server. I was bit by many hosts rejecting if there was no reverse IP. I have since worked my mail server to pass everything at www.dnsreport.com, mostly because of AOL. If LOL is laughing out loud, what would AOL be? I bet many can think of something that they might not dare type! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Thu May 5 16:24:31 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:29:31 2006 Subject: ClamAV and MailScanner Bug Message-ID: Julian Field wrote: > Please tell me what the line in your /etc/MailScanner/ > virus.scanners.conf says about clamav. Also please check that your > Incoming Work Directory path has no links in it. This is by far the > most common error and would explain your symptoms. Julian, I think I've suggested this before, but don't remember hearing back from you about it. Would it be possible for MailScanner (possibly only once at startup) to determine the real path of the Incoming Work Directory and use that, so that symbolic links would be allowed? Granted, people are not reading the comments in the config file, and are misconfiguring their servers. But to detect and still deliver a virus is not a good thing. And I think with some simple code, MailScanner could reduce the risk of such a misconfigured server. What do you think? Jase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu May 5 16:30:37 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:31 2006 Subject: OT: GD library ,quarantine, and mailq.php Message-ID: I have sent this on the mailwatch list, however I can't seem to get any responses. Any help on this is appreciated. I am pretty confused and frustrated, so please bear with this post if it doesn't make sense. I just tried to include a good amount of information. For the life of me, I cannot get these 3 things to work. ----------- Quarantine ----------- I am still getting the error of: Cannot open directory: /var/spool/MailScanner/quarantine When trying to click on the quarantine link in mailwatch. I have the correct setup I believe. I should have put that in my previous email, I am sorry. Here is what I had done so far, but the problem is still there: [root@WoodenMS MailScanner]# pwd /var/spool/MailScanner [root@WoodenMS MailScanner]# ls -all total 32 drwxr-xr-x 4 root root 4096 Apr 13 14:31 . drwxr-xr-x 19 root root 4096 Apr 13 14:31 .. drwx------ 7 root root 4096 May 4 10:23 incoming drwxrwx--- 5 root apache 4096 May 4 04:02 quarantine cd quarantine [root@WoodenMS quarantine]# ls -all total 40 drwxrwx--- 5 root apache 4096 May 4 04:02 . drwxr-xr-x 4 root root 4096 Apr 13 14:31 .. drwxrwx--- 3 root apache 4096 May 2 17:56 20050502 drwxrwx--- 4 root apache 4096 May 3 13:42 20050503 drwxrwx--- 4 root apache 4096 May 4 11:19 20050504 I have tried setting the chmod to 777 also and that didn't work. --- MailScanner.conf --- I have Quarantine User = root # was blank Quarantine Group = apache # was blank Quarantine Permissions = 0660 # was 600 --- fix_quarantine_permissions --- I have done this: ./fix_quarantine_permissions And Perl fix_quarantine_permissions ---------- Mailq.php ---------- I am also having a problem running this: [root@WoodenMS mailscanner]# mailq.php PHP Notice: Use of undefined constant VIRUS_REGEX - assumed 'VIRUS_REGEX' in /v ar/www/html/mailscanner/functions.php on line 54 PHP Notice: Use of undefined constant VIRUS_REGEX - assumed 'VIRUS_REGEX' in /v ar/www/html/mailscanner/functions.php on line 63 PHP Notice: Undefined variable: output in /usr/local/bin/mailq.php on line 98 PHP Notice: Undefined variable: output in /usr/local/bin/mailq.php on line 98 I have read that you may have to edit functions.php or some other file to tell it what virus scanner you have and stuff, but I could not see it. ----------------------- GD library ----------------------- I am still getting this when I try to view a report in mailwatch: JpGraph Error: Your PHP installation does not seem to have the required GD library. Please see the PHP documentation on how to install and enable the GD library. Fixed: If I run ./gddemo I get the error: No PNG support By: I downloaded libpng-1.2.8-config and ./configure, make, make install 'd it. To see that there seems to be gd support already. Here is the ./configure from phpinfo: './configure' '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd=shared' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses=shared' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mbstring=shared' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-mime-magic=/usr/share/file/magic.mime' '--with-apxs2=/usr/sbin/apxs' I have tried installing gd-2.0.33 and it seemingly installs. I have tried so many things that I do not know what to write. The last thing that I tried to do was recompile PHP using: ./configure --with-gd=/usr/local/include But I got the error checking for GD support... yes checking for the location of libjpeg... no checking for the location of libpng... no checking for the location of libXpm... no checking for FreeType 1.x support... no checking for FreeType 2... no checking for T1lib support... no checking whether to enable truetype string function in GD... no checking whether to enable JIS-mapped Japanese font support in GD... no If configure fails try --with-jpeg-dir= If configure fails try --with-png-dir= and --with-zlib-dir= If configure fails try --with-xpm-dir= If configure fails try --with-freetype-dir= configure: error: Unable to find libgd.(a|so) anywhere under /usr/local/include Anything will be helpful. Thank you Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r _______________________________________________ Mailwatch-users mailing list Mailwatch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mailwatch-users ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Thu May 5 16:33:58 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:31 2006 Subject: mailscanner not processing exim queue Message-ID: Thank you Martin - actually since I sent my email I have change my conf to show this: # Set Debug to "yes" to stop it running as a daemon and just process # one batch of messages and then exit. Debug = yes # Do you want to debug SpamAssassin from within MailScanner? Debug SpamAssassin = yes and still I get the same output in the logs: May 5 08:30:07 filter MailScanner[7065]: MailScanner E-Mail Virus Scanner versi on 4.31.2 starting... May 5 08:30:17 filter MailScanner[7069]: MailScanner E-Mail Virus Scanner versi on 4.31.2 starting... May 5 08:30:27 filter MailScanner[7072]: MailScanner E-Mail Virus Scanner versi on 4.31.2 starting... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, May 05, 2005 1:02 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: mailscanner not processing exim queue Arif in MailScanner.conf set both Debug values to 'YES' stop mailScanner and rune check_mailscanner and post the output to here if it doesn't make any sense. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > Not sure what is wrong - my first attempt running mailscanner... I > have exim now queing up mail in /var/spool/exim.in/input - which is > what i have mailscanner set to look at for incoming mail... my > /var/log/maillog shows only one thing ever: > > May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus > Scanner version 4.31.2 starting... > There are no errors or anything, but all my mail just sits in > /var/spool/exim.in/input, and mailscanner doesn't scan/move them into > the outgoing directory. I have browsed the archives and didn't see > anyone having the same problem which makes me think its probably > something simple, but I have been going back over the configs over and > over and don't see what I'm missing.. any help is much appreciated. Thanks! > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 16:41:13 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: mailscanner not processing exim queue Message-ID: After you've chnaged the MailScanner.conf ... STOP mailscanner then run checkmailscanner, it will dump its output to the terminal you are using.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > Thank you Martin - actually since I sent my email I have change my conf > to show this: > > # Set Debug to "yes" to stop it running as a daemon and just process > # one batch of messages and then exit. > Debug = yes > > # Do you want to debug SpamAssassin from within MailScanner? > Debug SpamAssassin = yes > > and still I get the same output in the logs: > May 5 08:30:07 filter MailScanner[7065]: MailScanner E-Mail Virus > Scanner versi > on 4.31.2 starting... > May 5 08:30:17 filter MailScanner[7069]: MailScanner E-Mail Virus > Scanner versi > on 4.31.2 starting... > May 5 08:30:27 filter MailScanner[7072]: MailScanner E-Mail Virus > Scanner versi > on 4.31.2 starting... > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 05, 2005 1:02 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mailscanner not processing exim queue > > Arif > > in MailScanner.conf set both Debug values to 'YES' stop mailScanner and > rune check_mailscanner and post the output to here if it doesn't make > any sense. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Arif Malik wrote: > >>Not sure what is wrong - my first attempt running mailscanner... I >>have exim now queing up mail in /var/spool/exim.in/input - which is >>what i have mailscanner set to look at for incoming mail... my >>/var/log/maillog shows only one thing ever: >> >>May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus >>Scanner version 4.31.2 starting... >>There are no errors or anything, but all my mail just sits in >>/var/spool/exim.in/input, and mailscanner doesn't scan/move them into >>the outgoing directory. I have browsed the archives and didn't see >>anyone having the same problem which makes me think its probably >>something simple, but I have been going back over the configs over and > > >>over and don't see what I'm missing.. any help is much appreciated. > > Thanks! > >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error please notify the > system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu May 5 16:41:40 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:31 2006 Subject: DNS Configuration of Outbound Email Message-ID: It's not required by an RFC, but as has been discussed the DNS status of a host is often used as a criterion by stricter servers to decide if they should accept the mail. Good practice therefore should seem to indicate that it's set up correctly. It should look up forwards and backwards and yield the same results. This will frequently mean you need to set up a CNAME rather than an A record, unless you have control of the reverse lookup tables. Stef > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler > Sent: 05 May 2005 15:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: DNS Configuration of Outbound Email > > I've got a user who's complaining that they can't send email > to a particular domain. > > They're rejecting our connections because our host as > announced in the ehlo doesn't have an A or MX record. > > Does this seem like a reasonable thing to require? > > Anyone know if it is required by an RFC? > > Seems like overkill to me since an outbound mail host isn't > necessarily used for inbound email as well. > > I'll change my ways if it's required by an RFC though. > > Thanks, > > Derek > > -------------------------------------- > > This email and any files transmitted with it are confidential > and proprietary to Algorithmics Incorporated and its > affiliates ("Algorithmics"). If received in error, use is > prohibited. Please destroy, and notify sender. Sender does > not waive confidentiality or privilege. > Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. Algorithmics does not accept > liability for any errors or omissions. Any commitment > intended to bind Algorithmics must be reduced to writing and > signed by an authorized signatory. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This email has been scanned by the Level 5 Internet > MailCrusader for viruses, spam and dangerous content. > For more information please visit http://www.l5net.net > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu May 5 16:34:20 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: I apparently am suffering from something with this virus as well. My MailScanner/ClamAV setup had been working wonderfully until just the last couple of days when all of the sudden the Sober virus has been managing to get its ZIP files past without any problem at all. I looked back through the messaged regarding Sober here on the group, but didn't see anything definite about how to stop this from happening. Seems I've seen some people who have the problem and some who don't. Has anyone found a solution to getting this stopped? Thanks, Jim Coates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 16:44:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: Only thing I've seem amongst the lists I'm on is that it effects people who upgrade to 0.84. so.. make sure DatabaseDirectory is consistant in freshclam.conf and clamd.cong.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > I apparently am suffering from something with this virus as well. > > My MailScanner/ClamAV setup had been working wonderfully until just the > last couple of days when all of the sudden the Sober virus has been > managing to get its ZIP files past without any problem at all. > > I looked back through the messaged regarding Sober here on the group, > but didn't see anything definite about how to stop this from happening. > > Seems I've seen some people who have the problem and some who don't. > > Has anyone found a solution to getting this stopped? > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu May 5 16:42:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:31 2006 Subject: OT: DNS Configuration of Outbound Email Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Winkler wrote: >I've got a user who's complaining that they can't send email to a particular >domain. > >They're rejecting our connections because our host as announced in the ehlo >doesn't have an A or MX record. > >Does this seem like a reasonable thing to require? > > No, but many people do it anyway. Mostly because a lot of the viruses out there helo with garbage strings. >Anyone know if it is required by an RFC? > > It's explicitly not required by the RFCs. However, the RFCs do specify a host SHOULD use a resolvable FQDN in it's HELO/EHLO whenever possible. >I'll change my ways if it's required by an RFC though. > It's not required, but my suggestion would be that you should fix it unless you have a VERY good reason not to. That said, it does look like your DNS is failing RFC requirements on the PTR records.. tormail2.algorithmics.com (colo-2.algorithmics.com [209.171.52.2] 209.171.52.2 has a ptr record of colo-2.algorithmics.com, but colo-2.algorithmics.com has no A record.. that IS a failure to meet a RFC requirement. All PTR records MUST point to a hostname with a resolvable A record to be valid (CNAMES aren't even allowed). See RFC 1912 section 2.1 http://www.faqs.org/rfcs/rfc1912.html You might also want to look at the DNSBAJAJ for your domain: http://www.zonecut.net/dns/index.cgi You've got some dead delegations, and some NS record mismatch in terms of primary nameserver. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Thu May 5 16:50:48 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: I've not been having trouble with sober getting through, but have noticed a HUGE jump in viruses attempting to get through in the last 4 days or so, majority of them being the sober virus. Anyone else noticing a spike in viruses? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Thursday, May 05, 2005 8:44 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sober > > > Only thing I've seem amongst the lists I'm on is that it > effects people who upgrade to 0.84. > > so.. make sure DatabaseDirectory is consistant in > freshclam.conf and clamd.cong.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jim Coates wrote: > > I apparently am suffering from something with this virus as well. > > > > My MailScanner/ClamAV setup had been working wonderfully until just > > the last couple of days when all of the sudden the Sober virus has > > been managing to get its ZIP files past without any problem at all. > > > > I looked back through the messaged regarding Sober here on > the group, > > but didn't see anything definite about how to stop this from > > happening. > > > > Seems I've seen some people who have the problem and some who don't. > > > > Has anyone found a solution to getting this stopped? > > > > Thanks, > > Jim Coates > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read > the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Thu May 5 16:53:41 2005 From: chardlist at CHARD.NET (chardlist) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: I'm running Clam 0.84rc2 and sober is getting stopped just fine on my system. -Brendan >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Martin Hepworth >Sent: Thursday, May 05, 2005 10:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sober > >Only thing I've seem amongst the lists I'm on is that it effects people >who upgrade to 0.84. > >so.. make sure DatabaseDirectory is consistant in freshclam.conf and >clamd.cong.. > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > >Jim Coates wrote: >> I apparently am suffering from something with this virus as well. >> >> My MailScanner/ClamAV setup had been working wonderfully until just the >> last couple of days when all of the sudden the Sober virus has been >> managing to get its ZIP files past without any problem at all. >> >> I looked back through the messaged regarding Sober here on the group, >> but didn't see anything definite about how to stop this from happening. >> >> Seems I've seen some people who have the problem and some who don't. >> >> Has anyone found a solution to getting this stopped? >> >> Thanks, >> Jim Coates >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 5 17:02:10 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Greg Deputy > Sent: Thursday, May 05, 2005 11:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sober > > I've not been having trouble with sober getting through, but have > noticed a HUGE jump in viruses attempting to get through in the last 4 > days or so, majority of them being the sober virus. > > Anyone else noticing a spike in viruses? > If going from and average of 200-300 viruses per day to average of almost 2,000 per day is a spike, yes. Just read that Sober traffic was 4.5% of all internet traffic yesterday :( Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > Sent: Thursday, May 05, 2005 8:44 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Sober > > > > > > Only thing I've seem amongst the lists I'm on is that it > > effects people who upgrade to 0.84. > > > > so.. make sure DatabaseDirectory is consistant in > > freshclam.conf and clamd.cong.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Jim Coates wrote: > > > I apparently am suffering from something with this virus as well. > > > > > > My MailScanner/ClamAV setup had been working wonderfully until just > > > the last couple of days when all of the sudden the Sober virus has > > > been managing to get its ZIP files past without any problem at all. > > > > > > I looked back through the messaged regarding Sober here on > > the group, > > > but didn't see anything definite about how to stop this from > > > happening. > > > > > > Seems I've seen some people who have the problem and some who don't. > > > > > > Has anyone found a solution to getting this stopped? > > > > > > Thanks, > > > Jim Coates > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Thu May 5 16:59:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Deputy wrote: >I've not been having trouble with sober getting through, but have >noticed a HUGE jump in viruses attempting to get through in the last 4 >days or so, majority of them being the sober virus. > > > Yep. I noticed the same thing. After doing a quick upgrade to 0.84, seems like the number of viruses being stopped has almost doubled. Glad im not the only one experiencing this. -- Jason Williams Systems Administrator Courtesy Mortgage, Ltd. San Diego, Ca 92108 (619)228-2005 x114 jwilliams@courtesymortgage.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at KATY.COM Thu May 5 17:01:35 2005 From: john at KATY.COM (John Schmerold) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's been a bit of a problem. I have been keeping an eye on the log in Mailwatch & adding an invalid route ( route add -net 71.96.173.0 netmask 255.255.255.0 gw 192.168.10.2) to keep the other end from spewing its junk into our mail queue. It's been interesting to watch. I'm seeing viruses come in from usual suspects (Hotmail & cable modems) as well as from unlikely sources such as Dun & Bradstreet. There is probably a better way using greylisting or by creating a Local DNS Blocklist with RBLDNSD. Greg Deputy wrote: >I've not been having trouble with sober getting through, but have >noticed a HUGE jump in viruses attempting to get through in the last 4 >days or so, majority of them being the sober virus. > >Anyone else noticing a spike in viruses? > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: Thursday, May 05, 2005 8:44 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Sober >> >> >>Only thing I've seem amongst the lists I'm on is that it >>effects people who upgrade to 0.84. >> >>so.. make sure DatabaseDirectory is consistant in >>freshclam.conf and clamd.cong.. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Jim Coates wrote: >> >> >>>I apparently am suffering from something with this virus as well. >>> >>>My MailScanner/ClamAV setup had been working wonderfully until just >>>the last couple of days when all of the sudden the Sober virus has >>>been managing to get its ZIP files past without any problem at all. >>> >>>I looked back through the messaged regarding Sober here on >>> >>> >>the group, >> >> >>>but didn't see anything definite about how to stop this from >>>happening. >>> >>>Seems I've seen some people who have the problem and some who don't. >>> >>>Has anyone found a solution to getting this stopped? >>> >>>Thanks, >>>Jim Coates >>> >>>------------------------ MailScanner list >>> >>> >>------------------------ To >> >> >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read >>> >>> >>the Wiki >> >> >>>(http://wiki.mailscanner.info/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >>> >>> >>********************************************************************** >> >>This email and any files transmitted with it are confidential >>and intended solely for the use of the individual or entity >>to whom they are addressed. If you have received this email >>in error please notify the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >>in the body of the email. Before posting, read the Wiki >> >> >(http://wiki.mailscanner.info/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 16:59:42 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Only thing I've seem amongst the lists I'm on is that it effects people > who upgrade to 0.84. > > so.. make sure DatabaseDirectory is consistant in freshclam.conf and > clamd.cong.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jim Coates wrote: > >> I apparently am suffering from something with this virus as well. >> >> My MailScanner/ClamAV setup had been working wonderfully until just the >> last couple of days when all of the sudden the Sober virus has been >> managing to get its ZIP files past without any problem at all. >> >> I looked back through the messaged regarding Sober here on the group, >> but didn't see anything definite about how to stop this from happening. >> >> Seems I've seen some people who have the problem and some who don't. >> >> Has anyone found a solution to getting this stopped? >> >> Thanks, >> Jim Coates I upgraded to 0.84, and have had no problems. But I used Julians package to do so, so maybe his wizardry fixed something originally broken. The only Sober related problem I have is the crap from domain admins that still insist on bouncing virus messages. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu May 5 17:18:11 2005 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:29:31 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Same here. About 2000 W32/Sober.p@MM!zip stopped yesterday. Also a rise in undeliverable bounces of sober from other scanners that impolitley bounce back virus notices to the forged From address here...ugh. Wasn't SPF supposed to help with this? I suppose the same folks who bounce virus email probably don't use spf either though. Ken Pacific.Net Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Greg Deputy >>Sent: Thursday, May 05, 2005 11:51 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Sober >> >>I've not been having trouble with sober getting through, but have >>noticed a HUGE jump in viruses attempting to get through in the last 4 >>days or so, majority of them being the sober virus. >> >>Anyone else noticing a spike in viruses? >> > > > If going from and average of 200-300 viruses per day to average of almost > 2,000 per day is a spike, yes. > > Just read that Sober traffic was 4.5% of all internet traffic yesterday :( > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>>Sent: Thursday, May 05, 2005 8:44 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Sober >>> >>> >>>Only thing I've seem amongst the lists I'm on is that it >>>effects people who upgrade to 0.84. >>> >>>so.. make sure DatabaseDirectory is consistant in >>>freshclam.conf and clamd.cong.. >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>Jim Coates wrote: >>> >>>>I apparently am suffering from something with this virus as well. >>>> >>>>My MailScanner/ClamAV setup had been working wonderfully until just >>>>the last couple of days when all of the sudden the Sober virus has >>>>been managing to get its ZIP files past without any problem at all. >>>> >>>>I looked back through the messaged regarding Sober here on >>> >>>the group, >>> >>>>but didn't see anything definite about how to stop this from >>>>happening. >>>> >>>>Seems I've seen some people who have the problem and some who don't. >>>> >>>>Has anyone found a solution to getting this stopped? >>>> >>>>Thanks, >>>>Jim Coates >>>> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 17:36:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Because of the output created by the virus scanner. The clamavmodule doesn't create any direct output out of my control, but the clamav scanner runs clamscan which produces output under its control. Rose, Bobby wrote: >Confused by that > >My Incoming Work Dir = /var/spool/MailScanner/incoming > >Why would that have an effect if all I do is change the virus scanner >from clamav to clamavmodule to get it to work? > > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Thursday, May 05, 2005 9:35 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ClamAV and MailScanner Bug > >What is your Incoming Work Directory set to? >Is it set to /export/home/root/a >If not, then it should be. > >On 5 May 2005, at 14:08, Rose, Bobby wrote: > > > >>The issue is not with "detection" nor is it with Sober.P or any >>particular virus. As I keep saying my testing is using EICAR. The >>virus is being detected my clamav and logged by MailScanner but when >>the virus scanners=clamav, MailScanner is just logging that a virus >>was detected and then turns around and delivers it as an uninfected >>messages. If all I change in MailScanner.conf is the the scanner to >>clamavmodule, the MailScanner works properly. >> >>People are associating my report with their own issues with Sober.P >>and >>is diluting my report. Check the archives of my first message on >>this >>thread, it has the log excerpts. Also, I'm not down because of this >>because all I'm doing now is using clamavmodule instead of clamav as >>the virusscanner, but I'm just reporting the problem and my findings. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Martin Hepworth >>Sent: Thursday, May 05, 2005 8:48 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: ClamAV and MailScanner Bug >> >>Rose, Bobby wrote: >> >> >> >>>When I posted this issue others jumped on the thread about zip files >>>and have taken this into another direction involving sober.p. The >>>issue that I was reporting was with "Virus Scanners = clamav" and it >>>didn't matter what the virus was. My tests was using eicar.doc which >>> >>> > > > >>>was eicar.com just renamed to avoid filename checks. I included log >>>excerpts in my original message when using "Virus Scanners = clamav" >>> >>> >>> >>and >> >> >> >>>when "Virus Scanners = clamavmodule". If I use "Virus Scanners = >>>clamavmodule", then everything works both detection and action. If I >>> >>> > > > >>>use "Virus Scanners = clamav" then the only thing that works is >>>detection. It's not clamav since the virus is being detected and >>>MailScannner is logging the detection. But it's what MailScanner is >>>doing after detection when using clamav versus clamavmodule. If >>>using >>> >>> >>> >> >> >>>clamavmodule, it's dropping, quarantining, warning, or whatever the >>>actions may be. If using clamav, it's not doing anything. It says a >>> >>> > > > >>>the message is infected and then states 1 uninfected message was >>>delivered. >>> >>>Bobby Rose >>>Senior Systems Administrator >>>MSIS Network Operations >>>Wayne State University School of Medicine >>> >>> >>> >>> >>Bobby >> >>not specific to MS, also been seen with exim calling clamav without MS >> >> > > > >>anywhere....if you can trap the thing please submit it to >>http://cgi.clamav.net/sendvirus.cgi >> >> >>-- >>Martin Hepworth >>Senior Systems Administrator >>Solid State Logic Ltd >>tel: +44 (0)1865 842300 >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept for the >>presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store PGP footprint: >EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 17:40:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Desai, Jason wrote: >Julian Field wrote: > > >>Please tell me what the line in your /etc/MailScanner/ >>virus.scanners.conf says about clamav. Also please check that your >>Incoming Work Directory path has no links in it. This is by far the >>most common error and would explain your symptoms. >> >> > >Julian, I think I've suggested this before, but don't remember hearing back >from you about it. Would it be possible for MailScanner (possibly only once >at startup) to determine the real path of the Incoming Work Directory and >use that, so that symbolic links would be allowed? > >Granted, people are not reading the comments in the config file, and are >misconfiguring their servers. But to detect and still deliver a virus is >not a good thing. And I think with some simple code, MailScanner could >reduce the risk of such a misconfigured server. What do you think? > > How would you recommend I do this in a platform-agnostic way? I certainly wouldn't trust `pwd`. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 17:44:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried my new 4.42.1 release? Jim Coates wrote: > I apparently am suffering from something with this virus as well. > > My MailScanner/ClamAV setup had been working wonderfully until just > the last couple of days when all of the sudden the Sober virus has > been managing to get its ZIP files past without any problem at all. > > I looked back through the messaged regarding Sober here on the group, > but didn't see anything definite about how to stop this from happening. > > Seems I've seen some people who have the problem and some who don't. > > Has anyone found a solution to getting this stopped? > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Thu May 5 17:48:26 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:29:32 2006 Subject: Blocked bmp files (buffer overflow) anyone? Message-ID: Hi all, I've been getting reports of "possible buffer overflow" in bmp files and hence being stripped. It is my assumption at this time that our friendly neighbourhood virus checker (Sophos) is doing this. Have any of you guys out there seen this? Do any of you use Sophos and seen it doing this? For now I've turned the logging detail up and I'll let you all know if I find the cause. Thanks for any info, Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 17:51:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: Jules nope cos this is first I heard of it ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Have you tried my new 4.42.1 release? > > Jim Coates wrote: > >> I apparently am suffering from something with this virus as well. >> >> My MailScanner/ClamAV setup had been working wonderfully until just >> the last couple of days when all of the sudden the Sober virus has >> been managing to get its ZIP files past without any problem at all. >> >> I looked back through the messaged regarding Sober here on the group, >> but didn't see anything definite about how to stop this from happening. >> >> Seems I've seen some people who have the problem and some who don't. >> >> Has anyone found a solution to getting this stopped? >> >> Thanks, >> Jim Coates >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu May 5 17:51:36 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken A > Sent: Thursday, May 05, 2005 11:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sober > > > Same here. About 2000 W32/Sober.p@MM!zip stopped yesterday. > > Also a rise in undeliverable bounces of sober from other scanners that > impolitley bounce back virus notices to the forged From address > here...ugh. > > Wasn't SPF supposed to help with this? I suppose the same folks who > bounce virus email probably don't use spf either though. > Actually I have received about 1000 erroneous bounces from Ford Motor Company and they even state in their bounce that the messages was received from [IP] sender xxx@mydomain.com (apparently forged). APPARENTLY FORGED! (our SPF would be fail -all) so they are aware that it didn't come from an authorized host and the *still* bounce the things back! State of Ohio has sent us more than Ford. Their mail admin responded to my complaint by basically stating the problem isn't theirs, so it must be ours regardless of the origin. What a day! Rick > Ken > Pacific.Net > > > Stephen Swaney wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Greg Deputy > >>Sent: Thursday, May 05, 2005 11:51 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Sober > >> > >>I've not been having trouble with sober getting through, but have > >>noticed a HUGE jump in viruses attempting to get through in the last 4 > >>days or so, majority of them being the sober virus. > >> > >>Anyone else noticing a spike in viruses? > >> > > > > > > If going from and average of 200-300 viruses per day to average > of almost > > 2,000 per day is a spike, yes. > > > > Just read that Sober traffic was 4.5% of all internet traffic > yesterday :( > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > > > >>>-----Original Message----- > >>>From: MailScanner mailing list > >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > >>>Sent: Thursday, May 05, 2005 8:44 AM > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: Sober > >>> > >>> > >>>Only thing I've seem amongst the lists I'm on is that it > >>>effects people who upgrade to 0.84. > >>> > >>>so.. make sure DatabaseDirectory is consistant in > >>>freshclam.conf and clamd.cong.. > >>> > >>>-- > >>>Martin Hepworth > >>>Snr Systems Administrator > >>>Solid State Logic > >>>Tel: +44 (0)1865 842300 > >>> > >>> > >>>Jim Coates wrote: > >>> > >>>>I apparently am suffering from something with this virus as well. > >>>> > >>>>My MailScanner/ClamAV setup had been working wonderfully until just > >>>>the last couple of days when all of the sudden the Sober virus has > >>>>been managing to get its ZIP files past without any problem at all. > >>>> > >>>>I looked back through the messaged regarding Sober here on > >>> > >>>the group, > >>> > >>>>but didn't see anything definite about how to stop this from > >>>>happening. > >>>> > >>>>Seems I've seen some people who have the problem and some who don't. > >>>> > >>>>Has anyone found a solution to getting this stopped? > >>>> > >>>>Thanks, > >>>>Jim Coates > >>>> > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 17:56:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] See my posting this morning entitled: New Beta: Re: ClamAV and MailScanner Bug Martin Hepworth wrote: > Jules > > nope cos this is first I heard of it ;-) > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Have you tried my new 4.42.1 release? >> >> Jim Coates wrote: >> >>> I apparently am suffering from something with this virus as well. >>> >>> My MailScanner/ClamAV setup had been working wonderfully until just >>> the last couple of days when all of the sudden the Sober virus has >>> been managing to get its ZIP files past without any problem at all. >>> >>> I looked back through the messaged regarding Sober here on the group, >>> but didn't see anything definite about how to stop this from happening. >>> >>> Seems I've seen some people who have the problem and some who don't. >>> >>> Has anyone found a solution to getting this stopped? >>> >>> Thanks, >>> Jim Coates >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 17:53:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Blocked bmp files (buffer overflow) anyone? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is from a Microsoft vulnerability a few months back. Most machines of course should have the patch installed by now, but I bet they haven't. I blocked *.bmp files for quite a while. But I dropped that block recently. Pentland G. wrote: >Hi all, > >I've been getting reports of "possible buffer overflow" in bmp files and >hence being stripped. > > >It is my assumption at this time that our friendly neighbourhood virus >checker (Sophos) is doing this. > >Have any of you guys out there seen this? > >Do any of you use Sophos and seen it doing this? > >For now I've turned the logging detail up and I'll let you all know if I >find the cause. > >Thanks for any info, > >Gary > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 5 17:59:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: ah - missed it in all the fun... ta -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > See my posting this morning entitled: > > New Beta: Re: ClamAV and MailScanner Bug > > > Martin Hepworth wrote: > >> Jules >> >> nope cos this is first I heard of it ;-) >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> Have you tried my new 4.42.1 release? >>> >>> Jim Coates wrote: >>> >>>> I apparently am suffering from something with this virus as well. >>>> >>>> My MailScanner/ClamAV setup had been working wonderfully until just >>>> the last couple of days when all of the sudden the Sober virus has >>>> been managing to get its ZIP files past without any problem at all. >>>> >>>> I looked back through the messaged regarding Sober here on the group, >>>> but didn't see anything definite about how to stop this from happening. >>>> >>>> Seems I've seen some people who have the problem and some who don't. >>>> >>>> Has anyone found a solution to getting this stopped? >>>> >>>> Thanks, >>>> Jim Coates >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> *Support MailScanner development - buy the book off the website!* >>> >>> >>> >>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu May 5 18:13:32 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: Julian, No... I haven't yet. I was under the impression that it was more a ClamAV issue... maybe I'm totally off mark. Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 05, 2005 11:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sober Have you tried my new 4.42.1 release? Jim Coates wrote: > I apparently am suffering from something with this virus as well. > > My MailScanner/ClamAV setup had been working wonderfully until just > the last couple of days when all of the sudden the Sober virus has > been managing to get its ZIP files past without any problem at all. > > I looked back through the messaged regarding Sober here on the group, > but didn't see anything definite about how to stop this from > happening. > > Seems I've seen some people who have the problem and some who don't. > > Has anyone found a solution to getting this stopped? > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Thu May 5 18:12:37 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: Julian Field wrote: > Desai, Jason wrote: >> Julian, I think I've suggested this before, but don't remember >> hearing back from you about it. Would it be possible for >> MailScanner (possibly only once at startup) to determine the real >> path of the Incoming Work Directory and use that, so that symbolic >> links would be allowed? >> >> Granted, people are not reading the comments in the config file, and >> are misconfiguring their servers. But to detect and still deliver a >> virus is not a good thing. And I think with some simple code, >> MailScanner could reduce the risk of such a misconfigured server. >> What do you think? >> >> > How would you recommend I do this in a platform-agnostic way? I > certainly wouldn't trust `pwd`. I don't know if this is platform-agnostic or not, but what about abs_path from Cwd? It seems to be a part of the base perl installation, at least for Debian. Here's a link to a previous post where I gave a small example of how you could use it. http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind04&L=mailscanner&P=R555044& I=-3 If the check was just done once at startup, I don't think it would be too expensive or hurt performance. Jase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 18:20:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes it is. But unless you have "Maximum Archive Depth = 0" then the new code will help you too. Jim Coates wrote: >Julian, > >No... I haven't yet. > >I was under the impression that it was more a ClamAV issue... maybe I'm >totally off mark. > >Jim > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Thursday, May 05, 2005 11:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sober > > >Have you tried my new 4.42.1 release? > >Jim Coates wrote: > > > >>I apparently am suffering from something with this virus as well. >> >>My MailScanner/ClamAV setup had been working wonderfully until just >>the last couple of days when all of the sudden the Sober virus has >>been managing to get its ZIP files past without any problem at all. >> >>I looked back through the messaged regarding Sober here on the group, >>but didn't see anything definite about how to stop this from >>happening. >> >>Seems I've seen some people who have the problem and some who don't. >> >>Has anyone found a solution to getting this stopped? >> >>Thanks, >>Jim Coates >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* >> >> > > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional Support >Services at www.MailScanner.biz MailScanner thanks transtec Computers for >their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the Wiki >(http://wiki.mailscanner.info/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu May 5 18:33:11 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 11:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > > Desai, Jason wrote: > > >Julian Field wrote: > > > > > >>Please tell me what the line in your /etc/MailScanner/ > >>virus.scanners.conf says about clamav. Also please check that your > >>Incoming Work Directory path has no links in it. This is by far the > >>most common error and would explain your symptoms. > >> > >> > > > >Julian, I think I've suggested this before, but don't remember > hearing back > >from you about it. Would it be possible for MailScanner > (possibly only once > >at startup) to determine the real path of the Incoming Work Directory and > >use that, so that symbolic links would be allowed? > > > >Granted, people are not reading the comments in the config file, and are > >misconfiguring their servers. But to detect and still deliver a virus is > >not a good thing. And I think with some simple code, MailScanner could > >reduce the risk of such a misconfigured server. What do you think? > > > > > How would you recommend I do this in a platform-agnostic way? I > certainly wouldn't trust `pwd`. > > -- > Julian Field How about: #!/usr/bin/perl # Program CheckSymlink.pl use File::Spec; use File::Spec::Link; my $link = $ARGV[0]; my $file = $link; print "Checking for $link\n"; # Check to be sure symlinks are supported on this platform. # If they do, use File::Spec::Link->resolve to return the absolute # path to the file and/or diredctory, if not use the supplied path/filename $symlink_exists = eval { symlink("",""); 1 }; $file = File::Spec::Link->resolve($link) unless !$symlink_exists; print "Found $file\n"; # end program If you test it using the following commands (use your own symlinks of course) ./CheckSymlink.pl /etc/squid/errors/ERR_ONLY_IF_CACHED_MISS returns: Checking for /etc/squid/errors/ERR_ONLY_IF_CACHED_MISS Found /usr/lib/squid/errors/English/ERR_ONLY_IF_CACHED_MISS ./CheckSymlink.pl /etc/squid/errors Returns: Checking for /etc/squid/errors Found /usr/lib/squid/errors/English And ./CheckSymlink.pl /etc Returns: Checking for /etc Found /etc ./CheckSymlink.pl /etc/resolv.conf Checking for /etc/resolv.conf Found /etc/resolv.conf Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jason.Burzenski at AMERICANHM.COM Thu May 5 18:48:45 2005 From: Jason.Burzenski at AMERICANHM.COM (Jason.Burzenski@AMERICANHM.COM) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: > I've not been having trouble with sober getting through, but have > noticed a HUGE jump in viruses attempting to get through in the last 4 > days or so, majority of them being the sober virus. May 1, 2005: 214 May 2, 2005: 4800 May 3, 2005: 50,000 May 4, 2005: 90,000 Today looks to be starting a little slower so far but we will likely see at least another 80K before midnight. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu May 5 18:46:03 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: I *do* have Maximum Archive Depth set to zero. Is that not the correct way to have it set? Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 05, 2005 12:21 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sober Yes it is. But unless you have "Maximum Archive Depth = 0" then the new code will help you too. Jim Coates wrote: >Julian, > >No... I haven't yet. > >I was under the impression that it was more a ClamAV issue... maybe I'm >totally off mark. > >Jim > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Thursday, May 05, 2005 11:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sober > > >Have you tried my new 4.42.1 release? > >Jim Coates wrote: > > > >>I apparently am suffering from something with this virus as well. >> >>My MailScanner/ClamAV setup had been working wonderfully until just >>the last couple of days when all of the sudden the Sober virus has >>been managing to get its ZIP files past without any problem at all. >> >>I looked back through the messaged regarding Sober here on the group, >>but didn't see anything definite about how to stop this from >>happening. >> >>Seems I've seen some people who have the problem and some who don't. >> >>Has anyone found a solution to getting this stopped? >> >>Thanks, >>Jim Coates >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* >> >> > > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the Wiki >(http://wiki.mailscanner.info/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the Wiki >(http://wiki.mailscanner.info/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 19:12:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Thursday, May 05, 2005 11:41 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: ClamAV and MailScanner Bug >> >> >>Desai, Jason wrote: >> >> >> >>>Julian Field wrote: >>> >>> >>> >>> >>>>Please tell me what the line in your /etc/MailScanner/ >>>>virus.scanners.conf says about clamav. Also please check that your >>>>Incoming Work Directory path has no links in it. This is by far the >>>>most common error and would explain your symptoms. >>>> >>>> >>>> >>>> >>>Julian, I think I've suggested this before, but don't remember >>> >>> >>hearing back >>>from you about it. Would it be possible for MailScanner >>(possibly only once >> >> >>>at startup) to determine the real path of the Incoming Work Directory and >>>use that, so that symbolic links would be allowed? >>> >>>Granted, people are not reading the comments in the config file, and are >>>misconfiguring their servers. But to detect and still deliver a virus is >>>not a good thing. And I think with some simple code, MailScanner could >>>reduce the risk of such a misconfigured server. What do you think? >>> >>> >>> >>> >>How would you recommend I do this in a platform-agnostic way? I >>certainly wouldn't trust `pwd`. >> >>-- >>Julian Field >> >> > >How about: > >#!/usr/bin/perl ># Program CheckSymlink.pl > >use File::Spec; >use File::Spec::Link; > >my $link = $ARGV[0]; >my $file = $link; > > >print "Checking for $link\n"; > ># Check to be sure symlinks are supported on this platform. ># If they do, use File::Spec::Link->resolve to return the absolute ># path to the file and/or diredctory, if not use the supplied path/filename > >$symlink_exists = eval { symlink("",""); 1 }; >$file = File::Spec::Link->resolve($link) unless !$symlink_exists; >print "Found $file\n"; > ># end program > > Eek! Fortunately it is a lot easier than that, due to the helpful info about the Cwd module. This is a standard supplied module and even the version that came with Perl 5.00503 has the necessary function in it. Apply this patch to WorkArea.pm and it should do the trick nicely. If there are links in the dir, then it complains politely about it but works properly anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 756bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu May 5 19:15:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It just means that my new code won't be able to help you, that's all. The real source of the problem is ClamAV and it missing some of them, but they will hopefully fix that very soon so the rest of you are fixed too. Jim Coates wrote: >I *do* have Maximum Archive Depth set to zero. > >Is that not the correct way to have it set? > >Jim > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Thursday, May 05, 2005 12:21 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sober > > >Yes it is. But unless you have "Maximum Archive Depth = 0" then the new code >will help you too. > >Jim Coates wrote: > > > >>Julian, >> >>No... I haven't yet. >> >>I was under the impression that it was more a ClamAV issue... maybe I'm >>totally off mark. >> >>Jim >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Thursday, May 05, 2005 11:44 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Sober >> >> >>Have you tried my new 4.42.1 release? >> >>Jim Coates wrote: >> >> >> >> >> >>>I apparently am suffering from something with this virus as well. >>> >>>My MailScanner/ClamAV setup had been working wonderfully until just >>>the last couple of days when all of the sudden the Sober virus has >>>been managing to get its ZIP files past without any problem at all. >>> >>>I looked back through the messaged regarding Sober here on the group, >>>but didn't see anything definite about how to stop this from >>>happening. >>> >>>Seems I've seen some people who have the problem and some who don't. >>> >>>Has anyone found a solution to getting this stopped? >>> >>>Thanks, >>>Jim Coates >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the Wiki >>>(http://wiki.mailscanner.info/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store Professional >>Support Services at www.MailScanner.biz MailScanner thanks transtec >>Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional Support >Services at www.MailScanner.biz MailScanner thanks transtec Computers for >their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the Wiki >(http://wiki.mailscanner.info/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu May 5 19:32:14 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:32 2006 Subject: sober.p Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, One of my users has received a message bounce (apparently her e-mail address was spoofed) with an .eml attachment that had the sober worm in a zip file. I'm thinking it wasn't detected because of the max depth of scanning in MS or clamav. What setting do I need to adjust to prevent instances such as this? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 19:25:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:32 2006 Subject: Blocked bmp files (buffer overflow) anyone? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If it is bugging you, change the restriction in filename.rules, as this became the default a month or so ago. Julian Field wrote: > This is from a Microsoft vulnerability a few months back. Most machines > of course should have the patch installed by now, but I bet they haven't. > > I blocked *.bmp files for quite a while. But I dropped that block recently. > > Pentland G. wrote: > >> Hi all, >> >> I've been getting reports of "possible buffer overflow" in bmp files and >> hence being stripped. >> >> >> It is my assumption at this time that our friendly neighbourhood virus >> checker (Sophos) is doing this. >> >> Have any of you guys out there seen this? >> >> Do any of you use Sophos and seen it doing this? >> >> For now I've turned the logging detail up and I'll let you all know if I >> find the cause. >> >> Thanks for any info, >> >> Gary -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Thu May 5 20:17:29 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:29:32 2006 Subject: test Message-ID: I failed the test. What do I do now? hermit921 At 04:01 AM 5/5/2005, Michele Neylon :: Blacknight Solutions wrote: >Sanity test > >Ignore unless you are bored > >Mr Michele Neylon >Blacknight Internet Solutions Ltd ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu May 5 20:29:00 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 1:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV and MailScanner Bug > > [...] > Fortunately it is a lot easier than that, due to the helpful info about > the Cwd module. This is a standard supplied module and even the version > that came with Perl 5.00503 has the necessary function in it. > > Apply this patch to WorkArea.pm and it should do the trick nicely. If > there are links in the dir, then it complains politely about it but > works properly anyway. > I was thinking about your question regarding reliably. I don't honestly know what OSs MS is ported to and the cwd documentation I had states (http://perlpod.com/5.9.1/lib/Cwd.html): NOTES * Since the path seperators are different on some operating systems ('/' on Unix, ':' on MacPerl, etc...) we recommend you use the File::Spec modules wherever portability is a concern. * Actually, on Mac OS, the getcwd(), fastgetcwd() and fastcwd() functions are all aliases for the cwd() function, which, on Mac OS, calls `pwd`. Likewise, the abs_path() function is an alias for fast_abs_path(). But if it's all *nix I would suppose the separator issue wouldn't be a factor. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 20:33:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Thursday, May 05, 2005 1:12 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: ClamAV and MailScanner Bug >> >> >> >> >[...] > > > >>Fortunately it is a lot easier than that, due to the helpful info about >>the Cwd module. This is a standard supplied module and even the version >>that came with Perl 5.00503 has the necessary function in it. >> >>Apply this patch to WorkArea.pm and it should do the trick nicely. If >>there are links in the dir, then it complains politely about it but >>works properly anyway. >> >> >> > >I was thinking about your question regarding reliably. I don't honestly know >what OSs MS is ported to and the cwd documentation I had states >(http://perlpod.com/5.9.1/lib/Cwd.html): > >NOTES > > * Since the path seperators are different on some operating systems ('/' >on Unix, ':' on MacPerl, etc...) we recommend you use the File::Spec modules >wherever portability is a concern. > * Actually, on Mac OS, the getcwd(), fastgetcwd() and fastcwd() >functions are all aliases for the cwd() function, which, on Mac OS, calls >`pwd`. Likewise, the abs_path() function is an alias for fast_abs_path(). > >But if it's all *nix I would suppose the separator issue wouldn't be a >factor. > > It's all *nix. I support Mac OSX but not Classic. For the windows guys, cygwin handles / quite intelligently anyway. I must get around to working on the OSX port this summer, it would be good to get it going properly. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 5 20:50:31 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: Ok the issue has been solve though I don't understand why clamav has issue with this when clamavmodule or sophos doesn't. The Incoming Work Dir = /var/spool/MailScanner/incoming is softlinked to /tmp which is a tmpfs volume. Changing it to a absolute path does fix the issue when using clamav as the scanner. As I mentioned before, I used to use both Sophos and clamav as the scanners but stopped using sophos for licensing costs. The issue was never noticed because sophos didn't care about the work directory and was catching what was falling thru the cracks with clamav. Using sophos or clamavmodule with the Incoming Work Dir using a non-absolute path worked fine and since Incoming Work Dir path that I was using in MailScanner.conf was the default value, so there was never a moment that my scrutiny would have noticed the comments for that setting. -=B -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Desai, Jason Sent: Thursday, May 05, 2005 11:25 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Julian Field wrote: > Please tell me what the line in your /etc/MailScanner/ > virus.scanners.conf says about clamav. Also please check that your > Incoming Work Directory path has no links in it. This is by far the > most common error and would explain your symptoms. Julian, I think I've suggested this before, but don't remember hearing back from you about it. Would it be possible for MailScanner (possibly only once at startup) to determine the real path of the Incoming Work Directory and use that, so that symbolic links would be allowed? Granted, people are not reading the comments in the config file, and are misconfiguring their servers. But to detect and still deliver a virus is not a good thing. And I think with some simple code, MailScanner could reduce the risk of such a misconfigured server. What do you think? Jase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From TGFurnish at HERFFJONES.COM Thu May 5 21:02:08 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have the terrible feeling that a way of doing this ought to be jumping into my mind, but I'm not getting it. I have a system configured which barely meets our load under the current sober onslaught and is not currently configured with any virus scanning, just spam filtering. As such I hesitate to add any virus scanning as it might increase the server load too much. We're blocking the sober attachment filenames using filename.rules.conf, and I switched those rules from "deny" to "deny+delete" (not sure what that option is supposed to do - couldn't find documentation on it), but that doesn't stop the rest of the message from being delivered. Using spamassassin to mark the sober messages as 'high scoring spam' isn't really an option, because we still deliver 'high scoring spam' for other business reasons. Is there any way to delete the sober messages based on attachment filename, without running antivirus checks? I suppose I could look at the code that interfaces to the "real" antivirus engines and hack up an engine to just reject those messages - I'm hoping there's an easier way. Thanks, Trever ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:03:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] When printing the names of the scanned files, neither Sophos nor clamavmodule attempt to print out the full path of the files, only the paths of the files relative to the directory they were asked to scan. Clamav and Mcafee (for example) print out the whole paths of the files. I need to be able to accurately strip off that leading path so I just have the relative paths left. I can't make many assumptions as there may be nasty characters in the filenames trying to confuse me. So I need to know exactly what the directory name is that I have to remove. With the patch I just published, MailScanner now checks the "Incoming Work Directory" to see if it is really an absolute path and does not contain any links. Rose, Bobby wrote: >Ok the issue has been solve though I don't understand why clamav has >issue with this when clamavmodule or sophos doesn't. >The Incoming Work Dir = /var/spool/MailScanner/incoming is softlinked to >/tmp which is a tmpfs volume. Changing it to a absolute path does fix >the issue when using clamav as the scanner. As I mentioned before, I >used to use both Sophos and clamav as the scanners but stopped using >sophos for licensing costs. The issue was never noticed because sophos >didn't care about the work directory and was catching what was falling >thru the cracks with clamav. Using sophos or clamavmodule with the >Incoming Work Dir using a non-absolute path worked fine and since >Incoming Work Dir path that I was using in MailScanner.conf was the >default value, so there was never a moment that my scrutiny would have >noticed the comments for that setting. > >-=B > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Desai, Jason >Sent: Thursday, May 05, 2005 11:25 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ClamAV and MailScanner Bug > >Julian Field wrote: > > >>Please tell me what the line in your /etc/MailScanner/ >>virus.scanners.conf says about clamav. Also please check that your >>Incoming Work Directory path has no links in it. This is by far the >>most common error and would explain your symptoms. >> >> > >Julian, I think I've suggested this before, but don't remember hearing >back from you about it. Would it be possible for MailScanner (possibly >only once at startup) to determine the real path of the Incoming Work >Directory and use that, so that symbolic links would be allowed? > >Granted, people are not reading the comments in the config file, and are >misconfiguring their servers. But to detect and still deliver a virus >is not a good thing. And I think with some simple code, MailScanner >could reduce the risk of such a misconfigured server. What do you >think? > >Jase > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu May 5 21:03:11 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 05 May 2005 01:54 am, Julian Field wrote: > On 4 May 2005, at 22:16, Chris Stone wrote: > > On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: > >> Julian Field wrote: > >> I just tried it with 2 Worm.Sober.P messages from my own servers, and > >> neither of them caused any problem whatsoever. Both caught just fine. > >> Worked with Maximum Archive Depth = 0 and with = 2. > > > > This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module > > (latest from > > CPAN). Max Archive Depth = 0. > > Chris, can you try with the latest MailScanner please. I still cannot > find anything unusual whatsoever. You are running with > > Max Archive Depth = 0 > Virus Scanners = clamavmodule > ClamAV 0.83 > > (That's for my reference as people are not being clear as to whether > they are using "clamav" or "clamavmodule". Upgraded to 4.41.3 last night and upgraded ClamAV to 0.84. ClamAVModule is 0.17. Didn't seem to make a difference. Other viruses are stopped, but Sober is detected and queued for delivery. As I noted in another email, I can get you root access to the server to test and poke around if you still need to. Email me offlist and I'll get you the particulars. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:19:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could use the "generic" virus scanner to do this. Read /usr/lib/MailScanner/generic-wrapper and it explains what you get given and what you have to return. Then just put "generic" in the list of Virus Scanners in MailScanner.conf and add your made-up virus name to the list of Silent Viruses. Give me a shout if you want some help, (particularly if you are able to contribute) :-) If you can give me a simple list of the filenames you are looking for, then I should be able to write it in a few minutes for you. Furnish, Trever G wrote: >I have the terrible feeling that a way of doing this ought to be jumping into my mind, but I'm not getting it. > >I have a system configured which barely meets our load under the current sober onslaught and is not currently configured with any virus scanning, just spam filtering. As such I hesitate to add any virus scanning as it might increase the server load too much. > >We're blocking the sober attachment filenames using filename.rules.conf, and I switched those rules from "deny" to "deny+delete" (not sure what that option is supposed to do - couldn't find documentation on it), but that doesn't stop the rest of the message from being delivered. > >Using spamassassin to mark the sober messages as 'high scoring spam' isn't really an option, because we still deliver 'high scoring spam' for other business reasons. > >Is there any way to delete the sober messages based on attachment filename, without running antivirus checks? I suppose I could look at the code that interfaces to the "real" antivirus engines and hack up an engine to just reject those messages - I'm hoping there's an easier way. > >Thanks, >Trever > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:21:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Stone wrote: >On Thursday 05 May 2005 01:54 am, Julian Field wrote: > > >>On 4 May 2005, at 22:16, Chris Stone wrote: >> >> >>>On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >>> >>> >>>>Julian Field wrote: >>>>I just tried it with 2 Worm.Sober.P messages from my own servers, and >>>>neither of them caused any problem whatsoever. Both caught just fine. >>>>Worked with Maximum Archive Depth = 0 and with = 2. >>>> >>>> >>>This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module >>>(latest from >>>CPAN). Max Archive Depth = 0. >>> >>> >>Chris, can you try with the latest MailScanner please. I still cannot >>find anything unusual whatsoever. You are running with >> >>Max Archive Depth = 0 >>Virus Scanners = clamavmodule >>ClamAV 0.83 >> >>(That's for my reference as people are not being clear as to whether >>they are using "clamav" or "clamavmodule". >> >> > >Upgraded to 4.41.3 last night and upgraded ClamAV to 0.84. ClamAVModule is >0.17. Didn't seem to make a difference. Other viruses are stopped, but Sober >is detected and queued for delivery. > > My patch to help with this (if you don't have Maximum Archive Depth = 0) is the latest beta. You may also want the patch I published for WorkArea.pm earlier this evening as well. If you still have trouble with both of those updates applied, and you do not have Maximum Archive Depth = 0 set, then let me know. Let us all know how you get on with this. >As I noted in another email, I can get you root access to the server to test >and poke around if you still need to. Email me offlist and I'll get you the >particulars. > > >Chris > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu May 5 21:30:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Furnish, Trever G wrote: >I have the terrible feeling that a way of doing this ought to be jumping into my mind, but I'm not getting it. > >I have a system configured which barely meets our load under the current sober onslaught and is not currently configured with any virus scanning, just spam filtering. As such I hesitate to add any virus scanning as it might increase the server load too much. > > While I agree you might not want to do that right now, read that sentence carefully and think about what you just said. Personally, I'd sacrifice the spam scanning in order to add AV scanning. It's significantly more important. Spam is a very common nuisance, but viruses are a threat. If you're unable to deal with actual security threats because your processor is busy dealing with nuisance problems, your network security plan needs serious reconsideration. You might consider sacrificing load-intensive SpamAssassin features like bayes and auto-whitelisting in order to fit a scan of clamav in. Clamav isn't particularly expensive to run. Also make sure you're not using anything outrageous in your SA setup like bigevil.cf, or any add-on rulesets (from SARE and other sources) over 32k in size. At least that should get you by until you can do some minor hardware upgrades. Really, if you're pushing your load limit now, think about what would happen to your server if a larger flood of garbage came in, say from a major joe-job or DoS attack. You probably need some extra headroom in the long run. >Is there any way to delete the sober messages based on attachment filename, without running antivirus checks? I suppose I could look at the code that interfaces to the "real" antivirus engines and hack up an engine to just reject those messages - I'm hoping there's an easier way. > There is.. Look at the "generic" virus scanner option in MailScanner.conf. This will pass the files to a script called generic-wrapper. You can have it declare the files to be virus infected and MS will handle it as a virus. Still, I'd do some real serious thinking about adding a virus scanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu May 5 21:25:29 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 05 May 2005 12:15 pm, Julian Field wrote: > It just means that my new code won't be able to help you, that's all. > The real source of the problem is ClamAV and it missing some of them, > but they will hopefully fix that very soon so the rest of you are fixed > too. > I do have Max Archive depth set to 0 and Sober is blocked on all of my servers (all using ClamAV 0.84 - some using clamavmodule and some clamav) except for one which is a G5 OSX running Postfix - others use sendmail. The G5 is running MS 4.41.3 and the others are all running MS 4.40.9. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 21:21:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rose, Bobby wrote: > Ok the issue has been solve though I don't understand why clamav has > issue with this when clamavmodule or sophos doesn't. > The Incoming Work Dir = /var/spool/MailScanner/incoming is softlinked to > /tmp which is a tmpfs volume. Changing it to a absolute path does fix > the issue when using clamav as the scanner. As I mentioned before, I > used to use both Sophos and clamav as the scanners but stopped using > sophos for licensing costs. The issue was never noticed because sophos > didn't care about the work directory and was catching what was falling > thru the cracks with clamav. Using sophos or clamavmodule with the > Incoming Work Dir using a non-absolute path worked fine and since > Incoming Work Dir path that I was using in MailScanner.conf was the > default value, so there was never a moment that my scrutiny would have > noticed the comments for that setting. > I have been using McAfee also for a couple of years, and since it also brainfarts on symlinks, I haven't had that problem. I just have /var/spool/MailScanner/incoming mounted in fstab to tmpfs. No fuss, no muss, no McAfee fumbles. If Clam is now going to have problems, maybe it should be noted in the docs. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu May 5 21:36:56 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: Julian, I coming into this debate at bit late... I'm still running 4.40.11 on Solaris 9, using: Maximum Archive Depth = 2 Virus Scanners = sophossavi clamavmodule I currently using ClamAV 0.84, sophos 3.93, and SA 3.0.3 with 4.40.11. I'm catching the Sober viruses, but nowhere near as high as others. No indication that it is getting past MailScanner. Time to upgrade MS. Would you recommend 4.41.3 or 4.42.1 at this point? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu May 5 21:37:32 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 05 May 2005 02:21 pm, Scott Silva wrote: > If Clam is now going to have problems, maybe it should be noted in the > docs. If the problem is solely with ClamAV - why is the issue selective. Out of 6 servers I've setup, I am seeing the problem only with one. The others are blocking Sober with no problem. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:40:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Rose, Bobby wrote: > > >>Ok the issue has been solve though I don't understand why clamav has >>issue with this when clamavmodule or sophos doesn't. >>The Incoming Work Dir = /var/spool/MailScanner/incoming is softlinked to >>/tmp which is a tmpfs volume. Changing it to a absolute path does fix >>the issue when using clamav as the scanner. As I mentioned before, I >>used to use both Sophos and clamav as the scanners but stopped using >>sophos for licensing costs. The issue was never noticed because sophos >>didn't care about the work directory and was catching what was falling >>thru the cracks with clamav. Using sophos or clamavmodule with the >>Incoming Work Dir using a non-absolute path worked fine and since >>Incoming Work Dir path that I was using in MailScanner.conf was the >>default value, so there was never a moment that my scrutiny would have >>noticed the comments for that setting. >> >> >> > >I have been using McAfee also for a couple of years, and since it also >brainfarts on symlinks, I haven't had that problem. >I just have /var/spool/MailScanner/incoming mounted in fstab to tmpfs. >No fuss, no muss, no McAfee fumbles. >If Clam is now going to have problems, maybe it should be noted in the >docs. > No need, now it auto-detects if there is likely to be a problem, and works around it for you. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu May 5 21:34:24 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't mean to muddy the waters any, but I see some strange stuff going on also. I am running 4.36.1 with clamav (also not current). We have one user in particular getting hit with this Sober thingy. The message is being flagged as having a Virus in the subject line, but still delivered, even with all of the parms in the Virus Scanning and Vulnerability Testing section set to "no" (with the exception of Virus Scanning = yes). I realize that I should update, but ClamAV is finding this. Shouldn't my conf settings delete the message? I find that the message is being scanned, scored by SA, actions decided based on my Spam/High Spam settings, and then virus scanned after the actions are performed. A listing of a particular message follows: May 5 15:58:36 mailserver2 sendmail[29880]: j45JwXPI029880: from=, size=73450, class=0, nrcpts=1, msgid=<7ee2.e8f8fb2a5e8e@hotmail.com>, proto=SM TP, daemon=MTA, relay=rrcs-24-73-137-179.se.biz.rr.com [24.73.137.179] May 5 15:58:38 mailserver2 MailScanner[1143]: Message j45JwXPI029880 from 24.73.1 37.179 (info@hotmail.com) to cnpapers.com is spam, SpamAssassin (score=4.021, requ ired 4, DNS_FROM_RFC_POST 1.61, FORGED_HOTMAIL_RCVD2 1.18, MISSING_MIMEOLE 0.01, N O_REAL_NAME 0.01, SPF_SOFTFAIL 0.50, URI_CHINA_ADJ 0.71) May 5 15:58:38 mailserver2 MailScanner[1143]: Spam Actions: message j45JwXPI02988 0 actions are store,deliver,striphtml May 5 15:58:40 mailserver2 MailScanner[1143]: /var/spool/MailScanner/incoming/114 3/./j45JwXPI029880/account_info.zip^Iinfected: Win32.Sober.O@mm May 5 15:58:40 mailserver2 MailScanner[1143]: /var/spool/MailScanner/incoming/114 3/./j45JwXPI029880/Winzipped-Text_Data.txt .exe^Iinfected: Win32.Sober.O @mm May 5 15:58:40 mailserver2 MailScanner[1143]: Infected message j45JwXPI029880 cam e from 24.73.137.179 May 5 15:58:40 mailserver2 MailScanner[1143]: Filename Checks: Windows/DOS Execut able (j45JwXPI029880 Winzipped-Text_Data.txt .exe) May 5 15:58:40 mailserver2 MailScanner[1143]: Filename Checks: Possible MS-Dos pr ogram shortcut attack (j45JwXPI029880 Winzipped-Text_Data.txt .pif) May 5 15:58:40 mailserver2 MailScanner[1143]: Saved entire message to /var/spool/ MailScanner/quarantine/20050505/j45JwXPI029880 May 5 15:58:40 mailserver2 MailScanner[1143]: Saved infected "account_info.zip" t o /var/spool/MailScanner/quarantine/20050505/j45JwXPI029880 May 5 15:58:40 mailserver2 MailScanner[1143]: Saved infected "Winzipped-Text_Data .txt .pif" to /var/spool/MailScanner/quarantine/20050505/j45JwXPI029880 May 5 15:58:40 mailserver2 MailScanner[1143]: Saved infected "Winzipped-Text_Data .txt .exe" to /var/spool/MailScanner/quarantine/20050505/j45JwXPI029880 I have the archive depth set to 2, but this doesn't seem to affect finding the above virus, as it states it has found Win32.Sober.O. Shouldn't this have just been deleted? It appears that after finding the virus, it does the filename/filetype checks, instead of not delivering the message and attachment. I hope the older log helps someone see something. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Chris Stone" To: Sent: Thursday, May 05, 2005 4:03 PM Subject: Re: ClamAV and MailScanner Bug > On Thursday 05 May 2005 01:54 am, Julian Field wrote: > > On 4 May 2005, at 22:16, Chris Stone wrote: > > > On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: > > >> Julian Field wrote: > > >> I just tried it with 2 Worm.Sober.P messages from my own servers, and > > >> neither of them caused any problem whatsoever. Both caught just fine. > > >> Worked with Maximum Archive Depth = 0 and with = 2. > > > > > > This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module > > > (latest from > > > CPAN). Max Archive Depth = 0. > > > > Chris, can you try with the latest MailScanner please. I still cannot > > find anything unusual whatsoever. You are running with > > > > Max Archive Depth = 0 > > Virus Scanners = clamavmodule > > ClamAV 0.83 > > > > (That's for my reference as people are not being clear as to whether > > they are using "clamav" or "clamavmodule". > > Upgraded to 4.41.3 last night and upgraded ClamAV to 0.84. ClamAVModule is > 0.17. Didn't seem to make a difference. Other viruses are stopped, but Sober > is detected and queued for delivery. > > As I noted in another email, I can get you root access to the server to test > and poke around if you still need to. Email me offlist and I'll get you the > particulars. > > > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:44:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Stone wrote: >On Thursday 05 May 2005 12:15 pm, Julian Field wrote: > > >>It just means that my new code won't be able to help you, that's all. >>The real source of the problem is ClamAV and it missing some of them, >>but they will hopefully fix that very soon so the rest of you are fixed >>too. >> >> >> > >I do have Max Archive depth set to 0 and Sober is blocked on all of my servers >(all using ClamAV 0.84 - some using clamavmodule and some clamav) except for >one which is a G5 OSX running Postfix - others use sendmail. The G5 is >running MS 4.41.3 and the others are all running MS 4.40.9. > > If it was a Postfix problem, then no scanner on any Postfix system would work. And that's not happening so everything should be okay in my code. The bug in Clam may well be platform-specific, which would explain how it happened in the first place. I bet they do most of their development on Linux (just like everyone else :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu May 5 21:49:48 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 05 May 2005 02:44 pm, Julian Field wrote: > If it was a Postfix problem, then no scanner on any Postfix system would > work. And that's not happening so everything should be okay in my code. > The bug in Clam may well be platform-specific, which would explain how > it happened in the first place. I bet they do most of their development > on Linux (just like everyone else :-) Do you want to get into the G5 server and see what it's showing firsthand? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:53:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would advise 4.42.1 at the moment. Jeff A. Earickson wrote: > Julian, > > I coming into this debate at bit late... I'm still running 4.40.11 > on Solaris 9, using: > > Maximum Archive Depth = 2 > Virus Scanners = sophossavi clamavmodule > > I currently using ClamAV 0.84, sophos 3.93, and SA 3.0.3 with 4.40.11. > I'm catching the Sober viruses, but nowhere near as high as others. No > indication that it is getting past MailScanner. > > Time to upgrade MS. Would you recommend 4.41.3 or 4.42.1 at this point? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:55:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't know. Can you send me the output of the clamscan command I published yesterday or earlier today? I wanted to collect some precise first-hand evidence and did not get (m)any takers. Chris Stone wrote: >On Thursday 05 May 2005 02:21 pm, Scott Silva wrote: > > >>If Clam is now going to have problems, maybe it should be noted in the >>docs. >> >> > >If the problem is solely with ClamAV - why is the issue selective. Out of 6 >servers I've setup, I am seeing the problem only with one. The others are >blocking Sober with no problem. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 5 21:56:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That would be very helpful, thanks. Contact me off list with access details. Chris Stone wrote: >On Thursday 05 May 2005 02:44 pm, Julian Field wrote: > > >>If it was a Postfix problem, then no scanner on any Postfix system would >>work. And that's not happening so everything should be okay in my code. >>The bug in Clam may well be platform-specific, which would explain how >>it happened in the first place. I bet they do most of their development >>on Linux (just like everyone else :-) >> >> > >Do you want to get into the G5 server and see what it's showing firsthand? > >Chris > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 22:01:02 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:32 2006 Subject: sober.p Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Hello, > > One of my users has received a message bounce (apparently her e-mail > address was spoofed) with an .eml attachment that had the sober worm in > a zip file. I'm thinking it wasn't detected because of the max depth of > scanning in MS or clamav. What setting do I need to adjust to prevent > instances such as this? > > Thanks, > Rod I saw this today also, but didn,t have time to actually look at the .eml attachment. I'm not sure if blocking by filename.rules would work, or at least not tick off many people. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Thu May 5 22:05:49 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > If it was a Postfix problem, then no scanner on any Postfix system would > work. And that's not happening so everything should be okay in my code. > The bug in Clam may well be platform-specific, which would explain how > it happened in the first place. I bet they do most of their development > on Linux (just like everyone else :-) I'm running; Mandrake 10.0 mailscanner-4.40.6-1 Clamav[module] 0.83 postfix-2.1.1-0.1.100mdk and it appears to be coping with around 300 infected mails per hour. Being a very small ISP/location I would soon know if something 'slipped through' and infected the majority of machines that don't run AV here (that's another - long - story). Report: ClamAV Module: account_info.zip was infected: Worm.Sober.P ClamAV Module: Winzipped-Text_Data.txt .exe was infected: Worm.Sober.P MailScanner: Executable DOS/Windows programs are dangerous in email (Winzipped-Text_Data.txt .exe) Report: MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (Winzipped-Text_Data.txt .pif) Report: ClamAV Module: Winzipped-Text_Data.txt .exe was infected: Worm.Sober.P MailScanner: Executable DOS/Windows programs are dangerous in email (Winzipped-Text_Data.txt .exe) MailScanner: Shortcuts to MS-Dos programs are very dangerous in email (Winzipped-Text_Data.txt .pif) Report: ClamAV Module: account_info.zip was infected: Worm.Sober.P ClamAV Module: Winzipped-Text_Data.txt .exe was infected: Worm.Sober.P Regards, Jon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From TGFurnish at HERFFJONES.COM Thu May 5 22:32:54 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, Julian and Matt. I'll take a look at the generic scanner stuff. Matt, I completely agree with your comments regarding the need for virus scanning. However it's not that virus scanning isn't happening - it just happening on systems other than MailScanner, so adding it to MailScanner in this case would be redundant (not that would be a bad thing either, but it's not urgent at the moment :-) ). > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, May 05, 2005 3:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: block msgs based on filename without using antivirus? > > > You could use the "generic" virus scanner to do this. Read > /usr/lib/MailScanner/generic-wrapper and it explains what you > get given > and what you have to return. > > Then just put "generic" in the list of Virus Scanners in > MailScanner.conf and add your made-up virus name to the list of Silent > Viruses. > > Give me a shout if you want some help, (particularly if you > are able to > contribute) :-) > > If you can give me a simple list of the filenames you are looking for, > then I should be able to write it in a few minutes for you. > > Furnish, Trever G wrote: > > >I have the terrible feeling that a way of doing this ought > to be jumping into my mind, but I'm not getting it. > > > >I have a system configured which barely meets our load under > the current sober onslaught and is not currently configured > with any virus scanning, just spam filtering. As such I > hesitate to add any virus scanning as it might increase the > server load too much. > > > >We're blocking the sober attachment filenames using > filename.rules.conf, and I switched those rules from "deny" > to "deny+delete" (not sure what that option is supposed to do > - couldn't find documentation on it), but that doesn't stop > the rest of the message from being delivered. > > > >Using spamassassin to mark the sober messages as 'high > scoring spam' isn't really an option, because we still > deliver 'high scoring spam' for other business reasons. > > > >Is there any way to delete the sober messages based on > attachment filename, without running antivirus checks? I > suppose I could look at the code that interfaces to the > "real" antivirus engines and hack up an engine to just reject > those messages - I'm hoping there's an easier way. > > > >Thanks, > >Trever > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu May 5 22:51:59 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > If Clam is now going to have problems, maybe it should be noted in the > docs. And why would the same people that don't read the instructions now read it then? # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /var/spool/MailScanner/incoming Julian fixed it now so they don't have to read at all. ;-) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 22:46:23 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Stone wrote: > On Thursday 05 May 2005 02:21 pm, Scott Silva wrote: > >>If Clam is now going to have problems, maybe it should be noted in the >>docs. > > > If the problem is solely with ClamAV - why is the issue selective. Out of 6 > servers I've setup, I am seeing the problem only with one. The others are > blocking Sober with no problem. > > > Chris > There has to be some magic combination of installed files or a stray symlink or something! Are all 6 servers identical? Same distro, age, number of version upgrades, or all the other multitudes of variables that could creep in? Maybe if Julian's latest patch doesn't fix it, some more digging is required. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 5 23:20:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Scott Silva wrote: > >> If Clam is now going to have problems, maybe it should be noted in the >> docs. > > > And why would the same people that don't read the instructions now read > it then? SLAP!! As the bewildered sysop slowly rises from the floor and composes himself from the dose of reality, he exclaimes "I deserved that!!!' -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Fri May 6 00:18:33 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: So how many people run the MailScanner.conf upgrade script (or diff the changes) and of that how many stop and reread the notes that have been added to MailScanner.conf? I'll bet very few if any. As Julian mentioned early, only clamav and mcafee need this path to be absolute. My setup for almost 2 years was with Sophos, then I added Clamav to the scanner list and I was running fine for about 6 months and that was only because Sophos was still in the list. It was only after I removed Sophos from the list of scanner that the problem stood out. I doubt many would have thought to look at that note when in their troubleshooting, they merely changed the scanners to sophos or clamavmodule and saw that they worked. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: Thursday, May 05, 2005 5:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV and MailScanner Bug Scott Silva wrote: > If Clam is now going to have problems, maybe it should be noted in the > docs. And why would the same people that don't read the instructions now read it then? # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /var/spool/MailScanner/incoming Julian fixed it now so they don't have to read at all. ;-) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 6 08:50:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: ClamAV and MailScanner Bug Message-ID: Chris (and anyone else) If you have an example ofthe missed sober.p's can you please please submit them the to clamav team. (theres a virus submit link on the main web page). They need more info on what's getting missed so they can fix the problem. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Stone wrote: > On Thursday 05 May 2005 01:54 am, Julian Field wrote: > >>On 4 May 2005, at 22:16, Chris Stone wrote: >> >>>On Wednesday 04 May 2005 02:57 pm, Julian Field wrote: >>> >>>>Julian Field wrote: >>>>I just tried it with 2 Worm.Sober.P messages from my own servers, and >>>>neither of them caused any problem whatsoever. Both caught just fine. >>>>Worked with Maximum Archive Depth = 0 and with = 2. >>> >>>This problem is with MS 4.34.8 and ClamAV 0.83, ClamAV Module >>>(latest from >>>CPAN). Max Archive Depth = 0. >> >>Chris, can you try with the latest MailScanner please. I still cannot >>find anything unusual whatsoever. You are running with >> >>Max Archive Depth = 0 >>Virus Scanners = clamavmodule >>ClamAV 0.83 >> >>(That's for my reference as people are not being clear as to whether >>they are using "clamav" or "clamavmodule". > > > Upgraded to 4.41.3 last night and upgraded ClamAV to 0.84. ClamAVModule is > 0.17. Didn't seem to make a difference. Other viruses are stopped, but Sober > is detected and queued for delivery. > > As I noted in another email, I can get you root access to the server to test > and poke around if you still need to. Email me offlist and I'll get you the > particulars. > > > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Fri May 6 10:48:56 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:32 2006 Subject: New errors in logs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, --- Julian Field a écrit: > Please upgrade your MailScanner and the problem will > go away. > If you cannot do that for some reason, I will work > out a patch for > this, it's a 1-line change. Upgrade was done a few minutes ago. I'll keep you posted if it does not solve the problem, but from what you said everything should be right. Thanks, Sincerely, NB. __________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 6 11:03:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: Trevor have to considered doing some filtering at the MTA? I mean only allow valid users to recieve email on the inbound MTA. I find this drops about 70% if my traffic. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Furnish, Trever G wrote: > I have the terrible feeling that a way of doing this ought to be jumping into my mind, but I'm not getting it. > > I have a system configured which barely meets our load under the current sober onslaught and is not currently configured with any virus scanning, just spam filtering. As such I hesitate to add any virus scanning as it might increase the server load too much. > > We're blocking the sober attachment filenames using filename.rules.conf, and I switched those rules from "deny" to "deny+delete" (not sure what that option is supposed to do - couldn't find documentation on it), but that doesn't stop the rest of the message from being delivered. > > Using spamassassin to mark the sober messages as 'high scoring spam' isn't really an option, because we still deliver 'high scoring spam' for other business reasons. > > Is there any way to delete the sober messages based on attachment filename, without running antivirus checks? I suppose I could look at the code that interfaces to the "real" antivirus engines and hack up an engine to just reject those messages - I'm hoping there's an easier way. > > Thanks, > Trever > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Fri May 6 11:22:35 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Chris Stone wrote: > >> >> I do have Max Archive depth set to 0 and Sober is blocked on all of >> my servers >> (all using ClamAV 0.84 - some using clamavmodule and some clamav) >> except for >> one which is a G5 OSX running Postfix - others use sendmail. The G5 is >> running MS 4.41.3 and the others are all running MS 4.40.9. >> >> > If it was a Postfix problem, then no scanner on any Postfix system would > work. And that's not happening so everything should be okay in my code. > The bug in Clam may well be platform-specific, which would explain how > it happened in the first place. I bet they do most of their development > on Linux (just like everyone else :-) Its working fine on MailScanner 4.42.1-1 (beta) with Clamav 0.84 on RH system with Postfix 2.1.5 as the MTA. -- Regards, Rakesh B. Pal Project Leader Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Fri May 6 11:42:00 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:32 2006 Subject: block msgs based on filename without using antivirus? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi ! Virusscanning will add some load on you machine -if- these message would also be spamscanned. With an outbreak like this all message catched by the virusscanner will not be processes by SpamAssassin. This will drop the load on the machine significantly :).... So overall it will probably be ok to add a virusscanner to the system. Using recipient verification on the MTA is also a must have! (Someone else mentioned this already). It can never be told to many times :) bye, Chris ----- Original Message ----- From: "Furnish, Trever G" To: Sent: Thursday, May 05, 2005 10:02 PM Subject: block msgs based on filename without using antivirus? I have the terrible feeling that a way of doing this ought to be jumping into my mind, but I'm not getting it. I have a system configured which barely meets our load under the current sober onslaught and is not currently configured with any virus scanning, just spam filtering. As such I hesitate to add any virus scanning as it might increase the server load too much. We're blocking the sober attachment filenames using filename.rules.conf, and I switched those rules from "deny" to "deny+delete" (not sure what that option is supposed to do - couldn't find documentation on it), but that doesn't stop the rest of the message from being delivered. Using spamassassin to mark the sober messages as 'high scoring spam' isn't really an option, because we still deliver 'high scoring spam' for other business reasons. Is there any way to delete the sober messages based on attachment filename, without running antivirus checks? I suppose I could look at the code that interfaces to the "real" antivirus engines and hack up an engine to just reject those messages - I'm hoping there's an easier way. Thanks, Trever ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 6 11:49:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: Sober Message-ID: And another thing for people to check... make sure the libclamav.* are upto date.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rakesh wrote: > Julian Field wrote: > >> Chris Stone wrote: >> >>> >>> I do have Max Archive depth set to 0 and Sober is blocked on all of >>> my servers >>> (all using ClamAV 0.84 - some using clamavmodule and some clamav) >>> except for >>> one which is a G5 OSX running Postfix - others use sendmail. The G5 is >>> running MS 4.41.3 and the others are all running MS 4.40.9. >>> >>> >> If it was a Postfix problem, then no scanner on any Postfix system would >> work. And that's not happening so everything should be okay in my code. >> The bug in Clam may well be platform-specific, which would explain how >> it happened in the first place. I bet they do most of their development >> on Linux (just like everyone else :-) > > > Its working fine on MailScanner 4.42.1-1 (beta) with Clamav 0.84 on RH > system with Postfix 2.1.5 as the MTA. > > -- > > Regards, > Rakesh B. Pal > Project Leader > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================== > Success is how high you reach after you hit the bottom. > ======================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Fri May 6 16:08:07 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:32 2006 Subject: rpm or tar install? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm building a new MS box on RH ES4. What is the preferrred/better method of install, via rpm or manually? thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 6 16:33:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: rpm or tar install? Message-ID: RPM, no question. On 6 May 2005, at 16:08, Matt Kehler wrote: > I'm building a new MS box on RH ES4. What is the preferrred/better > method of install, via rpm or manually? -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Fri May 6 16:47:25 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:32 2006 Subject: Report files of our own Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My boss would like to rewrite the all of the report text files to more suit our(his) environment. I know that if I update, new reports would have to be created, but is there a preferred way to point MS to the new text files? Should we put them in a new folder after rewriting and configure MS to look there? or Change the ones in the existing folder? What concerns for either way are there when updating? Thanks for any opinions. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 6 17:22:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:32 2006 Subject: Report files of our own Message-ID: I would recommend making your own directory of report files and put all of them in there. That way you can be safe nothing nasty will ever happen during an upgrade. The only thing you will need to remember when upgrading is to update the contents of the languages.conf files to ensure you have text supplied for any new phrases listed in there in the new version. You can upgrade the languages.conf file using the upgrade_MailScanner_conf script as both MailScanner.conf and languages.conf actually use the same syntax. cd /etc/MailScanner/reports/yours upgrade_MailScanner_conf /etc/MailScanner/reports/en/languages.conf languages.conf > languages.new mv languages.conf languages.old mv languages.new languages.conf will do the trick for you. On 6 May 2005, at 16:47, Steve Campbell wrote: > My boss would like to rewrite the all of the report text files to > more suit > our(his) environment. I know that if I update, new reports would > have to be > created, but is there a preferred way to point MS to the new text > files? > > Should we put them in a new folder after rewriting and configure MS > to look > there? > or > Change the ones in the existing folder? > > What concerns for either way are there when updating? > > Thanks for any opinions. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Fri May 6 17:22:53 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:32 2006 Subject: Need Recommendations Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I haven't made any modifications to the standard rulesets that come with spamassassin and mailscanner, so I'm just using the defaults. I did however make the following $LANG change and it seems to have cleared up some of my delay issues (found this on Spamassassin's web site, when I did and "echo $LANG" it displayed utf8) Are you using the default $LANG setting? Do this: echo $LANG If it contains "utf8", then that's probably the problem. Change it so it does not contain "utf8" (see RedHatMalformedUtf8 ), and the performance issues will clear up. Run the following to fix: ^ÓLANG=en_US; export LANG^Ô I have upgraded my outdated MX server running on FC1 to the following: mailscanner-4.41.3-1 spamassassin 3.0.3 I was getting slammed with SPAM this week and the upgrade has helped. I continue to get quite a few SPAM messages regarding stock quotes that are driving my users crazy so I need to figure out how to stop these emails. Thanks for everyone's suggestions and if you may have any insight on the SPAM I continue to receive I have included the header info on one of them. HEADER FROM ONE OF THE STOCK SPAM MSGS Date: Tue, 05 Apr 2005 15:54:49 +0500 From: "Jessie Stern" Subject: US h0t st0ck highlights X-Originating-IP: [209.55.66.4] To: Message-ID: <739919397864.GWY65620@retrograde.friendsfabricart.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.8176.93) X-VirusChecked: Checked X-Env-Sender: gantry@catholicfamilycu.com X-StarScan-Version: 5.2.94; banners=S_FROM_DOMAIN,-,- Original-recipient: rfc822;rlett@packagingcorp.com X-pca-MailScanner-Information: Please contact the ISP for more information X-pca-MailScanner: Found to be clean X-pca-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.267, required 4, BAYES_00 -2.60, FORGED_MUA_IMS 2.37, HELO_DYNAMIC_IPADDR2 3.50) X-pca-MailScanner-SpamScore: sss X-MailScanner-From: gkxfbl@creativecircus.net X-MIMETrack: Itemize by SMTP Server on PCALAKLH01/PackagingCorp(Release 6.5.1|January 21, 2004) at 05/06/2005 04:04:27 AM, Serialize by Notes Client on Derek Catanzaro/LAK/PackagingCorp(Release 6.5.1|January 21, 2004) at 05/06/2005 11:21:02 AM, Serialize complete at 05/06/2005 11:21:02 AM Content-type: text/plain Martin Hepworth wrote: > Derek > > any difference in the rules you are running on the FC1 system to the FC2 > system? Any extras in /etc/mail/spamassassin and any RBL's etc. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Derek Catanzaro wrote: > >> 2 MX servers with the following >> >> Dual 933Mhz 1 Gig of memory >> FC1 (mailscanner and spamassassin need to be upgraded) >> mailscanner-4.31.6-1 >> spamassassin-2.63 >> >> 1.7Mhz 512 Memory (desktop) >> FC2 >> mailscanner-4.40.11-1 >> spamassassin-3.0.2-1 >> >> I am experiencing a slow down in the delivery/processing of email on my >> MailScanner servers. I receive roughly 50,000 emails on a daily basis >> and if there is a delay in the processing of any emails it can get >> backed up very quickly. I'm not sure if it is a DNS timing issue?, >> would anyone recommend using local DNS in this case, or does anyone use >> it and have they seen improvements? Can anyone recommend anything in >> the MailScanner.conf file that may help? >> >> I have "Max children" set to 10 on the server with dual process and 5 on >> the server with one processor, and "queue scan interval" is set to 6 on >> both servers as well. I am using Clamav as my virus scanner. Please >> let me know if you need additional info, and thanks in advance for your >> assistance. >> >> Derek >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 6 17:36:33 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:32 2006 Subject: Report files of our own Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said: > I would recommend making your own directory of report files and put > all of them in there. That way you can be safe nothing nasty will > ever happen during an upgrade. > > The only thing you will need to remember when upgrading is to update > the contents of the languages.conf files to ensure you have text > supplied for any new phrases listed in there in the new version. You > can upgrade the languages.conf file using the > upgrade_MailScanner_conf script as both MailScanner.conf and > languages.conf actually use the same syntax. > > cd /etc/MailScanner/reports/yours > upgrade_MailScanner_conf /etc/MailScanner/reports/en/languages.conf > languages.conf > languages.new > mv languages.conf languages.old > mv languages.new languages.conf > > will do the trick for you. Or even link them: cd /etc/MailScanner/reports/yours ln -s /etc/MailScanner/reports/en/languages.conf languages.conf which I have used successfully. Then when the update scripts run your reports are safe and the languages file gets updated. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 6 17:33:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:32 2006 Subject: Need Recommendations Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek ah ok, then make sure you 1) use the surbl.org URI-rbls, these are built into 3.x but need a patch for 2.6x (all available on the web site that tells you how to enable, patch etc). You still need to enable it in SA3.x but its easy todo. 2) drip feed extra rules from www.rulesemporium.com into /etc/mail/spamassassin and watch for improvements. rinse, repeat etc. I've got most of the rules in there on my system and they help immensely. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Derek Catanzaro wrote: > I haven't made any modifications to the standard rulesets that come with > spamassassin and mailscanner, so I'm just using the defaults. I did > however make the following $LANG change and it seems to have cleared up > some of my delay issues (found this on Spamassassin's web site, when I > did and "echo $LANG" it displayed utf8) > Are you using the default $LANG setting? Do this: > echo $LANG > If it contains "utf8", then that's probably the problem. Change it so it > does not contain "utf8" (see RedHatMalformedUtf8 > ), and the > performance issues will clear up. > Run the following to fix: ^ÓLANG=en_US; export LANG^Ô > > I have upgraded my outdated MX server running on FC1 to the following: > mailscanner-4.41.3-1 > spamassassin 3.0.3 > > I was getting slammed with SPAM this week and the upgrade has helped. I > continue to get quite a few SPAM messages regarding stock quotes that > are driving my users crazy so I need to figure out how to stop these > emails. Thanks for everyone's suggestions and if you may have any > insight on the SPAM I continue to receive I have included the header > info on one of them. > > HEADER FROM ONE OF THE STOCK SPAM MSGS > > Date: Tue, 05 Apr 2005 15:54:49 +0500 > From: "Jessie Stern" > Subject: US h0t st0ck highlights > X-Originating-IP: [209.55.66.4] > To: > Message-ID: <739919397864.GWY65620@retrograde.friendsfabricart.com> > MIME-version: 1.0 > X-Mailer: Internet Mail Service (5.5.8176.93) > X-VirusChecked: Checked > X-Env-Sender: gantry@catholicfamilycu.com > X-StarScan-Version: 5.2.94; banners=S_FROM_DOMAIN,-,- > Original-recipient: rfc822;rlett@packagingcorp.com > X-pca-MailScanner-Information: Please contact the ISP for more information > X-pca-MailScanner: Found to be clean > X-pca-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.267, > required 4, > BAYES_00 -2.60, FORGED_MUA_IMS 2.37, HELO_DYNAMIC_IPADDR2 3.50) > X-pca-MailScanner-SpamScore: sss > X-MailScanner-From: gkxfbl@creativecircus.net > X-MIMETrack: Itemize by SMTP Server on PCALAKLH01/PackagingCorp(Release > 6.5.1|January 21, 2004) at > 05/06/2005 04:04:27 AM, > Serialize by Notes Client on Derek Catanzaro/LAK/PackagingCorp(Release > 6.5.1|January 21, 2004) at 05/06/2005 11:21:02 AM, > Serialize complete at 05/06/2005 11:21:02 AM > Content-type: text/plain > > Martin Hepworth wrote: > >> Derek >> >> any difference in the rules you are running on the FC1 system to the FC2 >> system? Any extras in /etc/mail/spamassassin and any RBL's etc. >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Derek Catanzaro wrote: >> >>> 2 MX servers with the following >>> >>> Dual 933Mhz 1 Gig of memory >>> FC1 (mailscanner and spamassassin need to be upgraded) >>> mailscanner-4.31.6-1 >>> spamassassin-2.63 >>> >>> 1.7Mhz 512 Memory (desktop) >>> FC2 >>> mailscanner-4.40.11-1 >>> spamassassin-3.0.2-1 >>> >>> I am experiencing a slow down in the delivery/processing of email on my >>> MailScanner servers. I receive roughly 50,000 emails on a daily basis >>> and if there is a delay in the processing of any emails it can get >>> backed up very quickly. I'm not sure if it is a DNS timing issue?, >>> would anyone recommend using local DNS in this case, or does anyone use >>> it and have they seen improvements? Can anyone recommend anything in >>> the MailScanner.conf file that may help? >>> >>> I have "Max children" set to 10 on the server with dual process and 5 on >>> the server with one processor, and "queue scan interval" is set to 6 on >>> both servers as well. I am using Clamav as my virus scanner. Please >>> let me know if you need additional info, and thanks in advance for your >>> assistance. >>> >>> Derek >>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website > ! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Fri May 6 18:03:23 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:32 2006 Subject: rpm or tar install? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I get the following on RH ES4 when trying to install via RPM..tried to update Convert::BinHex and Mime::Tools manually beforehand but it doesn't seem to work. Any ideas? Funny thing is that halfway through the install it looks like Mime::Tools gets installed fine, as well as Convert::BinHex... error: Failed dependencies: perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1.noarch Oh good, module Convert::TNEF version 0.17 is already installed. Oh good, module Compress::Zlib version 1.33 is already installed. Oh good, module Archive::Zip version 1.14 is already installed. Installing tnef decoder Preparing... ########################################### [100%] package tnef-1.2.3.1-1 is already installed Now to install MailScanner itself. error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch Matt >>> MailScanner@ECS.SOTON.AC.UK 5/6/2005 10:33:23 AM >>> RPM, no question. On 6 May 2005, at 16:08, Matt Kehler wrote: > I'm building a new MS box on RH ES4. What is the preferrred/better > method of install, via rpm or manually? -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Fri May 6 18:04:59 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:32 2006 Subject: Report files of our own Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you Mr. Field and Mr. Marshall. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Drew Marshall" To: Sent: Friday, May 06, 2005 12:36 PM Subject: Re: Report files of our own > Julian Field said: > > I would recommend making your own directory of report files and put > > all of them in there. That way you can be safe nothing nasty will > > ever happen during an upgrade. > > > > The only thing you will need to remember when upgrading is to update > > the contents of the languages.conf files to ensure you have text > > supplied for any new phrases listed in there in the new version. You > > can upgrade the languages.conf file using the > > upgrade_MailScanner_conf script as both MailScanner.conf and > > languages.conf actually use the same syntax. > > > > cd /etc/MailScanner/reports/yours > > upgrade_MailScanner_conf /etc/MailScanner/reports/en/languages.conf > > languages.conf > languages.new > > mv languages.conf languages.old > > mv languages.new languages.conf > > > > will do the trick for you. > > Or even link them: > > cd /etc/MailScanner/reports/yours > ln -s /etc/MailScanner/reports/en/languages.conf languages.conf > > which I have used successfully. Then when the update scripts run your > reports are safe and the languages file gets updated. > > Drew > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fernando at UNIMEP.BR Fri May 6 18:33:43 2005 From: fernando at UNIMEP.BR (FERNANDO COELHO MONTEIRO) Date: Thu Jan 12 21:29:32 2006 Subject: update Version 4.41.3-1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, After I´ve updated the version 4.37.7 to 4.41.3-1 the options to block files by extensions (.exe, .com, etc) stopped to work. The files filename.rules.conf and filetype.rules.conf are Ok. Anybody knows if there is any problem with this version? Thank you. ------------------------------------ Universidade Metodista de Piracicaba Dep. de Tecnologia e Informática Fone: (19) 3124-1651 ------------------------------------ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri May 6 18:47:10 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:32 2006 Subject: Need Recommendations Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Catanzaro wrote: > > > I have upgraded my outdated MX server running on FC1 to the following: > mailscanner-4.41.3-1 > spamassassin 3.0.3 > > I was getting slammed with SPAM this week and the upgrade has helped. > I continue to get quite a few SPAM messages regarding stock quotes > that are driving my users crazy so I need to figure out how to stop > these emails. Thanks for everyone's suggestions and if you may have > any insight on the SPAM I continue to receive I have included the > header info on one of them. > > HEADER FROM ONE OF THE STOCK SPAM MSGS > > X-pca-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.267, > required 4, > BAYES_00 -2.60, FORGED_MUA_IMS 2.37, HELO_DYNAMIC_IPADDR2 3.50) Looking at that, in addition to martin's suggestions, I'd suggest doing some manual bayes training of these messages with sa-learn. However, before doing so, MAKE SURE that your spam.assassin.prefs.conf doesn't contain an in-use bayes_path statement. If it does, you'll need to copy that setting into /root/.spamassassin/user_prefs. Otherwise when root trains mail with sa-learn, all the learning will go into /root/.spamassassin, and not be used by mailscanner. You'll also want to copy other relevant bayes settings like your bayes_ignore_header X-pca-MailScanner-Spamcheck, etc. Ideally if you really feel the need to use a bayes_path statement, it should be in /etc/mail/spamassassin/local.cf, not in any user_prefs file (including spam.assassin.prefs.conf), and it should be coupled with a bayes_file_mode 0777 statement. (site-wide, globally usable bayes db). But, for now doing it this way works, despite the docs saying it won't work. When training, make sure to bring a copy of the real message with complete headers to sa-learn. Don't forward it with a mail-client's forward feature.. Forwarding rewrites the headers and will cause sa-learn to record the fact that all mail with headers like the following are common in spam: From: Matt Kettler Not such a good thing. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri May 6 19:05:38 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:32 2006 Subject: Need Recommendations Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Catanzaro wrote: > I haven't made any modifications to the standard rulesets that come > with spamassassin and mailscanner, so I'm just using the defaults. I > did however make the following $LANG change and it seems to have > cleared up some of my delay issues (found this on Spamassassin's web > site, when I did and "echo $LANG" it displayed utf8) > Are you using the default $LANG setting? Do this: > echo $LANG > If it contains "utf8", then that's probably the problem. Change it so > it does not contain "utf8" (see RedHatMalformedUtf8 > ), and the > performance issues will clear up. > Run the following to fix: ^ÓLANG=en_US; export LANG^Ô Derek, I don't seem to have any problem running with UTF-8 but I noticed grep being quite slow that way. I have added the following aliases to make grep regain its speed: alias grep='LANG=C grep' alias egrep='LANG=C egrep' alias zgrep='LANG=C zgrep' alias zegrep='LANG=C zegrep' Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From mkehler at WRHA.MB.CA Fri May 6 19:20:32 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:32 2006 Subject: rpm or tar install? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, 4.33.3-1 seems to install fine as long as I put perl-MIME-tools-5.411-pl4.3.noarch.rpm into /usr/src/redhat/RPMS/noarch prior to install. Tried to install 4.41.3-1 after that, still no go. Same errors. Any ideas? Or should I just quit and stick with 4.33.3-1? MK >>>>>>>>>>> Thanks. I get the following on RH ES4 when trying to install via RPM..tried to update Convert::BinHex and Mime::Tools manually beforehand but it doesn't seem to work. Any ideas? Funny thing is that halfway through the install it looks like Mime::Tools gets installed fine, as well as Convert::BinHex... error: Failed dependencies: perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1.noarch Oh good, module Convert::TNEF version 0.17 is already installed. Oh good, module Compress::Zlib version 1.33 is already installed. Oh good, module Archive::Zip version 1.14 is already installed. Installing tnef decoder Preparing... ########################################### [100%] package tnef-1.2.3.1-1 is already installed Now to install MailScanner itself. error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch Matt >>> MailScanner@ECS.SOTON.AC.UK 5/6/2005 10:33:23 AM >>> RPM, no question. On 6 May 2005, at 16:08, Matt Kehler wrote: > I'm building a new MS box on RH ES4. What is the preferrred/better > method of install, via rpm or manually? -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Fri May 6 22:15:09 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:32 2006 Subject: Milters and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just a quick question, is it possible to run a Milter with MailScanner? I'm seriously thinking of adding greylisting to my MX server because mostly it gets nothing but spam. I did look through the FAQs and MAQs and didn't find anything about it. TIA, -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri May 6 22:25:07 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:32 2006 Subject: Milters and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doc Schneider wrote: > Just a quick question, is it possible to run a Milter with MailScanner? > I'm seriously thinking of adding greylisting to my MX server because > mostly it gets nothing but spam. Short answer - yes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Fri May 6 22:30:17 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:33 2006 Subject: Milters and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight wrote: > Doc Schneider wrote: > >>Just a quick question, is it possible to run a Milter with MailScanner? >>I'm seriously thinking of adding greylisting to my MX server because >>mostly it gets nothing but spam. > > Short answer - yes Well thanks! I know how to do them was just curious if it would break something in MS by using it... you never know. I know MS honors Sendmails configuration options, Thanks again. -Doc ps. any recommendations for greylisting milters which use MySQL as a back end? I'll do a freshmeat search and sourceforge search here in a bit but just wondered what others are using. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri May 6 22:53:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:33 2006 Subject: Milters and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doc Schneider wrote: > Michele Neylon:: Blacknight wrote: > >> Doc Schneider wrote: >> >>> Just a quick question, is it possible to run a Milter with MailScanner? >>> I'm seriously thinking of adding greylisting to my MX server because >>> mostly it gets nothing but spam. >> >> >> Short answer - yes > > > Well thanks! I know how to do them was just curious if it would break > something in MS by using it... you never know. > > I know MS honors Sendmails configuration options, And as a medium length answer: Yes, I use milter-greylist 2.0b5 in conjunction with Sendmail and MailScanner-4.42-1. No problems whatsoever adding milter-greylist, I just added it exactly as per the directions. No accommodations for MailScanner were needed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Sat May 7 00:09:07 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:29:33 2006 Subject: MailScanner: Not scanned: please contact your Internet Administrator for details Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi, ive checked the headers and i found this line Not scanned: please contact your Internet Administrator for details Where do should i look in my MailScanner config areas concerned? TIA Nats ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Sat May 7 01:22:32 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:33 2006 Subject: bayes_toks.expireXXXX are being created Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are tons of bayes_toks.expireXXXX files being created in my /etc/MailScanner/bayes folder. How can I stop this? I running out of disk space. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat May 7 01:31:09 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:33 2006 Subject: bayes_toks.expireXXXX are being created Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > There are tons of bayes_toks.expireXXXX files being created in my > /etc/MailScanner/bayes folder. How can I stop this? I running out of > disk space. Search the archives, there's been lots of posts regarding this. In the meantime, you can safely have a cron script delete all expire files older than one day. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat May 7 02:13:22 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:33 2006 Subject: MailScanner: Not scanned: please contact your Internet Administrator for details Message-ID: nats <> wrote: > hi, > > ive checked the headers and i found this line > > Not scanned: please contact your Internet Administrator for details > > Where do should i look in my MailScanner config areas concerned? Could you please provide a little more context? --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat May 7 02:15:54 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:33 2006 Subject: OT: stupid spammers. FW: Request > Spam block list refresh Message-ID: I just got this and I can't stop laughing. I'm sure some of you have gotten it too, but I still wanted to share. "Hay guys we were spamming, but we're not anymore here's a spam to prove it." Even if they were legitimately delisted it's still pretty dumb to follow that up with a "check your configuration for little-old-me" email. Come on. --J(K) Bodtke, Peter wrote: > Dear Postmaster > > We are requesting your assistance to deliver a newsletter that was > requested by our customers. > > Earlier this week we released a large email campaign that > unfortunately caused our domain to be listed on several spam blocking > services: SpamCop, Composite Blocking List and SpamHaus. We have been > de-listed from the spam databases maintained these services. Kindly > refresh or download your blocking list with the service you use to > populate your spam filtering system. If you have any questions, feel > free to contact me. > > Thanks in advance for your assistance, > > Peter Bodtke > Newsletter Email System Administrator > ThomsonMedia > 1 State Street Plaza > NY NY 1004 > (212) 803-8737 > peter.bodtke@thomsonmedia.com > lyrisadmin@thomsonmedia.com > > > > > "This communication is intended solely for the addressee and is > confidential and not for third party unauthorized distribution." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Sat May 7 03:40:15 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:33 2006 Subject: stupid spammers. FW: Request > Spam block list refresh Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I got it too... equally amused :) ----- Original Message ----- From: "Jason Balicki" To: Sent: Friday, May 06, 2005 8:15 PM Subject: OT: stupid spammers. FW: Request > Spam block list refresh >I just got this and I can't stop laughing. I'm > sure some of you have gotten it too, but I still > wanted to share. > > "Hay guys we were spamming, but we're not anymore > here's a spam to prove it." > > Even if they were legitimately delisted it's still > pretty dumb to follow that up with a "check your > configuration for little-old-me" email. Come on. > > --J(K) > > Bodtke, Peter wrote: >> Dear Postmaster >> >> We are requesting your assistance to deliver a newsletter that was >> requested by our customers. >> >> Earlier this week we released a large email campaign that >> unfortunately caused our domain to be listed on several spam blocking >> services: SpamCop, Composite Blocking List and SpamHaus. We have been >> de-listed from the spam databases maintained these services. Kindly >> refresh or download your blocking list with the service you use to >> populate your spam filtering system. If you have any questions, feel >> free to contact me. >> >> Thanks in advance for your assistance, >> >> Peter Bodtke >> Newsletter Email System Administrator >> ThomsonMedia >> 1 State Street Plaza >> NY NY 1004 >> (212) 803-8737 >> peter.bodtke@thomsonmedia.com >> lyrisadmin@thomsonmedia.com >> >> >> >> >> "This communication is intended solely for the addressee and is >> confidential and not for third party unauthorized distribution." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat May 7 12:58:16 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:33 2006 Subject: stupid spammers. FW: Request > Spam block list refresh Message-ID: me too... thomsonmedia.com has gone into my spamblock list as a result of their blurb to everybody. On Fri, 6 May 2005, Tracy Greggs wrote: > Date: Fri, 6 May 2005 21:40:15 -0500 > From: Tracy Greggs > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: stupid spammers. FW: Request > Spam block list refresh > > I got it too... equally amused :) > > > ----- Original Message ----- > From: "Jason Balicki" > To: > Sent: Friday, May 06, 2005 8:15 PM > Subject: OT: stupid spammers. FW: Request > Spam block list refresh > > >> I just got this and I can't stop laughing. I'm >> sure some of you have gotten it too, but I still >> wanted to share. >> >> "Hay guys we were spamming, but we're not anymore >> here's a spam to prove it." >> >> Even if they were legitimately delisted it's still >> pretty dumb to follow that up with a "check your >> configuration for little-old-me" email. Come on. >> >> --J(K) >> >> Bodtke, Peter wrote: >>> Dear Postmaster >>> >>> We are requesting your assistance to deliver a newsletter that was >>> requested by our customers. >>> >>> Earlier this week we released a large email campaign that >>> unfortunately caused our domain to be listed on several spam blocking >>> services: SpamCop, Composite Blocking List and SpamHaus. We have been >>> de-listed from the spam databases maintained these services. Kindly >>> refresh or download your blocking list with the service you use to >>> populate your spam filtering system. If you have any questions, feel >>> free to contact me. >>> >>> Thanks in advance for your assistance, >>> >>> Peter Bodtke >>> Newsletter Email System Administrator >>> ThomsonMedia >>> 1 State Street Plaza >>> NY NY 1004 >>> (212) 803-8737 >>> peter.bodtke@thomsonmedia.com >>> lyrisadmin@thomsonmedia.com >>> >>> >>> >>> >>> "This communication is intended solely for the addressee and is >>> confidential and not for third party unauthorized distribution." >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Oklahoma Network Consulting has scanned this >> message for viruses and dangerous content with >> MailScanner, and commercial virus scanners McAfee >> and F-Prot and is believed to be clean. >> --- > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat May 7 14:47:32 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:33 2006 Subject: IPBlock and db 4.3.28 breakage Message-ID: Julian, Setup: Solaris 9, MS 4.42.1. Yesterday I upgraded from Sleepycat 4.3.27 to 4.3.28 (which MS and sendmail use) and I noticed from my IPBlock cron job (the script you provide at the bottom of CustomConfig.pm) that it started failing with: Failed to open /etc/mail/db/access.db, have you got the path wrong? No such file or directory This is the correct path to my access.db file. When I rolled back to 4.3.27, the problem went away. The db 4.3.28 changelog is at: http://www.sleepycat.com/update/4.3.27/if.4.3.27.html Sendmail is happy with alias updates and other db changes with 4.3.28. Any ideas? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From k.joch at CTSEURO.COM Sat May 7 19:57:10 2005 From: k.joch at CTSEURO.COM (Karl M. Joch) Date: Thu Jan 12 21:29:33 2006 Subject: ProcessClamAVOutput Empty file?? Message-ID: Hello, i have lot of errors on 10 servers after updating to clamav 0.84. running clamav 0.84 and mailscanner 4.40.11 all other server running clamav -0.83 and mailscanner -4.40.11 runs without problems. the message is always the same: May 7 03:59:57 SERVER MailScanner[22404]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/22404/./j471xHwA030001/msg-22404-21.txt: Empty file". Please contact the authors! many thanks for any hint. -- Best regards / Mit freundlichen Gruessen, Karl M. Joch k.joch@ctseuro.com HOTLINE: 0900 900 921 CTS Consulting & Trade Service A-5020 Salzburg, Fuerstallergasse 36 http://www.ctseuro.com Tel: +43-662-621559-0 Fax: +43-662-621559-22 Unsere Services: http://www.ctseuro.com - Netzwerk und Sicherheitstechnik http://www.freebsd.at - Das Power Betriebssystem http://www.mydynip.org - Dynamischer DNS Service mit IPv6 Support ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Sat May 7 21:28:20 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:33 2006 Subject: Updated list of Perl Modules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I'm getting ready to upgrade from MS 4.33.3 to 4.41.3, and noticed that the Changelog entries from 4.33.3 and up mention several updated Perl module requirements. However, the list at: http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml ..does not seem to have been kept current. Is there a list of required Perl modules/versions elsewhere that I can use during my upgrade procedure? I'm using the tar based distro and will be installing by hand. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat May 7 22:08:14 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:33 2006 Subject: ProcessClamAVOutput Empty file?? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Karl M. Joch > Sent: Saturday, May 07, 2005 2:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ProcessClamAVOutput Empty file?? > > Hello, > > i have lot of errors on 10 servers after updating to clamav 0.84. > > running clamav 0.84 and mailscanner 4.40.11 > > all other server running clamav -0.83 and mailscanner -4.40.11 runs > without > problems. > > the message is always the same: > > May 7 03:59:57 SERVER MailScanner[22404]: ProcessClamAVOutput: > unrecognised > line > "/var/spool/MailScanner/incoming/22404/./j471xHwA030001/msg-22404-21.txt: > Empty file". Please contact the authors! > > many thanks for any hint. > > -- > Best regards / Mit freundlichen Gruessen, > > Karl M. Joch > k.joch@ctseuro.com > > This was answered please check the list archives for more details. Short answer - ClamAV is still working, to get rid of the error messages: Either use calmavmodule, not clamav to call ClamAV in MailScanner. Or Update to the latest stable MailScanner. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wollie at FEYERABEND.LIS.BREMEN.DE Sat May 7 22:44:18 2005 From: wollie at FEYERABEND.LIS.BREMEN.DE (Wolfgang Kohnen (FEYERABEND)) Date: Thu Jan 12 21:29:33 2006 Subject: spam messages freeze Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [I had to resend this mail to this list, because I've sent it from a wrong address.] Hi folks, this is a cross post to exim and mailscanner lists, 'cause I don't know where I should search for a solution, or where I should ask. I just switched on my new exim4 with MS (debian sarge) and the first mails I receive are spams, of course. I see lots of spam coming in with envelope-to: <> to non existent users and these messages freeze, since there is no address to bounce to. Well, this seems to be a ususal spam strategy and that my exim seems to be configured wrong, isn't it? Why does exim try to bounce these messages? Maybe this is related to MailScanner? One of the message logs look like this: 1DUVBW-0005d6-9L-H Debian-exim 102 102 <> 1115494918 0 -ident Debian-exim -received_protocol local -body_linecount 72 -allow_unqualified_recipient -allow_unqualified_sender -frozen 1115494918 -localerror XX 1 claudia@sat.1.de 154P Received: from Debian-exim by feyerabend.lis.bremen.de with local (Exim 4.50) id 1DUVBW-0005d6-9L for claudia@sat.1.de; Sat, 07 May 2005 21:41:58 +0200 043 X-Failed-Recipients: michael@lis.bremen.de 031 Auto-Submitted: auto-generated 057F From: Mail Delivery System 021T To: claudia@sat.1.de 059 Subject: Mail delivery failed: returning message to sender 057I Message-Id: 038 Date: Sat, 07 May 2005 21:41:58 +0200 The mail body looks like this: 1DUVBW-0005d6-9L-D This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: michael@lis.bremen.de LMTP error after RCPT TO:: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from p54ac77df.dip.t-dialin.net ([84.172.119.223] helo=sat.1.de) by feyerabend.lis.bremen.de with esmtp (Exim 4.50) id 1DUVBG-0005cT-Uw for michael@lis.bremen.de; Sat, 07 May 2005 21:41:49 +0200 From: claudia@sat.1.de To: michael@lis.bremen.de Date: Sat, 7 May 2005 21:40:58 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_60E1DAD0.BCAFD50F" X-Priority: 3 X-MSMail-Priority: Normal X-lis.bremen.de-MailScanner: Found to be infected X-Spam-Level: **** X-MailScanner-From: claudia@sat.1.de Subject: {Virus!} This is a multi-part message in MIME format. ------=_NextPart_000_0014_60E1DAD0.BCAFD50F Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Mail transaction failed. Partial message is available. ------=_NextPart_000_0014_60E1DAD0.BCAFD50F Content-Type: text/plain; charset="ISO-8859-1"; name="WARNUNG.txt" Content-Disposition: attachment; filename="WARNUNG.txt" Content-Transfer-Encoding: quoted-printable [continuing with attachements substituted by my MS. (W32/Mytob-R etc. found)] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at WOZENILEK.DE Sun May 8 10:49:05 2005 From: mail at WOZENILEK.DE (Martin Wozenilek) Date: Thu Jan 12 21:29:33 2006 Subject: Problem with MIME/QuotedPrint.pm since update to mailscanner-4.40.11-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Enviroment: Fedora Core 2 mailscanner-4.40.11-1 Perl 5.8.3 spamassassin-3.0.1-0 Of course this is a perl problem ... but since i've updated to mailscanner-4.40.11-1 i have a problem when i call sa-learn from spamassassin. I get always the following error: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm line 77. The corresponding code in QuotedPrint.pm is here: use vars qw(@ISA $VERSION); use MIME::Decoder; use MIME::QuotedPrint; @ISA = qw(MIME::Decoder); # The package version, both in 1.23 style *and* usable by MakeMaker: $VERSION = "5.417"; #------------------------------ # If we have MIME::QuotedPrint 3.03 or later, use the three-argument # version. If we have an earlier version of MIME::QuotedPrint, we # may get the wrong results. However, on some systems (RH Linux, # for example), MIME::QuotedPrint is part of the Perl package and # upgrading it separately breaks their magic auto-update tools. # We are supporting older versions of MIME::QuotedPrint even though # they may give incorrect results simply because it's too painful # for many people to upgrade. # The following code is horrible. I know. Beat me up. --dfs BEGIN { if (!defined(&encode_qp_threearg)) { if ($::MIME::QuotedPrint::VERSION >= 3.03) { eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift, shift, shift); }'; } else { eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift); }'; } } } I'm not a perl expert. But the variable $::MIME::QuotedPrint::VERSION seems not to be defined anywhere in the code. Or is this a perl system variable? The other thing I don't understand: /usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm is linked to /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/QuotedPrint.pm. And this is version 5.417. When the script knows that it is 5.417 why this "if bla bla bla >= 3.03 eval bla bla bla" code? This problem does not exist before the update. Does anybody else have this problem also? Thanks for your help! -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: mail@wozenilek.de PGP-Key-ID: 0x00105C52 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 8 13:02:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: rpm or tar install? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is failing to build the MIME-tools for some reason, you need to look at that and work out why. I would not advise just sticking with the (very) old version. You need to look at why it is failing on your system. The output from the ./install.sh script, while it is trying to build perl-MIME-tools, will tell you what is going wrong. Matt Kehler wrote: > Well, 4.33.3-1 seems to install fine as long as I put > perl-MIME-tools-5.411-pl4.3.noarch.rpm into > /usr/src/redhat/RPMS/noarch prior to install. Tried to install > 4.41.3-1 after that, still no go. Same errors. Any ideas? Or should > I just quit and stick with 4.33.3-1? > > MK > > >>>>>>>>>>> > > Thanks. I get the following on RH ES4 when trying to install via > RPM..tried to update Convert::BinHex and Mime::Tools manually > beforehand but it doesn't seem to work. Any ideas? Funny thing is > that halfway through the install it looks like Mime::Tools gets > installed fine, as well as Convert::BinHex... > > > error: Failed dependencies: > perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1.noarch > > Oh good, module Convert::TNEF version 0.17 is already installed. > > Oh good, module Compress::Zlib version 1.33 is already installed. > > Oh good, module Archive::Zip version 1.14 is already installed. > > Installing tnef decoder > > Preparing... > ########################################### [100%] > package tnef-1.2.3.1-1 is already installed > > Now to install MailScanner itself. > > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch > > Matt > > >>> MailScanner@ECS.SOTON.AC.UK 5/6/2005 10:33:23 AM >>> > RPM, no question. > > On 6 May 2005, at 16:08, Matt Kehler wrote: > > > I'm building a new MS box on RH ES4. What is the preferrred/better > > method of install, via rpm or manually? > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 8 13:06:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: Updated list of Perl Modules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just run the ./install.sh script in the MailScanner package you download, and it will install all the modules it needs. I agree that yes, the docs are out of date. Mike Bacher wrote: > Hi all, > > I'm getting ready to upgrade from MS 4.33.3 to 4.41.3, and noticed > that the > Changelog entries from 4.33.3 and up mention several updated Perl module > requirements. However, the list at: > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml > > ..does not seem to have been kept current. Is there a list of > required Perl > modules/versions elsewhere that I can use during my upgrade > procedure? I'm > using the tar based distro and will be installing by hand. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 8 13:08:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: Problem with MIME/QuotedPrint.pm since update to mailscanner-4.40.11-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try upgrading to the latest MIME::Base64 module with CPAN. perl -MCPAN -e shell install MIME::Base64 Martin Wozenilek wrote: >Enviroment: >Fedora Core 2 >mailscanner-4.40.11-1 >Perl 5.8.3 >spamassassin-3.0.1-0 > >Of course this is a perl problem ... but since i've updated to >mailscanner-4.40.11-1 i have a problem when i call sa-learn from >spamassassin. I get always the following error: > >Use of uninitialized value in numeric ge (>=) at >/usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm line 77. > >The corresponding code in QuotedPrint.pm is here: > >use vars qw(@ISA $VERSION); >use MIME::Decoder; >use MIME::QuotedPrint; > >@ISA = qw(MIME::Decoder); > ># The package version, both in 1.23 style *and* usable by MakeMaker: >$VERSION = "5.417"; > >#------------------------------ ># If we have MIME::QuotedPrint 3.03 or later, use the three-argument ># version. If we have an earlier version of MIME::QuotedPrint, we ># may get the wrong results. However, on some systems (RH Linux, ># for example), MIME::QuotedPrint is part of the Perl package and ># upgrading it separately breaks their magic auto-update tools. ># We are supporting older versions of MIME::QuotedPrint even though ># they may give incorrect results simply because it's too painful ># for many people to upgrade. > ># The following code is horrible. I know. Beat me up. --dfs >BEGIN { > if (!defined(&encode_qp_threearg)) { > if ($::MIME::QuotedPrint::VERSION >= 3.03) { > eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift, >shift, shift); }'; > } else { > eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift); }'; > } > } >} > >I'm not a perl expert. But the variable $::MIME::QuotedPrint::VERSION >seems not to be defined anywhere in the code. Or is this a perl system >variable? The other thing I don't understand: >/usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm is linked to >/usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/QuotedPrint.pm. And this is >version 5.417. When the script knows that it is 5.417 why this "if bla >bla bla >= 3.03 eval bla bla bla" code? > >This problem does not exist before the update. Does anybody else have >this problem also? > >Thanks for your help! > >-- >Martin Wozenilek >Am Langberg 91a >21033 Hamburg >mailto: mail@wozenilek.de >PGP-Key-ID: 0x00105C52 > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at WOZENILEK.DE Sun May 8 13:41:40 2005 From: mail at WOZENILEK.DE (Martin Wozenilek) Date: Thu Jan 12 21:29:33 2006 Subject: Problem with MIME/QuotedPrint.pm since update to mailscanner-4.40.11-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! Now it's working ... i'm sorry to bother you with this stupid questions. It's very confusing with all these perl-directories on fedora: /usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm /usr/lib/perl5/5.8.3/i386-linux-thread-multi/MIME/QuotedPrint.pm But that's another story i've to learn ... ;-) Thanks a lot! Julian Field wrote: > Try upgrading to the latest MIME::Base64 module with CPAN. > > perl -MCPAN -e shell > install MIME::Base64 > > > Martin Wozenilek wrote: > >> Enviroment: >> Fedora Core 2 >> mailscanner-4.40.11-1 >> Perl 5.8.3 >> spamassassin-3.0.1-0 >> >> Of course this is a perl problem ... but since i've updated to >> mailscanner-4.40.11-1 i have a problem when i call sa-learn from >> spamassassin. I get always the following error: >> >> Use of uninitialized value in numeric ge (>=) at >> /usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm line 77. >> >> The corresponding code in QuotedPrint.pm is here: >> >> use vars qw(@ISA $VERSION); >> use MIME::Decoder; >> use MIME::QuotedPrint; >> >> @ISA = qw(MIME::Decoder); >> >> # The package version, both in 1.23 style *and* usable by MakeMaker: >> $VERSION = "5.417"; >> >> #------------------------------ >> # If we have MIME::QuotedPrint 3.03 or later, use the three-argument >> # version. If we have an earlier version of MIME::QuotedPrint, we >> # may get the wrong results. However, on some systems (RH Linux, >> # for example), MIME::QuotedPrint is part of the Perl package and >> # upgrading it separately breaks their magic auto-update tools. >> # We are supporting older versions of MIME::QuotedPrint even though >> # they may give incorrect results simply because it's too painful >> # for many people to upgrade. >> >> # The following code is horrible. I know. Beat me up. --dfs >> BEGIN { >> if (!defined(&encode_qp_threearg)) { >> if ($::MIME::QuotedPrint::VERSION >= 3.03) { >> eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift, >> shift, shift); }'; >> } else { >> eval 'sub encode_qp_threearg ( $$$ ) { encode_qp(shift); }'; >> } >> } >> } >> >> I'm not a perl expert. But the variable $::MIME::QuotedPrint::VERSION >> seems not to be defined anywhere in the code. Or is this a perl system >> variable? The other thing I don't understand: >> /usr/lib/perl5/site_perl/5.8.3/MIME/QuotedPrint.pm is linked to >> /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/QuotedPrint.pm. And this is >> version 5.417. When the script knows that it is 5.417 why this "if bla >> bla bla >= 3.03 eval bla bla bla" code? >> >> This problem does not exist before the update. Does anybody else have >> this problem also? >> >> Thanks for your help! >> >> -- >> Martin Wozenilek >> Am Langberg 91a >> 21033 Hamburg >> mailto: mail@wozenilek.de >> PGP-Key-ID: 0x00105C52 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: mail@wozenilek.de PGP-Key-ID: 0x00105C52 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Sun May 8 14:04:32 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:33 2006 Subject: Updated list of Perl Modules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Just run the ./install.sh script in the MailScanner package you > download, and it will install all the modules it needs. > > I agree that yes, the docs are out of date. Hi Julian, I had up to this point (and prefer to) install my Perl modules via CPAN/BSDPAN as it just makes it easier to keep track of on FreeBSD. So, I ended up cat'ing the install script to find the versions of the Perl modules needed and installed it that way. So far, no problems. When I deploy additional MailScanner boxes, I might go with the install-from-tarball method instead. Thanks. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frcaen at gmail.com Sun May 8 23:43:54 2005 From: frcaen at gmail.com (Francois Caen) Date: Thu Jan 12 21:29:33 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 3/31/05, Chris Trudeau wrote: > Just installed 4.39.6. With Sophos/Clamav Have tried starting in debug > mode > and everything seems fine....messages are received, and it appears that > MailScanner launches and starts to scan, but never finishes. > No listing of the mqueue, mqueue.in or incoming directories show any files > at all, the message just seems to vanish. I'm having the exact same problem. mailscanner-4.41.3-1 on CentOS4 on dual-Xeon x86_64 Did anyone find the solution to this mystery? Francois Caen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 10:16:17 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: Andreas Svensson [mailto:andreas.svensson@HALLSBERG.SE] > Sent: den 4 maj 2005 11:09 > To: MAILSCANNER@JISCMAIL.AC.UK; Steen, Glenn > Cc: No Name > Subject: Panda not working > > > Hello. > I can't get the panda-wrapper to work. > It did work when i installed a server last year. > Installing a new box today, panda-wrapper dosen't work, Clam > works fine. > Checking my old box and panda-wrapper isn't running there either. > Checking a friends box, same thing there, Panda-wrapper isn't working. > > Any clue to get this working? > > /Andreas Svensson, Hallsbergs Kommun, Sweden. > > Ps. Glenn, did you get this to work? Unfortunately no. As work progressed in diverse directions, I came to "realize" the problems Julian mentions in his reply... If they could provide an option for "plaintext output" (which BTW would benefit all users of Panda, not just us:-), the rest would be easy:). -- Glenn > > > On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn > wrote: > > >It needs the -aut -nso options (like MS will call it ... + the -aex). > > > >Otherwise it'll hang on user input (and "beep" its little > heart out:-) > > > >We'll try work more on this next week, eh Paul. > > > >-- Glenn > > > > > >-----Original Message----- > >From: MailScanner mailing list on behalf of Paul Welsh > >Sent: fr 2005-03-11 21:01 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Cc: > >Subject: Re: Panda not working > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > >> Sent: 11 March 2005 19:09 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: Panda not working > >> > >Just tried the free Panda and called it with the wrapper. > It just "hangs". > >I used this command: > > > >/usr/lib/MailScanner/panda-wrapper /usr /tmp > > > >The rpm I installed the free ver from was: > > > >3878658 Aug 31 2004 pavcl_linux_i386.rpm > > > >The eval was: > > > >2352673 Mar 8 21:32 pavcl_linux_i386.rpm > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon May 9 10:48:15 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:29:33 2006 Subject: bayes_toks.expireXXXX are being created Message-ID: On Fri, 6 May 2005, Devon Harding wrote: > There are tons of bayes_toks.expireXXXX files being created in my > /etc/MailScanner/bayes folder. How can I stop this? I running out of disk > space. Recent versions of MailScanner fix this problem (we, too, used to be badly affected by it). So I recommend upgrading to the current stable version of MailScanner. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Mon May 9 11:17:13 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:29:33 2006 Subject: Sv: Re: Panda not working Message-ID: I noticed that the Amavis-new "scanner" works with panda... In their conf they have: <--- ### http://www.pandasoftware.com/ ['Panda Antivirus for Linux', ['pavcl'], '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', qr/Number of files infected[ .]*: 0(?!\d)/, qr/Number of files infected[ .]*: 0*[1-9]/, qr/Found virus :\s*(\S+)/ ], ---> Does this help us? /Andreas >>> Glenn.Steen@AP1.SE 2005-05-09 11:16:17 >>> > -----Original Message----- > From: Andreas Svensson [mailto:andreas.svensson@HALLSBERG.SE] > Sent: den 4 maj 2005 11:09 > To: MAILSCANNER@JISCMAIL.AC.UK; Steen, Glenn > Cc: No Name > Subject: Panda not working > > > Hello. > I can't get the panda-wrapper to work. > It did work when i installed a server last year. > Installing a new box today, panda-wrapper dosen't work, Clam > works fine. > Checking my old box and panda-wrapper isn't running there either. > Checking a friends box, same thing there, Panda-wrapper isn't working. > > Any clue to get this working? > > /Andreas Svensson, Hallsbergs Kommun, Sweden. > > Ps. Glenn, did you get this to work? Unfortunately no. As work progressed in diverse directions, I came to "realize" the problems Julian mentions in his reply... If they could provide an option for "plaintext output" (which BTW would benefit all users of Panda, not just us:-), the rest would be easy:). -- Glenn > > > On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn > wrote: > > >It needs the -aut -nso options (like MS will call it ... + the -aex). > > > >Otherwise it'll hang on user input (and "beep" its little > heart out:-) > > > >We'll try work more on this next week, eh Paul. > > > >-- Glenn > > > > > >-----Original Message----- > >From: MailScanner mailing list on behalf of Paul Welsh > >Sent: fr 2005-03-11 21:01 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Cc: > >Subject: Re: Panda not working > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > >> Sent: 11 March 2005 19:09 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: Panda not working > >> > >Just tried the free Panda and called it with the wrapper. > It just "hangs". > >I used this command: > > > >/usr/lib/MailScanner/panda-wrapper /usr /tmp > > > >The rpm I installed the free ver from was: > > > >3878658 Aug 31 2004 pavcl_linux_i386.rpm > > > >The eval was: > > > >2352673 Mar 8 21:32 pavcl_linux_i386.rpm > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 12:00:52 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > Sent: den 9 maj 2005 12:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sv: Re: Panda not working > > > I noticed that the Amavis-new "scanner" works with panda... > In their conf they have: > <--- > ### http://www.pandasoftware.com/ > ['Panda Antivirus for Linux', ['pavcl'], > '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', > qr/Number of files infected[ .]*: 0(?!\d)/, > qr/Number of files infected[ .]*: 0*[1-9]/, > qr/Found virus :\s*(\S+)/ ], > ---> > Does this help us? > /Andreas Nope. The thing is, they garble up the output (curses/TERM issues) and well.. that gets kind of "dangerous" in batch mode... Who wan'ts an AV that is "mostly right" or "sometimes wrong"? Not me. If amavis spawns one pavcl/message, they might get it right most of the time, but... Well, I'm no amavis guru:-). Chances are that they're fooling themselves too:). -- Glenn > > > >>> Glenn.Steen@AP1.SE 2005-05-09 11:16:17 >>> > > -----Original Message----- > > From: Andreas Svensson [mailto:andreas.svensson@HALLSBERG.SE] > > Sent: den 4 maj 2005 11:09 > > To: MAILSCANNER@JISCMAIL.AC.UK; Steen, Glenn > > Cc: No Name > > Subject: Panda not working > > > > > > Hello. > > I can't get the panda-wrapper to work. > > It did work when i installed a server last year. > > Installing a new box today, panda-wrapper dosen't work, Clam > > works fine. > > Checking my old box and panda-wrapper isn't running there either. > > Checking a friends box, same thing there, Panda-wrapper isn't > working. > > > > Any clue to get this working? > > > > /Andreas Svensson, Hallsbergs Kommun, Sweden. > > > > Ps. Glenn, did you get this to work? > Unfortunately no. As work progressed in diverse directions, I came to > "realize" the problems Julian mentions in his reply... If they could > provide an option for "plaintext output" (which BTW would benefit all > users of Panda, not just us:-), the rest would be easy:). > > -- Glenn > > > > > > > On Sat, 12 Mar 2005 12:34:49 +0100, Steen, Glenn > > wrote: > > > > >It needs the -aut -nso options (like MS will call it ... + the > -aex). > > > > > >Otherwise it'll hang on user input (and "beep" its little > > heart out:-) > > > > > >We'll try work more on this next week, eh Paul. > > > > > >-- Glenn > > > > > > > > >-----Original Message----- > > >From: MailScanner mailing list on behalf of Paul Welsh > > >Sent: fr 2005-03-11 21:01 > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Cc: > > >Subject: Re: Panda not working > > >> -----Original Message----- > > >> From: MailScanner mailing list > > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > > >> Sent: 11 March 2005 19:09 > > >> To: MAILSCANNER@JISCMAIL.AC.UK > > >> Subject: Re: Panda not working > > >> > > >Just tried the free Panda and called it with the wrapper. > > It just "hangs". > > >I used this command: > > > > > >/usr/lib/MailScanner/panda-wrapper /usr /tmp > > > > > >The rpm I installed the free ver from was: > > > > > >3878658 Aug 31 2004 pavcl_linux_i386.rpm > > > > > >The eval was: > > > > > >2352673 Mar 8 21:32 pavcl_linux_i386.rpm > > > > > >------------------------ MailScanner list ------------------------ > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >'leave mailscanner' in the body of the email. > > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > >Support MailScanner development - buy the book off the website! > > > > > >------------------------ MailScanner list ------------------------ > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >'leave mailscanner' in the body of the email. > > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Mon May 9 12:32:46 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:29:33 2006 Subject: MailScanner is not scanning for spam? Why? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi, Im sorry ive repeated this... but here it goes again.. ive checked the headers and i found this line Not scanned: please contact your Internet Administrator for details Where do should i look in my MailScanner config areas concerned? TIA Nats ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 9 12:38:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:33 2006 Subject: MailScanner is not scanning for spam? Why? Message-ID: Hi look in the maillog to see if there's anything there. If not edit the MailScanner.conf and make both Debug Options 'yes'. stop MailScanner run check_MailScanner this will produce a debug of what it's trying to do. If there's nothing obvious email the output to this list and we'll see if anyone of us can spot something. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 nats wrote: > hi, > > Im sorry ive repeated this... but here it goes again.. > > ive checked the headers and i found this line > > Not scanned: please contact your Internet Administrator for details > > Where do should i look in my MailScanner config areas concerned? > > > TIA > > Nats > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon May 9 12:36:00 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:33 2006 Subject: MailScanner is not scanning for spam? Why? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] first take a look to your logfiles and get your information from there supposable: /var/log/mail ? greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of nats > Sent: Monday, May 09, 2005 1:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner is not scanning for spam? Why? > > > hi, > > Im sorry ive repeated this... but here it goes again.. > > ive checked the headers and i found this line > > Not scanned: please contact your Internet Administrator for details > > Where do should i look in my MailScanner config areas concerned? > > > TIA > > Nats > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Mon May 9 14:05:28 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:33 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: Hello list I'm new to MailScanner. I have installed version 4.41.3 @ Solaris 9. Everything works except configuration parameter "Max Children": - when I define "Max Children = 1" there is one child started and the message gets delivered once --> OK - when I define e.g. "Max Children = 3" there are three children started *BUT* the same message gets delivered also N times (in this case N=3) ... --> NOK I don't know how the children of MailScanner manages the processing of the messages in the hold queue (I'm using postfix but this shouldn't matter). Do I have a MailScanner locking problem? Thanks for any help -- Beat Logfile: May 9 14:21:35 cicero2 MailScanner[11541]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 9 14:21:36 cicero2 MailScanner[11541]: Read 120 hostnames from the phishing whitelist May 9 14:21:36 cicero2 MailScanner[11541]: User's home directory /home/postfix does not exist May 9 14:21:36 cicero2 MailScanner[11541]: Using locktype = flock May 9 14:21:46 cicero2 MailScanner[11542]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 9 14:21:47 cicero2 MailScanner[11542]: Read 120 hostnames from the phishing whitelist May 9 14:21:47 cicero2 MailScanner[11542]: User's home directory /home/postfix does not exist May 9 14:21:47 cicero2 MailScanner[11542]: Using locktype = flock May 9 14:22:05 cicero2 MailScanner[11542]: New Batch: Scanning 1 messages, 784 bytes May 9 14:22:05 cicero2 MailScanner[11542]: Saved archive copies of 5404E76C0A.D0460 May 9 14:22:05 cicero2 MailScanner[11542]: Spam Checks: Starting May 9 14:22:05 cicero2 MailScanner[11542]: Virus and Content Scanning: Starting May 9 14:22:06 cicero2 MailScanner[11541]: New Batch: Scanning 1 messages, 784 bytes May 9 14:22:06 cicero2 MailScanner[11541]: Saved archive copies of 5404E76C0A.0DEC5 May 9 14:22:06 cicero2 MailScanner[11541]: Spam Checks: Starting May 9 14:22:06 cicero2 MailScanner[11541]: Virus and Content Scanning: Starting May 9 14:22:10 cicero2 MailScanner[11542]: Requeue: 5404E76C0A.D0460 to D092576C2C May 9 14:22:10 cicero2 MailScanner[11542]: Uninfected: Delivered 1 messages May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 mail.info] D092576C2C: from=, size=644, nrcpt=1 (queue active) May 9 14:22:10 cicero2 postfix/smtp[11557]: [ID 197553 mail.info] D092576C2C: to=, relay=ns.glue.ch[193.72.194.3], delay=9, status=sent (250 Ok: queued as 0F45857C87) May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 mail.info] A03EB76C2C: from=, size=644, nrcpt=1 (queue active) May 9 14:22:10 cicero2 MailScanner[11541]: Requeue: 5404E76C0A.0DEC5 to A03EB76C2C May 9 14:22:10 cicero2 MailScanner[11541]: Uninfected: Delivered 1 messages May 9 14:22:11 cicero2 postfix/smtp[11557]: [ID 197553 mail.info] A03EB76C2C: to=, relay=ns.glue.ch[193.72.194.3], delay=10, status=sent (250 Ok: queued as 88A3857C87) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 9 14:22:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:33 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: Beat sounds like the file locking is messed up. What MTA (and vesrion)are you running and what have you got in Mailfcanner.conf for "Lock Type ="? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Beat Jucker wrote: > Hello list > > I'm new to MailScanner. I have installed version 4.41.3 @ Solaris 9. > Everything works except configuration parameter "Max Children": > > - when I define "Max Children = 1" there is one child started and > the message gets delivered once > --> OK > > - when I define e.g. "Max Children = 3" there are three children started > *BUT* the same message gets delivered also N times (in this case N=3) ... > --> NOK > > I don't know how the children of MailScanner manages the processing of > the messages in the hold queue (I'm using postfix but this shouldn't matter). > Do I have a MailScanner locking problem? > > Thanks for any help > -- Beat > > Logfile: > > May 9 14:21:35 cicero2 MailScanner[11541]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... > May 9 14:21:36 cicero2 MailScanner[11541]: Read 120 hostnames from the phishing whitelist > May 9 14:21:36 cicero2 MailScanner[11541]: User's home directory /home/postfix does not exist > May 9 14:21:36 cicero2 MailScanner[11541]: Using locktype = flock > May 9 14:21:46 cicero2 MailScanner[11542]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... > May 9 14:21:47 cicero2 MailScanner[11542]: Read 120 hostnames from the phishing whitelist > May 9 14:21:47 cicero2 MailScanner[11542]: User's home directory /home/postfix does not exist > May 9 14:21:47 cicero2 MailScanner[11542]: Using locktype = flock > May 9 14:22:05 cicero2 MailScanner[11542]: New Batch: Scanning 1 messages, 784 bytes > May 9 14:22:05 cicero2 MailScanner[11542]: Saved archive copies of 5404E76C0A.D0460 > May 9 14:22:05 cicero2 MailScanner[11542]: Spam Checks: Starting > May 9 14:22:05 cicero2 MailScanner[11542]: Virus and Content Scanning: Starting > May 9 14:22:06 cicero2 MailScanner[11541]: New Batch: Scanning 1 messages, 784 bytes > May 9 14:22:06 cicero2 MailScanner[11541]: Saved archive copies of 5404E76C0A.0DEC5 > May 9 14:22:06 cicero2 MailScanner[11541]: Spam Checks: Starting > May 9 14:22:06 cicero2 MailScanner[11541]: Virus and Content Scanning: Starting > May 9 14:22:10 cicero2 MailScanner[11542]: Requeue: 5404E76C0A.D0460 to D092576C2C > May 9 14:22:10 cicero2 MailScanner[11542]: Uninfected: Delivered 1 messages > May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 mail.info] D092576C2C: from=, size=644, nrcpt=1 (queue active) > May 9 14:22:10 cicero2 postfix/smtp[11557]: [ID 197553 mail.info] D092576C2C: to=, relay=ns.glue.ch[193.72.194.3], delay=9, status=sent (250 Ok: queued as 0F45857C87) > May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 mail.info] A03EB76C2C: from=, size=644, nrcpt=1 (queue active) > May 9 14:22:10 cicero2 MailScanner[11541]: Requeue: 5404E76C0A.0DEC5 to A03EB76C2C > May 9 14:22:10 cicero2 MailScanner[11541]: Uninfected: Delivered 1 messages > May 9 14:22:11 cicero2 postfix/smtp[11557]: [ID 197553 mail.info] A03EB76C2C: to=, relay=ns.glue.ch[193.72.194.3], delay=10, status=sent (250 Ok: queued as 88A3857C87) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 9 14:57:22 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 6:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > > Sent: den 9 maj 2005 12:17 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Sv: Re: Panda not working > > > > > > I noticed that the Amavis-new "scanner" works with panda... > > In their conf they have: > > <--- > > ### http://www.pandasoftware.com/ > > ['Panda Antivirus for Linux', ['pavcl'], > > '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', > > qr/Number of files infected[ .]*: 0(?!\d)/, > > qr/Number of files infected[ .]*: 0*[1-9]/, > > qr/Found virus :\s*(\S+)/ ], > > ---> > > Does this help us? > > /Andreas > Nope. The thing is, they garble up the output (curses/TERM issues) and > well.. that gets kind of "dangerous" in batch mode... Who wan'ts an AV > that is "mostly right" or "sometimes wrong"? Not me. > If amavis spawns one pavcl/message, they might get it right most of the > time, but... Well, I'm no amavis guru:-). Chances are that they're > fooling themselves too:). > [...] This is not necessarily the case. If you do *not* use the -nor switch each time pavcl is run it produces a plain text version of it's console output in /var/log/panda named pavcl.rpt. Example: --------------------------------------------------- Date : 09/05/2005 Time : 07:39:41 File checked : /opt/bdc/eicar.rar[eicar.com] Found virus :EICAR-AV-TEST-FILE Panda Antivirus Linux, (c) Panda Software 2004 Time employed for scan .............: 00:00:00 Number of files scanned ............: 2 Number of files infected ...........: 1 Number of files disinfected ........: 0 Number of files renamed ............: 0 Number of files deleted ............: 0 Copyright Panda Software Shouldn't be particularly tough to parse. example using the wrapper script: pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> /dev/null #(although I don't generally trust heuristic) if [ -f /var/log/panda/pavcl.rpt ]; then cat /var/log/panda/pavcl.rpt else echo "pavcl.rpt file is missing" fi Of course it's an over simplified example but it appears to be consistently accurate. If you wanted to do away with the wrapper e altogether this could be processed through the Message.pm::SafePipe function. If Julian thinks there is enough call for the panda handling and doesn't have the time to mess with it I could probably do something with it this week. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 15:06:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Beat Jucker > Sent: den 9 maj 2005 15:05 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Max Children > 1: same message gets delivered more than once > > > Hello list > > I'm new to MailScanner. I have installed version 4.41.3 @ Solaris 9. > Everything works except configuration parameter "Max Children": > > - when I define "Max Children = 1" there is one child started and > the message gets delivered once > --> OK > > - when I define e.g. "Max Children = 3" there are three > children started > *BUT* the same message gets delivered also N times (in > this case N=3) ... > --> NOK > > I don't know how the children of MailScanner manages the processing of > the messages in the hold queue (I'm using postfix but this > shouldn't matter). > Do I have a MailScanner locking problem? > > Thanks for any help > -- Beat > > Logfile: > > May 9 14:21:35 cicero2 MailScanner[11541]: MailScanner > E-Mail Virus Scanner version 4.41.3 starting... > May 9 14:21:36 cicero2 MailScanner[11541]: Read 120 > hostnames from the phishing whitelist > May 9 14:21:36 cicero2 MailScanner[11541]: User's home > directory /home/postfix does not exist > May 9 14:21:36 cicero2 MailScanner[11541]: Using locktype = flock > May 9 14:21:46 cicero2 MailScanner[11542]: MailScanner > E-Mail Virus Scanner version 4.41.3 starting... > May 9 14:21:47 cicero2 MailScanner[11542]: Read 120 > hostnames from the phishing whitelist > May 9 14:21:47 cicero2 MailScanner[11542]: User's home > directory /home/postfix does not exist This looks fishy. Perhaps worth fixing?-) > May 9 14:21:47 cicero2 MailScanner[11542]: Using locktype = flock > May 9 14:22:05 cicero2 MailScanner[11542]: New Batch: > Scanning 1 messages, 784 bytes > May 9 14:22:05 cicero2 MailScanner[11542]: Saved archive > copies of 5404E76C0A.D0460 > May 9 14:22:05 cicero2 MailScanner[11542]: Spam Checks: Starting > May 9 14:22:05 cicero2 MailScanner[11542]: Virus and Content > Scanning: Starting > May 9 14:22:06 cicero2 MailScanner[11541]: New Batch: > Scanning 1 messages, 784 bytes > May 9 14:22:06 cicero2 MailScanner[11541]: Saved archive > copies of 5404E76C0A.0DEC5 Definitely getting hold of the same message twice... Are you using the (recommended) hold feature/1-postfix-setup, or the (old) defer/2-postfix-setup? -- Glenn > May 9 14:22:06 cicero2 MailScanner[11541]: Spam Checks: Starting > May 9 14:22:06 cicero2 MailScanner[11541]: Virus and Content > Scanning: Starting > May 9 14:22:10 cicero2 MailScanner[11542]: Requeue: > 5404E76C0A.D0460 to D092576C2C > May 9 14:22:10 cicero2 MailScanner[11542]: Uninfected: > Delivered 1 messages > May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 > mail.info] D092576C2C: from=, size=644, nrcpt=1 > (queue active) > May 9 14:22:10 cicero2 postfix/smtp[11557]: [ID 197553 > mail.info] D092576C2C: to=, > relay=ns.glue.ch[193.72.194.3], delay=9, status=sent (250 Ok: > queued as 0F45857C87) > May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 > mail.info] A03EB76C2C: from=, size=644, nrcpt=1 > (queue active) > May 9 14:22:10 cicero2 MailScanner[11541]: Requeue: > 5404E76C0A.0DEC5 to A03EB76C2C > May 9 14:22:10 cicero2 MailScanner[11541]: Uninfected: > Delivered 1 messages > May 9 14:22:11 cicero2 postfix/smtp[11557]: [ID 197553 > mail.info] A03EB76C2C: to=, > relay=ns.glue.ch[193.72.194.3], delay=10, status=sent (250 > Ok: queued as 88A3857C87) > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 15:22:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 9 maj 2005 15:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Steen, Glenn > > Sent: Monday, May 09, 2005 6:01 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > > > Sent: den 9 maj 2005 12:17 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Sv: Re: Panda not working > > > > > > > > > I noticed that the Amavis-new "scanner" works with panda... > > > In their conf they have: > > > <--- > > > ### http://www.pandasoftware.com/ > > > ['Panda Antivirus for Linux', ['pavcl'], > > > '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', > > > qr/Number of files infected[ .]*: 0(?!\d)/, > > > qr/Number of files infected[ .]*: 0*[1-9]/, > > > qr/Found virus :\s*(\S+)/ ], > > > ---> > > > Does this help us? > > > /Andreas > > Nope. The thing is, they garble up the output (curses/TERM > issues) and > > well.. that gets kind of "dangerous" in batch mode... Who > wan'ts an AV > > that is "mostly right" or "sometimes wrong"? Not me. > > If amavis spawns one pavcl/message, they might get it right > most of the > > time, but... Well, I'm no amavis guru:-). Chances are that they're > > fooling themselves too:). > > > [...] > > This is not necessarily the case. If you do *not* use the > -nor switch each > time pavcl is run it produces a plain text version of it's > console output in > /var/log/panda named pavcl.rpt. Example: > > --------------------------------------------------- > Date : 09/05/2005 > Time : 07:39:41 > File checked : /opt/bdc/eicar.rar[eicar.com] > > Found virus :EICAR-AV-TEST-FILE > > > > Panda Antivirus Linux, (c) Panda Software 2004 > > Time employed for scan .............: 00:00:00 > Number of files scanned ............: 2 > Number of files infected ...........: 1 > Number of files disinfected ........: 0 > Number of files renamed ............: 0 > Number of files deleted ............: 0 > > Copyright Panda Software > > Shouldn't be particularly tough to parse. example using the > wrapper script: > > pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> > /dev/null #(although I > don't generally trust heuristic) > if [ -f /var/log/panda/pavcl.rpt ]; then > cat /var/log/panda/pavcl.rpt > else > echo "pavcl.rpt file is missing" > fi > > Of course it's an over simplified example but it appears to > be consistently > accurate. If you wanted to do away with the wrapper e > altogether this could > be processed through the Message.pm::SafePipe function. Uhum, and this works well with say 5 children on a busy server? > If Julian thinks there is enough call for the panda handling > and doesn't > have the time to mess with it I could probably do something > with it this > week. Be my guest (I'm certainly thoroughly fed up with panda... Do surprise me and think up a brilliant scheme for it:) And yes, I thought of using that "feature" too, but discarded it as being unworkable MS (please prove me wrong;). One could also use the panda.log file, but that would probably become old in a hurry. -- Glenn > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Mon May 9 15:24:16 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:29:33 2006 Subject: Sv: Re: Panda not working Message-ID: This sounds ok to me. I'm glad if we get it working. /Andreas >>> rcooper@DWFORD.COM 2005-05-09 15:57:22 >>> This is not necessarily the case. If you do *not* use the -nor switch each time pavcl is run it produces a plain text version of it's console output in /var/log/panda named pavcl.rpt. Example: --------------------------------------------------- Date : 09/05/2005 Time : 07:39:41 File checked : /opt/bdc/eicar.rar[eicar.com] Found virus :EICAR-AV-TEST-FILE Panda Antivirus Linux, (c) Panda Software 2004 Time employed for scan .............: 00:00:00 Number of files scanned ............: 2 Number of files infected ...........: 1 Number of files disinfected ........: 0 Number of files renamed ............: 0 Number of files deleted ............: 0 Copyright Panda Software Shouldn't be particularly tough to parse. example using the wrapper script: pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> /dev/null #(although I don't generally trust heuristic) if [ -f /var/log/panda/pavcl.rpt ]; then cat /var/log/panda/pavcl.rpt else echo "pavcl.rpt file is missing" fi Of course it's an over simplified example but it appears to be consistently accurate. If you wanted to do away with the wrapper e altogether this could be processed through the Message.pm::SafePipe function. If Julian thinks there is enough call for the panda handling and doesn't have the time to mess with it I could probably do something with it this week. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 15:32:14 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 9 maj 2005 16:22 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > > Sent: den 9 maj 2005 15:57 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Steen, Glenn > > > Sent: Monday, May 09, 2005 6:01 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of > Andreas Svensson > > > > Sent: den 9 maj 2005 12:17 > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Sv: Re: Panda not working > > > > > > > > > > > > I noticed that the Amavis-new "scanner" works with panda... > > > > In their conf they have: > > > > <--- > > > > ### http://www.pandasoftware.com/ > > > > ['Panda Antivirus for Linux', ['pavcl'], > > > > '-aut -aex -heu -cmp -nbr -nor -nso -eng {}', > > > > qr/Number of files infected[ .]*: 0(?!\d)/, > > > > qr/Number of files infected[ .]*: 0*[1-9]/, > > > > qr/Found virus :\s*(\S+)/ ], > > > > ---> > > > > Does this help us? > > > > /Andreas > > > Nope. The thing is, they garble up the output (curses/TERM > > issues) and > > > well.. that gets kind of "dangerous" in batch mode... Who > > wan'ts an AV > > > that is "mostly right" or "sometimes wrong"? Not me. > > > If amavis spawns one pavcl/message, they might get it right > > most of the > > > time, but... Well, I'm no amavis guru:-). Chances are that they're > > > fooling themselves too:). > > > > > [...] > > > > This is not necessarily the case. If you do *not* use the > > -nor switch each > > time pavcl is run it produces a plain text version of it's > > console output in > > /var/log/panda named pavcl.rpt. Example: > > > > --------------------------------------------------- > > Date : 09/05/2005 > > Time : 07:39:41 > > File checked : /opt/bdc/eicar.rar[eicar.com] > > > > Found virus :EICAR-AV-TEST-FILE > > > > > > > > Panda Antivirus Linux, (c) Panda Software 2004 > > > > Time employed for scan .............: 00:00:00 > > Number of files scanned ............: 2 > > Number of files infected ...........: 1 > > Number of files disinfected ........: 0 > > Number of files renamed ............: 0 > > Number of files deleted ............: 0 > > > > Copyright Panda Software > > > > Shouldn't be particularly tough to parse. example using the > > wrapper script: > > > > pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> > > /dev/null #(although I > > don't generally trust heuristic) > > if [ -f /var/log/panda/pavcl.rpt ]; then > > cat /var/log/panda/pavcl.rpt > > else > > echo "pavcl.rpt file is missing" > > fi > > > > Of course it's an over simplified example but it appears to > > be consistently > > accurate. If you wanted to do away with the wrapper e > > altogether this could > > be processed through the Message.pm::SafePipe function. > Uhum, and this works well with say 5 children on a busy server? > > > If Julian thinks there is enough call for the panda handling > > and doesn't > > have the time to mess with it I could probably do something > > with it this > > week. > Be my guest (I'm certainly thoroughly fed up with panda... Do > surprise me and think up a brilliant scheme for it:) > And yes, I thought of using that "feature" too, but discarded it > as being unworkable MS (please prove me wrong;). > One could also use the panda.log file, but that would probably > become old in a hurry. ... And that they can produce the /&%&(&%/& rpt file, but not sane output on stdout was (for me) kind of the last straw... I tried getting in touch with them, but so far... nothing (aparantly Julian has had more success, since he's had "a conversation"... Mine has been far to one-sided to be termed a conversation:-). > -- Glenn > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 9 15:56:09 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 9:22 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > [...] > > Of course it's an over simplified example but it appears to > > be consistently > > accurate. If you wanted to do away with the wrapper e > > altogether this could > > be processed through the Message.pm::SafePipe function. > Uhum, and this works well with say 5 children on a busy server? well, uh.. yes. The basic concept is already in use in other wrappers and SafePipe is currently used for handling the UnRar tasks which would be more intensive, in general, than the virus scanning it's self, I would think. > > > If Julian thinks there is enough call for the panda handling > > and doesn't > > have the time to mess with it I could probably do something > > with it this > > week. > Be my guest (I'm certainly thoroughly fed up with panda... Do > surprise me and think up a brilliant scheme for it:) > And yes, I thought of using that "feature" too, but discarded it > as being unworkable MS (please prove me wrong;). > One could also use the panda.log file, but that would probably > become old in a hurry. It wouldn't require anything "brilliant" just deciding the best way to do it. The question, to me, is simply what does the user base want. Then can it be done with reliability, then what is the best way to do it. Getting angry at a company because they don't feel compelled to do things your way is generally a waste of time. Been there with the rar author(s), and I am a licensed user of thier product. If you download the free Linux version the page clearly states unsupported so if it's a worthwhile endeavor, let's see if it can be reasonably handled without their help. If there isn't a real need for it then let's just move on. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Mon May 9 16:11:25 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:33 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: On Mon, May 09, 2005 at 04:06:43PM +0200, Steen, Glenn wrote: > > May 9 14:21:47 cicero2 MailScanner[11542]: User's home directory /home/postfix does not exist > This looks fishy. Perhaps worth fixing?-) Postfix entry in /etc/shadow is locked. Postfix entry in /etc/passwd should only get used for UID/GID. To be shure that this isn't a problem I have created /home/postfix. > Definitely getting hold of the same message twice... Are you using > the (recommended) hold feature/1-postfix-setup, or the (old) > defer/2-postfix-setup? I think I have used the recommended setup (I have used the From attribute because of logged details in mail logfile): in header_checks: /^From:/ HOLD MailScanner in master.cf: pickup fifo n - n 5 1 pickup -o receive_override_options=no_header_body_checks On Mon, May 09, 2005 at 02:22:46PM +0100, Martin Hepworth wrote: > sounds like the file locking is messed up. What MTA (and vesrion)are you > running and what have you got in Mailfcanner.conf for "Lock Type ="? MTA: Postfix mail_version = 2.0.16-20030921 @ Solaris 9 As far as I understand my problem has nothing to do with Postfix because Postfix puts message into hold queue. From there MailScanner is fighting about (picks up) the message for spam/virus scanning. However all the MailScanner children fetches the message. Sounds like a lock problem but I don't know how MailScanner handles this concurrency (flock ... ?). >May 9 14:21:36 cicero2 MailScanner[11541]: Using locktype = flock in MailScanner.conf: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = I tried also: "Lock Type = posix" but the same behaviour: message gets delivered N times May 9 16:07:19 cicero2 MailScanner[11973]: Using locktype = posix May 9 16:07:19 cicero2 MailScanner[11973]: Creating hardcoded struct_flock subroutine for solaris (misc-type) ... May 9 16:07:30 cicero2 MailScanner[11974]: Using locktype = posix May 9 16:07:30 cicero2 MailScanner[11974]: Creating hardcoded struct_flock subroutine for solaris (misc-type) ... May 9 16:08:06 cicero2 MailScanner[11974]: Saved archive copies of DDA4F76C0A.DC5F9 ... May 9 16:08:07 cicero2 MailScanner[11973]: Saved archive copies of DDA4F76C0A.36885 Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 16:25:48 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 9 maj 2005 16:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Steen, Glenn > > Sent: Monday, May 09, 2005 9:22 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > [...] > > > Of course it's an over simplified example but it appears to > > > be consistently > > > accurate. If you wanted to do away with the wrapper e > > > altogether this could > > > be processed through the Message.pm::SafePipe function. > > Uhum, and this works well with say 5 children on a busy server? > > well, uh.. yes. The basic concept is already in use in other > wrappers and > SafePipe is currently used for handling the UnRar tasks which > would be more > intensive, in general, than the virus scanning it's self, I > would think. I'm obviously missing something here... So SafePipe would solve several simultaneous pavcl invocations writing to the one and only /var/log/panda/pavcl.rpt? If so, then... let's go for it! > > > > > If Julian thinks there is enough call for the panda handling > > > and doesn't > > > have the time to mess with it I could probably do something > > > with it this > > > week. > > Be my guest (I'm certainly thoroughly fed up with panda... Do > > surprise me and think up a brilliant scheme for it:) > > And yes, I thought of using that "feature" too, but discarded it > > as being unworkable MS (please prove me wrong;). > > One could also use the panda.log file, but that would probably > > become old in a hurry. > > It wouldn't require anything "brilliant" just deciding the > best way to do > it. The question, to me, is simply what does the user base > want. Then can it > be done with reliability, then what is the best way to do it. > Getting angry > at a company because they don't feel compelled to do things > your way is > generally a waste of time. Been there with the rar author(s), > and I am a > licensed user of thier product. If you download the free > Linux version the > page clearly states unsupported so if it's a worthwhile > endeavor, let's see > if it can be reasonably handled without their help. If there > isn't a real > need for it then let's just move on. Oh yes, no argument from me there. -- Glenn > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Mon May 9 16:48:29 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:33 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > service MailScanner stop > (That will stop MailScanner and both the incoming and outgoing sendmails) > service MailScanner startout > (That will start the outgoing sendmail only) > check_MailScanner > (That will start MailScanner on its own) > > Then it will munch its way through the mqueue.in and deliver it all, > once filtered. Once the mqueue.in is empty and everything in mqueue has > been delivered, you can > service MailScanner stop > to shut it all down. > > Don't forget to > chkconfig MailScanner off > to ensure it won't start back up when the system is rebooted. > Thanks Julian, this is working but I do have one question... Is there anyway to speed up the MailScanner process when it processes the mail in /var/log/mqueue.in? Right now I've got a little over 1500 emails in /var/log/mqueue.in and MailScanner is processing the email but it is taking too long to get thru all of them. I've got a little over an hour back up of email right now. Please let me know if there is anything I can do to speed up the process. > Derek Catanzaro wrote: > >> >> FC2 >> mailscanner-4.40.11-1 >> spamassassin-3.0.2-1 >> >> Is it possible to have the emails in /var/spool/mqueue.in processed by >> MS without having the actual MS service running? >> >> I have quite a few emails in /var/spool/mqueue.in (I believe it's due to >> DNS issues) and I do not want any more email delivered to the server, >> however, I would like to have the current emails in /var/spool/mqueue.in >> processed by MS so it will run the SPAM checks and move them to >> /var/spool/mqueue and then I will force sendmail to route the emails. I >> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >> /var/spool/mqueue" because it was never processed by MS and my users >> will get a ton of SPAM and I am trying to prevent that. >> >> Thanks for your assistance. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Mon May 9 16:50:15 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:33 2006 Subject: Sober Message-ID: I upgraded my ClamAV to 0.84, but for some reason the Sober emails are still getting through. MailScanner's header info shows the email as being clean, yet Avast finds it as soon as it hits a local system. Any idea why it would not be caught? It was my understanding that ClamAV 0.84 was needed, but shouldn't have any trouble finding it. Thanks, Jim Coates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 9 16:52:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:33 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: Derek depends on what checks you have running, esp any big SA rules... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Derek Catanzaro wrote: > Julian Field wrote: > >> service MailScanner stop >> (That will stop MailScanner and both the incoming and outgoing sendmails) >> service MailScanner startout >> (That will start the outgoing sendmail only) >> check_MailScanner >> (That will start MailScanner on its own) >> >> Then it will munch its way through the mqueue.in and deliver it all, >> once filtered. Once the mqueue.in is empty and everything in mqueue has >> been delivered, you can >> service MailScanner stop >> to shut it all down. >> >> Don't forget to >> chkconfig MailScanner off >> to ensure it won't start back up when the system is rebooted. >> > Thanks Julian, this is working but I do have one question... Is there > anyway to speed up the MailScanner process when it processes the mail in > /var/log/mqueue.in? Right now I've got a little over 1500 emails in > /var/log/mqueue.in and MailScanner is processing the email but it is > taking too long to get thru all of them. I've got a little over an hour > back up of email right now. Please let me know if there is anything I > can do to speed up the process. > > >> Derek Catanzaro wrote: >> >>> >>> FC2 >>> mailscanner-4.40.11-1 >>> spamassassin-3.0.2-1 >>> >>> Is it possible to have the emails in /var/spool/mqueue.in processed by >>> MS without having the actual MS service running? >>> >>> I have quite a few emails in /var/spool/mqueue.in (I believe it's due to >>> DNS issues) and I do not want any more email delivered to the server, >>> however, I would like to have the current emails in /var/spool/mqueue.in >>> processed by MS so it will run the SPAM checks and move them to >>> /var/spool/mqueue and then I will force sendmail to route the emails. I >>> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >>> /var/spool/mqueue" because it was never processed by MS and my users >>> will get a ton of SPAM and I am trying to prevent that. >>> >>> Thanks for your assistance. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 9 17:00:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:33 2006 Subject: Sober Message-ID: Jim known issue with 0.84 (well it's know outside the clamav community;-) make sure you have an uptodate libclamav.* and make sure the DatabaseDirectory setting is consistant in clamav.conf, clamd.conf and freshclam.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > I upgraded my ClamAV to 0.84, but for some reason the Sober emails are still > getting through. > > MailScanner's header info shows the email as being clean, yet Avast finds it > as soon as it hits a local system. > > Any idea why it would not be caught? It was my understanding that ClamAV > 0.84 was needed, but shouldn't have any trouble finding it. > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Mon May 9 17:05:14 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:33 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I haven't added any rules to SA yet, just running with the defaults that came with SA. Martin Hepworth wrote: > Derek > > depends on what checks you have running, esp any big SA rules... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > >> Julian Field wrote: >> >>> service MailScanner stop >>> (That will stop MailScanner and both the incoming and outgoing >>> sendmails) >>> service MailScanner startout >>> (That will start the outgoing sendmail only) >>> check_MailScanner >>> (That will start MailScanner on its own) >>> >>> Then it will munch its way through the mqueue.in and deliver it all, >>> once filtered. Once the mqueue.in is empty and everything in mqueue has >>> been delivered, you can >>> service MailScanner stop >>> to shut it all down. >>> >>> Don't forget to >>> chkconfig MailScanner off >>> to ensure it won't start back up when the system is rebooted. >>> >> Thanks Julian, this is working but I do have one question... Is there >> anyway to speed up the MailScanner process when it processes the mail in >> /var/log/mqueue.in? Right now I've got a little over 1500 emails in >> /var/log/mqueue.in and MailScanner is processing the email but it is >> taking too long to get thru all of them. I've got a little over an hour >> back up of email right now. Please let me know if there is anything I >> can do to speed up the process. >> >> >>> Derek Catanzaro wrote: >>> >>>> >>>> FC2 >>>> mailscanner-4.40.11-1 >>>> spamassassin-3.0.2-1 >>>> >>>> Is it possible to have the emails in /var/spool/mqueue.in processed by >>>> MS without having the actual MS service running? >>>> >>>> I have quite a few emails in /var/spool/mqueue.in (I believe it's >>>> due to >>>> DNS issues) and I do not want any more email delivered to the server, >>>> however, I would like to have the current emails in >>>> /var/spool/mqueue.in >>>> processed by MS so it will run the SPAM checks and move them to >>>> /var/spool/mqueue and then I will force sendmail to route the >>>> emails. I >>>> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >>>> /var/spool/mqueue" because it was never processed by MS and my users >>>> will get a ton of SPAM and I am trying to prevent that. >>>> >>>> Thanks for your assistance. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Mon May 9 17:20:04 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:33 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, it seems to have caught back up. Initially it seemed like it was processing very slowly but it looks OK now. If I didn't have a seconday MX server I would be in much worse shape. I am looking into running a local caching name server which I hope will speed things up for my environment (fingers crossed). Thanks for your suggestions. Derek Derek Catanzaro wrote: > I haven't added any rules to SA yet, just running with the defaults that > came with SA. > > Martin Hepworth wrote: > >> Derek >> >> depends on what checks you have running, esp any big SA rules... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >>> Julian Field wrote: >>> >>>> service MailScanner stop >>>> (That will stop MailScanner and both the incoming and outgoing >>>> sendmails) >>>> service MailScanner startout >>>> (That will start the outgoing sendmail only) >>>> check_MailScanner >>>> (That will start MailScanner on its own) >>>> >>>> Then it will munch its way through the mqueue.in and deliver it all, >>>> once filtered. Once the mqueue.in is empty and everything in mqueue >>>> has >>>> been delivered, you can >>>> service MailScanner stop >>>> to shut it all down. >>>> >>>> Don't forget to >>>> chkconfig MailScanner off >>>> to ensure it won't start back up when the system is rebooted. >>>> >>> Thanks Julian, this is working but I do have one question... Is there >>> anyway to speed up the MailScanner process when it processes the >>> mail in >>> /var/log/mqueue.in? Right now I've got a little over 1500 emails in >>> /var/log/mqueue.in and MailScanner is processing the email but it is >>> taking too long to get thru all of them. I've got a little over an >>> hour >>> back up of email right now. Please let me know if there is anything I >>> can do to speed up the process. >>> >>> >>>> Derek Catanzaro wrote: >>>> >>>>> >>>>> FC2 >>>>> mailscanner-4.40.11-1 >>>>> spamassassin-3.0.2-1 >>>>> >>>>> Is it possible to have the emails in /var/spool/mqueue.in >>>>> processed by >>>>> MS without having the actual MS service running? >>>>> >>>>> I have quite a few emails in /var/spool/mqueue.in (I believe it's >>>>> due to >>>>> DNS issues) and I do not want any more email delivered to the server, >>>>> however, I would like to have the current emails in >>>>> /var/spool/mqueue.in >>>>> processed by MS so it will run the SPAM checks and move them to >>>>> /var/spool/mqueue and then I will force sendmail to route the >>>>> emails. I >>>>> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >>>>> /var/spool/mqueue" because it was never processed by MS and my users >>>>> will get a ton of SPAM and I am trying to prevent that. >>>>> >>>>> Thanks for your assistance. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 9 18:40:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a look at the "Max Normal Queue Size" setting, you might want to reduce it a bit. Derek Catanzaro wrote: > Well, it seems to have caught back up. Initially it seemed like it was > processing very slowly but it looks OK now. If I didn't have a seconday > MX server I would be in much worse shape. I am looking into running a > local caching name server which I hope will speed things up for my > environment (fingers crossed). Thanks for your suggestions. > > Derek > > Derek Catanzaro wrote: > >> I haven't added any rules to SA yet, just running with the defaults that >> came with SA. >> >> Martin Hepworth wrote: >> >>> Derek >>> >>> depends on what checks you have running, esp any big SA rules... >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>>> Julian Field wrote: >>>> >>>>> service MailScanner stop >>>>> (That will stop MailScanner and both the incoming and outgoing >>>>> sendmails) >>>>> service MailScanner startout >>>>> (That will start the outgoing sendmail only) >>>>> check_MailScanner >>>>> (That will start MailScanner on its own) >>>>> >>>>> Then it will munch its way through the mqueue.in and deliver it all, >>>>> once filtered. Once the mqueue.in is empty and everything in mqueue >>>>> has >>>>> been delivered, you can >>>>> service MailScanner stop >>>>> to shut it all down. >>>>> >>>>> Don't forget to >>>>> chkconfig MailScanner off >>>>> to ensure it won't start back up when the system is rebooted. >>>>> >>>> Thanks Julian, this is working but I do have one question... Is there >>>> anyway to speed up the MailScanner process when it processes the >>>> mail in >>>> /var/log/mqueue.in? Right now I've got a little over 1500 emails in >>>> /var/log/mqueue.in and MailScanner is processing the email but it is >>>> taking too long to get thru all of them. I've got a little over an >>>> hour >>>> back up of email right now. Please let me know if there is anything I >>>> can do to speed up the process. >>>> >>>> >>>>> Derek Catanzaro wrote: >>>>> >>>>>> >>>>>> FC2 >>>>>> mailscanner-4.40.11-1 >>>>>> spamassassin-3.0.2-1 >>>>>> >>>>>> Is it possible to have the emails in /var/spool/mqueue.in >>>>>> processed by >>>>>> MS without having the actual MS service running? >>>>>> >>>>>> I have quite a few emails in /var/spool/mqueue.in (I believe it's >>>>>> due to >>>>>> DNS issues) and I do not want any more email delivered to the >>>>>> server, >>>>>> however, I would like to have the current emails in >>>>>> /var/spool/mqueue.in >>>>>> processed by MS so it will run the SPAM checks and move them to >>>>>> /var/spool/mqueue and then I will force sendmail to route the >>>>>> emails. I >>>>>> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >>>>>> /var/spool/mqueue" because it was never processed by MS and my users >>>>>> will get a ton of SPAM and I am trying to prevent that. >>>>>> >>>>>> Thanks for your assistance. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 9 19:01:14 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:33 2006 Subject: SV: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, well.... There is where you (unfortunately) may start to stumble... See, the original wrapper does a pretty decent job of sanitizing the output, but... It assumes that the output is as seen on an xterm/vt-whatever when executing "inside MS". This isn't the case. So then the original author "falls back" on invoking pavcl once/file... and still it'll mess up from time to time. Set your TERM to "dumb" (or unset it), then call it as is done in MS on a directory that may contain several subdirectories (both clean and unclean files) and you'll likely see the same mess I found... Of course, I'd be rather happy if it did work for you, since that would point at some peculiarity in my system, but.... I won't hold my breath:-). I'll be glad to share my "improved" wrapper scripts if you'd like to have a go with them, but... I'd recommend against wasting to much (more) time on it. Drop a line and I'll forward them tomorrow (horrible hacks that they are:-). Best would be for them to produce sane output. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Rick Cooper Skickat: må 2005-05-09 19:42 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Panda not working > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > > Sent: den 9 maj 2005 16:56 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Steen, Glenn > > > Sent: Monday, May 09, 2005 9:22 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > [...] > > > > Of course it's an over simplified example but it appears to > > > > be consistently > > > > accurate. If you wanted to do away with the wrapper e > > > > altogether this could > > > > be processed through the Message.pm::SafePipe function. > > > Uhum, and this works well with say 5 children on a busy server? > > > > well, uh.. yes. The basic concept is already in use in other > > wrappers and > > SafePipe is currently used for handling the UnRar tasks which > > would be more > > intensive, in general, than the virus scanning it's self, I > > would think. > I'm obviously missing something here... So SafePipe would solve > several simultaneous pavcl invocations writing to the one and > only /var/log/panda/pavcl.rpt? If so, then... let's go for it! Oh no, I misuderstood you. You would need to do use a lock/retry mechanisim to keep multiple children from attempting to access the file at the same time, but I was just looking at the actual output of the virus scanner I wouldn't think cleaning and parsing the actual output would be difficult do handle anyway, it's mostly ANSI escape sqequences. So I guess I am wondering what the actual problem is? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 9 18:43:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This should all work okay if you just leave the Lock Type set to nothing. That's what everyone else does for Postfix. What version of Solaris are you running? Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Beat Jucker >>Sent: den 9 maj 2005 15:05 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Max Children > 1: same message gets delivered more than once >> >> >>Hello list >> >>I'm new to MailScanner. I have installed version 4.41.3 @ Solaris 9. >>Everything works except configuration parameter "Max Children": >> >> - when I define "Max Children = 1" there is one child started and >> the message gets delivered once >> --> OK >> >> - when I define e.g. "Max Children = 3" there are three >>children started >> *BUT* the same message gets delivered also N times (in >>this case N=3) ... >> --> NOK >> >>I don't know how the children of MailScanner manages the processing of >>the messages in the hold queue (I'm using postfix but this >>shouldn't matter). >>Do I have a MailScanner locking problem? >> >>Thanks for any help >>-- Beat >> >>Logfile: >> >>May 9 14:21:35 cicero2 MailScanner[11541]: MailScanner >>E-Mail Virus Scanner version 4.41.3 starting... >>May 9 14:21:36 cicero2 MailScanner[11541]: Read 120 >>hostnames from the phishing whitelist >>May 9 14:21:36 cicero2 MailScanner[11541]: User's home >>directory /home/postfix does not exist >>May 9 14:21:36 cicero2 MailScanner[11541]: Using locktype = flock >>May 9 14:21:46 cicero2 MailScanner[11542]: MailScanner >>E-Mail Virus Scanner version 4.41.3 starting... >>May 9 14:21:47 cicero2 MailScanner[11542]: Read 120 >>hostnames from the phishing whitelist >>May 9 14:21:47 cicero2 MailScanner[11542]: User's home >>directory /home/postfix does not exist >> >> >This looks fishy. Perhaps worth fixing?-) > > > > >>May 9 14:21:47 cicero2 MailScanner[11542]: Using locktype = flock >>May 9 14:22:05 cicero2 MailScanner[11542]: New Batch: >>Scanning 1 messages, 784 bytes >>May 9 14:22:05 cicero2 MailScanner[11542]: Saved archive >>copies of 5404E76C0A.D0460 >>May 9 14:22:05 cicero2 MailScanner[11542]: Spam Checks: Starting >>May 9 14:22:05 cicero2 MailScanner[11542]: Virus and Content >>Scanning: Starting >>May 9 14:22:06 cicero2 MailScanner[11541]: New Batch: >>Scanning 1 messages, 784 bytes >>May 9 14:22:06 cicero2 MailScanner[11541]: Saved archive >>copies of 5404E76C0A.0DEC5 >> >> >Definitely getting hold of the same message twice... Are you using >the (recommended) hold feature/1-postfix-setup, or the (old) >defer/2-postfix-setup? > >-- Glenn > > > >>May 9 14:22:06 cicero2 MailScanner[11541]: Spam Checks: Starting >>May 9 14:22:06 cicero2 MailScanner[11541]: Virus and Content >>Scanning: Starting >>May 9 14:22:10 cicero2 MailScanner[11542]: Requeue: >>5404E76C0A.D0460 to D092576C2C >>May 9 14:22:10 cicero2 MailScanner[11542]: Uninfected: >>Delivered 1 messages >>May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 >>mail.info] D092576C2C: from=, size=644, nrcpt=1 >>(queue active) >>May 9 14:22:10 cicero2 postfix/smtp[11557]: [ID 197553 >>mail.info] D092576C2C: to=, >>relay=ns.glue.ch[193.72.194.3], delay=9, status=sent (250 Ok: >>queued as 0F45857C87) >>May 9 14:22:10 cicero2 postfix/qmgr[10793]: [ID 197553 >>mail.info] A03EB76C2C: from=, size=644, nrcpt=1 >>(queue active) >>May 9 14:22:10 cicero2 MailScanner[11541]: Requeue: >>5404E76C0A.0DEC5 to A03EB76C2C >>May 9 14:22:10 cicero2 MailScanner[11541]: Uninfected: >>Delivered 1 messages >>May 9 14:22:11 cicero2 postfix/smtp[11557]: [ID 197553 >>mail.info] A03EB76C2C: to=, >>relay=ns.glue.ch[193.72.194.3], delay=10, status=sent (250 >>Ok: queued as 88A3857C87) >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 9 18:42:55 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > > Sent: den 9 maj 2005 16:56 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Steen, Glenn > > > Sent: Monday, May 09, 2005 9:22 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > [...] > > > > Of course it's an over simplified example but it appears to > > > > be consistently > > > > accurate. If you wanted to do away with the wrapper e > > > > altogether this could > > > > be processed through the Message.pm::SafePipe function. > > > Uhum, and this works well with say 5 children on a busy server? > > > > well, uh.. yes. The basic concept is already in use in other > > wrappers and > > SafePipe is currently used for handling the UnRar tasks which > > would be more > > intensive, in general, than the virus scanning it's self, I > > would think. > I'm obviously missing something here... So SafePipe would solve > several simultaneous pavcl invocations writing to the one and > only /var/log/panda/pavcl.rpt? If so, then... let's go for it! Oh no, I misuderstood you. You would need to do use a lock/retry mechanisim to keep multiple children from attempting to access the file at the same time, but I was just looking at the actual output of the virus scanner I wouldn't think cleaning and parsing the actual output would be difficult do handle anyway, it's mostly ANSI escape sqequences. So I guess I am wondering what the actual problem is? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 9 20:12:16 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 1:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: Panda not working > > > Yes, well.... There is where you (unfortunately) may start to stumble... > See, the original wrapper does a pretty decent job of sanitizing > the output, but... It assumes that the output is as seen on an > xterm/vt-whatever when executing "inside MS". This isn't the case. > So then the original author "falls back" on invoking pavcl > once/file... and still it'll mess up from time to time. Set your > TERM to "dumb" (or unset it), then call it as is done in MS on a > directory that may contain several subdirectories (both clean and > unclean files) and you'll likely see the same mess I found... Of > course, I'd be rather happy if it did work for you, since that > would point at some peculiarity in my system, but.... I won't > hold my breath:-). This may be true, haven't tested that. But haven't experienced an issue with it either, then again I have only been testing for a couple hours. If that is a problem I would think changing my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; to my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 > /tmp/FileNameBasedOnPid "; and parsing the /tmp file rather than the pipe it's self should solve that. Wouldn't allow the terminal to alter the output. As far as multiple, nested directories. Julian may have to correct me, but there shouldn't be any nested directories. All the files should be extracted into a single directory with the SafeName function handling duplicate as well as possibly dangerous file names so the -cmp switch shouldn't really be used at all (unless I am mistaken). IIRC the unpacking is done in this manner to remove the chance of archived directory structures spilling out where they don't belong. > > I'll be glad to share my "improved" wrapper scripts if you'd like > to have a go with them, but... I'd recommend against wasting to > much (more) time on it. Drop a line and I'll forward them > tomorrow (horrible hacks that they are:-). > > Best would be for them to produce sane output. using ANSI for output is ignorant at best... like trying to step back to the DOS days and having a cool/pretty display. But I ran the standard wrapper and found it didn't recognize viruses because of a rather simple thing to fix. It would appear that panda swapped the words around on their "Virus found" string and removed a space between the ":" and virus name string. The patch below (for panda-wrapper) appears to take care of the problem related to not finding the virus as it will trigger on either version of the found string and name string. (assuming a need for backward compatibility) --- panda-wrapper Mon May 9 13:53:18 2005 +++ panda-wrapper.new Mon May 9 13:53:38 2005 @@ -76,9 +76,9 @@ sub busca_virus { my $archivo = $_[0]; - +# print STDERR "Checking $archivo\n"; my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; # print TEMP $comando."\n\n"; open SALIDA, "$comando |"; @@ -89,10 +89,11 @@ s/(\^O|\r)//g; # print TEMP $_; - if (/(Found virus|Encontrado virus)\s*:\s*((\w|\-|\_|\/)+)/) { + if (m/(found virus|virus encontrado|encontrado virus|virus found)\s+:\s?(.*?)$/i) { #if (/Encontrado virus:\s+((\w|\-|\_|\/)+)/) { +# print STDERR "Found $2\n"; close SALIDA; #return $1; return $2; } Also, if you want a cleaner log and a report that has the name of the infected file apply this patch to SweepViruses (version 4.42.1) --- SweepViruses.pm Mon May 9 13:45:25 2005 +++ SweepViruses.pm.new Mon May 9 13:45:52 2005 @@ -2141,25 +2141,24 @@ $logout = $line; $logout =~ s/%/%%/g; $logout =~ s/\s{20,}/ /g; + MailScanner::Log::InfoLog($logout); + # EXAMPLE OUTPUT PLEASE? -- nwp 6/5/02 # Virus: 2##Base: /var/spool/MailScanner/incoming/24408##1: 'h3MENF6X020229/eicar.com' => EICAR-AV-TEST-FILE##2: 'h3MENF6X020229/eicar.zip' => EICAR-AV-TEST-FILE## # Now you wish you never asked :-) $line =~ /Base: (.*?)##/; $BaseDir =~ $1; $numviruses = 0; my $temp = $line; - #2##Base: /var/spool/mailscanner/incoming/23386##1: '1DVCx0-00067f-M4/eicar.com' => EICAR-AV-TEST-FILE ##2: '1DVCx0-00067f-M4/eicar_com.zip' => EICAR-AV-TEST-FILE ## while ( $temp =~ /\d+: \'(.*?)\/(.*?)\' => (.*?)##/ ) { $id = $1; $part = $2; $report = $3; - $report = $Name . ": " . $report." found in $part" if $Name; - $report =~ s/\s{2,}/ /g; - MailScanner::Log::InfoLog("%s",$report); + $report = $Name . ': ' . $report if $Name; $infections->{$id}{$part} .= "$report\n"; $types->{$id}{$part} .= "v"; # it's a real virus $numviruses++; $temp = $'; and your log will display: May 9 13:39:26 srv2 MailScanner[24135]: Panda: EICAR-AV-TEST-FILE found in eicar.com May 9 13:39:27 srv2 MailScanner[24135]: Panda: EICAR-AV-TEST-FILE found in eicar_com.zip May 9 13:39:27 srv2 MailScanner[24135]: Virus Scanning: Panda found 2 infections and reports will look like: Panda: EICAR-AV-TEST-FILE found in eicar.com Hope it helps someone, Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Mon May 9 20:12:58 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:33 2006 Subject: Sober Message-ID: Martin, How can I check for libclamav.* to be up to date? (sorry to be a newbie) I also found that clamd.conf and freshclam.conf looked at different database directory locations. Is it ok just to change one or the other? Thanks, Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, May 09, 2005 11:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sober Jim known issue with 0.84 (well it's know outside the clamav community;-) make sure you have an uptodate libclamav.* and make sure the DatabaseDirectory setting is consistant in clamav.conf, clamd.conf and freshclam.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > I upgraded my ClamAV to 0.84, but for some reason the Sober emails are > still getting through. > > MailScanner's header info shows the email as being clean, yet Avast > finds it as soon as it hits a local system. > > Any idea why it would not be caught? It was my understanding that > ClamAV 0.84 was needed, but shouldn't have any trouble finding it. > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon May 9 20:22:57 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:33 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rick Cooper > Sent: Monday, May 09, 2005 2:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > [...] and to anyone who was listening, I got the SweepViruses.pm patch backward... oops. Should be: --- SweepViruses.pm.new Mon May 9 13:45:52 2005 +++ SweepViruses.pm Mon May 9 14:20:41 2005 @@ -2141,10 +2141,8 @@ $logout = $line; $logout =~ s/%/%%/g; $logout =~ s/\s{20,}/ /g; - MailScanner::Log::InfoLog($logout); - # EXAMPLE OUTPUT PLEASE? -- nwp 6/5/02 # Virus: 2##Base: /var/spool/MailScanner/incoming/24408##1: 'h3MENF6X020229/eicar.com' => EICAR-AV-TEST-FILE##2: 'h3MENF6X020229/eicar.zip' => EICAR-AV-TEST-FILE## # Now you wish you never asked :-) @@ -2156,9 +2154,11 @@ { $id = $1; $part = $2; $report = $3; - $report = $Name . ': ' . $report if $Name; + $report = $Name . ": " . $report." found in $part" if $Name; + $report =~ s/\s{2,}/ /g; + MailScanner::Log::InfoLog("%s",$report); $infections->{$id}{$part} .= "$report\n"; $types->{$id}{$part} .= "v"; # it's a real virus $numviruses++; $temp = $'; Sorry Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From giulio.cervera at EDSPA.IT Mon May 9 21:44:52 2005 From: giulio.cervera at EDSPA.IT (Giulio Cervera) Date: Thu Jan 12 21:29:33 2006 Subject: Missing qmail config Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm using mailscanner 4.40 and now 4.41 with qmail-ldap (i have made a patch to get it working) and CA eTrust with a custom wrapper (CA work only with root and mailscanner run as qmailq) with very good results, but in both version of MS there is some missing variable in MailScanner.conf Qmail Hash Directory Number = 23 Qmail Intd Hash Number = 1 and ConfigDefs.pl qmailintdhashnumber 1 qmailhashdirectorynumber 23 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon May 9 21:51:11 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:33 2006 Subject: IPBlock and db 4.3.28 breakage Message-ID: Gang, I rebuilt and reinstalled perl 5.8.6 on my system after having installed db 4.3.28, and this problem went away. To those using IPBlock, beware! Jeff Earickson Colby College On Sat, 7 May 2005, Jeff A. Earickson wrote: > Date: Sat, 7 May 2005 09:47:32 -0400 > From: Jeff A. Earickson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: IPBlock and db 4.3.28 breakage > > Julian, > > Setup: Solaris 9, MS 4.42.1. Yesterday I upgraded from > Sleepycat 4.3.27 to 4.3.28 (which MS and sendmail use) and > I noticed from my IPBlock cron job (the script you provide at > the bottom of CustomConfig.pm) that it started failing with: > > Failed to open /etc/mail/db/access.db, have you got the path wrong? > No such file or directory > > This is the correct path to my access.db file. When I rolled > back to 4.3.27, the problem went away. The db 4.3.28 changelog is > at: > > http://www.sleepycat.com/update/4.3.27/if.4.3.27.html > > Sendmail is happy with alias updates and other db changes with 4.3.28. > Any ideas? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 9 22:00:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: Missing qmail config Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I suggest you go to opencomputing.sourceforge.net (I think that's where they live) as they wrote and maintain the qmail support. Giulio Cervera wrote: >I'm using mailscanner 4.40 and now 4.41 with qmail-ldap (i have made a >patch to get it working) and CA eTrust with a custom wrapper (CA work only >with root and mailscanner run as qmailq) with very good results, but in >both version of MS there is some missing variable in MailScanner.conf > > Qmail Hash Directory Number = 23 > Qmail Intd Hash Number = 1 > >and ConfigDefs.pl > > qmailintdhashnumber 1 > qmailhashdirectorynumber 23 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon May 9 22:04:14 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:33 2006 Subject: Questionable output from ClamAV? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Running MS 4.40.11 ClamAV 0.84 (no problems so far) Since this sober worm has been on the internet, i've had a ton of blocks recently. In fact, i was getting hammered pretty good from a few places that I just put their IP addresses in my access file and started blocking them. Anyway, saw this today and wasn't sure about it and thought i'd ask here. This just came in; May 9 13:58:28 mail MailScanner[11724]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/11724/./j49Kv1PA011838/Winzipped-Text.pif: Empty file". Please contact the authors! Being as I have just upgraded my MS from a older version (still implementing all the goodies) this was a new one I found. Anything to be concerned about? Anyone else blocking a ton of items like this? Been busy on the net lately. -- Jason Williams Systems Administrator Courtesy Mortgage, Ltd. San Diego, Ca 92108 (619)228-2005 x114 jwilliams@courtesymortgage.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frcaen at gmail.com Mon May 9 22:47:38 2005 From: frcaen at gmail.com (Francois Caen) Date: Thu Jan 12 21:29:33 2006 Subject: emails vanishing - 64-bit trick? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I have the problem described by Chris Trudeau earlier: emails disappearing right after they arrive. Running latest MS, even tried turning clamav and SA off. Centos4 on dual Xeon x86_64. Emails are received, MS is fired off but dies of old age very fast and the email vanishes totally. If I use plain sendmail w/o MS on the same box, works fine. Is there a trick I need to know to get MS working on x86_64? Some compat library? I'm really stuck here. Been using MS for years, but this is my 1st install on this arch and I've hit a wall. I've done all the debugging I can think of. Thanks, Francois Caen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 9 22:49:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: Questionable output from ClamAV? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is a known one, and I have published a fix for it. Upgrade to the latest stable version and the error (which is harmless anyway) should go away. Jason Williams wrote: > Running MS 4.40.11 > ClamAV 0.84 (no problems so far) > > Since this sober worm has been on the internet, i've had a ton of blocks > recently. In fact, i was getting hammered pretty good from a few places > that I just put their IP addresses in my access file and started > blocking them. > > Anyway, saw this today and wasn't sure about it and thought i'd ask > here. This just came in; > > May 9 13:58:28 mail MailScanner[11724]: ProcessClamAVOutput: > unrecognised line > "/var/spool/MailScanner/incoming/11724/./j49Kv1PA011838/Winzipped-Text.pif: > > Empty file". Please contact the authors! > > Being as I have just upgraded my MS from a older version (still > implementing all the goodies) this was a new one I found. > Anything to be concerned about? > > Anyone else blocking a ton of items like this? Been busy on the net > lately. > > -- > Jason Williams > Systems Administrator > Courtesy Mortgage, Ltd. > San Diego, Ca 92108 > (619)228-2005 x114 > jwilliams@courtesymortgage.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 9 23:11:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:33 2006 Subject: emails vanishing - 64-bit trick? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What does it say if you run a batch through it in debug mode (search the list archive for "Debug = yes" for instructions) ? Francois Caen wrote: >Hello, > >I have the problem described by Chris Trudeau earlier: emails >disappearing right after they arrive. Running latest MS, even tried >turning clamav and SA off. Centos4 on dual Xeon x86_64. > >Emails are received, MS is fired off but dies of old age very fast and >the email vanishes totally. >If I use plain sendmail w/o MS on the same box, works fine. > >Is there a trick I need to know to get MS working on x86_64? Some >compat library? > >I'm really stuck here. Been using MS for years, but this is my 1st >install on this arch and I've hit a wall. I've done all the debugging >I can think of. > >Thanks, >Francois Caen > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frcaen at gmail.com Tue May 10 00:34:28 2005 From: frcaen at gmail.com (Francois Caen) Date: Thu Jan 12 21:29:34 2006 Subject: emails vanishing - 64-bit trick? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 5/9/05, Francois Caen wrote: > I have the problem described by Chris Trudeau earlier: emails > disappearing right after they arrive. Running latest MS, even tried > turning clamav and SA off. Centos4 on dual Xeon x86_64. Sorry everyone for wasting your time. I had set Non Spam Action = delete by mistake instead of High Scoring Spam = delete I am a dork. Bye now! Francois ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue May 10 01:04:21 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have an admin from another company who was expecting from some of our staff claiming that the MailScanner headers is not a mime header and therfore he cannot accept the mail for delivery. COuld anyone offer me any advice on a) how to respond and b) whether i need to change anything in my config? Kind regards and thanks Pete "In the case of these three (3) emails, they were stopped as undetermined. They were stopped because of an error within the framework of the email - bad data (see below). The error being that a one of the lines inserted into the header of the email by MBS, specifically the line " -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for more information" is not a MIME header and caused the problem. They need to contact the sender, who in turn needs to contact their administrator to fix this issue. --- It is not an problem with our server & there is nothing I can do to rectify the issue, except release the emails if they are stopped." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at YAHOO.COM Tue May 10 01:40:58 2005 From: patpng7 at YAHOO.COM (Patrick) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: Pls help, I had this error message when run tail -f var/log/maillog. May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 11 of ruleset /etc/MailScanner/mcp/10_example.cf May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 12 of ruleset /etc/MailScanner/mcp/10_example.cf May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 13 of ruleset /etc/MailScanner/mcp/10_example.cf May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 15 of ruleset /etc/MailScanner/mcp/10_example.cf May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 16 of ruleset /etc/MailScanner/mcp/10_example.cf May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line 17 of ruleset /etc/MailScanner/mcp/10_example.cf Below is the content in 10_example.cf: header SAMPLE_RULES1 Subject=~ /sexual/i describe SAMPLE_RULES1 Banned Subject score SAMPLE_RULES1 2 header SAMPLE_RULES2 /testing/i describe SAMPLE_RULES2 Banned body text score SAMPLE_RULES3 5 What is wrong? Inside the mailscanner.conf, I change 4 lines. 1. MCPP Checks = yes 2. MCP Actions = store 3. High Scoring MCP Actions = store 4. Is defintely MCP = %mcp-dir%/10_example.cf rgds Patrick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Tue May 10 02:40:00 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:29:34 2006 Subject: IPBlock and db 4.3.28 breakage Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just wondering, I'm not running the IPBlock function, but wouldn't running the "db_upgrade" on the IPBlock.db after the upgrade to "db 4.3.28" work? Of course MailScanner would have to be shutdown during this upgrade. Ref: www.sleepycat.com/docs/utility/db_upgrade.html thanks Brad >>> Jeff A. Earickson 5/9/2005 3:51:11 PM >>> Gang, I rebuilt and reinstalled perl 5.8.6 on my system after having installed db 4.3.28, and this problem went away. To those using IPBlock, beware! Jeff Earickson Colby College On Sat, 7 May 2005, Jeff A. Earickson wrote: > Date: Sat, 7 May 2005 09:47:32 -0400 > From: Jeff A. Earickson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: IPBlock and db 4.3.28 breakage > > Julian, > > Setup: Solaris 9, MS 4.42.1. Yesterday I upgraded from > Sleepycat 4.3.27 to 4.3.28 (which MS and sendmail use) and > I noticed from my IPBlock cron job (the script you provide at > the bottom of CustomConfig.pm) that it started failing with: > > Failed to open /etc/mail/db/access.db, have you got the path wrong? > No such file or directory > > This is the correct path to my access.db file. When I rolled > back to 4.3.27, the problem went away. The db 4.3.28 changelog is > at: > > http://www.sleepycat.com/update/4.3.27/if.4.3.27.html > > Sendmail is happy with alias updates and other db changes with 4.3.28. > Any ideas? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 10 02:52:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check you don't have any spaces in your %org-name%, that is the most common cause of this sort of problem. Peter --- Any news on your bosses opinions recently? Peter Russell wrote: > We have an admin from another company who was expecting from some of our > staff claiming that the MailScanner headers is not a mime header and > therfore he cannot accept the mail for delivery. > > COuld anyone offer me any advice on a) how to respond and b) whether i > need to change anything in my config? > > Kind regards and thanks > Pete > > > > "In the case of these three (3) emails, they were stopped as > undetermined. > They were stopped because of an error within the framework of the email - > bad data (see below). The error being that a one of the lines inserted > into the header of the email by MBS, specifically the line " > -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > more information" is not a MIME header and caused the problem. > They need to contact the sender, who in turn needs to contact their > administrator to fix this issue. --- It is not an problem with our > server & there is nothing I can do to rectify the issue, except release > the emails if they are stopped." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 10 02:53:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need a space after Subject and before =~ Patrick wrote: >Pls help, > >I had this error message when run tail -f var/log/maillog. > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >11 of ruleset /etc/MailScanner/mcp/10_example.cf > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >12 of ruleset /etc/MailScanner/mcp/10_example.cf > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >13 of ruleset /etc/MailScanner/mcp/10_example.cf > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >15 of ruleset /etc/MailScanner/mcp/10_example.cf > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >16 of ruleset /etc/MailScanner/mcp/10_example.cf > >May 6 18:17:57 mail MailScanner[2888]: Syntax error in first field in line >17 of ruleset /etc/MailScanner/mcp/10_example.cf > >Below is the content in 10_example.cf: >header SAMPLE_RULES1 Subject=~ /sexual/i >describe SAMPLE_RULES1 Banned Subject >score SAMPLE_RULES1 2 > >header SAMPLE_RULES2 /testing/i >describe SAMPLE_RULES2 Banned body text >score SAMPLE_RULES3 5 > >What is wrong? > >Inside the mailscanner.conf, I change 4 lines. >1. MCPP Checks = yes >2. MCP Actions = store >3. High Scoring MCP Actions = store >4. Is defintely MCP = %mcp-dir%/10_example.cf > > >rgds >Patrick > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue May 10 03:08:30 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, thanks no gaps at all. Email has only settled down over the past 2 weeks. I shall resend and BCC you this arvo. Good luck! :) Pete Julian Field wrote: > Check you don't have any spaces in your %org-name%, that is the most > common cause of this sort of problem. > > Peter --- Any news on your bosses opinions recently? > > Peter Russell wrote: > >> We have an admin from another company who was expecting from some of our >> staff claiming that the MailScanner headers is not a mime header and >> therfore he cannot accept the mail for delivery. >> >> COuld anyone offer me any advice on a) how to respond and b) whether i >> need to change anything in my config? >> >> Kind regards and thanks >> Pete >> >> >> >> "In the case of these three (3) emails, they were stopped as >> undetermined. >> They were stopped because of an error within the framework of the email - >> bad data (see below). The error being that a one of the lines inserted >> into the header of the email by MBS, specifically the line " >> -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for >> more information" is not a MIME header and caused the problem. >> They need to contact the sender, who in turn needs to contact their >> administrator to fix this issue. --- It is not an problem with our >> server & there is nothing I can do to rectify the issue, except release >> the emails if they are stopped." >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Tue May 10 03:19:43 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: Julian, Yes,done. But the same problem. rgds Patrick --- Julian Field wrote: > You need a space after Subject and before =~ > > Patrick wrote: > > >Pls help, > > > >I had this error message when run tail -f > var/log/maillog. > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >11 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >12 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >13 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >15 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >16 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >May 6 18:17:57 mail MailScanner[2888]: Syntax error > in first field in line > >17 of ruleset /etc/MailScanner/mcp/10_example.cf > > > >Below is the content in 10_example.cf: > >header SAMPLE_RULES1 Subject=~ /sexual/i > >describe SAMPLE_RULES1 Banned Subject > >score SAMPLE_RULES1 2 > > > >header SAMPLE_RULES2 /testing/i > >describe SAMPLE_RULES2 Banned body text > >score SAMPLE_RULES3 5 > > > >What is wrong? > > > >Inside the mailscanner.conf, I change 4 lines. > >1. MCPP Checks = yes > >2. MCP Actions = store > >3. High Scoring MCP Actions = store > >4. Is defintely MCP = %mcp-dir%/10_example.cf > > > > > >rgds > >Patrick > > > >------------------------ MailScanner list > ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > >the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off > the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at > www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their > support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 10 04:15:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Damn, that's the usual cause of that one. Why else why they might think it's not a MIME header? What evidence do they have? Peter Russell wrote: > Hi, thanks no gaps at all. > > Email has only settled down over the past 2 weeks. I shall resend and > BCC you this arvo. Good luck! :) > > Pete > > > > Julian Field wrote: > >> Check you don't have any spaces in your %org-name%, that is the most >> common cause of this sort of problem. >> >> Peter --- Any news on your bosses opinions recently? >> >> Peter Russell wrote: >> >>> We have an admin from another company who was expecting from some of >>> our >>> staff claiming that the MailScanner headers is not a mime header and >>> therfore he cannot accept the mail for delivery. >>> >>> COuld anyone offer me any advice on a) how to respond and b) whether i >>> need to change anything in my config? >>> >>> Kind regards and thanks >>> Pete >>> >>> >>> >>> "In the case of these three (3) emails, they were stopped as >>> undetermined. >>> They were stopped because of an error within the framework of the >>> email - >>> bad data (see below). The error being that a one of the lines >>> inserted >>> into the header of the email by MBS, specifically the line " >>> -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP >>> for >>> more information" is not a MIME header and caused the problem. >>> They need to contact the sender, who in turn needs to contact their >>> administrator to fix this issue. --- It is not an problem with our >>> server & there is nothing I can do to rectify the issue, except release >>> the emails if they are stopped." >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 10 04:16:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ah, your SAMPLE_RULES2 rule doesn't have a header name. pat png wrote: >Julian, > >Yes,done. But the same problem. > >rgds >Patrick > > >--- Julian Field wrote: > > >>You need a space after Subject and before =~ >> >>Patrick wrote: >> >> >> >>>Pls help, >>> >>>I had this error message when run tail -f >>> >>> >>var/log/maillog. >> >> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>11 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>12 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>13 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>15 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>16 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>17 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>Below is the content in 10_example.cf: >>>header SAMPLE_RULES1 Subject=~ /sexual/i >>>describe SAMPLE_RULES1 Banned Subject >>>score SAMPLE_RULES1 2 >>> >>>header SAMPLE_RULES2 /testing/i >>>describe SAMPLE_RULES2 Banned body text >>>score SAMPLE_RULES3 5 >>> >>>What is wrong? >>> >>>Inside the mailscanner.conf, I change 4 lines. >>>1. MCPP Checks = yes >>>2. MCP Actions = store >>>3. High Scoring MCP Actions = store >>>4. Is defintely MCP = %mcp-dir%/10_example.cf >>> >>> >>>rgds >>>Patrick >>> >>>------------------------ MailScanner list >>> >>> >>------------------------ >> >> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>> >>> >>the words: >> >> >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki >>> >>> >>(http://wiki.mailscanner.info/) and >> >> >>>the archives >>> >>> >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >>>Support MailScanner development - buy the book off >>> >>> >>the website! >> >> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at >>www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their >>support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 >>5947 1415 B654 >> >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> >> >> > > > >__________________________________ >Yahoo! Mail Mobile >Take Yahoo! Mail with you! Check email on your mobile phone. >http://mobile.yahoo.com/learn/mail > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Tue May 10 04:27:10 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: Julian, I hope you do not mind. can you show me a few example. 1. by subject 2. by body that contain certain words Thank you in advance. rgds Patrick Julian Field wrote: Ah, your SAMPLE_RULES2 rule doesn't have a header name. pat png wrote: >Julian, > >Yes,done. But the same problem. > >rgds >Patrick > > >--- Julian Field wrote: > > >>You need a space after Subject and before =~ >> >>Patrick wrote: >> >> >> >>>Pls help, >>> >>>I had this error message when run tail -f >>> >>> >>var/log/maillog. >> >> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>11 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>12 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>13 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>15 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>16 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error >>> >>> >>in first field in line >> >> >>>17 of ruleset /etc/MailScanner/mcp/10_example.cf >>> >>>Below is the content in 10_example.cf: >>>header SAMPLE_RULES1 Subject=~ /sexual/i >>>describe SAMPLE_RULES1 Banned Subject >>>score SAMPLE_RULES1 2 >>> >>>header SAMPLE_RULES2 /testing/i >>>describe SAMPLE_RULES2 Banned body text >>>score SAMPLE_RULES3 5 >>> >>>What is wrong? >>> >>>Inside the mailscanner.conf, I change 4 lines. >>>1. MCPP Checks = yes >>>2. MCP Actions = store >>>3. High Scoring MCP Actions = store >>>4. Is defintely MCP = %mcp-dir%/10_example.cf >>> >>> >>>rgds >>>Patrick >>> >>>------------------------ MailScanner list >>> >>> >>------------------------ >> >> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>> >>> >>the words: >> >> >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki >>> >>> >>(http://wiki.mailscanner.info/) and >> >> >>>the archives >>> >>> >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >>>Support MailScanner development - buy the book off >>> >>> >>the website! >> >> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at >>www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their >>support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 >>5947 1415 B654 >> >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> >> >> > > > >__________________________________ >Yahoo! Mail Mobile >Take Yahoo! Mail with you! Check email on your mobile phone. >http://mobile.yahoo.com/learn/mail > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 10 08:56:43 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:34 2006 Subject: Sober Message-ID: Jim Make sure libclamav.* creation date is consistent with when you installed it. (or consistant with clamscan if you rpm-ed it). doesn't matter where they are but they must be consistant. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Martin, > > How can I check for libclamav.* to be up to date? (sorry to be a newbie) > > I also found that clamd.conf and freshclam.conf looked at different database > directory locations. > > Is it ok just to change one or the other? > > Thanks, > Jim > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Martin Hepworth > Sent: Monday, May 09, 2005 11:00 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sober > > > Jim > > known issue with 0.84 (well it's know outside the clamav community;-) > > make sure you have an uptodate libclamav.* and > > make sure the DatabaseDirectory setting is consistant in clamav.conf, > clamd.conf and freshclam.conf > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jim Coates wrote: > >>I upgraded my ClamAV to 0.84, but for some reason the Sober emails are >>still getting through. >> >>MailScanner's header info shows the email as being clean, yet Avast >>finds it as soon as it hits a local system. >> >>Any idea why it would not be caught? It was my understanding that >>ClamAV 0.84 was needed, but shouldn't have any trouble finding it. >> >>Thanks, >>Jim Coates >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > This footnote confirms that this email message has been swept for the > presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 10 09:06:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: Peter Now looking at this email you send I note there alot of white spaces in the header not to mention something that lookes like a CR... X-Melbournebusinessschool-Mailscanner-Information: Please contact the ISP for more information my exim seems to cope with this but your recipient might have issues with the newline - check the MailScanner.conf setting for this and make sure things are 100% ok. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Russell wrote: > We have an admin from another company who was expecting from some of our > staff claiming that the MailScanner headers is not a mime header and > therfore he cannot accept the mail for delivery. > > COuld anyone offer me any advice on a) how to respond and b) whether i > need to change anything in my config? > > Kind regards and thanks > Pete > > > > "In the case of these three (3) emails, they were stopped as undetermined. > They were stopped because of an error within the framework of the email - > bad data (see below). The error being that a one of the lines inserted > into the header of the email by MBS, specifically the line " > -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > more information" is not a MIME header and caused the problem. > They need to contact the sender, who in turn needs to contact their > administrator to fix this issue. --- It is not an problem with our > server & there is nothing I can do to rectify the issue, except release > the emails if they are stopped." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Tue May 10 09:55:00 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:34 2006 Subject: Max Children > 1: same message gets delivered more than once Message-ID: > - when I define e.g. "Max Children = 3" there are three children started > *BUT* the same message gets delivered also N times (in this case N=3) ... > --> NOK > > I don't know how the children of MailScanner manages the processing of > the messages in the hold queue (I'm using postfix but this shouldn't matter). > Do I have a MailScanner locking problem? I have tried to encircle the problem. There seems to be a locking problem @ Solaris 9 (at least our version?) # uname -a SunOS cicero2 5.9 Generic_118558-03 sun4u sparc SUNW,UltraAX-i2 (full patched, using /usr/perl5/5.6.1) I have modified MailScanner modules (additional debug statements) to get some more details. Unfortunately perl is not one of my first / second languages I speak fluently ... Initialisation (Max Children = 2): May 10 10:00:08 cicero2 MailScanner[24151]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 10 10:00:08 cicero2 MailScanner[24151]: Read 120 hostnames from the phishing whitelist May 10 10:00:08 cicero2 MailScanner[24151]: lock.pl sees Config LockType = flock May 10 10:00:08 cicero2 MailScanner[24151]: lock.pl sees have_module = 0 May 10 10:00:08 cicero2 MailScanner[24151]: Using locktype = flock May 10 10:00:19 cicero2 MailScanner[24152]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 10 10:00:19 cicero2 MailScanner[24152]: Read 120 hostnames from the phishing whitelist May 10 10:00:19 cicero2 MailScanner[24152]: lock.pl sees Config LockType = flock May 10 10:00:19 cicero2 MailScanner[24152]: lock.pl sees have_module = 0 May 10 10:00:19 cicero2 MailScanner[24152]: Using locktype = flock first instance fetches message in hold queue: May 10 10:00:25 cicero2 MailScanner[24152]: DBG Searching /var/spool/postfix/hold for messages May 10 10:00:25 cicero2 MailScanner[24152]: DBG Trying to lock message BACE376C0A.5E46B May 10 10:00:25 cicero2 MailScanner[24152]: DBG lock FileHandle=GLOB(0xca37a4) /var/spool/postfix/hold/B/BACE376C0A May 10 10:00:25 cicero2 MailScanner[24152]: DBG fh=FileHandle=GLOB(0xca37a4) fn=+/var/spool/MailScanner/incoming/24152/BACE376C0A.5E46B.header May 10 10:00:25 cicero2 MailScanner[24152]: Using flock() to lock >/var/spool/MailScanner/incoming/24152/BACE376C0A.5E46B.header May 10 10:00:25 cicero2 MailScanner[24152]: New Batch: Scanning 1 messages, 784 bytes May 10 10:00:25 cicero2 MailScanner[24152]: Saved archive copies of BACE376C0A.5E46B May 10 10:00:25 cicero2 MailScanner[24152]: Spam Checks: Starting May 10 10:00:26 cicero2 MailScanner[24152]: Virus and Content Scanning: Starting second instance gets same message (even first instance didn't release lock): May 10 10:00:26 cicero2 MailScanner[24151]: DBG Searching /var/spool/postfix/hold for messages May 10 10:00:26 cicero2 MailScanner[24151]: DBG Trying to lock message BACE376C0A.8B6F4 May 10 10:00:26 cicero2 MailScanner[24151]: DBG lock FileHandle=GLOB(0xca3910) /var/spool/postfix/hold/B/BACE376C0A May 10 10:00:26 cicero2 MailScanner[24151]: DBG fh=FileHandle=GLOB(0xca3910) fn=+/var/spool/MailScanner/incoming/24151/BACE376C0A.8B6F4.header May 10 10:00:26 cicero2 MailScanner[24151]: Using flock() to lock >/var/spool/MailScanner/incoming/24151/BACE376C0A.8B6F4.header May 10 10:00:26 cicero2 MailScanner[24151]: New Batch: Scanning 1 messages, 784 bytes May 10 10:00:26 cicero2 MailScanner[24151]: Saved archive copies of BACE376C0A.8B6F4 May 10 10:00:26 cicero2 MailScanner[24151]: Spam Checks: Starting May 10 10:00:27 cicero2 MailScanner[24151]: Virus and Content Scanning: Starting final processing: May 10 10:00:30 cicero2 MailScanner[24152]: DBG fh=FileHandle=GLOB(0xceb728) fn=+>/var/spool/postfix/incoming/temp-24152-BACE376C0A.5E46B May 10 10:00:30 cicero2 MailScanner[24152]: Using flock() to lock +>/var/spool/postfix/incoming/temp-24152-BACE376C0A.5E46B May 10 10:00:30 cicero2 MailScanner[24152]: Requeue: BACE376C0A.5E46B to 7D2CC76C2C May 10 10:00:30 cicero2 MailScanner[24152]: Uninfected: Delivered 1 messages May 10 10:00:30 cicero2 MailScanner[24152]: DBG Searching /var/spool/postfix/hold for messages May 10 10:00:31 cicero2 MailScanner[24151]: DBG fh=FileHandle=GLOB(0xceb7bc) fn=+>/var/spool/postfix/incoming/temp-24151-BACE376C0A.8B6F4 May 10 10:00:31 cicero2 MailScanner[24151]: Using flock() to lock +>/var/spool/postfix/incoming/temp-24151-BACE376C0A.8B6F4 May 10 10:00:31 cicero2 MailScanner[24151]: Requeue: BACE376C0A.8B6F4 to 2ED5076C2C May 10 10:00:31 cicero2 MailScanner[24151]: Uninfected: Delivered 1 messages May 10 10:00:31 cicero2 MailScanner[24151]: DBG Searching /var/spool/postfix/hold for messages Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue May 10 10:49:32 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:34 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 9 maj 2005 21:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Steen, Glenn > > Sent: Monday, May 09, 2005 1:01 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: SV: Panda not working > > > > > > Yes, well.... There is where you (unfortunately) may start > to stumble... > > See, the original wrapper does a pretty decent job of sanitizing > > the output, but... It assumes that the output is as seen on an > > xterm/vt-whatever when executing "inside MS". This isn't the case. > > So then the original author "falls back" on invoking pavcl > > once/file... and still it'll mess up from time to time. Set your > > TERM to "dumb" (or unset it), then call it as is done in MS on a > > directory that may contain several subdirectories (both clean and > > unclean files) and you'll likely see the same mess I found... Of > > course, I'd be rather happy if it did work for you, since that > > would point at some peculiarity in my system, but.... I won't > > hold my breath:-). > > This may be true, haven't tested that. But haven't > experienced an issue with > it either, then again I have only been testing for a couple > hours. Weeks of testing in my case;). > If that > is a problem I would think changing > > my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; > to > > my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 > > /tmp/FileNameBasedOnPid > "; > > and parsing the /tmp file rather than the pipe it's self > should solve that. > Wouldn't allow the terminal to alter the output. The problem isn't with the terminal, it is with ncurses and pavcl/thewrappers reliance on it. > > As far as multiple, nested directories. Julian may have to > correct me, but > there shouldn't be any nested directories. All the files > should be extracted > into a single directory with the SafeName function handling > duplicate as > well as possibly dangerous file names so the -cmp switch > shouldn't really be > used at all (unless I am mistaken). IIRC the unpacking is done in this > manner to remove the chance of archived directory structures > spilling out > where they don't belong. Well, the wrappers get called in the batch directory (/var/spool/MailScanner/incoming/) as "wrapper path . args", so if you have more than one message in the batch, you'll scan more than one directory at a time (it might also get called on ./, which the current wrapper script will blithely ignore, but that is just one little problem with it... Killing resources by running pavcl once/file is another, and not being able to run the wrapper outside MS is a third (this is since the directory traversal is kind of ... simplistic)). > > > > I'll be glad to share my "improved" wrapper scripts if you'd like > > to have a go with them, but... I'd recommend against wasting to > > much (more) time on it. Drop a line and I'll forward them > > tomorrow (horrible hacks that they are:-). > > > > Best would be for them to produce sane output. > > using ANSI for output is ignorant at best... like trying to > step back to the > DOS days and having a cool/pretty display. Ahem, not really "ansi", no, rather "escape sequences as defined in terminfo":-). But in principle I do agree. > But I ran the > standard wrapper > and found it didn't recognize viruses because of a rather > simple thing to > fix. It would appear that panda swapped the words around on > their "Virus > found" string and removed a space between the ":" and virus > name string. There's some more small things one can fix along the way, like the actual virus RE which should include a dot (Lovegate <> Lovegate.AB), but basically I see this as a waste of time. The FP/FNs will only rear their ugly head on a system where a batch > 1 message, so simpler tests than that usually work. I made some fairly ugly hacks to overcome the designflaws of the original wrapper (mainly to be able to test outside of MS and a stab at running just one pavcl/batch) that worked very nice... Until left running for a few days (in MS of course). I'd be happy to work with you to cover this ground (again... Who knows, I might have missed something glaringly obvious:-), if I had the time to spare ... Unfortunately Real Work(tm) is a priority ATM, so I don't have any to spare. -- Glenn > > The patch below (for panda-wrapper) appears to take care of > the problem > related to not finding the virus as it will trigger on either > version of the > found string and name string. (assuming a need for backward > compatibility) > > --- panda-wrapper Mon May 9 13:53:18 2005 > +++ panda-wrapper.new Mon May 9 13:53:38 2005 > @@ -76,9 +76,9 @@ > > sub busca_virus { > > my $archivo = $_[0]; > - > +# print STDERR "Checking $archivo\n"; > my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; > # print TEMP $comando."\n\n"; > > open SALIDA, "$comando |"; > @@ -89,10 +89,11 @@ > s/(\^O|\r)//g; > > # print TEMP $_; > > - if (/(Found virus|Encontrado > virus)\s*:\s*((\w|\-|\_|\/)+)/) > { > + if (m/(found virus|virus > encontrado|encontrado virus|virus > found)\s+:\s?(.*?)$/i) { > #if (/Encontrado virus:\s+((\w|\-|\_|\/)+)/) { > +# print STDERR "Found $2\n"; > close SALIDA; > #return $1; > return $2; > } > > > > Also, if you want a cleaner log and a report that has the name of the > infected file apply this patch to SweepViruses (version 4.42.1) > > --- SweepViruses.pm Mon May 9 13:45:25 2005 > +++ SweepViruses.pm.new Mon May 9 13:45:52 2005 > @@ -2141,25 +2141,24 @@ > > $logout = $line; > $logout =~ s/%/%%/g; > $logout =~ s/\s{20,}/ /g; > + MailScanner::Log::InfoLog($logout); > + > # EXAMPLE OUTPUT PLEASE? -- nwp 6/5/02 > # Virus: 2##Base: /var/spool/MailScanner/incoming/24408##1: > 'h3MENF6X020229/eicar.com' => EICAR-AV-TEST-FILE##2: > 'h3MENF6X020229/eicar.zip' => EICAR-AV-TEST-FILE## > # Now you wish you never asked :-) > > $line =~ /Base: (.*?)##/; > $BaseDir =~ $1; > $numviruses = 0; > my $temp = $line; > - #2##Base: /var/spool/mailscanner/incoming/23386##1: > '1DVCx0-00067f-M4/eicar.com' => EICAR-AV-TEST-FILE ##2: > '1DVCx0-00067f-M4/eicar_com.zip' => EICAR-AV-TEST-FILE ## > while ( $temp =~ /\d+: \'(.*?)\/(.*?)\' => (.*?)##/ ) > { > $id = $1; > $part = $2; > $report = $3; > - $report = $Name . ": " . $report." found in $part" if $Name; > - $report =~ s/\s{2,}/ /g; > - MailScanner::Log::InfoLog("%s",$report); > + $report = $Name . ': ' . $report if $Name; > $infections->{$id}{$part} .= "$report\n"; > $types->{$id}{$part} .= "v"; # it's a real virus > $numviruses++; > $temp = $'; > > and your log will display: > > May 9 13:39:26 srv2 MailScanner[24135]: Panda: > EICAR-AV-TEST-FILE found > in eicar.com > May 9 13:39:27 srv2 MailScanner[24135]: Panda: > EICAR-AV-TEST-FILE found > in eicar_com.zip > May 9 13:39:27 srv2 MailScanner[24135]: Virus Scanning: Panda found 2 > infections > > and reports will look like: > > Panda: EICAR-AV-TEST-FILE found in eicar.com > > Hope it helps someone, > > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue May 10 10:53:13 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:34 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 9 maj 2005 21:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Rick Cooper > > Sent: Monday, May 09, 2005 2:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > [...] > > and to anyone who was listening, I got the SweepViruses.pm > patch backward... > oops. > > Should be: > > --- SweepViruses.pm.new Mon May 9 13:45:52 2005 > +++ SweepViruses.pm Mon May 9 14:20:41 2005 > @@ -2141,10 +2141,8 @@ > > $logout = $line; > $logout =~ s/%/%%/g; > $logout =~ s/\s{20,}/ /g; > - MailScanner::Log::InfoLog($logout); > - > # EXAMPLE OUTPUT PLEASE? -- nwp 6/5/02 > # Virus: 2##Base: /var/spool/MailScanner/incoming/24408##1: > 'h3MENF6X020229/eicar.com' => EICAR-AV-TEST-FILE##2: > 'h3MENF6X020229/eicar.zip' => EICAR-AV-TEST-FILE## > # Now you wish you never asked :-) > > @@ -2156,9 +2154,11 @@ > { > $id = $1; > $part = $2; > $report = $3; > - $report = $Name . ': ' . $report if $Name; > + $report = $Name . ": " . $report." found in $part" if $Name; > + $report =~ s/\s{2,}/ /g; > + MailScanner::Log::InfoLog("%s",$report); > $infections->{$id}{$part} .= "$report\n"; > $types->{$id}{$part} .= "v"; # it's a real virus > $numviruses++; > $temp = $'; > > Sorry No sweat, we're all human;). Anyway, I made a similar change while testing, and it was from that I started smelling something fishy... filenames simply came out mangled beyond recognition (when actually looking at the filenames, not the thing coming out of the standard wrapper). -- Glenn > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue May 10 13:40:08 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Peter > > Now looking at this email you send I note there alot of white spaces in > the header not to mention something that lookes like a CR... > > X-Melbournebusinessschool-Mailscanner-Information: Please contact the > ISP for > more information > > my exim seems to cope with this but your recipient might have issues > with the newline - check the MailScanner.conf setting for this and make > sure things are 100% ok. Martin, I doubt this is the cause because your email has the same: X-Solid-State-Logic-MailScanner-Information: Please contact Solid State Logic Ltd for more information I think this is just a cosmetic line wrap done by your MTA (mine is sendmail). Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From mkehler at WRHA.MB.CA Tue May 10 14:17:33 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:34 2006 Subject: rpm or tar install? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Went through the 4.41.3-1 rpm install again. There are absolutely zero errors while installing MIME-tools-5.417, but still outputs "error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch" at the end. I'll try the manual install I guess, maybe I'll have better luck. Matt >>> MailScanner@ECS.SOTON.AC.UK 5/8/2005 7:02:23 AM >>> It is failing to build the MIME-tools for some reason, you need to look at that and work out why. I would not advise just sticking with the (very) old version. You need to look at why it is failing on your system. The output from the ./install.sh script, while it is trying to build perl-MIME-tools, will tell you what is going wrong. Matt Kehler wrote: > Well, 4.33.3-1 seems to install fine as long as I put > perl-MIME-tools-5.411-pl4.3.noarch.rpm into > /usr/src/redhat/RPMS/noarch prior to install. Tried to install > 4.41.3-1 after that, still no go. Same errors. Any ideas? Or should > I just quit and stick with 4.33.3-1? > > MK > > >>>>>>>>>>> > > Thanks. I get the following on RH ES4 when trying to install via > RPM..tried to update Convert::BinHex and Mime::Tools manually > beforehand but it doesn't seem to work. Any ideas? Funny thing is > that halfway through the install it looks like Mime::Tools gets > installed fine, as well as Convert::BinHex... > > > error: Failed dependencies: > perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1.noarch > > Oh good, module Convert::TNEF version 0.17 is already installed. > > Oh good, module Compress::Zlib version 1.33 is already installed. > > Oh good, module Archive::Zip version 1.14 is already installed. > > Installing tnef decoder > > Preparing... > ########################################### [100%] > package tnef-1.2.3.1-1 is already installed > > Now to install MailScanner itself. > > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch > > Matt > > >>> MailScanner@ECS.SOTON.AC.UK 5/6/2005 10:33:23 AM >>> > RPM, no question. > > On 6 May 2005, at 16:08, Matt Kehler wrote: > > > I'm building a new MS box on RH ES4. What is the preferrred/better > > method of install, via rpm or manually? > > -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue May 10 15:33:08 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:34 2006 Subject: GUI for MailScanner and Spamassassin settings Message-ID: I know that there are frontends for administrators for MailScanner and Spamassassin and for customers to change settings for spamassassin using a DB. What I was wondering is, if there are any frontends for customers to change their own settings for both MailScanner and Spamassassin. For example, I want to allow customers to enable/disable scanning, change there spam and high spam threshold, change whether to delete or forward tagged messages, etc... Does anyone know if there is such a program out there? Thanks. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue May 10 15:55:43 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:34 2006 Subject: GUI for MailScanner and Spamassassin settings Message-ID: Ok, Sorry about this. I found the Fortress Systems site. I'm not sure it does what I'm looking for but I will look at it further. Are there any others? Sean RedRed!com IT Department wrote: > I know that there are frontends for administrators for MailScanner and > Spamassassin and for customers to change settings for spamassassin using > a DB. What I was wondering is, if there are any frontends for customers > to change their own settings for both MailScanner and Spamassassin. For > example, I want to allow customers to enable/disable scanning, change > there spam and high spam threshold, change whether to delete or forward > tagged messages, etc... > > Does anyone know if there is such a program out there? Thanks. > > Sean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue May 10 15:56:14 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: I use ClamAV for my virus scanning with MailScanner right now, but this whole Sober issue has made me think it would be wise to put a secondary scanner in my setup. What all do you recommend? Thanks, Jim Coates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue May 10 16:19:43 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: We've been pretty happy with Sophos. Only problem I've had was with this months update (3.93) it was coming up with all kinds of errors. Just got an e-mail from them today that they've corrected the problem and issued an update (3.93.2). They also issue virus pattern updates as soon as they've identified. It's not uncommon to get 5 or 6 updates or more a day. And their EM Library pushes the updates out to our Windows workstations, as well as having a mount point for some of our UNIX boxes. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Coates Sent: Tuesday, May 10, 2005 9:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Secondary Virus Scanner I use ClamAV for my virus scanning with MailScanner right now, but this whole Sober issue has made me think it would be wise to put a secondary scanner in my setup. What all do you recommend? Thanks, Jim Coates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 10 16:13:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote: > I use ClamAV for my virus scanning with MailScanner right now, but this > whole Sober issue has made me think it would be wise to put a secondary > scanner in my setup. > > What all do you recommend? > > Thanks, > Jim Coates > If you are looking for free, then BitDefender os OK as a secondary scanner, but I wouldn't rely on it for first line of defense. Also, if you have a corporate license for your desktops, look if it entitles you to a command line scanner in linux. We have a McAfee license for the linux command line included in our desktop license. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Tue May 10 16:29:39 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist Message-ID: Hi, I want to create a blacklist for multiple domains with all there own configuration. ---------------------------------------------------------- - My configuration: ---------------------------------------------------------- Is Definitely Spam = /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- From: domain.com /etc/MailScanner/rules/domain.com.conf ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- From: user@spamdomain.com yes FromOrTo: default no ---------------------------------------------------------- - When I start MailScanner ---------------------------------------------------------- MailScanner E-Mail Virus Scanner version 4.41.3 starting... Syntax error in line 1 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Syntax error in line 2 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Found syntax errors in /opt/MailScanner/etc/rules/blacklist.rules. What do I wrong ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Tue May 10 16:31:53 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: Hi, I want to create a blacklist for multiple domains with all there own configuration. ---------------------------------------------------------- - My configuration: ---------------------------------------------------------- Is Definitely Spam = /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- To: domain.com /etc/MailScanner/rules/domain.com.conf ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- From: user@spamdomain.com yes FromOrTo: default no ---------------------------------------------------------- - When I start MailScanner ---------------------------------------------------------- MailScanner E-Mail Virus Scanner version 4.41.3 starting... Syntax error in line 1 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Syntax error in line 2 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Found syntax errors in /opt/MailScanner/etc/rules/blacklist.rules. What do I wrong ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue May 10 16:39:27 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had the same issue then I changed my blacklist and whitelist filenames to blacklist.rules.conf and whitelist.rules.conf and now they work great. I think it is something to do with the way the .rules files get parsed. HTH, Sean Paul van Brouwershaven wrote: > Hi, > > I want to create a blacklist for multiple domains with all there own > configuration. > > ---------------------------------------------------------- > - My configuration: > ---------------------------------------------------------- > Is Definitely Spam = /opt/MailScanner/etc/rules/blacklist.rules > > ---------------------------------------------------------- > - Content of /opt/MailScanner/etc/rules/blacklist.rules > ---------------------------------------------------------- > To: domain.com /etc/MailScanner/rules/domain.com.conf > > ---------------------------------------------------------- > - Content of /opt/MailScanner/etc/rules/blacklist.rules > ---------------------------------------------------------- > From: user@spamdomain.com yes > FromOrTo: default no > > ---------------------------------------------------------- > - When I start MailScanner > ---------------------------------------------------------- > MailScanner E-Mail Virus Scanner version 4.41.3 starting... > > Syntax error in line 1 of ruleset file > /opt/MailScanner/etc/rules/blacklist.rules > > Syntax error in line 2 of ruleset file > /opt/MailScanner/etc/rules/blacklist.rules > > Found syntax errors in /opt/MailScanner/etc/rules/blacklist.rules. > > What do I wrong ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue May 10 16:41:32 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: What kinds of errors? On what platform? While I hadn't seen any issues with 3.93.0 on Solaris 9, your note prompted me to install 3.93.2. Jeff Earickson Colby College On Tue, 10 May 2005, Aaron K. Moore wrote: > Date: Tue, 10 May 2005 10:19:43 -0500 > From: Aaron K. Moore > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Secondary Virus Scanner > > We've been pretty happy with Sophos. Only problem I've had was with > this months update (3.93) it was coming up with all kinds of errors. > Just got an e-mail from them today that they've corrected the problem > and issued an update (3.93.2). > > They also issue virus pattern updates as soon as they've identified. > It's not uncommon to get 5 or 6 updates or more a day. And their EM > Library pushes the updates out to our Windows workstations, as well as > having a mount point for some of our UNIX boxes. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Coates > Sent: Tuesday, May 10, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Secondary Virus Scanner > > I use ClamAV for my virus scanning with MailScanner right now, but this > whole Sober issue has made me think it would be wise to put a secondary > scanner in my setup. > > What all do you recommend? > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue May 10 17:01:24 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: I posted on them last week on the MailScanner list. Mostly a bunch of SAVI errors. I had to switch back to using sweep, it produced fewer problems. Here's the URL to the knowledgebase entry Sophos had in their latest support news e-mail. http://www.sophos.com/support/knowledgebase/article/3071.html -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson Sent: Tuesday, May 10, 2005 10:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Secondary Virus Scanner What kinds of errors? On what platform? While I hadn't seen any issues with 3.93.0 on Solaris 9, your note prompted me to install 3.93.2. Jeff Earickson Colby College On Tue, 10 May 2005, Aaron K. Moore wrote: > Date: Tue, 10 May 2005 10:19:43 -0500 > From: Aaron K. Moore > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Secondary Virus Scanner > > We've been pretty happy with Sophos. Only problem I've had was with > this months update (3.93) it was coming up with all kinds of errors. > Just got an e-mail from them today that they've corrected the problem > and issued an update (3.93.2). > > They also issue virus pattern updates as soon as they've identified. > It's not uncommon to get 5 or 6 updates or more a day. And their EM > Library pushes the updates out to our Windows workstations, as well as > having a mount point for some of our UNIX boxes. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jim Coates > Sent: Tuesday, May 10, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Secondary Virus Scanner > > I use ClamAV for my virus scanning with MailScanner right now, but this > whole Sober issue has made me think it would be wise to put a secondary > scanner in my setup. > > What all do you recommend? > > Thanks, > Jim Coates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Tue May 10 17:05:22 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:34 2006 Subject: Qurantine Phishing? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ive just started to look at the phishing detection capabilities in MailScanner. I can see that it adds the "MailScanner has detected a possible fraud ......" to the message but wondered if it was possible to just quarantine the message so the recipient doesnt get it at all? Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Tue May 10 17:14:16 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: RedRed!com IT Department wrote: > I had the same issue then I changed my blacklist and whitelist filenames > to blacklist.rules.conf and whitelist.rules.conf and now they work > great. I think it is something to do with the way the .rules files get > parsed. I changed the filenames, but the same problem. When I change the "To:" lines in the blacklist.rules.conf to "From:" lines there is no problem but then I can't create a blacklist only for one domain. MailScanner E-Mail Virus Scanner version 4.41.3 starting... Syntax error in line 1 of ruleset file /etc/MailScanner/rules/blacklist.rules.conf Syntax error in line 2 of ruleset file /etc/MailScanner/rules/blacklist.rules.conf Found syntax errors in /etc/MailScanner/rules/blacklist.rules.conf. Syntax error in line 1 of ruleset file /etc/MailScanner/rules/whitelist.rules.conf Found syntax errors in /etc/MailScanner/rules/whitelist.rules.conf. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue May 10 17:18:25 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I read the EXAMPLES and README and no where does it say you can put just the domain. Examples are as follows... From: *@domain1.com /opt/MailScanner/etc/reports/domain1.sig.txt From: *@domain2.com /opt/MailScanner/etc/reports/domain2.sig.txt FromOrTo: *@scanme.com yes FromOrTo: *@scanme-too.com yes To: @abc.com postmaster@me.com george@abc.com To: @def.com postmaster@me.com bill@def.com From: *@spammers.com yes The README states... 2. The pattern describes what messages should match this rule. Some examples are: user@sub.domain.com # Individual address user@* # 1 user at any domain *@sub.domain.com # Any user at 1 domain *@*.domain.com # Any user at any sub-domain of "domain.com" *@domain.com # Any user at 1 specific domain /pattern/ # Any address matching this Perl regular # expression 192.168. # Any SMTP client IP address in this network /pattern-with-no-letters/ # Any SMTP client IP address matching this # Perl regular expression /^192\.168\.1[4567]\./ # Any SMTP client IP address in the networks # 192.168.14 - 192.168.17 *@* # Default value default # Default value You should be able to do just about anything with that. Once again no putting just the domain. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Paul van Brouwershaven Sent: Tuesday, May 10, 2005 11:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Blacklist (correction) Hi, I want to create a blacklist for multiple domains with all there own configuration. ---------------------------------------------------------- - My configuration: ---------------------------------------------------------- Is Definitely Spam = /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- To: domain.com /etc/MailScanner/rules/domain.com.conf ---------------------------------------------------------- - Content of /opt/MailScanner/etc/rules/blacklist.rules ---------------------------------------------------------- From: user@spamdomain.com yes FromOrTo: default no ---------------------------------------------------------- - When I start MailScanner ---------------------------------------------------------- MailScanner E-Mail Virus Scanner version 4.41.3 starting... Syntax error in line 1 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Syntax error in line 2 of ruleset file /opt/MailScanner/etc/rules/blacklist.rules Found syntax errors in /opt/MailScanner/etc/rules/blacklist.rules. What do I wrong ? This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 10 17:22:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:34 2006 Subject: Qurantine Phishing? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul Houselander wrote: > Hi > > Ive just started to look at the phishing detection capabilities in > MailScanner. > > I can see that it adds the "MailScanner has detected a possible fraud > ......" to the message but wondered if it was possible to just quarantine > the message so the recipient doesnt get it at all? > > Thanks > > Paul > Too many false positives to just dump the message. I think Julian has just the right balance of usability and reliability. Unless you have some system for users to release their own quarantine, you are just adding more work for yourself. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Tue May 10 18:05:44 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: Derek Winkler wrote: > I read the EXAMPLES and README and no where does it say you can put just the > domain. I also tried: To: *@domain1.com /opt/MailScanner/etc/reports/domain1.sig.txt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Tue May 10 19:54:01 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: Hi Julian I see that there has been some discussion earlier about the use of milter-sender with sendmail to verify that the sender's address does exist before accepting mail. That then allows mail to be rejected at connection time if the sender's address seems to be fraudulent. I like the idea behind milter-sender, but would much prefer it to be integrated with MailScanner rather than sendmail, so that false positives (eg no-reply type addresses and other mail blocked due to problems that are sure to arise) result in mail being quarantined rather than bounced. Is this an option that you would be interested in accepting on the wishlist for future development of MailScanner? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Tue May 10 21:01:34 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:34 2006 Subject: Milters and MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Friday 06 May 2005 03:30 pm, Doc Schneider wrote: > Michele Neylon:: Blacknight wrote: > > Doc Schneider wrote: > >>Just a quick question, is it possible to run a Milter with MailScanner? > >>I'm seriously thinking of adding greylisting to my MX server because > >>mostly it gets nothing but spam. > > > > Short answer - yes > > Well thanks! I know how to do them was just curious if it would break > something in MS by using it... you never know. I run both milter-sender and milter-limit along with MailScanner. Since it runs through sendmail, MailScanner is not even 'aware' of their existence, nor does it need to be. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at hotmail.com Tue May 10 21:09:12 2005 From: mauriciopcavalcanti at hotmail.com (Mauricio Cavalcanti) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I read some similar in http://spf.pobox.com and in downloads they put a modified sendmail that makes this kind of test (spf), but i didn´t tested yet. Anyone did it? >From: Jim Holland >Reply-To: MailScanner mailing list >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: sender verification >Date: Tue, 10 May 2005 20:54:01 +0200 > >Hi Julian > >I see that there has been some discussion earlier about the use of >milter-sender with sendmail to verify that the sender's address does exist >before accepting mail. That then allows mail to be rejected at connection >time if the sender's address seems to be fraudulent. > >I like the idea behind milter-sender, but would much prefer it to be >integrated with MailScanner rather than sendmail, so that false positives >(eg no-reply type addresses and other mail blocked due to problems that >are sure to arise) result in mail being quarantined rather than bounced. >Is this an option that you would be interested in accepting on the >wishlist for future development of MailScanner? > >Regards > >Jim Holland >System Administrator >MANGO - Zimbabwe's non-profit e-mail service > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue May 10 23:06:25 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If its not a mime header then what would it be? Denis Beauchemin wrote: > Martin Hepworth wrote: > >> Peter >> >> Now looking at this email you send I note there alot of white spaces in >> the header not to mention something that lookes like a CR... >> >> X-Melbournebusinessschool-Mailscanner-Information: Please contact the >> ISP for >> more information >> >> my exim seems to cope with this but your recipient might have issues >> with the newline - check the MailScanner.conf setting for this and make >> sure things are 100% ok. > > > Martin, > > I doubt this is the cause because your email has the same: > > X-Solid-State-Logic-MailScanner-Information: Please contact Solid State > Logic > Ltd for more information > > I think this is just a cosmetic line wrap done by your MTA (mine is > sendmail). > > Denis > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue May 10 23:27:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, a header (?-)... I think someone is a bit confused here, and I'm not that sure it's you Pete. Why would it matter if MS headers are "MIME-headers" or not? They comply to RFC, and bear no impact on MIME whatsoever. -- Glenn (... with the usual disclaimer... I might be a fool who don't rightly understand anything much:) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Russell Sent: den 11 maj 2005 00:06 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Not a Mime header? If its not a mime header then what would it be? Denis Beauchemin wrote: > Martin Hepworth wrote: > >> Peter >> >> Now looking at this email you send I note there alot of white spaces in >> the header not to mention something that lookes like a CR... >> >> X-Melbournebusinessschool-Mailscanner-Information: Please contact the >> ISP for >> more information >> >> my exim seems to cope with this but your recipient might have issues >> with the newline - check the MailScanner.conf setting for this and make >> sure things are 100% ok. > > > Martin, > > I doubt this is the cause because your email has the same: > > X-Solid-State-Logic-MailScanner-Information: Please contact Solid State > Logic > Ltd for more information > > I think this is just a cosmetic line wrap done by your MTA (mine is > sendmail). > > Denis > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 00:14:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: MCP Error message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Your best bet is to read "man Mail::SpamAssassin::Conf" as that explains what is valid and what is not. Also, take a look at your default SpamAssassin rules, they will show you what you can do. pat png wrote: > Julian, > > I hope you do not mind. can you show me a few example. > 1. by subject > 2. by body that contain certain words > > Thank you in advance. > > rgds > Patrick > > > */Julian Field /* wrote: > > Ah, your SAMPLE_RULES2 rule doesn't have a header name. > > pat png wrote: > > >Julian, > > > >Yes,done. But the same problem. > > > >rgds > >Patrick > > > > > >--- Julian Field wrote: > > > > > >>You need a space after Subject and before =~ > >> > >>Patrick wrote: > >> > >> > >> > >>>Pls help, > >>> > >>>I had this error message when run tail -f > >>> > >>> > >>var/log/maillog. > >> > >> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>11 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>12 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>13 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>15 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>16 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>May 6 18:17:57 mail MailScanner[2888]: Syntax error > >>> > >>> > >>in first field in line > >> > >> > >>>17 of ruleset /etc/MailScanner/mcp/10_example.cf > >>> > >>>Below is the content in 10_example.cf: > >>>header SAMPLE_RULES1 Subject=~ /sexual/i > >>>describe SAMPLE_RULES1 Banned Subject > >>>score SAMPLE_RULES1 2 > >>> > >>>header SAMPLE_RULES2 /testing/i > >>>describe SAMPLE_RULES2 Banned body text > >>>score SAMPLE_RULES3 5 > >>> > >>>What is wrong? > >>> > >>>Inside the mailscanner.conf, I change 4 lines. > >>>1. MCPP Checks = yes > >>>2. MCP Actions = store > >>>3. High Scoring MCP Actions = store > >>>4. Is defintely MCP = %mcp-dir%/10_example.cf > >>> > >>> > >>>rgds > >>>Patrick > >>> > >>>------------------------ MailScanner list > >>> > >>> > >>------------------------ > >> > >> > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with > >>> > >>> > >>the words: > >> > >> > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki > >>> > >>> > >>(http://wiki.mailscanner.info/) and > >> > >> > >>>the archives > >>> > >>> > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> > >>>Support MailScanner development - buy the book off > >>> > >>> > >>the website! > >> > >> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at > >>www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their > >>support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > >>5947 1415 B654 > >> > >>------------------------ MailScanner list > >>------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with > >>the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki > >>(http://wiki.mailscanner.info/) and > >>the archives > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off > >>the website! > >> > >> > >> > > > > > > > >__________________________________ > >Yahoo! Mail Mobile > >Take Yahoo! Mail with you! Check email on your mobile phone. > >http://mobile.yahoo.com/learn/mail > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------------------------ > Do you Yahoo!? > Yahoo! Small Business - Try our new resources site! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 00:19:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: Blacklist (correction) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can't nest rulesets. If you want to do per-domain and per-user black and whitelisting, have a look at the relevant section of CustomConfig.pm. There is a complete ready-to-go system in there to implement this. Paul van Brouwershaven wrote: > RedRed!com IT Department wrote: > >> I had the same issue then I changed my blacklist and whitelist filenames >> to blacklist.rules.conf and whitelist.rules.conf and now they work >> great. I think it is something to do with the way the .rules files get >> parsed. > > > I changed the filenames, but the same problem. When I change the "To:" > lines in the blacklist.rules.conf to "From:" lines there is no problem > but > then I can't create a blacklist only for one domain. > > MailScanner E-Mail Virus Scanner version 4.41.3 starting... > > Syntax error in line 1 of ruleset file > /etc/MailScanner/rules/blacklist.rules.conf > > Syntax error in line 2 of ruleset file > /etc/MailScanner/rules/blacklist.rules.conf > > Found syntax errors in /etc/MailScanner/rules/blacklist.rules.conf. > > Syntax error in line 1 of ruleset file > /etc/MailScanner/rules/whitelist.rules.conf > > Found syntax errors in /etc/MailScanner/rules/whitelist.rules.conf. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed May 11 00:21:52 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Peter Russell > Sent: Monday, May 09, 2005 7:04 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Not a Mime header? > > > We have an admin from another company who was expecting from some of our > staff claiming that the MailScanner headers is not a mime header and > therfore he cannot accept the mail for delivery. > > COuld anyone offer me any advice on a) how to respond and b) whether i > need to change anything in my config? > > Kind regards and thanks > Pete > > > > "In the case of these three (3) emails, they were stopped as undetermined. > They were stopped because of an error within the framework of the email - > bad data (see below). The error being that a one of the lines inserted > into the header of the email by MBS, specifically the line " > -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > more information" is not a MIME header and caused the problem. > They need to contact the sender, who in turn needs to contact their > administrator to fix this issue. --- It is not an problem with our > server & there is nothing I can do to rectify the issue, except release > the emails if they are stopped." > Is the -X- a typo or is there really a - preceeding X? and X-token header is certainly valid, where as a -X-token would not be. If your mailscanner token really is '-X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for more information' then you need to fix it, if it's not then there is something odd about how they are parsing headers. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 00:23:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The whole point of milter-sender and milter-ahead is that they are implemented at the SMTP acceptance phase, and reject the message without any local processing overhead if the checks fail. MailScanner does not get involved with the SMTP conversation at all, I leave that to the MTA (ie sendmail in this case), so it can't replace the functionality of a milter as it doesn't get processed until later on, once the message has been accepted. Jim Holland wrote: >Hi Julian > >I see that there has been some discussion earlier about the use of >milter-sender with sendmail to verify that the sender's address does exist >before accepting mail. That then allows mail to be rejected at connection >time if the sender's address seems to be fraudulent. > >I like the idea behind milter-sender, but would much prefer it to be >integrated with MailScanner rather than sendmail, so that false positives >(eg no-reply type addresses and other mail blocked due to problems that >are sure to arise) result in mail being quarantined rather than bounced. >Is this an option that you would be interested in accepting on the >wishlist for future development of MailScanner? > >Regards > >Jim Holland >System Administrator >MANGO - Zimbabwe's non-profit e-mail service > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 11 00:15:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > We have an admin from another company who was expecting from some of our > staff claiming that the MailScanner headers is not a mime header and > therfore he cannot accept the mail for delivery. > > COuld anyone offer me any advice on a) how to respond and b) whether i > need to change anything in my config? > > Kind regards and thanks > Pete > > > > "In the case of these three (3) emails, they were stopped as undetermined. > They were stopped because of an error within the framework of the email - > bad data (see below). The error being that a one of the lines inserted > into the header of the email by MBS, specifically the line " > -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > more information" is not a MIME header and caused the problem. > They need to contact the sender, who in turn needs to contact their > administrator to fix this issue. --- It is not an problem with our > server & there is nothing I can do to rectify the issue, except release > the emails if they are stopped." > Is the - before the X-OURCOMPANYNAME ... a typo? -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed May 11 00:42:47 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Scott Silva > Sent: Tuesday, May 10, 2005 6:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Not a Mime header? > > > Peter Russell wrote: > > We have an admin from another company who was expecting from some of our > > staff claiming that the MailScanner headers is not a mime header and > > therfore he cannot accept the mail for delivery. > > > > COuld anyone offer me any advice on a) how to respond and b) whether i > > need to change anything in my config? > > > > Kind regards and thanks > > Pete > > > > > > > > "In the case of these three (3) emails, they were stopped as > undetermined. > > They were stopped because of an error within the framework of > the email - > > bad data (see below). The error being that a one of the > lines inserted > > into the header of the email by MBS, specifically the line " > > -X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > > more information" is not a MIME header and caused the problem. > > They need to contact the sender, who in turn needs to contact their > > administrator to fix this issue. --- It is not an problem with our > > server & there is nothing I can do to rectify the issue, except release > > the emails if they are stopped." > > > Is the - before the X-OURCOMPANYNAME ... a typo? > yes, there are standard headers, From:, To:, etc and there are private tokens that should begin with X-, or x-. If the header is really -X-OURCOMPANYNAME it should generate a bad header error since it's neither a standard header nor an X-token header. I don't know how many systems actually reject on invalid headers but you will get a boost from SA when it comes across one. In any event if the header is actually -X-OURCOMPANYNAME then you should correct it. The header as it appears in the message you quoted: -X-OURCOMPANYNAME-MailScanner - Information: should be: X-OURCOMPANYNAME-MailScanner-Information: (no leading - and no spaces in the MailScanner - Information: part) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 11 02:02:24 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use Clamav, Bitdefender and Antivir. None of which cost me any money - we have an etrust license, but damned if i can get it installed and working on RHEL4. Scott Silva wrote: > Jim Coates wrote: > >>I use ClamAV for my virus scanning with MailScanner right now, but this >>whole Sober issue has made me think it would be wise to put a secondary >>scanner in my setup. >> >>What all do you recommend? >> >>Thanks, >>Jim Coates >> > > If you are looking for free, then BitDefender os OK as a secondary > scanner, but I wouldn't rely on it for first line of defense. > Also, if you have a corporate license for your desktops, look if it > entitles you to a command line scanner in linux. We have a McAfee > license for the linux command line included in our desktop license. > > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Wed May 11 02:07:45 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: Sorry for the off topic, but maybe this is valuable to others...Pete, did you get clamavmodule to work on RHEL4? I can't for the life of me.. thx Matt >>> pete@ENITECH.COM.AU 05/10/05 8:02 PM >>> I use Clamav, Bitdefender and Antivir. None of which cost me any money - we have an etrust license, but damned if i can get it installed and working on RHEL4. Scott Silva wrote: > Jim Coates wrote: > >>I use ClamAV for my virus scanning with MailScanner right now, but this >>whole Sober issue has made me think it would be wise to put a secondary >>scanner in my setup. >> >>What all do you recommend? >> >>Thanks, >>Jim Coates >> > > If you are looking for free, then BitDefender os OK as a secondary > scanner, but I wouldn't rely on it for first line of defense. > Also, if you have a corporate license for your desktops, look if it > entitles you to a command line scanner in linux. We have a McAfee > license for the linux command line included in our desktop license. > > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Wed May 11 04:18:09 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:29:34 2006 Subject: rules file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have this in my webbugs.rules file and MailScanner says there is a syntax error in the file. Can't see it. I am using tabs. From: *@ywcatoronto.org yes FromOrTo: *@zuka.net yes FromOrTo: default no TIA Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed May 11 04:41:42 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:34 2006 Subject: rules file Message-ID: What is the rule for in MailScanner.conf? Perhaps, instead of yes/no options, you need disarm. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Filchak Sent: Tuesday, May 10, 2005 10:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: rules file I have this in my webbugs.rules file and MailScanner says there is a syntax error in the file. Can't see it. I am using tabs. From: *@ywcatoronto.org yes FromOrTo: *@zuka.net yes FromOrTo: default no TIA Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed May 11 07:38:08 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: On Wed, 11 May 2005, Julian Field wrote: > The whole point of milter-sender and milter-ahead is that they are > implemented at the SMTP acceptance phase, and reject the message without > any local processing overhead if the checks fail. MailScanner does not > get involved with the SMTP conversation at all, I leave that to the MTA > (ie sendmail in this case), so it can't replace the functionality of a > milter as it doesn't get processed until later on, once the message has > been accepted. Yes, I realise that, but that is not what I am looking for, as blocking mail at the SMTP stage could lead to unacceptably high rejection rates of legitimate mail. That is why I would like to see this being implemented after receipt of the message - just as DNSBL and other checks are carried out afterwards by MailScanner. It means that retrieval from quarantine, and whitelisting of specific addresses could be implemented consistently with other MailScanner features. > Jim Holland wrote: > > >Hi Julian > > > >I see that there has been some discussion earlier about the use of > >milter-sender with sendmail to verify that the sender's address does exist > >before accepting mail. That then allows mail to be rejected at connection > >time if the sender's address seems to be fraudulent. > > > >I like the idea behind milter-sender, but would much prefer it to be > >integrated with MailScanner rather than sendmail, so that false positives > >(eg no-reply type addresses and other mail blocked due to problems that > >are sure to arise) result in mail being quarantined rather than bounced. > >Is this an option that you would be interested in accepting on the > >wishlist for future development of MailScanner? > > > >Regards > > > >Jim Holland > >System Administrator > >MANGO - Zimbabwe's non-profit e-mail service > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed May 11 08:20:13 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Jim, > Yes, I realise that, but that is not what I am looking for, > as blocking mail at the SMTP stage could lead to unacceptably > high rejection rates of legitimate mail. Not necessarily. Depends on your setup. > That is why I would > like to see this being implemented after receipt of the > message - just as DNSBL and other checks are carried out > afterwards by MailScanner. I use DNSBL at MTA level and with SpamAssassin. If the IP triggers one of two RBLs I trust the message is rejected. If it hits one of several other RBLs I slow down the SMTP protocol (enforcing synchronization) and catch quite a lot of spam with that. Then later on I let SpamAssassin do the rest. > It means that retrieval from > quarantine, and whitelisting of specific addresses could be > implemented consistently with other MailScanner features. To be honest: I would think of this as unneccessary overhead. Why don't you simply verify the sender address at MTA level, add a header to the message in case the verify fails and then write a simple SpamAssassin rule for this? That's what we do here. It's quick and no code has to be changed. I'm not sure how easy this is with sendmail but with exim this is a matter of minutes. New code in MailScanner only brings the possibility of new errors as the code gets more and more complex, especially since the feature you want would mean implementing/using SMTP. The only advantage would be that people not using SpamAssassin could use this functionality. I doubt there are many people out there that fit this definition though. :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed May 11 08:42:20 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: Hi Jan-Peter On Wed, 11 May 2005, Jan-Peter Koopmann wrote: > > That is why I would > > like to see this being implemented after receipt of the > > message - just as DNSBL and other checks are carried out > > afterwards by MailScanner. > > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers one > of two RBLs I trust the message is rejected. If it hits one of several > other RBLs I slow down the SMTP protocol (enforcing synchronization) and > catch quite a lot of spam with that. I am not familiar with how to slow down the SMTP connection selectively - I don't think this is a feature that sendmail offers. > To be honest: I would think of this as unneccessary overhead. Why don't > you simply verify the sender address at MTA level, add a header to the > message in case the verify fails and then write a simple SpamAssassin > rule for this? That's what we do here. It's quick and no code has to be > changed. I'm not sure how easy this is with sendmail but with exim this > is a matter of minutes. Again, I don't know of any easy method of doing this with sendmail without writing a special milter. > New code in MailScanner only brings the possibility of new errors as the > code gets more and more complex, especially since the feature you want > would mean implementing/using SMTP. The only advantage would be that > people not using SpamAssassin could use this functionality. I doubt > there are many people out there that fit this definition though. :-) Sadly I am in fact in this category. The current server could not cope. However there is a new server sitting on my desk that I have just loaded with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . . Thanks for your feedback. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 11 09:36:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 11 maj 2005 01:43 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Not a Mime header? > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Scott Silva > > Sent: Tuesday, May 10, 2005 6:16 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Not a Mime header? > > > > > > Peter Russell wrote: > > > We have an admin from another company who was expecting > from some of our > > > staff claiming that the MailScanner headers is not a mime > header and > > > therfore he cannot accept the mail for delivery. > > > > > > COuld anyone offer me any advice on a) how to respond and > b) whether i > > > need to change anything in my config? > > > > > > Kind regards and thanks > > > Pete > > > > > > > > > > > > "In the case of these three (3) emails, they were stopped as > > undetermined. > > > They were stopped because of an error within the framework of > > the email - > > > bad data (see below). The error being that a one of the > > lines inserted > > > into the header of the email by MBS, specifically the line " > > > -X-OURCOMPANYNAME-MailScanner - Information: Please > contact your ISP for > > > more information" is not a MIME header and caused the problem. > > > They need to contact the sender, who in turn needs to > contact their > > > administrator to fix this issue. --- It is not an > problem with our > > > server & there is nothing I can do to rectify the issue, > except release > > > the emails if they are stopped." > > > > > Is the - before the X-OURCOMPANYNAME ... a typo? > > > > yes, there are standard headers, From:, To:, etc and there are private > tokens that should begin with X-, or x-. If the header is > really -X-OURCOMPANYNAME it should generate a bad header > error since it's > neither a standard header nor an X-token header. I don't know how many > systems actually reject on invalid headers but you will get a > boost from SA > when it comes across one. > > In any event if the header is actually -X-OURCOMPANYNAME then > you should > correct it. > > The header as it appears in the message you quoted: > > -X-OURCOMPANYNAME-MailScanner - Information: > > should be: > X-OURCOMPANYNAME-MailScanner-Information: (no leading - and > no spaces in > the MailScanner - Information: part) > > Rick Very true Rick. But looking at what Pete is sending to the list... it sure looks like a typo ... Of course assuming it is that domain that is having problems:-) -- Glenn > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Wed May 11 10:09:22 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:29:34 2006 Subject: Sv: Re: Panda not working Message-ID: Thanks! Tha panda-wrapper now works for me... _____________________________________________________ MVH Andreas Svensson IT-Tekniker Hallsbergs kommun. GSM. +46 70-2329059 TEL. +46 582-685120 FAX. +46 582-685119 _____________________________________________________ >>> rcooper@DWFORD.COM 2005-05-09 21:12:16 >>> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, May 09, 2005 1:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: Panda not working > > > Yes, well.... There is where you (unfortunately) may start to stumble... > See, the original wrapper does a pretty decent job of sanitizing > the output, but... It assumes that the output is as seen on an > xterm/vt-whatever when executing "inside MS". This isn't the case. > So then the original author "falls back" on invoking pavcl > once/file... and still it'll mess up from time to time. Set your > TERM to "dumb" (or unset it), then call it as is done in MS on a > directory that may contain several subdirectories (both clean and > unclean files) and you'll likely see the same mess I found... Of > course, I'd be rather happy if it did work for you, since that > would point at some peculiarity in my system, but.... I won't > hold my breath:-). This may be true, haven't tested that. But haven't experienced an issue with it either, then again I have only been testing for a couple hours. If that is a problem I would think changing my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; to my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 > /tmp/FileNameBasedOnPid "; and parsing the /tmp file rather than the pipe it's self should solve that. Wouldn't allow the terminal to alter the output. As far as multiple, nested directories. Julian may have to correct me, but there shouldn't be any nested directories. All the files should be extracted into a single directory with the SafeName function handling duplicate as well as possibly dangerous file names so the -cmp switch shouldn't really be used at all (unless I am mistaken). IIRC the unpacking is done in this manner to remove the chance of archived directory structures spilling out where they don't belong. > > I'll be glad to share my "improved" wrapper scripts if you'd like > to have a go with them, but... I'd recommend against wasting to > much (more) time on it. Drop a line and I'll forward them > tomorrow (horrible hacks that they are:-). > > Best would be for them to produce sane output. using ANSI for output is ignorant at best... like trying to step back to the DOS days and having a cool/pretty display. But I ran the standard wrapper and found it didn't recognize viruses because of a rather simple thing to fix. It would appear that panda swapped the words around on their "Virus found" string and removed a space between the ":" and virus name string. The patch below (for panda-wrapper) appears to take care of the problem related to not finding the virus as it will trigger on either version of the found string and name string. (assuming a need for backward compatibility) --- panda-wrapper Mon May 9 13:53:18 2005 +++ panda-wrapper.new Mon May 9 13:53:38 2005 @@ -76,9 +76,9 @@ sub busca_virus { my $archivo = $_[0]; - +# print STDERR "Checking $archivo\n"; my $comando = "$pavcl '$archivo' @ARGV -CMP 2>&1 "; # print TEMP $comando."\n\n"; open SALIDA, "$comando |"; @@ -89,10 +89,11 @@ s/(\^O|\r)//g; # print TEMP $_; - if (/(Found virus|Encontrado virus)\s*:\s*((\w|\-|\_|\/)+)/) { + if (m/(found virus|virus encontrado|encontrado virus|virus found)\s+:\s?(.*?)$/i) { #if (/Encontrado virus:\s+((\w|\-|\_|\/)+)/) { +# print STDERR "Found $2\n"; close SALIDA; #return $1; return $2; } Also, if you want a cleaner log and a report that has the name of the infected file apply this patch to SweepViruses (version 4.42.1) --- SweepViruses.pm Mon May 9 13:45:25 2005 +++ SweepViruses.pm.new Mon May 9 13:45:52 2005 @@ -2141,25 +2141,24 @@ $logout = $line; $logout =~ s/%/%%/g; $logout =~ s/\s{20,}/ /g; + MailScanner::Log::InfoLog($logout); + # EXAMPLE OUTPUT PLEASE? -- nwp 6/5/02 # Virus: 2##Base: /var/spool/MailScanner/incoming/24408##1: 'h3MENF6X020229/eicar.com' => EICAR-AV-TEST-FILE##2: 'h3MENF6X020229/eicar.zip' => EICAR-AV-TEST-FILE## # Now you wish you never asked :-) $line =~ /Base: (.*?)##/; $BaseDir =~ $1; $numviruses = 0; my $temp = $line; - #2##Base: /var/spool/mailscanner/incoming/23386##1: '1DVCx0-00067f-M4/eicar.com' => EICAR-AV-TEST-FILE ##2: '1DVCx0-00067f-M4/eicar_com.zip' => EICAR-AV-TEST-FILE ## while ( $temp =~ /\d+: \'(.*?)\/(.*?)\' => (.*?)##/ ) { $id = $1; $part = $2; $report = $3; - $report = $Name . ": " . $report." found in $part" if $Name; - $report =~ s/\s{2,}/ /g; - MailScanner::Log::InfoLog("%s",$report); + $report = $Name . ': ' . $report if $Name; $infections->{$id}{$part} .= "$report\n"; $types->{$id}{$part} .= "v"; # it's a real virus $numviruses++; $temp = $'; and your log will display: May 9 13:39:26 srv2 MailScanner[24135]: Panda: EICAR-AV-TEST-FILE found in eicar.com May 9 13:39:27 srv2 MailScanner[24135]: Panda: EICAR-AV-TEST-FILE found in eicar_com.zip May 9 13:39:27 srv2 MailScanner[24135]: Virus Scanning: Panda found 2 infections and reports will look like: Panda: EICAR-AV-TEST-FILE found in eicar.com Hope it helps someone, Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 11 12:32:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:34 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: > -----Original Message----- > From: Jan-Peter Koopmann [mailto:Jan-Peter.Koopmann@seceidos.de] > Sent: den 11 maj 2005 11:07 > To: MailScanner mailing list > Cc: Steen, Glenn > Subject: Quoting habbits again / Was: RE: Not a Mime header? > > > Hi Glenn, > > I think we should really have a new award for weird or > unnecessary quoting in this list. It took me quite some time > to actually find your comment in your post. I decided to count a bit: I'm a sloppy (snipper), true. I'll try to shape up (or go straight to ...:-). Now about that award..... We could make it a trophy:) (snip) > Sorry I am hitting > you with this now since you definately are not the only one > doing this. Oh so true. I think it's a combination of factors that makes one do "incorrect" quoting... Laziness, stress and a general lack of coffee come fairly high for me. > > But reading this list gets more and more difficult. It would > be extremely kind of you all to really put some effort to > better quoting. Please!!!!! Wristslap received and caution in effect. > > > Kind regards, > JP Cheers -- Glenn > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dot at DOTAT.AT Wed May 11 12:27:58 2005 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: Jim Holland wrote: > >I like the idea behind milter-sender, but would much prefer it to be >integrated with MailScanner rather than sendmail, so that false positives >(eg no-reply type addresses and other mail blocked due to problems that >are sure to arise) result in mail being quarantined rather than bounced. Install Exim, and configure it to add a header when sender verification fails. Then you can configure SpamAssassin to give this header a high score such that MailScanner will quarantine it. Tony. -- f.a.n.finch http://dotat.at/ : BAILEY NORTH OR NORTHEAST 3 OR 4 BACKING SOUTHWEST 4 OR 5 LATER. SHOWERS DYING OUT. GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed May 11 12:41:59 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jim Holland > Sent: Wednesday, May 11, 2005 1:38 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sender verification > > > On Wed, 11 May 2005, Julian Field wrote: > > > The whole point of milter-sender and milter-ahead is that they are > > implemented at the SMTP acceptance phase, and reject the message without > > any local processing overhead if the checks fail. MailScanner does not > > get involved with the SMTP conversation at all, I leave that to the MTA > > (ie sendmail in this case), so it can't replace the functionality of a > > milter as it doesn't get processed until later on, once the message has > > been accepted. > > Yes, I realise that, but that is not what I am looking for, as blocking > mail at the SMTP stage could lead to unacceptably high rejection rates of > legitimate mail. That is why I would like to see this being implemented > after receipt of the message - just as DNSBL and other checks are carried > out afterwards by MailScanner. It means that retrieval from quarantine, > and whitelisting of specific addresses could be implemented consistently > with other MailScanner features. > > > Jim Holland wrote: To do this properly Julian would have to write a fairly complete SMTP engine. He would have to handle everything from (e)helo through rcpt to: and all the potential return codes in each step. Then he would have to write something to handle deferrals (would have to work out a caching/retry mechanism) and of course your basic dns lookups, making sure to handle invalid mx records, basically it would be a rather large undertaking. He may not have to work out the delivery mechanism but he would have to write something that could act as a rfc compliant MTA in terms of delivery, otherwise your concern about FPs would be realized in a hurry. I use callout verification on all of our servers and don't have a lot of problems. The biggest thing I see is companies that send mail with bogus local parts, thinking since it's a mailing they don't have to use a real user. Callout verification's purpose is to ensure that a bounce message could actually be delivered if required. If someone is using an email address (or reply to) that isn't valid their mail should be dropped, they do have a problem. You will find that a lot of spam never makes it to MS and you can easily grep the failures out of you mail log to peruse each day. Rick > > > > >Hi Julian > > > > > >I see that there has been some discussion earlier about the use of > > >milter-sender with sendmail to verify that the sender's > address does exist > > >before accepting mail. That then allows mail to be rejected > at connection > > >time if the sender's address seems to be fraudulent. > > > > > >I like the idea behind milter-sender, but would much prefer it to be > > >integrated with MailScanner rather than sendmail, so that > false positives > > >(eg no-reply type addresses and other mail blocked due to problems that > > >are sure to arise) result in mail being quarantined rather > than bounced. > > >Is this an option that you would be interested in accepting on the > > >wishlist for future development of MailScanner? > > > > > >Regards > > > > > >Jim Holland > > >System Administrator > > >MANGO - Zimbabwe's non-profit e-mail service > > > > > >------------------------ MailScanner list ------------------------ > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >'leave mailscanner' in the body of the email. > > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed May 11 12:46:53 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:34 2006 Subject: Not a Mime header? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Wednesday, May 11, 2005 3:36 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Not a Mime header? > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > > Sent: den 11 maj 2005 01:43 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Not a Mime header? > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Scott Silva > > > Sent: Tuesday, May 10, 2005 6:16 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Not a Mime header? > > > > > > > > > Peter Russell wrote: > > > > We have an admin from another company who was expecting > > from some of our > > > > staff claiming that the MailScanner headers is not a mime > > header and > > > > therfore he cannot accept the mail for delivery. > > > > > > > > COuld anyone offer me any advice on a) how to respond and > > b) whether i > > > > need to change anything in my config? > > > > > > > > Kind regards and thanks > > > > Pete > > > > > > > > > > > > > > > > "In the case of these three (3) emails, they were stopped as > > > undetermined. > > > > They were stopped because of an error within the framework of > > > the email - > > > > bad data (see below). The error being that a one of the > > > lines inserted > > > > into the header of the email by MBS, specifically the line " > > > > -X-OURCOMPANYNAME-MailScanner - Information: Please > > contact your ISP for > > > > more information" is not a MIME header and caused the problem. > > > > They need to contact the sender, who in turn needs to > > contact their > > > > administrator to fix this issue. --- It is not an > > problem with our > > > > server & there is nothing I can do to rectify the issue, > > except release > > > > the emails if they are stopped." > > > > > > > Is the - before the X-OURCOMPANYNAME ... a typo? > > > > > > > yes, there are standard headers, From:, To:, etc and there are private > > tokens that should begin with X-, or x-. If the header is > > really -X-OURCOMPANYNAME it should generate a bad header > > error since it's > > neither a standard header nor an X-token header. I don't know how many > > systems actually reject on invalid headers but you will get a > > boost from SA > > when it comes across one. > > > > In any event if the header is actually -X-OURCOMPANYNAME then > > you should > > correct it. > > > > The header as it appears in the message you quoted: > > > > -X-OURCOMPANYNAME-MailScanner - Information: > > > > should be: > > X-OURCOMPANYNAME-MailScanner-Information: (no leading - and > > no spaces in > > the MailScanner - Information: part) > > > > Rick > > Very true Rick. But looking at what Pete is sending to the list... > it sure looks like a typo ... Of course assuming it is that > domain that is having problems:-) > > -- Glenn That's what I thought, but it looked like he clipped it out of an error message he received, either a different domain or a problem/mistake he had already corrected because the listed header was most defiantly an invalid one and I didn't see anything like it in the headers from his messages either. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 14:14:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:34 2006 Subject: rules file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Exactly what does the line in MailScanner.conf look like that is referring to this file? And exactly where have you put this file? Dave Filchak wrote: >I have this in my webbugs.rules file and MailScanner says there is a >syntax error in the file. Can't see it. I am using tabs. > >From: *@ywcatoronto.org yes >FromOrTo: *@zuka.net yes >FromOrTo: default no > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed May 11 15:25:31 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:34 2006 Subject: sender verification Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't think it could be done selectively but you could put this in your sendmail.mc FEATURE(`greet_pause',`30000')dnl Then do your m4 rebuild. Spermmers are very inpatient. On 5/11/05, Jim Holland wrote: Hi Jan-Peter On Wed, 11 May 2005, Jan-Peter Koopmann wrote: > > That is why I would > > like to see this being implemented after receipt of the > > message - just as DNSBL and other checks are carried out > > afterwards by MailScanner. > > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers one > of two RBLs I trust the message is rejected. If it hits one of several > other RBLs I slow down the SMTP protocol (enforcing synchronization) and > catch quite a lot of spam with that. I am not familiar with how to slow down the SMTP connection selectively - I don't think this is a feature that sendmail offers. > To be honest: I would think of this as unneccessary overhead. Why don't > you simply verify the sender address at MTA level, add a header to the > message in case the verify fails and then write a simple SpamAssassin > rule for this? That's what we do here. It's quick and no code has to be > changed. I'm not sure how easy this is with sendmail but with exim this > is a matter of minutes. Again, I don't know of any easy method of doing this with sendmail without writing a special milter. > New code in MailScanner only brings the possibility of new errors as the > code gets more and more complex, especially since the feature you want > would mean implementing/using SMTP. The only advantage would be that > people not using SpamAssassin could use this functionality. I doubt > there are many people out there that fit this definition though. :-) Sadly I am in fact in this category. The current server could not cope. However there is a new server sitting on my desk that I have just loaded with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . . Thanks for your feedback. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed May 11 15:51:31 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:29:34 2006 Subject: Mail relay/scanner server set up question.... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, I was on this list, but went away for a while and now I am back.... I have a set up doing this but not sure if it is the correct way, if anyone has any comments please send them my way.... I host a 100 or so domains for email and we hosting... to take a load off of my mail server(SMTP & pop) I set up a server just to be the MX for these domains and once scanned by mailscanner relay it to the server that users pop off.... here is how I did it, but not sure if it is the most efficient way... Server-2: The SMTP & pop server, is a postfix(on Debian Sarge) server running with VHCS2 control panel, it was doing all the scanning but I turned it off via mailscanner conf file, so it does not scan for viruses or spam.. This is where users pop their mail, they do not use it for sending outgoing email. Server-1: the MX server is a Fedora core 2 running sendmail(8.12) and mailscanner.... So email comes in gets scanned and sends it over to Server-2 The config for this in sendmail is... /etc/mail/access file has entries like this domain.com RELAY domain2.com RELAY and so on.... /etc/mail/mailertable file has entries liek this... domain.com smtp:[Server-2.com] domain2.com smtp:[Server-2.com] and so on... dns zone file entries for each domain are like so.... $TTL 3600 @ IN SOA domain.com. root.domain.com. ( ; dmn [domain.com] timestamp entry BEGIN. 1111763982 ; dmn [domain.com] timestamp entry END. 8H 2H 4W 1D ) IN NS dns1.thednsguys.com. IN NS dns2.thednsguys.com. IN NS dns3.thednsguys.com. IN MX 5 mx.server-1.com. IN MX 10 mx2.thehostmasters.com. domain.com. A xxx.xxx.xxx.2 ;ns IN A xxx.xxx.xxx.2 mail IN A xxx.xxx.xxx.2 www CNAME domain.com. ftp CNAME domain.com. Is this set up ok? Thanks and any help greatly appreciated... Have a great day! Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed May 11 16:02:44 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:34 2006 Subject: Secondary Virus Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How are you using antivir for free ? FreeBSD ports has antivir-milter but here is the license description - A license key for private (individual, non-commercial) use can be applied for free of charge at: Would prefer the command line version. On 5/10/05, Peter Russell wrote: I use Clamav, Bitdefender and Antivir. None of which cost me any money - we have an etrust license, but damned if i can get it installed and working on RHEL4. Scott Silva wrote: > Jim Coates wrote: > >>I use ClamAV for my virus scanning with MailScanner right now, but this >>whole Sober issue has made me think it would be wise to put a secondary >>scanner in my setup. >> >>What all do you recommend? >> >>Thanks, >>Jim Coates >> > > If you are looking for free, then BitDefender os OK as a secondary > scanner, but I wouldn't rely on it for first line of defense. > Also, if you have a corporate license for your desktops, look if it > entitles you to a command line scanner in linux. We have a McAfee > license for the linux command line included in our desktop license. > > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 11 17:10:52 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:35 2006 Subject: sender verification Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jeff A. Earickson > Sent: Wednesday, May 11, 2005 11:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sender verification > > I have been running with a greet_pause setting of 7000 for quite a > while, with a couple of GreetPause settings for 5000 to fix a couple > of problem sites. It has worked well. I had problems with some big > ISPs (notably Verizon) when I got up around the 15 second range. > > Jeff Earickson > Colby College > > On Wed, 11 May 2005, Stephen Swaney wrote: > We have a relatively small sample of emails on our test server so I'd second Jeff's settings of 5000 to 7500 ms. The traffic I've seen on possible settings also seems to indicate that there is not much gain from higher settings but much more possible pain. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > Date: Wed, 11 May 2005 11:10:26 -0400 > > From: Stephen Swaney > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: sender verification > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of BB > >> Sent: Wednesday, May 11, 2005 10:26 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: sender verification > >> > >> Don't think it could be done selectively but you could put this in your > >> sendmail.mc > >> > >> FEATURE(`greet_pause',`30000')dnl > >> > >> Then do your m4 rebuild. > >> > >> Spermmers are very inpatient. > >> > >> > > > > Some caveats: > > > > I believe this feature is only available in sendmail 8.13.x > > > > The 30 second delay may be a bit much. Our testing indicates that we get > > substantial valid spam rejections at 15000 (15 seconds) and don't seem > to > > have any false positives. I remember seeing some warnings about some > large > > ISP's balking at much over 25 seconds. Most spammers will take very > little > > delay :) > > > > Also you can define systems that do not get any delay in your > > /etc/mail/access file: > > > > # systems that get no greet_pause delay > > 192.168.123.1 0 > > 10.1.1.100 0 > > > > Descriptions of this and other 8.13.x features can be found at: > > > > http://www.technoids.org/dossed.html#1.1. > > > > These include: > > Limiting the Rate of Incoming Connections > > Limiting Simultaneous Connections > > Thwarting Dictionary Attacks > > Blocking Slammers with the greet_pause Feature > > > > I would be good to hear from MailScanners who have implemented any of > these > > features. We're still testing right now. > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > > > >> On 5/11/05, Jim Holland wrote: > >> > >> Hi Jan-Peter > >> > >> On Wed, 11 May 2005, Jan-Peter Koopmann wrote: > >> > >> >> That is why I would > >> >> like to see this being implemented after receipt of the > >> >> message - just as DNSBL and other checks are carried out > >> >> afterwards by MailScanner. > >> > > >> > I use DNSBL at MTA level and with SpamAssassin. If the IP > triggers > >> one > >> > of two RBLs I trust the message is rejected. If it hits one of > >> several > >> > other RBLs I slow down the SMTP protocol (enforcing > >> synchronization) and > >> > catch quite a lot of spam with that. > >> > >> I am not familiar with how to slow down the SMTP connection > >> selectively - > >> I don't think this is a feature that sendmail offers. > >> > >> > To be honest: I would think of this as unneccessary overhead. > Why > >> don't > >> > you simply verify the sender address at MTA level, add a header > to > >> the > >> > message in case the verify fails and then write a simple > >> SpamAssassin > >> > rule for this? That's what we do here. It's quick and no code > has > >> to be > >> > changed. I'm not sure how easy this is with sendmail but with > exim > >> this > >> > is a matter of minutes. > >> > >> Again, I don't know of any easy method of doing this with > sendmail > >> without > >> writing a special milter. > >> > >> > New code in MailScanner only brings the possibility of new > errors > >> as the > >> > code gets more and more complex, especially since the feature > you > >> want > >> > would mean implementing/using SMTP. The only advantage would be > >> that > >> > people not using SpamAssassin could use this functionality. I > >> doubt > >> > there are many people out there that fit this definition though. > >> :-) > >> > >> Sadly I am in fact in this category. The current server could > not > >> cope. > >> However there is a new server sitting on my desk that I have just > >> loaded > >> with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . > . > >> > >> Thanks for your feedback. > >> > >> Regards > >> > >> Jim Holland > >> System Administrator > >> MANGO - Zimbabwe's non-profit e-mail service > >> > >> ------------------------ MailScanner list ----------------------- > - > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html > >> ). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 11 17:06:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:35 2006 Subject: Secondary Virus Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I use Clamav, Bitdefender and Antivir. None of which cost me any money - > we have an etrust license, but damned if i can get it installed and > working on RHEL4. > Isn't antivir only free for a personal license? I can't afford to expose my company to a license violation for using it in a corporate setting. As far as personal use goes f-prot is free for such use also. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed May 11 18:00:21 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:35 2006 Subject: Mail relay/scanner server set up question.... Message-ID: I can't help you on the postfix side, but on the sendmail MX box, I'd remove the /etc/mail/access entries for RELAY. Add each domain you relay mail for to /etc/mail/relay-domains Then, in your /etc/mail/mailertable, add an entry for each domain: domain1.com esmtp:[192.168.1.100] domain2.com esmtp:[192.168.1.101] Then, cd /etc/mail;make to hash everything and RESTART MailScanner. You need to restart so that the sendmail processes will reread their configuration. Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Wednesday, May 11, 2005 9:52 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Mail relay/scanner server set up question.... Hello all, I was on this list, but went away for a while and now I am back.... I have a set up doing this but not sure if it is the correct way, if anyone has any comments please send them my way.... I host a 100 or so domains for email and we hosting... to take a load off of my mail server(SMTP & pop) I set up a server just to be the MX for these domains and once scanned by mailscanner relay it to the server that users pop off.... here is how I did it, but not sure if it is the most efficient way... Server-2: The SMTP & pop server, is a postfix(on Debian Sarge) server running with VHCS2 control panel, it was doing all the scanning but I turned it off via mailscanner conf file, so it does not scan for viruses or spam.. This is where users pop their mail, they do not use it for sending outgoing email. Server-1: the MX server is a Fedora core 2 running sendmail(8.12) and mailscanner.... So email comes in gets scanned and sends it over to Server-2 The config for this in sendmail is... /etc/mail/access file has entries like this domain.com RELAY domain2.com RELAY and so on.... /etc/mail/mailertable file has entries liek this... domain.com smtp:[Server-2.com] domain2.com smtp:[Server-2.com] and so on... dns zone file entries for each domain are like so.... $TTL 3600 @ IN SOA domain.com. root.domain.com. ( ; dmn [domain.com] timestamp entry BEGIN. 1111763982 ; dmn [domain.com] timestamp entry END. 8H 2H 4W 1D ) IN NS dns1.thednsguys.com. IN NS dns2.thednsguys.com. IN NS dns3.thednsguys.com. IN MX 5 mx.server-1.com. IN MX 10 mx2.thehostmasters.com. domain.com. A xxx.xxx.xxx.2 ;ns IN A xxx.xxx.xxx.2 mail IN A xxx.xxx.xxx.2 www CNAME domain.com. ftp CNAME domain.com. Is this set up ok? Thanks and any help greatly appreciated... Have a great day! Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed May 11 18:09:19 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos autoupdate script Message-ID: It looks like Sophos 3.93.2 added another library file. If you don't symlink it into the ide directory, then it doesn't list the correct version number. Add the following to your sophos-autoupdate script. # Add the new svext.dat file too symlink("$VDLDir/svext.dat", "svext.dat") if -f "$VDLDir/svext.dat"; -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed May 11 18:10:14 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:29:35 2006 Subject: Mail relay/scanner server set up question.... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there any difference in either being in the relay-domains or the access? And what is the difference of doing esmtp rather than smtp.... I apologize if I am going off subject here... Rob... ----- Original Message ----- From: "Mike Kercher" To: Sent: Wednesday, May 11, 2005 1:00 PM Subject: Re: Mail relay/scanner server set up question.... >I can't help you on the postfix side, but on the sendmail MX box, I'd >remove > the /etc/mail/access entries for RELAY. > > Add each domain you relay mail for to /etc/mail/relay-domains > > Then, in your /etc/mail/mailertable, add an entry for each domain: > > domain1.com esmtp:[192.168.1.100] > domain2.com esmtp:[192.168.1.101] > > Then, cd /etc/mail;make to hash everything and RESTART MailScanner. You > need to restart so that the sendmail processes will reread their > configuration. > > Mike > > > ________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Rob > Sent: Wednesday, May 11, 2005 9:52 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail relay/scanner server set up question.... > > > Hello all, I was on this list, but went away for a while and now I am > back.... > > > I have a set up doing this but not sure if it is the correct way, if > anyone > has any comments please send them my way.... > > I host a 100 or so domains for email and we hosting... to take a load off > of > my mail server(SMTP & pop) I set up a server just to be the MX for these > domains and once scanned by mailscanner relay it to the server that users > pop off.... > > here is how I did it, but not sure if it is the most efficient way... > > Server-2: The SMTP & pop server, is a postfix(on Debian Sarge) server > running with VHCS2 control panel, it was doing all the scanning but I > turned > it off via mailscanner conf file, so it does not scan for viruses or > spam.. > This is where users pop their mail, they do not use it for sending > outgoing > email. > > Server-1: the MX server is a Fedora core 2 running sendmail(8.12) and > mailscanner.... > So email comes in gets scanned and sends it over to Server-2 > The config for this in sendmail is... > > /etc/mail/access file has entries like this > > domain.com RELAY > domain2.com RELAY > and so on.... > > /etc/mail/mailertable file has entries liek this... > > domain.com smtp:[Server-2.com] > domain2.com smtp:[Server-2.com] > and so on... > > dns zone file entries for each domain are like so.... > > $TTL 3600 > @ IN SOA domain.com. root.domain.com. ( > ; dmn [domain.com] timestamp entry BEGIN. > 1111763982 > ; dmn [domain.com] timestamp entry END. > 8H > 2H > 4W > 1D ) > IN NS dns1.thednsguys.com. > IN NS dns2.thednsguys.com. > IN NS dns3.thednsguys.com. > IN MX 5 mx.server-1.com. > IN MX 10 mx2.thehostmasters.com. > > domain.com. A xxx.xxx.xxx.2 > ;ns IN A xxx.xxx.xxx.2 > mail IN A xxx.xxx.xxx.2 > www CNAME domain.com. > ftp CNAME domain.com. > > > > > Is this set up ok? > > Thanks and any help greatly appreciated... > > Have a great day! > > Rob... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Wed May 11 18:20:49 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:35 2006 Subject: Blacklist (correction) Message-ID: Julian Field wrote: > You can't nest rulesets. If you want to do per-domain and per-user black > and whitelisting, have a look at the relevant section of > CustomConfig.pm. There is a complete ready-to-go system in there to > implement this. Thanks, I used the CustomConfig.pm and it's working now. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Wed May 11 18:19:59 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:35 2006 Subject: spam checks in /var/spool/mqueue.in without having MS service running??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I changed the "Max Normal Queue Size" setting from 800 to 400. I have not had a backup of email yet (so far so good). I will monitor the queues over the next couple of days to make sure mail is routing in a timely manner. Thanks for your suggestion, I appreciate it. Julian Field wrote: > Take a look at the "Max Normal Queue Size" setting, you might want to > reduce it a bit. > > Derek Catanzaro wrote: > >> Well, it seems to have caught back up. Initially it seemed like it was >> processing very slowly but it looks OK now. If I didn't have a seconday >> MX server I would be in much worse shape. I am looking into running a >> local caching name server which I hope will speed things up for my >> environment (fingers crossed). Thanks for your suggestions. >> >> Derek >> >> Derek Catanzaro wrote: >> >>> I haven't added any rules to SA yet, just running with the defaults >>> that >>> came with SA. >>> >>> Martin Hepworth wrote: >>> >>>> Derek >>>> >>>> depends on what checks you have running, esp any big SA rules... >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>>> Julian Field wrote: >>>>> >>>>>> service MailScanner stop >>>>>> (That will stop MailScanner and both the incoming and outgoing >>>>>> sendmails) >>>>>> service MailScanner startout >>>>>> (That will start the outgoing sendmail only) >>>>>> check_MailScanner >>>>>> (That will start MailScanner on its own) >>>>>> >>>>>> Then it will munch its way through the mqueue.in and deliver it all, >>>>>> once filtered. Once the mqueue.in is empty and everything in mqueue >>>>>> has >>>>>> been delivered, you can >>>>>> service MailScanner stop >>>>>> to shut it all down. >>>>>> >>>>>> Don't forget to >>>>>> chkconfig MailScanner off >>>>>> to ensure it won't start back up when the system is rebooted. >>>>>> >>>>> Thanks Julian, this is working but I do have one question... Is there >>>>> anyway to speed up the MailScanner process when it processes the >>>>> mail in >>>>> /var/log/mqueue.in? Right now I've got a little over 1500 emails in >>>>> /var/log/mqueue.in and MailScanner is processing the email but it is >>>>> taking too long to get thru all of them. I've got a little over an >>>>> hour >>>>> back up of email right now. Please let me know if there is >>>>> anything I >>>>> can do to speed up the process. >>>>> >>>>> >>>>>> Derek Catanzaro wrote: >>>>>> >>>>>>> >>>>>>> FC2 >>>>>>> mailscanner-4.40.11-1 >>>>>>> spamassassin-3.0.2-1 >>>>>>> >>>>>>> Is it possible to have the emails in /var/spool/mqueue.in >>>>>>> processed by >>>>>>> MS without having the actual MS service running? >>>>>>> >>>>>>> I have quite a few emails in /var/spool/mqueue.in (I believe it's >>>>>>> due to >>>>>>> DNS issues) and I do not want any more email delivered to the >>>>>>> server, >>>>>>> however, I would like to have the current emails in >>>>>>> /var/spool/mqueue.in >>>>>>> processed by MS so it will run the SPAM checks and move them to >>>>>>> /var/spool/mqueue and then I will force sendmail to route the >>>>>>> emails. I >>>>>>> get a ton of SPAM and if I just "mv /var/spool/mqueue.in * >>>>>>> /var/spool/mqueue" because it was never processed by MS and my >>>>>>> users >>>>>>> will get a ton of SPAM and I am trying to prevent that. >>>>>>> >>>>>>> Thanks for your assistance. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> Professional Support Services at www.MailScanner.biz >>>>>> MailScanner thanks transtec Computers for their support >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed May 11 18:31:35 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:35 2006 Subject: Still Having SophosSAVI Problems Message-ID: I keep getting these errors when using SophosSAVI. Even after upgrading to 4.42.1. May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHPS6c031775/msg-29730-30.txt May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHPS6c031775/msg-29730-31.html May 11 12:25:50 fw MailScanner[29719]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHPf6c031788/msg-29719-52.txt May 11 12:26:33 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHQO6c031803/msg-29712-70.html May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHQr6c031813/msg-29712-71.txt May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j4BHQr6c031813/msg-29712-72.html Any ideas? If I switch it back to sophos, I don't get these errors. I'm using been using SAVI-Perl 0.30 for sometime now without problems. I haven't been able to reproduce this kind of problem using scan.pl that is in the SAVI Perl package. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 18:58:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos autoupdate script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for spotting that. New sophos-autoupdate coming out the door as I type... Aaron K. Moore wrote: > It looks like Sophos 3.93.2 added another library file. If you don't > symlink it into the ide directory, then it doesn't list the correct > version number. > Add the following to your sophos-autoupdate script. > > # Add the new svext.dat file too > symlink("$VDLDir/svext.dat", "svext.dat") if -f "$VDLDir/svext.dat"; > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed May 11 19:45:46 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: Julian Field <> wrote: > If you are using Sophos, and have upgraded to 3.93.2 or later, you > must use the sophos-autoupdate script attached to this message. > You should gunzip the file and then place it in /opt/MailScanner/lib/ > or /usr/lib/MailScanner/ depending on your system type. You should > only have 1 of those 2, but if you have both then just copy it into > both places to be sure. Did you make any changes besides Aaron's one-liner? --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 19:56:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: >Julian Field <> wrote: > > >>If you are using Sophos, and have upgraded to 3.93.2 or later, you >>must use the sophos-autoupdate script attached to this message. >>You should gunzip the file and then place it in /opt/MailScanner/lib/ >>or /usr/lib/MailScanner/ depending on your system type. You should >>only have 1 of those 2, but if you have both then just copy it into >>both places to be sure. >> >> > >Did you make any changes besides Aaron's one-liner? > > No. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed May 11 19:32:49 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:29:35 2006 Subject: sender verification Message-ID: Any good links/faq's you can recommend on accomplishing these feats with exim4 on Debian? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Holland Sent: Wednesday, May 11, 2005 2:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: sender verification Hi Jan-Peter On Wed, 11 May 2005, Jan-Peter Koopmann wrote: > > That is why I would > > like to see this being implemented after receipt of the message - > > just as DNSBL and other checks are carried out afterwards by > > MailScanner. > > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers one > of two RBLs I trust the message is rejected. If it hits one of several > other RBLs I slow down the SMTP protocol (enforcing synchronization) > and catch quite a lot of spam with that. I am not familiar with how to slow down the SMTP connection selectively - I don't think this is a feature that sendmail offers. > To be honest: I would think of this as unneccessary overhead. Why > don't you simply verify the sender address at MTA level, add a header > to the message in case the verify fails and then write a simple > SpamAssassin rule for this? That's what we do here. It's quick and no > code has to be changed. I'm not sure how easy this is with sendmail > but with exim this is a matter of minutes. Again, I don't know of any easy method of doing this with sendmail without writing a special milter. > New code in MailScanner only brings the possibility of new errors as > the code gets more and more complex, especially since the feature you > want would mean implementing/using SMTP. The only advantage would be > that people not using SpamAssassin could use this functionality. I > doubt there are many people out there that fit this definition though. > :-) Sadly I am in fact in this category. The current server could not cope. However there is a new server sitting on my desk that I have just loaded with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . . Thanks for your feedback. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed May 11 20:45:31 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:35 2006 Subject: [Clamav-announce] announcing ClamAV 0.85 (fwd) Message-ID: Hi! Perhaps some of the trouble prople were seeing are solved now ? Bye, Raymond. ---------- Forwarded message ---------- Date: Wed, 11 May 2005 20:45:11 +0200 From: Luca Gibelli Reply-To: noreply@clamav.net To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.85 Dear ClamAV users, release 0.85 is available for download. Bugfixes in this release include correct signature offset calculation in large files and proper handling of encrypted zip archives. Read the ChangeLog for the full list. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 11 20:49:32 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:35 2006 Subject: Hardware platform ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Almost anything will run that and leave you room to handle outbreaks. > Certainly any p3 and fair chunk of RAM and preferably a SCSI HDD. > > Checkout the maq for a list of machines current users have. > Talking about the MAQ,I think I screwed the data about sample setups when I migrated to the Wiki. Would it be possible for people who did send me their data to update/correct their entries? http://wiki.mailscanner.info/doku.php?id=maq:index If you feel like adding your setup, please do so :). Thanks, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 11 20:53:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:35 2006 Subject: [Clamav-announce] announcing ClamAV 0.85 (fwd) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > > Perhaps some of the trouble prople were seeing are solved now ? > > Bye, > Raymond. > > ---------- Forwarded message ---------- > Date: Wed, 11 May 2005 20:45:11 +0200 > From: Luca Gibelli > Reply-To: noreply@clamav.net > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.85 > > > Dear ClamAV users, > > release 0.85 is available for download. > Bugfixes in this release include correct signature offset calculation in > large > files and proper handling of encrypted zip archives. > Read the ChangeLog for the full list. I'm sure Julian will also be adding this to his "Magic Bag" when time allows. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed May 11 21:27:18 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: On May 11, 2005, at 11:56, Julian Field wrote: > Jason Balicki wrote: > >> Julian Field <> wrote: >> >> >>> If you are using Sophos, and have upgraded to 3.93.2 or later, you >>> must use the sophos-autoupdate script attached to this message. >>> You should gunzip the file and then place it in /opt/MailScanner/lib/ >>> or /usr/lib/MailScanner/ depending on your system type. You should >>> only have 1 of those 2, but if you have both then just copy it into >>> both places to be sure. >>> >>> >> >> Did you make any changes besides Aaron's one-liner? >> >> > No. > On the 10th, the autoupdate on my test server, for the entire engine, got me 3.93.0. I don't know what I'm going to get when that process runs on each of my production machines (on the 16th, 17th, 18th, and 19th). Any idea what happens if I make that change to the IDE autoupdate when I'm using 3.93.0? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eric.sauvageau at gmail.com Wed May 11 21:39:00 2005 From: eric.sauvageau at gmail.com (Eric Sauvageau) Date: Thu Jan 12 21:29:35 2006 Subject: Chaining multiple .rules files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm setting up a server that uses a web appliance which generates its own .rules files for virus scanning. However, I also need to manually maintain a second list of rulesets independently of the web appliance. Since the file gets overwritten by the web appliance, I wanted to do something like this: 1) In MailScanner.conf, point "Virus Scanning" to the "manual.rules" file. 2) Create two files in the rules dir: "manual.rules" (which I manually maintain) and "auto.rules" (the file that is auto-generated by the web appliance) 3) On incoming mail have Mailscanner process "manual.rule", then "auto.rule" (if there wasn't a match in the first rulesets) to determine if Virus Scanning should be enabled for a given domain. Is there any way to accomplish something like that? Thanks! --- Eric ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 23:03:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On May 11, 2005, at 11:56, Julian Field wrote: > >> Jason Balicki wrote: >> >>> Julian Field <> wrote: >>> >>> >>>> If you are using Sophos, and have upgraded to 3.93.2 or later, you >>>> must use the sophos-autoupdate script attached to this message. >>>> You should gunzip the file and then place it in /opt/MailScanner/lib/ >>>> or /usr/lib/MailScanner/ depending on your system type. You should >>>> only have 1 of those 2, but if you have both then just copy it into >>>> both places to be sure. >>>> >>>> >>> >>> Did you make any changes besides Aaron's one-liner? >>> >>> >> No. >> > > On the 10th, the autoupdate on my test server, for the entire engine, > got me 3.93.0. I don't know what I'm going to get when that process > runs on each of my production machines (on the 16th, 17th, 18th, and > 19th). > > Any idea what happens if I make that change to the IDE autoupdate when > I'm using 3.93.0? My new sophos-autoupdate will work fine on previous versions of Sophos as well. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eric.sauvageau at gmail.com Wed May 11 23:44:14 2005 From: eric.sauvageau at gmail.com (Eric Sauvageau) Date: Thu Jan 12 21:29:35 2006 Subject: Chaining multiple .rules files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] (Is it me, or GMail is worthless with some mailing lists? It wants to send the reply to the original poster instead of to the list, even when using Reply All...) Hi Julian, Sadly that won't do - I have no control over the content of the file generated by the appliance. It generates a standard ruleset-filled file :( With better Perl skills I guess I could do it through a custom function, but my Perl skills are shaky at best. I'll have to forget about using the web appliance-generated file then, and only use the manually generated .rules file. Toss a new "include" rules keyword on the top of your TODO for MailScanner 5.00 :) --- Eric On 5/11/05, Julian Field wrote: > Yes, you can do this, but not quite the way you are planning to do it. > > The "address pattern" in a rule can be a filename. In that file, you put > all the real address patterns you want to use in that rule. These can in > fact contain further file names, allowing these "lists of address > patterns" to be nested. > > So set > Virus Scanning = %rules-dir%/virus.scanning.rules > > And then in virus.scanning.rules put > From: /etc/MailScanner/addresses/manual.addresses yes > From: /etc/MailScanner/addresses/auto.addresses yes > FromOrTo: default no > > Obviously you will have to create the /etc/MailScanner/addresses > directory. As a quick example, the auto.addresses file could contain a > list of things like > > *@paid.domain > another.domain > 127.0.0.1 > scanme@* > > Hope that helps get you going. > > Eric Sauvageau wrote: > > >Hi, > > > >I'm setting up a server that uses a web appliance which generates its > >own .rules files for virus scanning. However, I also need to manually > >maintain a second list of rulesets independently of the web appliance. > > > >Since the file gets overwritten by the web appliance, I wanted to do > >something like this: > > > >1) In MailScanner.conf, point "Virus Scanning" to the "manual.rules" file. > > > >2) Create two files in the rules dir: "manual.rules" (which I manually > >maintain) and "auto.rules" (the file that is auto-generated by the web > >appliance) > > > >3) On incoming mail have Mailscanner process "manual.rule", then > >"auto.rule" (if there wasn't a match in the first rulesets) to > >determine if Virus Scanning should be enabled for a given domain. > > > > > >Is there any way to accomplish something like that? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed May 11 23:49:02 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: On May 11, 2005, at 15:03, Julian Field wrote: > John Rudd wrote: > >> Any idea what happens if I make that change to the IDE autoupdate when >> I'm using 3.93.0? > > My new sophos-autoupdate will work fine on previous versions of Sophos > as well. > I was just about to reply that I put it on the sophos-autoupdate from mailscanner 4.11-1 (what we're still running in production), and it worked fine. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 12 01:14:58 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh Message-ID: 1) it would be nice if, when looking for perl, if it finds multiple copies (like /usr/bin/perl and /usr/local/bin/perl), if it would check to see if one is a symlink to the other, and then do the right thing. 2) if it can't find GNU tar as tar, it should look for gtar 3) it keeps complaining that: Your perl and your Config.pm seem to have different ideas about the architecture they are running on. Perl thinks: [sun4-solaris] Config says: [sun4-solaris] This may or may not cause problems. Please check your installation of perl if you have problems building this extension. Seems like a silly complaint, doesn't it? 4) I also got lots of these errors: Unsuccessful stat on filename containing newline at /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 168. during the test phases for installation of MIME-tools-5.417 and Archive-Zip-1.14 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 12 01:17:03 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:35 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have no preceeding - Its default i dont change any of that stuff. Therefore i am happy to remove it - if i leave it black will it be removed? Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Peter Russell >>Sent: Monday, May 09, 2005 7:04 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Not a Mime header? >> >> >>We have an admin from another company who was expecting from some of our >>staff claiming that the MailScanner headers is not a mime header and >>therfore he cannot accept the mail for delivery. >> >>COuld anyone offer me any advice on a) how to respond and b) whether i >>need to change anything in my config? >> >>Kind regards and thanks >>Pete >> >> >> >>"In the case of these three (3) emails, they were stopped as undetermined. >>They were stopped because of an error within the framework of the email - >>bad data (see below). The error being that a one of the lines inserted >>into the header of the email by MBS, specifically the line " >>-X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for >>more information" is not a MIME header and caused the problem. >>They need to contact the sender, who in turn needs to contact their >>administrator to fix this issue. --- It is not an problem with our >>server & there is nothing I can do to rectify the issue, except release >>the emails if they are stopped." >> > > > > > Is the -X- a typo or is there really a - preceeding X? and X-token header is > certainly valid, where as a -X-token would not be. If your mailscanner token > really is > > '-X-OURCOMPANYNAME-MailScanner - Information: Please contact your ISP for > more information' then you need to fix it, if it's not then there is > something odd about how they are parsing headers. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 12 01:19:43 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:35 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> > > > yes, there are standard headers, From:, To:, etc and there are private > tokens that should begin with X-, or x-. If the header is > really -X-OURCOMPANYNAME it should generate a bad header error since it's > neither a standard header nor an X-token header. I don't know how many > systems actually reject on invalid headers but you will get a boost from SA > when it comes across one. > > In any event if the header is actually -X-OURCOMPANYNAME then you should > correct it. > > The header as it appears in the message you quoted: > > -X-OURCOMPANYNAME-MailScanner - Information: > > should be: > X-OURCOMPANYNAME-MailScanner-Information: (no leading - and no spaces in > the MailScanner - Information: part) > > Rick > My mailscanner.conf has these entries, all untouched by me Information Header = X-%org-name%-MailScanner-Information: Information Header Value = Please contact the ISP for more information Should i make the second blank and then it wont be included anymore and problem is solved (kinda) ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 12 01:21:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:35 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Steen, Glenn >>Sent: Wednesday, May 11, 2005 3:36 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Not a Mime header? >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper >>>Sent: den 11 maj 2005 01:43 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Not a Mime header? >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>Behalf Of Scott Silva >>>>Sent: Tuesday, May 10, 2005 6:16 PM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Not a Mime header? >>>> >>>> >>>>Peter Russell wrote: >>>> >>>>>We have an admin from another company who was expecting >>> >>>from some of our >>> >>>>>staff claiming that the MailScanner headers is not a mime >>> >>>header and >>> >>>>>therfore he cannot accept the mail for delivery. >>>>> >>>>>COuld anyone offer me any advice on a) how to respond and >>> >>>b) whether i >>> >>>>>need to change anything in my config? >>>>> >>>>>Kind regards and thanks >>>>>Pete >>>>> >>>>> >>>>> >>>>>"In the case of these three (3) emails, they were stopped as >>>> >>>>undetermined. >>>> >>>>>They were stopped because of an error within the framework of >>>> >>>>the email - >>>> >>>>>bad data (see below). The error being that a one of the >>>> >>>>lines inserted >>>> >>>>>into the header of the email by MBS, specifically the line " >>>>>-X-OURCOMPANYNAME-MailScanner - Information: Please >>> >>>contact your ISP for >>> >>>>>more information" is not a MIME header and caused the problem. >>>>>They need to contact the sender, who in turn needs to >>> >>>contact their >>> >>>>>administrator to fix this issue. --- It is not an >>> >>>problem with our >>> >>>>>server & there is nothing I can do to rectify the issue, >>> >>>except release >>> >>>>>the emails if they are stopped." >>>>> >>>> >>>>Is the - before the X-OURCOMPANYNAME ... a typo? >>>> >>> >>>yes, there are standard headers, From:, To:, etc and there are private >>>tokens that should begin with X-, or x-. If the header is >>>really -X-OURCOMPANYNAME it should generate a bad header >>>error since it's >>>neither a standard header nor an X-token header. I don't know how many >>>systems actually reject on invalid headers but you will get a >>>boost from SA >>>when it comes across one. >>> >>>In any event if the header is actually -X-OURCOMPANYNAME then >>>you should >>>correct it. >>> >>>The header as it appears in the message you quoted: >>> >>> -X-OURCOMPANYNAME-MailScanner - Information: >>> >>>should be: >>> X-OURCOMPANYNAME-MailScanner-Information: (no leading - and >>>no spaces in >>>the MailScanner - Information: part) >>> >>>Rick >> >>Very true Rick. But looking at what Pete is sending to the list... >>it sure looks like a typo ... Of course assuming it is that >>domain that is having problems:-) >> >>-- Glenn > > > That's what I thought, but it looked like he clipped it out of an error > message he received, either a different domain or a problem/mistake he had > already corrected because the listed header was most defiantly an invalid > one and I didn't see anything like it in the headers from his messages > either. Sorry i wasnt very clear - i pasted in the comments from the admin at the other end. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 12 01:36:28 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh for the CLAM and SA package Message-ID: Installing test-harness failed, which caused Mail-ClamAV to fail. But it didn't stop and give me a chance to deal with it, or anything. (the test-harness problem is: t/test-harness......NOK 40# Failed test (t/test-harness.t at line 535) # got: 'Prototype mismatch: sub Test::Harness::_LARGEFILE_SOURCE vs () at (eval 35) line 1. # ' # expected: '' t/test-harness......ok 208/208# Looks like you failed 1 tests of 208. t/test-harness......dubious Test returned status 1 (wstat 256, 0x100) Prototype mismatch: sub Test::Harness::_LARGEFILE_SOURCE vs () at (eval 25) line 1. DIED. FAILED test 40 (solaris 8 on sparc) I'll see if I can figure out more in a little bit. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 12 01:45:01 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh for the CLAM and SA package Message-ID: On May 11, 2005, at 17:36, John Rudd wrote: > Installing test-harness failed, which caused Mail-ClamAV to fail. Actually, assuming that I want to run clamav from the command like (like with sophos sweep instead of via the sophos libraries), do I need Mail-ClamAV to work? I am assuming that, in that case, I would use the "clamav" virus scanner and not the "clamavmodule", right? (sorry if I'm full of dumb questions today, dealing with a full plate) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 11 19:00:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you are using Sophos, and have upgraded to 3.93.2 or later, you must use the sophos-autoupdate script attached to this message. You should gunzip the file and then place it in /opt/MailScanner/lib/ or /usr/lib/MailScanner/ depending on your system type. You should only have 1 of those 2, but if you have both then just copy it into both places to be sure. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 2.2KB. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Wed May 11 16:29:43 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:35 2006 Subject: sender verification Message-ID: I have been running with a greet_pause setting of 7000 for quite a while, with a couple of GreetPause settings for 5000 to fix a couple of problem sites. It has worked well. I had problems with some big ISPs (notably Verizon) when I got up around the 15 second range. Jeff Earickson Colby College On Wed, 11 May 2005, Stephen Swaney wrote: > Date: Wed, 11 May 2005 11:10:26 -0400 > From: Stephen Swaney > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sender verification > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of BB >> Sent: Wednesday, May 11, 2005 10:26 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: sender verification >> >> Don't think it could be done selectively but you could put this in your >> sendmail.mc >> >> FEATURE(`greet_pause',`30000')dnl >> >> Then do your m4 rebuild. >> >> Spermmers are very inpatient. >> >> > > Some caveats: > > I believe this feature is only available in sendmail 8.13.x > > The 30 second delay may be a bit much. Our testing indicates that we get > substantial valid spam rejections at 15000 (15 seconds) and don't seem to > have any false positives. I remember seeing some warnings about some large > ISP's balking at much over 25 seconds. Most spammers will take very little > delay :) > > Also you can define systems that do not get any delay in your > /etc/mail/access file: > > # systems that get no greet_pause delay > 192.168.123.1 0 > 10.1.1.100 0 > > Descriptions of this and other 8.13.x features can be found at: > > http://www.technoids.org/dossed.html#1.1. > > These include: > Limiting the Rate of Incoming Connections > Limiting Simultaneous Connections > Thwarting Dictionary Attacks > Blocking Slammers with the greet_pause Feature > > I would be good to hear from MailScanners who have implemented any of these > features. We're still testing right now. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > >> On 5/11/05, Jim Holland wrote: >> >> Hi Jan-Peter >> >> On Wed, 11 May 2005, Jan-Peter Koopmann wrote: >> >> >> That is why I would >> >> like to see this being implemented after receipt of the >> >> message - just as DNSBL and other checks are carried out >> >> afterwards by MailScanner. >> > >> > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers >> one >> > of two RBLs I trust the message is rejected. If it hits one of >> several >> > other RBLs I slow down the SMTP protocol (enforcing >> synchronization) and >> > catch quite a lot of spam with that. >> >> I am not familiar with how to slow down the SMTP connection >> selectively - >> I don't think this is a feature that sendmail offers. >> >> > To be honest: I would think of this as unneccessary overhead. Why >> don't >> > you simply verify the sender address at MTA level, add a header to >> the >> > message in case the verify fails and then write a simple >> SpamAssassin >> > rule for this? That's what we do here. It's quick and no code has >> to be >> > changed. I'm not sure how easy this is with sendmail but with exim >> this >> > is a matter of minutes. >> >> Again, I don't know of any easy method of doing this with sendmail >> without >> writing a special milter. >> >> > New code in MailScanner only brings the possibility of new errors >> as the >> > code gets more and more complex, especially since the feature you >> want >> > would mean implementing/using SMTP. The only advantage would be >> that >> > people not using SpamAssassin could use this functionality. I >> doubt >> > there are many people out there that fit this definition though. >> :-) >> >> Sadly I am in fact in this category. The current server could not >> cope. >> However there is a new server sitting on my desk that I have just >> loaded >> with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . . >> >> Thanks for your feedback. >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html >> ). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 02:15:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> yes, there are standard headers, From:, To:, etc and there are private >> tokens that should begin with X-, or x-. If the header is >> really -X-OURCOMPANYNAME it should generate a bad header error since >> it's >> neither a standard header nor an X-token header. I don't know how many >> systems actually reject on invalid headers but you will get a boost >> from SA >> when it comes across one. >> >> In any event if the header is actually -X-OURCOMPANYNAME then you should >> correct it. >> >> The header as it appears in the message you quoted: >> >> -X-OURCOMPANYNAME-MailScanner - Information: >> >> should be: >> X-OURCOMPANYNAME-MailScanner-Information: (no leading - and no >> spaces in >> the MailScanner - Information: part) >> >> Rick >> > > My mailscanner.conf has these entries, all untouched by me > > Information Header = X-%org-name%-MailScanner-Information: > > Information Header Value = Please contact the ISP for more information > > Should i make the second blank and then it wont be included anymore and > problem is solved (kinda) ? You need to make "Information Header" blank, not "Information Header Value". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 02:29:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > 1) it would be nice if, when looking for perl, if it finds multiple > copies (like /usr/bin/perl and /usr/local/bin/perl), if it would check > to see if one is a symlink to the other, and then do the right thing. That one's a bit awkward, is it vital? > > 2) if it can't find GNU tar as tar, it should look for gtar Done. Please try the attached install.tar-fns.sh. > > 3) it keeps complaining that: > > Your perl and your Config.pm seem to have different ideas about the > architecture they are running on. > Perl thinks: [sun4-solaris] > Config says: [sun4-solaris] > This may or may not cause problems. Please check your installation of > perl > if you have problems building this extension. This one can't easily be avoided, it's Perl doing a sanity check that I don't want. The only other option is to try to modify the Config.pm file deep in your Perl installation, which I may well not be able to do if for example your Perl installation is NFS-mounted read-only. Sorry. > 4) I also got lots of these errors: > > Unsuccessful stat on filename containing newline at > /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 168. > > during the test phases for installation of MIME-tools-5.417 and > Archive-Zip-1.14 That sounds like a fault in DynaLoader.pm or something that is being passed to them. I suspect that is outside of my control. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu May 12 02:17:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh for the CLAM and SA package Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On May 11, 2005, at 17:36, John Rudd wrote: > >> Installing test-harness failed, which caused Mail-ClamAV to fail. > > > Actually, assuming that I want to run clamav from the command like > (like with sophos sweep instead of via the sophos libraries), do I need > Mail-ClamAV to work? No, it's Mail-ClamAV that provides the code for the clamavmodule scanner, it is not needed for the clamav scanner. > I am assuming that, in that case, I would use the "clamav" virus > scanner and not the "clamavmodule", right? (sorry if I'm full of dumb > questions today, dealing with a full plate) You can use the "clamav" scanner without needing to install the Mail::ClamAV perl module. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 12 02:55:20 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh Message-ID: On May 11, 2005, at 18:29, Julian Field wrote: > John Rudd wrote: > >> 1) it would be nice if, when looking for perl, if it finds multiple >> copies (like /usr/bin/perl and /usr/local/bin/perl), if it would check >> to see if one is a symlink to the other, and then do the right thing. > > That one's a bit awkward, is it vital? It's not vital, but it is annoying. Is it that awkward? Why not load all found perls into an array, then (warning, inefficient code follows, but shouldn't be a problem for most systems): for ($i = 0 ; $i <= $#perlbinaries ; $i++) { # replace any instances that are symlinks with their targets # and keep doing it until it's not a symlink anymore, or # the target doesn't exist while ((-e $perlbinaries[$i]) && (-l $perlbinaries[$i])) { $perlbinaries[$i] = readlink($perlbinaries[$i]); } } # insure that duplicates will be consecutive @perlbinaries = sort (@perlbinaries); # too bad there isn't a uniq() like there is a grep() and sort() for ($i = 0 ; $i <= $#perlbinaires ; $i++) { # iteratively remove duplicates while ($perlbinaries[$i] eq $perlbinaries[($i + 1)]) { splice(@perlbinaries, ($i + 1), 1); } } if ($#perlbinaries > 0) { # complain about multiple perl binaries } # otherwise, keep running, using $perlbinaries[0] as your perl engine >> 2) if it can't find GNU tar as tar, it should look for gtar > > Done. Please try the attached install.tar-fns.sh. What's the difference between install.sh and install.tar-fns.sh? I ran the former when I installed ... >> 3) it keeps complaining that: >> >> Your perl and your Config.pm seem to have different ideas about the >> architecture they are running on. >> Perl thinks: [sun4-solaris] >> Config says: [sun4-solaris] >> This may or may not cause problems. Please check your installation of >> perl >> if you have problems building this extension. > > This one can't easily be avoided, > Sorry. No problem, I just wanted to be sure that it is known and/or harmless. >> 4) I also got lots of these errors: >> >> Unsuccessful stat on filename containing newline at >> /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 168. >> >> during the test phases for installation of MIME-tools-5.417 and >> Archive-Zip-1.14 > > That sounds like a fault in DynaLoader.pm or something that is being > passed to them. I suspect that is outside of my control. > Probably. Hopefully it wont actually cause problems. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed May 11 11:34:53 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:35 2006 Subject: Blocked bmp files (buffer overflow) anyone? Message-ID: Hi Julian On Thu, 5 May 2005, Julian Field wrote: > This is from a Microsoft vulnerability a few months back. Most machines > of course should have the patch installed by now, but I bet they haven't. > > I blocked *.bmp files for quite a while. But I dropped that block recently. Can we assume that if any dangerous bmp files arrive they will be detected by say ClamAV? I find bmp files pretty annoying due to their size but our system receives quite a few that our members do want to have delivered to their mailboxes. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 03:49:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: feedback on install.sh Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On May 11, 2005, at 18:29, Julian Field wrote: > >> John Rudd wrote: >> >>> 1) it would be nice if, when looking for perl, if it finds multiple >>> copies (like /usr/bin/perl and /usr/local/bin/perl), if it would check >>> to see if one is a symlink to the other, and then do the right thing. >> >> >> That one's a bit awkward, is it vital? > > > It's not vital, but it is annoying. Is it that awkward? Why not load > all found perls into an array, then (warning, inefficient code follows, > but shouldn't be a problem for most systems): That would be easy, if it was perl, which it's not :-) > > for ($i = 0 ; $i <= $#perlbinaries ; $i++) { > # replace any instances that are symlinks with their targets > # and keep doing it until it's not a symlink anymore, or > # the target doesn't exist > while ((-e $perlbinaries[$i]) && (-l $perlbinaries[$i])) { > $perlbinaries[$i] = readlink($perlbinaries[$i]); > } > } > > # insure that duplicates will be consecutive > @perlbinaries = sort (@perlbinaries); > > # too bad there isn't a uniq() like there is a grep() and sort() > for ($i = 0 ; $i <= $#perlbinaires ; $i++) { > # iteratively remove duplicates > while ($perlbinaries[$i] eq $perlbinaries[($i + 1)]) { > splice(@perlbinaries, ($i + 1), 1); > } > } > > if ($#perlbinaries > 0) { > # complain about multiple perl binaries > } > # otherwise, keep running, using $perlbinaries[0] as your perl engine > >>> 2) if it can't find GNU tar as tar, it should look for gtar >> >> >> Done. Please try the attached install.tar-fns.sh. > > > What's the difference between install.sh and install.tar-fns.sh? I ran > the former when I installed ... > > >>> 3) it keeps complaining that: >>> >>> Your perl and your Config.pm seem to have different ideas about the >>> architecture they are running on. >>> Perl thinks: [sun4-solaris] >>> Config says: [sun4-solaris] >>> This may or may not cause problems. Please check your installation of >>> perl >>> if you have problems building this extension. >> >> >> This one can't easily be avoided, >> Sorry. > > > No problem, I just wanted to be sure that it is known and/or harmless. > >>> 4) I also got lots of these errors: >>> >>> Unsuccessful stat on filename containing newline at >>> /usr/local/lib/perl5/5.6.1/sun4-solaris/DynaLoader.pm line 168. >>> >>> during the test phases for installation of MIME-tools-5.417 and >>> Archive-Zip-1.14 >> >> >> That sounds like a fault in DynaLoader.pm or something that is being >> passed to them. I suspect that is outside of my control. >> > > Probably. Hopefully it wont actually cause problems. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 03:52:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:35 2006 Subject: Blocked bmp files (buffer overflow) anyone? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi Julian > >On Thu, 5 May 2005, Julian Field wrote: > > >>This is from a Microsoft vulnerability a few months back. Most machines >>of course should have the patch installed by now, but I bet they haven't. >> >>I blocked *.bmp files for quite a while. But I dropped that block recently. >> >> > >Can we assume that if any dangerous bmp files arrive they will be detected >by say ClamAV? I find bmp files pretty annoying due to their size but our >system receives quite a few that our members do want to have delivered to >their mailboxes. > > Fair enough. I have re-enabled it in the default version of the filename.rules.conf file I ship. Please feel free to edit this file yourself, after which it won't get over-written with new ones when you upgrade. It's only intended as an example file containing some sensible default rules from which you can set up your own filename rules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed May 11 18:18:43 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:35 2006 Subject: Mail relay/scanner server set up question.... Message-ID: I *think* having the entries in access would allow ANYONE to relay mail through your MX if the sent it from an @domain1.com address. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Wednesday, May 11, 2005 12:10 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mail relay/scanner server set up question.... Is there any difference in either being in the relay-domains or the access? And what is the difference of doing esmtp rather than smtp.... I apologize if I am going off subject here... Rob... ----- Original Message ----- From: "Mike Kercher" To: Sent: Wednesday, May 11, 2005 1:00 PM Subject: Re: Mail relay/scanner server set up question.... >I can't help you on the postfix side, but on the sendmail MX box, I'd >remove the /etc/mail/access entries for RELAY. > > Add each domain you relay mail for to /etc/mail/relay-domains > > Then, in your /etc/mail/mailertable, add an entry for each domain: > > domain1.com esmtp:[192.168.1.100] > domain2.com esmtp:[192.168.1.101] > > Then, cd /etc/mail;make to hash everything and RESTART MailScanner. > You need to restart so that the sendmail processes will reread their > configuration. > > Mike > > > ________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: Wednesday, May 11, 2005 9:52 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mail relay/scanner server set up question.... > > > Hello all, I was on this list, but went away for a while and now I am > back.... > > > I have a set up doing this but not sure if it is the correct way, if > anyone has any comments please send them my way.... > > I host a 100 or so domains for email and we hosting... to take a load > off of my mail server(SMTP & pop) I set up a server just to be the MX > for these domains and once scanned by mailscanner relay it to the > server that users pop off.... > > here is how I did it, but not sure if it is the most efficient way... > > Server-2: The SMTP & pop server, is a postfix(on Debian Sarge) server > running with VHCS2 control panel, it was doing all the scanning but I > turned it off via mailscanner conf file, so it does not scan for > viruses or spam.. > This is where users pop their mail, they do not use it for sending > outgoing email. > > Server-1: the MX server is a Fedora core 2 running sendmail(8.12) and > mailscanner.... > So email comes in gets scanned and sends it over to Server-2 The > config for this in sendmail is... > > /etc/mail/access file has entries like this > > domain.com RELAY > domain2.com RELAY > and so on.... > > /etc/mail/mailertable file has entries liek this... > > domain.com smtp:[Server-2.com] > domain2.com smtp:[Server-2.com] > and so on... > > dns zone file entries for each domain are like so.... > > $TTL 3600 > @ IN SOA domain.com. root.domain.com. ( > ; dmn [domain.com] timestamp entry BEGIN. > 1111763982 > ; dmn [domain.com] timestamp entry END. > 8H > 2H > 4W > 1D ) > IN NS dns1.thednsguys.com. > IN NS dns2.thednsguys.com. > IN NS dns3.thednsguys.com. > IN MX 5 mx.server-1.com. > IN MX 10 mx2.thehostmasters.com. > > domain.com. A xxx.xxx.xxx.2 > ;ns IN A xxx.xxx.xxx.2 > mail IN A xxx.xxx.xxx.2 > www CNAME domain.com. > ftp CNAME domain.com. > > > > > Is this set up ok? > > Thanks and any help greatly appreciated... > > Have a great day! > > Rob... > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed May 11 14:51:23 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:35 2006 Subject: sender verification Message-ID: Spam Assassin 3.0.x includes SPF tests. You can find the list of tests here: http://spamassassin.apache.org/tests_3_0_x.html You may want to change the amount they contribute to the score. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Holland Sent: Wednesday, May 11, 2005 1:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] sender verification On Wed, 11 May 2005, Julian Field wrote: > The whole point of milter-sender and milter-ahead is that they are > implemented at the SMTP acceptance phase, and reject the message without > any local processing overhead if the checks fail. MailScanner does not > get involved with the SMTP conversation at all, I leave that to the MTA > (ie sendmail in this case), so it can't replace the functionality of a > milter as it doesn't get processed until later on, once the message has > been accepted. Yes, I realise that, but that is not what I am looking for, as blocking mail at the SMTP stage could lead to unacceptably high rejection rates of legitimate mail. That is why I would like to see this being implemented after receipt of the message - just as DNSBL and other checks are carried out afterwards by MailScanner. It means that retrieval from quarantine, and whitelisting of specific addresses could be implemented consistently with other MailScanner features. > Jim Holland wrote: > > >Hi Julian > > > >I see that there has been some discussion earlier about the use of > >milter-sender with sendmail to verify that the sender's address does exist > >before accepting mail. That then allows mail to be rejected at connection > >time if the sender's address seems to be fraudulent. > > > >I like the idea behind milter-sender, but would much prefer it to be > >integrated with MailScanner rather than sendmail, so that false positives > >(eg no-reply type addresses and other mail blocked due to problems that > >are sure to arise) result in mail being quarantined rather than bounced. > >Is this an option that you would be interested in accepting on the > >wishlist for future development of MailScanner? > > > >Regards > > > >Jim Holland > >System Administrator > >MANGO - Zimbabwe's non-profit e-mail service > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu May 12 06:49:07 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:35 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.85 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Dear ClamAV users, > > release 0.85 is available for download. > Bugfixes in this release include correct signature offset > calculation in large > files and proper handling of encrypted zip archives. > Read the ChangeLog for the full list. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Thu May 12 06:40:41 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:29:35 2006 Subject: rules file Message-ID: On Tue, 10 May 2005 22:41:42 -0500, Mike Kercher wrote: >What is the rule for in MailScanner.conf? Perhaps, instead of yes/no >options, you need disarm. > >Mike > > > >I have this in my webbugs.rules file and MailScanner says there is a syntax >error in the file. Can't see it. I am using tabs. > >From: *@ywcatoronto.org yes >FromOrTo: *@zuka.net yes >FromOrTo: default no > Ahh yes .... sometimes I am totally blind. Thanks for enlightening me Mike ;-) Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 11 16:10:26 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:35 2006 Subject: sender verification Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of BB > Sent: Wednesday, May 11, 2005 10:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sender verification > > Don't think it could be done selectively but you could put this in your > sendmail.mc > > FEATURE(`greet_pause',`30000')dnl > > Then do your m4 rebuild. > > Spermmers are very inpatient. > > Some caveats: I believe this feature is only available in sendmail 8.13.x The 30 second delay may be a bit much. Our testing indicates that we get substantial valid spam rejections at 15000 (15 seconds) and don't seem to have any false positives. I remember seeing some warnings about some large ISP's balking at much over 25 seconds. Most spammers will take very little delay :) Also you can define systems that do not get any delay in your /etc/mail/access file: # systems that get no greet_pause delay 192.168.123.1 0 10.1.1.100 0 Descriptions of this and other 8.13.x features can be found at: http://www.technoids.org/dossed.html#1.1. These include: Limiting the Rate of Incoming Connections Limiting Simultaneous Connections Thwarting Dictionary Attacks Blocking Slammers with the greet_pause Feature I would be good to hear from MailScanners who have implemented any of these features. We're still testing right now. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > On 5/11/05, Jim Holland wrote: > > Hi Jan-Peter > > On Wed, 11 May 2005, Jan-Peter Koopmann wrote: > > > > That is why I would > > > like to see this being implemented after receipt of the > > > message - just as DNSBL and other checks are carried out > > > afterwards by MailScanner. > > > > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers > one > > of two RBLs I trust the message is rejected. If it hits one of > several > > other RBLs I slow down the SMTP protocol (enforcing > synchronization) and > > catch quite a lot of spam with that. > > I am not familiar with how to slow down the SMTP connection > selectively - > I don't think this is a feature that sendmail offers. > > > To be honest: I would think of this as unneccessary overhead. Why > don't > > you simply verify the sender address at MTA level, add a header to > the > > message in case the verify fails and then write a simple > SpamAssassin > > rule for this? That's what we do here. It's quick and no code has > to be > > changed. I'm not sure how easy this is with sendmail but with exim > this > > is a matter of minutes. > > Again, I don't know of any easy method of doing this with sendmail > without > writing a special milter. > > > New code in MailScanner only brings the possibility of new errors > as the > > code gets more and more complex, especially since the feature you > want > > would mean implementing/using SMTP. The only advantage would be > that > > people not using SpamAssassin could use this functionality. I > doubt > > there are many people out there that fit this definition though. > :-) > > Sadly I am in fact in this category. The current server could not > cope. > However there is a new server sitting on my desk that I have just > loaded > with CentOS (RHEL4 clone). Now to try Exim, SpamAssassin etc . . . > > Thanks for your feedback. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu May 12 07:00:56 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:35 2006 Subject: [Clamav-announce] announcing ClamAV 0.85 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] damn sorry, didnt see raymond already forwarded to the list :/ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas > Sent: Thursday, May 12, 2005 7:49 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: FW: [Clamav-announce] announcing ClamAV 0.85 > > > > Dear ClamAV users, > > > > release 0.85 is available for download. > > Bugfixes in this release include correct signature offset > > calculation in large > > files and proper handling of encrypted zip archives. > > Read the ChangeLog for the full list. > > > > > > -- > > The ClamAV team (http://www.clamav.net/team.html) > > > From: clamav-announce-bounces@lists.clamav.net > > [mailto:clamav-announce-bounces@lists.clamav.net] > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 12 07:48:38 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:35 2006 Subject: Fwd: VERIFY: feedback on install.sh Message-ID: You know it seems _HIGHLY_ inappropriate to me to have an email challenge-response system setup, and not have the mailing lists you subscribe to already set up in your whitelist. (that's in addition to how entirely inappropriate it is to use email challenge-response systems in the first place) Begin forwarded message: > From: tunc@eresen.com > Date: May 12, 2005 4:33:46 AM PDT > To: jrudd@ucsc.edu > Subject: VERIFY: feedback on install.sh > Return-Path: > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/APPLEFILE 100bytes. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] > > I've Been Spammed! > > I'm using the Spammed! system to filter spam from reaching my e-mail > inbox and you have recently sent me a message with the subject > "feedback on install.sh". > > Because you have not yet proven to me that you are a human being and > not an automated spam sending machine, I need you to view the image > below and enter the letters that you see in the text box below. The > reason for this test is that a human can read the letters below, but a > computer/automated spam sender can not. > > Once you have done this, your message will be delivered to me and all > future messages will be delivered to me automatically. > > Thanks for helping me to clear up my spam problems! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 4, Application/APPLEFILE 100bytes. ] [ Unable to print this part. ] [ Part 5: "Attached Text" ] > > The (letters only) code shown above is: > > If you have any problems submitting the form above, or if the > authentication image is not appearing properly, please visit: > http://verify.spammed.com/? > mi=1115872426.847.secure.spammed.com.HTQBFD&hi=809808 > This message was sent on behalf of jrudd@ucsc.edu, a user of the > Spammed! challenge/response system. > Individual senders: If you did not send the e-mail in reference, > please delete this message and do nothing. > Commercial senders: This user is utilizing the Spammed! > challenge/response system and does not wish to receive any automated > e-mails. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 6, Application/OCTET-STREAM (Name: "mime-attachment") 8.2KB. ] [ Unable to print this part. ] [ Part 7, Application/OCTET-STREAM (Name: "mime-attachment") 8.3KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu May 12 09:03:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:35 2006 Subject: Still Having SophosSAVI Problems Message-ID: Aaron and you've upgraded to 3.93.2 ??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron K. Moore wrote: > I keep getting these errors when using SophosSAVI. Even after upgrading > to 4.42.1. > > May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPS6c031775/msg-29730-30.txt > May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPS6c031775/msg-29730-31.html > May 11 12:25:50 fw MailScanner[29719]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPf6c031788/msg-29719-52.txt > May 11 12:26:33 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQO6c031803/msg-29712-70.html > May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQr6c031813/msg-29712-71.txt > May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQr6c031813/msg-29712-72.html > Any ideas? > > If I switch it back to sophos, I don't get these errors. I'm using been > using SAVI-Perl 0.30 for sometime now without problems. I haven't been > able to reproduce this kind of problem using scan.pl that is in the SAVI > Perl package. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 09:02:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:35 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: Julian works fine on FreeBSD 4.10. Hows the conferance going?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > If you are using Sophos, and have upgraded to 3.93.2 or later, you must > use the sophos-autoupdate script attached to this message. > You should gunzip the file and then place it in /opt/MailScanner/lib/ or > /usr/lib/MailScanner/ depending on your system type. You should only > have 1 of those 2, but if you have both then just copy it into both > places to be sure. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 09:01:44 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:35 2006 Subject: [Clamav-announce] announcing ClamAV 0.85 (fwd) Message-ID: maybe alot of the problems I got invovled with to be inconsistent DatabaseDirectory settings in clamd.conf and freshclam.conf... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > > Perhaps some of the trouble prople were seeing are solved now ? > > Bye, > Raymond. > > ---------- Forwarded message ---------- > Date: Wed, 11 May 2005 20:45:11 +0200 > From: Luca Gibelli > Reply-To: noreply@clamav.net > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.85 > > > Dear ClamAV users, > > release 0.85 is available for download. > Bugfixes in this release include correct signature offset calculation in > large > files and proper handling of encrypted zip archives. > Read the ChangeLog for the full list. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 > PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 12 09:49:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:35 2006 Subject: Not a Mime header? Message-ID: (trimming a bit so JP don't flog me no more:-) > > >>>The header as it appears in the message you quoted: > >>> > >>> -X-OURCOMPANYNAME-MailScanner - Information: > >>> > >>>should be: > >>> X-OURCOMPANYNAME-MailScanner-Information: (no leading - and > >>>no spaces in > >>>the MailScanner - Information: part) > >>> > >>>Rick > >> > >>Very true Rick. But looking at what Pete is sending to the list... > >>it sure looks like a typo ... Of course assuming it is that > >>domain that is having problems:-) > >> > >>-- Glenn > > > > > > That's what I thought, but it looked like he clipped it out > of an error > > message he received, either a different domain or a > problem/mistake he had > > already corrected because the listed header was most > defiantly an invalid > > one and I didn't see anything like it in the headers from > his messages > > either. > Sorry i wasnt very clear - i pasted in the comments from the admin at > the other end. That kind of implies that it isn't you who is having a problem here. Either it is a typo from that admins side, or their systems are doing something they shouldn't:-). If I were you I'd use my energy to try get them to "see the light". -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 10:12:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:35 2006 Subject: problem after upgraded to 4.39 Message-ID: Hi have you but MailScanner.conf in debug mode and run check_MailScanner. you'll get a little more information about the problem.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 nats wrote: > Hi, > > I just upgrade MailScanner to 4-39.5-1 and when i start MAilScanner, it > complains about HTML/TokeParser.pm, is this a sign of bad perl compiler? (ie > two instances), i just get rid of the perl binary 5.8.5 and replaces with > the old perl 5.8.0, but still i have the same problem. i install > HTML::TokeParser from cpan and i have this failed tests > > t/entities.t > t/headparser.t > t/uentities.t > > > anyone have an idea on how to work with kind of prob? > > Thanks in advance > > Nats > > > > -- > All messages that are coming from this domain > is certified to be virus and spam free. If > ever you have received any virus infected > content or spam, please report it to the > internet administrator of this domain > nats@sscrmnl.edu.ph > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 12 10:50:02 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:35 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Oh so true. I think it's a combination of factors that makes one do > "incorrect" quoting... Laziness, stress and a general lack of coffee > come fairly high for me. > I know i am an offender, apologies. I am still trying to figure out the rules for quoting... :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 12 11:18:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:35 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: > I know i am an offender, apologies. > > I am still trying to figure out the rules for quoting... :) ... And it really "helps" that there are a few "schools" to follow, now doesn't it? (Everything from Jeff Merkeys "I don't want to be sued so I include _everything_" to "pure unintelligible minimalism"... And then we haven't touched the thorny subject of top/bottom posting...:-). Me, I usually(!) follow the simple rules that pertain to spoken language: If the people you are communicating with cam decipher what you are getting at without too much effort, then it is "right"... If not, well then it is "wrong". So since JP had an issue, I'm an offender and need better my ways:-) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed May 11 10:06:36 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:35 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Glenn, I think we should really have a new award for weird or unnecessary quoting in this list. It took me quite some time to actually find your comment in your post. I decided to count a bit: 85 lines of full quote 4 lines of new information That's a rough 95% quote 5% information. Sorry I am hitting you with this now since you definately are not the only one doing this. But reading this list gets more and more difficult. It would be extremely kind of you all to really put some effort to better quoting. Please!!!!! Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu May 12 14:49:12 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:35 2006 Subject: Still Having SophosSAVI Problems Message-ID: Yes. I did that the other day when I found they added a new file that wasn't getting symlinked in the Sophos.install script. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, May 12, 2005 3:03 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Still Having SophosSAVI Problems Aaron and you've upgraded to 3.93.2 ??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron K. Moore wrote: > I keep getting these errors when using SophosSAVI. Even after upgrading > to 4.42.1. > > May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPS6c031775/msg-29730-30.txt > May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPS6c031775/msg-29730-31.html > May 11 12:25:50 fw MailScanner[29719]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHPf6c031788/msg-29719-52.txt > May 11 12:26:33 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQO6c031803/msg-29712-70.html > May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQr6c031813/msg-29712-71.txt > May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could > not proceed, the file was corrupted (538):: > ./j4BHQr6c031813/msg-29712-72.html > Any ideas? > > If I switch it back to sophos, I don't get these errors. I'm using been > using SAVI-Perl 0.30 for sometime now without problems. I haven't been > able to reproduce this kind of problem using scan.pl that is in the SAVI > Perl package. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 14:56:44 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:35 2006 Subject: Still Having SophosSAVI Problems Message-ID: Aaron given the 3.93.2 update was supposed to cure these errors have you contacted Sophos? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron K. Moore wrote: > Yes. I did that the other day when I found they added a new file that > wasn't getting symlinked in the Sophos.install script. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 12, 2005 3:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Still Having SophosSAVI Problems > > Aaron > > and you've upgraded to 3.93.2 ??? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Aaron K. Moore wrote: > >>I keep getting these errors when using SophosSAVI. Even after > > upgrading > >>to 4.42.1. >> >>May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPS6c031775/msg-29730-30.txt >>May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPS6c031775/msg-29730-31.html >>May 11 12:25:50 fw MailScanner[29719]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPf6c031788/msg-29719-52.txt >>May 11 12:26:33 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQO6c031803/msg-29712-70.html >>May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQr6c031813/msg-29712-71.txt >>May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQr6c031813/msg-29712-72.html >>Any ideas? >> >>If I switch it back to sophos, I don't get these errors. I'm using > > been > >>using SAVI-Perl 0.30 for sometime now without problems. I haven't > > been > >>able to reproduce this kind of problem using scan.pl that is in the > > SAVI > >>Perl package. >> >>-- >>Aaron Kent Moore >>Information Technology Services >>DeKalb Memorial Hospital, Inc. >>Auburn, IN >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Thu May 12 15:10:03 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:35 2006 Subject: Force reload of MailScanner.conf ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is there a way to force the reload of MailScanner.conf? In the past I've done a restart on my init.d/sendmail script to stop and start sendmail and mailscanner. I suspect that this is not the most graceful way of doing things. Thanks, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu May 12 15:25:12 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:35 2006 Subject: Still Having SophosSAVI Problems Message-ID: Not yet. I'm wondering if there are any other sites running MailScanner and SophosSAVI that have this problem after upgrading to 3.93.2? As I noted in my original post, if I set MailScanner to sophos, instead of sophossavi, I don't get any errors. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, May 12, 2005 8:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Still Having SophosSAVI Problems Aaron given the 3.93.2 update was supposed to cure these errors have you contacted Sophos? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron K. Moore wrote: > Yes. I did that the other day when I found they added a new file that > wasn't getting symlinked in the Sophos.install script. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 12, 2005 3:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Still Having SophosSAVI Problems > > Aaron > > and you've upgraded to 3.93.2 ??? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Aaron K. Moore wrote: > >>I keep getting these errors when using SophosSAVI. Even after > > upgrading > >>to 4.42.1. >> >>May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPS6c031775/msg-29730-30.txt >>May 11 12:25:41 fw MailScanner[29730]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPS6c031775/msg-29730-31.html >>May 11 12:25:50 fw MailScanner[29719]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHPf6c031788/msg-29719-52.txt >>May 11 12:26:33 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQO6c031803/msg-29712-70.html >>May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQr6c031813/msg-29712-71.txt >>May 11 12:27:13 fw MailScanner[29712]: SophosSAVI::ERROR:: Sweep could >>not proceed, the file was corrupted (538):: >>./j4BHQr6c031813/msg-29712-72.html >>Any ideas? >> >>If I switch it back to sophos, I don't get these errors. I'm using > > been > >>using SAVI-Perl 0.30 for sometime now without problems. I haven't > > been > >>able to reproduce this kind of problem using scan.pl that is in the > > SAVI > >>Perl package. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu May 12 15:48:34 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:35 2006 Subject: Force reload of MailScanner.conf ? Message-ID: Hi! > Hi, Is there a way to force the reload of MailScanner.conf? In the past > I've done a restart on my init.d/sendmail script to stop and start > sendmail and mailscanner. I suspect that this is not the most graceful > way of doing things. Uh what about reload? service MailScanner reload For the RPM version... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Thu May 12 16:00:40 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:29:36 2006 Subject: Still Having SophosSAVI Problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 12/05/2005 15:25, Aaron K. Moore wrote: > Not yet. I'm wondering if there are any other sites running MailScanner > and SophosSAVI that have this problem after upgrading to 3.93.2? > > As I noted in my original post, if I set MailScanner to sophos, instead > of sophossavi, I don't get any errors. I'm running SophosSAVI with 3.93.2 and haven't seen any errors yet. Having said that, I wasn't seeing any errors with 3.93, either... Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu May 12 15:37:31 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:36 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: At the risk of sounding like a broken record (a very slowly turning broken record): Those of you running Outlook should be using outlook-quotefix, which you can find at: http://home.in.tum.de/~jain/software/outlook-quotefix/ I use it and it works very well. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 16:25:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: JP try the update to 0.85 of Clamav. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan-Peter Koopmann wrote: > Hi Julian, > > any idea? > > May 12 17:14:28 proxy MailScanner[3222]: [./1DWFFB-00006F-C3/1.zip] ./1DWFFB-00006F-C3/1.zip: Infected: Trojan-Downloader.Win32.Small.aty [AVP] > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found virus Trojan-Downloader.Win32.Small.aty > May 12 17:14:28 proxy MailScanner[3222]: Scan ended at Thu May 12 17:14:28 2005 > May 12 17:14:28 proxy MailScanner[3222]: 18 files scanned > May 12 17:14:28 proxy MailScanner[3222]: 1 file infected > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found 1 infections > May 12 17:14:28 proxy MailScanner[3222]: /var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error > May 12 17:14:28 proxy MailScanner[3222]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error". Please contact the authors! > > MailScanner-4-41.3 > clamav-0.84 > > clamscan of the file says: > > proxy:/var/spool/MailScanner/quarantine/20050512/1DWFFB-00006F-C3 # clamscan * > 1.zip: Input/Output error > 1.zip: OK > message: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 33876 > Engine version: 0.84 > Scanned directories: 0 > Scanned files: 2 > Infected files: 0 > Data scanned: 0.00 MB > Time: 0.495 sec (0 m 0 s) > > > > unzip 1.zip --> password protected zip. > > > Helpless, > JP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 12 16:25:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan-Peter Koopmann wrote: > Hi Julian, > > any idea? > > May 12 17:14:28 proxy MailScanner[3222]: [./1DWFFB-00006F-C3/1.zip] ./1DWFFB-00006F-C3/1.zip: Infected: Trojan-Downloader.Win32.Small.aty [AVP] > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found virus Trojan-Downloader.Win32.Small.aty > May 12 17:14:28 proxy MailScanner[3222]: Scan ended at Thu May 12 17:14:28 2005 > May 12 17:14:28 proxy MailScanner[3222]: 18 files scanned > May 12 17:14:28 proxy MailScanner[3222]: 1 file infected > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found 1 infections > May 12 17:14:28 proxy MailScanner[3222]: /var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error > May 12 17:14:28 proxy MailScanner[3222]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error". Please contact the authors! > > MailScanner-4-41.3 > clamav-0.84 Have you tried clamav 0.85? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu May 12 16:55:24 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:36 2006 Subject: Still Having SophosSAVI Problems Message-ID: What platform are you running on? It seems to be an issue with MIME and some of the Sober e-mails. I'm waiting on a call back from Sophos. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu May 12 16:53:02 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan-Peter Koopmann wrote: I posted the same problem awhile ago and no answers forth coming. I had the same problem when originating the email from Outlook 2003 thru an Exchange 2003 server. When I originated the email from Mozilla Thunderbird thru the same Exchange server (which relays it to our MailScanner box) no problems. When sending from Outlook the file gets renames from file.zip to file.zip.zip, otherwise no problem. I've upgraded to clamav-0.85 and I no longer get the error message but the encrypted zip file still gets renamed. >Hi Julian, > >any idea? > >May 12 17:14:28 proxy MailScanner[3222]: [./1DWFFB-00006F-C3/1.zip] ./1DWFFB-00006F-C3/1.zip: Infected: Trojan-Downloader.Win32.Small.aty [AVP] >May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found virus Trojan-Downloader.Win32.Small.aty >May 12 17:14:28 proxy MailScanner[3222]: Scan ended at Thu May 12 17:14:28 2005 >May 12 17:14:28 proxy MailScanner[3222]: 18 files scanned >May 12 17:14:28 proxy MailScanner[3222]: 1 file infected >May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found 1 infections >May 12 17:14:28 proxy MailScanner[3222]: /var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error >May 12 17:14:28 proxy MailScanner[3222]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error". Please contact the authors! > >MailScanner-4-41.3 >clamav-0.84 > >clamscan of the file says: > >proxy:/var/spool/MailScanner/quarantine/20050512/1DWFFB-00006F-C3 # clamscan * >1.zip: Input/Output error >1.zip: OK >message: OK > >----------- SCAN SUMMARY ----------- >Known viruses: 33876 >Engine version: 0.84 >Scanned directories: 0 >Scanned files: 2 >Infected files: 0 >Data scanned: 0.00 MB >Time: 0.495 sec (0 m 0 s) > > > >unzip 1.zip --> password protected zip. > > >Helpless, > JP > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 12 16:45:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:36 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > At the risk of sounding like a broken record > (a very slowly turning broken record): > > Those of you running Outlook should be using > outlook-quotefix, which you can find at: > > http://home.in.tum.de/~jain/software/outlook-quotefix/ > > I use it and it works very well. > > --J(K) > And for those using "cough" Outlook Express, http://home.in.tum.de/~jain/software/oe-quotefix/ I bailed to Thunderbird, and haven't looked back! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Thu May 12 16:53:46 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:36 2006 Subject: sender verification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Alex, > Any good links/faq's you can recommend on accomplishing these > feats with > exim4 on Debian? Unfortunately not. Grown installation... :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 12 17:03:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:36 2006 Subject: Quoting habbits again / Was: RE: Not a Mime header? Message-ID: Jason Balicki wrote: > At the risk of sounding like a broken record > (a very slowly turning broken record): > > Those of you running Outlook should be using > outlook-quotefix, which you can find at: > > http://home.in.tum.de/~jain/software/outlook-quotefix/ > > I use it and it works very well. > > --J(K) Thanks JK, didn't know about that (being a unix type of person, only forced to use a bare minimum of windoze apps:-). Now, if that only could work for OWA too:-):-) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Thu May 12 16:47:38 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Have you tried clamav 0.85? Not yet. The FreeBSD port ist not yet available. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu May 12 17:17:01 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: Hi! > May 12 17:14:28 proxy MailScanner[3222]: [./1DWFFB-00006F-C3/1.zip] ./1DWFFB-00006F-C3/1.zip: Infected: Trojan-Downloader.Win32.Small.aty [AVP] > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found virus Trojan-Downloader.Win32.Small.aty > May 12 17:14:28 proxy MailScanner[3222]: Scan ended at Thu May 12 17:14:28 2005 > May 12 17:14:28 proxy MailScanner[3222]: 18 files scanned > May 12 17:14:28 proxy MailScanner[3222]: 1 file infected > May 12 17:14:28 proxy MailScanner[3222]: Virus Scanning: F-Secure found 1 infections > May 12 17:14:28 proxy MailScanner[3222]: /var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error > May 12 17:14:28 proxy MailScanner[3222]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/3222/./1DWFFB-00006F-C3/1.zip: Input/Output error". Please contact the authors! > > MailScanner-4-41.3 > clamav-0.84 > > clamscan of the file says: > > proxy:/var/spool/MailScanner/quarantine/20050512/1DWFFB-00006F-C3 # clamscan * > 1.zip: Input/Output error > 1.zip: OK > message: OK Can you try this same file with Clam 0.85 ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 16:58:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: Still Having SophosSAVI Problems Message-ID: Aaron FreeBSD 4.10, no problems. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Aaron K. Moore wrote: > What platform are you running on? > > It seems to be an issue with MIME and some of the Sober e-mails. I'm > waiting on a call back from Sophos. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 17:24:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:36 2006 Subject: Sophos 3.93.2 -- new sophos-autoupdate Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Conference is fine, am doing my presentation after lunch today. Then flying back home tomorrow afternoon. Martin Hepworth wrote: > Julian > > works fine on FreeBSD 4.10. > > Hows the conferance going?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> If you are using Sophos, and have upgraded to 3.93.2 or later, you must >> use the sophos-autoupdate script attached to this message. >> You should gunzip the file and then place it in /opt/MailScanner/lib/ or >> /usr/lib/MailScanner/ depending on your system type. You should only >> have 1 of those 2, but if you have both then just copy it into both >> places to be sure. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Thu May 12 17:39:15 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:29:36 2006 Subject: Should there be a Bayes score in every email? Message-ID: This may be a spamassassin question rather than MailScanner, I'm not sure. I'm seeing a few messages get through that are spam, not scoring high enough in spamassassin to be flagged. Many of these don't have any Bayes score, is that normal? Should every message that spamassassin looks at have a bayes score, or not? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 12 17:51:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: Should there be a Bayes score in every email? Message-ID: Greg means bayes found no tokens in its DB that are in the email, so doesn't comment. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Deputy wrote: > This may be a spamassassin question rather than MailScanner, I'm not > sure. > > I'm seeing a few messages get through that are spam, not scoring high > enough in spamassassin to be flagged. Many of these don't have any > Bayes score, is that normal? Should every message that spamassassin > looks at have a bayes score, or not? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david.weber at BACKBONESECURITY.COM Thu May 12 18:56:36 2005 From: david.weber at BACKBONESECURITY.COM (David C.M. Weber) Date: Thu Jan 12 21:29:36 2006 Subject: Redirecting email to a Script Message-ID: Brief overview: Mailscanner system in front of an exchange server. I'm trying to get email to activate a script via an alias when an email comes in. Right now I've got /etc/aliases set up w/: somebody: "| /post_leads" Then I did a newaliases. I have a symbolic link in /etc/smrsh pointing to the real script. Here's a ls -lah [root@computername smrsh]# ls -lah total 12K drwxr-xr-x 3 root root 4.0K May 12 13:36 . drwxr-xr-x 57 root root 4.0K May 12 13:42 .. lrwxrwxrwx 1 root root 35 May 12 13:36 post_leads -> /nobody_scripts/post_leads The nobody_scripts is a temp directory w/ bad permissions (777), but I just want to get it working. ls -lah: [root@computername nobody_scripts]# ls -lah total 12K drwxrwxrwx 2 root root 4.0K May 12 13:36 . drwxr-xr-x 22 root root 4.0K May 12 13:36 .. -rwxrwxrwx 1 root root 0 May 12 13:28 out.txt -rwxrwxrwx 1 root root 32 May 12 13:29 post_leads And finally, here's the script: #/bin/bash echo $1 >> out.txt From mkettler at EVI-INC.COM Thu May 12 19:07:07 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:36 2006 Subject: Should there be a Bayes score in every email? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Deputy wrote: >This may be a spamassassin question rather than MailScanner, I'm not >sure. > >I'm seeing a few messages get through that are spam, not scoring high >enough in spamassassin to be flagged. Many of these don't have any >Bayes score, is that normal? Should every message that spamassassin >looks at have a bayes score, or not? > Depends on what version of SA you run. In 2.x it's normal for anything that has no bayes hits at all, or otherwise ends up at exactly 0.5000, to not show up. If this bothers you, and you use 2.x you can add this rule to your config: body BAYES_NEUTRAL eval:check_bayes('0.4999','0.5001') score BAYES_NEUTRAL 0.001 Looking at the rules for 3.0.x should always show a bayes score, but I don't run it so I can't confirm the behavior. All I can confirm is that 3.0 doesn't have a "hole" in the bayes ranges as 2.x did. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Thu May 12 20:15:46 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:29:36 2006 Subject: mail file utility Message-ID: On my MailScanner boxes I have all my non-spam copied to a local mailbox file. Was wondering if there are any slick tools for breaking out messages based on TO: or FROM: fields in these files? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Thu May 12 20:28:16 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:29:36 2006 Subject: Redirecting email to a Script Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You log file shows sendmail is trying to use "|/post_leads_to_sugar". I have a working script in place, it does not do anything useful but maybe this will help: Email address: blockme@mail.crackerbarrel.com Script: /sbin/spamtest ls -lia /etc/smrsh/spamtest: 99990 lrwxrwxrwx 1 root root 14 Oct 23 2003 spamtest -> /sbin/spamtest grep spamtest /etc/aliases: blockme: "|/sbin/spamtest" Email to blockme@mail.crackerbarrel.com is passed to /sbin/spamtest script: #!/bin/sh ############################################################################### ####################### # Create 02.01.2002???? - CDA to check for SPAMMers/Open Relays of incoming mail # Returns: # 10.06.2003.cda - setup so that it can read headers emailed to it and block ip address of mailserver # ############################################################################### ####################### ############################################################################### ####################### # Read stdin and look for the last mailserver's IP address ############################################################################### ####################### echo "BEGINNING!" >> /tmp/spamtest.log Block=1 while read mydata; do echo " .... READING " >> /tmp/spamtest.log emailserverIP=`echo ${mydata} | grep ^Rec | grep [[]` if [ -n "$emailserverIP" ];then mailserver=`echo $emailserverIP | cut -f 2 -d '[' | cut -f1 -d ']'` Block=1 ####################################################################### ####################################################################### if [ "`egrep -i $mailserver /etc/mail/GoodSpammers`" ]; then Block=0 fi ####################################################################### ####################################################################### if [ "`egrep -i $mailserver /etc/mail/KnownSpammers`" ]; then Block=0 fi if [ ${Block} == 1 ]; then # This is where we need to modify rules to block from "spammer", but for now just send me an email # and do nothing else. echo "Block Me: ${mailserver}" | mail candrews@crackerbarrel.com fi fi done echo "FINISHED" >> /tmp/spamtest.log grep blockme /var/log/maillog: May 12 14:17:37 mail sendmail[14415]: j4CJHWwo014414: to="|/sbin/spamtest", ctladdr= (8/0), delay=00:00:05, xdelay=00:00:05, mailer=prog, pri=34014, dsn=2.0.0, stat=Sent Hope this helps, Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David C.M. Weber Sent: Thursday, May 12, 2005 12:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Redirecting email to a Script Brief overview: Mailscanner system in front of an exchange server. I'm trying to get email to activate a script via an alias when an email comes in. Right now I've got /etc/aliases set up w/: somebody: "| /post_leads" Then I did a newaliases. I have a symbolic link in /etc/smrsh pointing to the real script. Here's a ls -lah [root@computername smrsh]# ls -lah total 12K drwxr-xr-x 3 root root 4.0K May 12 13:36 . drwxr-xr-x 57 root root 4.0K May 12 13:42 .. lrwxrwxrwx 1 root root 35 May 12 13:36 post_leads -> /nobody_scripts/post_leads The nobody_scripts is a temp directory w/ bad permissions (777), but I just want to get it working. ls -lah: [root@computername nobody_scripts]# ls -lah total 12K drwxrwxrwx 2 root root 4.0K May 12 13:36 . drwxr-xr-x 22 root root 4.0K May 12 13:36 .. -rwxrwxrwx 1 root root 0 May 12 13:28 out.txt -rwxrwxrwx 1 root root 32 May 12 13:29 post_leads And finally, here's the script: #/bin/bash echo $1 >> out.txt From mailscanner at MANGO.ZW Thu May 12 20:29:49 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:36 2006 Subject: Redirecting email to a Script Message-ID: Hi David On Thu, 12 May 2005, David C.M. Weber wrote: > Brief overview: > Mailscanner system in front of an exchange server. I'm trying > to get email to activate a script via an alias when an email comes in. > > Right now I've got /etc/aliases set up w/: > > somebody: "| /post_leads" > > Then I did a newaliases. This means you are trying to run the script post_leads which is in your root directory - I don't think that is what you intend! > I have a symbolic link in /etc/smrsh pointing to the real script. > Here's a ls -lah > > [root@computername smrsh]# ls -lah > total 12K > drwxr-xr-x 3 root root 4.0K May 12 13:36 . > drwxr-xr-x 57 root root 4.0K May 12 13:42 .. > lrwxrwxrwx 1 root root 35 May 12 13:36 post_leads -> > /nobody_scripts/post_leads Then try the following in your aliases file: somebody: "| /etc/smrsh/post_leads" and put the script there with permissions 755. I am not sure what is required if it is a link to somewhere else - the link must be 755, but possibly the target also has to be 755. > And finally, here's the script: > #/bin/bash > echo $1 >> out.txt This is definitely not what you want! Try: tee -a out.txt Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu May 12 20:37:03 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:36 2006 Subject: Redirecting email to a Script Message-ID: On Thu, 12 May 2005, Jim Holland wrote: > Then try the following in your aliases file: > > somebody: "| /etc/smrsh/post_leads" > > and put the script there with permissions 755. I am not sure what is > required if it is a link to somewhere else - the link must be 755, but > possibly the target also has to be 755. Sorry - brain not engaged. If you chmod the symlink to 755 it will remain with permissions lrwxrwxrwx while the target will become 755, which is what is required. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From thomas.zajic at ROCKSTARVIENNA.COM Thu May 12 20:46:44 2005 From: thomas.zajic at ROCKSTARVIENNA.COM (Thomas Zajic) Date: Thu Jan 12 21:29:36 2006 Subject: mail file utility Message-ID: * Joe Smith , 12/05/2005, 19:15 > On my MailScanner boxes I have all my non-spam copied to a local mailbox > file. Was wondering if there are any slick tools for breaking out messages > based on TO: or FROM: fields in these files? I'm not sure what exactly you mean by "breaking out", but these tools might be what you're looking for: http://mboxgrep.org/ http://grepmail.sourceforge.net/ HTH, Thomas -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 12 21:14:06 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan-Peter Koopmann wrote: >>Have you tried clamav 0.85? > > > Not yet. The FreeBSD port ist not yet available. > I'm not too familiar with FreeBSD ports, but installing directly from source would break your setup? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 12 22:11:15 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:36 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: Has anyone managed to get Bitdefender running with CentOS 4.0? The rpm appears to install normally but the bdc doesn't seem to work. Looks like a libry incompatibility problem. [root@web bdc]# /opt/bdc/bdc -update BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll [root@web bdc]# ./bdc . BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: core initialization failed: Libfn initialization failed Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 12 04:09:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:36 2006 Subject: feedback on install.sh Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > John Rudd wrote: > >> On May 11, 2005, at 18:29, Julian Field wrote: >> >>> John Rudd wrote: >>> >>>> 1) it would be nice if, when looking for perl, if it finds multiple >>>> copies (like /usr/bin/perl and /usr/local/bin/perl), if it would check >>>> to see if one is a symlink to the other, and then do the right thing. >>> >>> >>> >>> That one's a bit awkward, is it vital? >> >> >> >> It's not vital, but it is annoying. Is it that awkward? Why not load >> all found perls into an array, then (warning, inefficient code follows, >> but shouldn't be a problem for most systems): > > > That would be easy, if it was perl, which it's not :-) Okay, I've done it for you. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu May 12 17:45:25 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:36 2006 Subject: Still Having SophosSAVI Problems Message-ID: I'm running on Fedora Core 1. I'm still waiting on my call back from Sophos. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Martin Hepworth wrote: > Aaron > > FreeBSD 4.10, no problems. > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Thu May 12 21:37:05 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:36 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Has been addressed here and it's also in the Wiki yum -y install compat-libstdc++-296.i386 compat-libstdc++-33.i386 you use yum (or apt) to update your servers.. right? ----- Original Message ----- From: "Stephen Swaney" To: Sent: Thursday, May 12, 2005 5:11 PM Subject: Bitdefender running with CentOS 4.0 > Has anyone managed to get Bitdefender running with CentOS 4.0? > > The rpm appears to install normally but the bdc doesn't seem to work. Looks > like a libry incompatibility problem. > > [root@web bdc]# /opt/bdc/bdc -update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > [root@web bdc]# ./bdc . > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at UNIVAP.BR Thu May 12 22:36:49 2005 From: vlad at UNIVAP.BR (Vladimir M Costa) Date: Thu Jan 12 21:29:36 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Stephen, I'm running Bitdefender with CentOS 4.0 and this is fine. Use the BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm package for install. # bdc --update BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. No update available. Vladimir M Costa > Has anyone managed to get Bitdefender running with CentOS 4.0? > > The rpm appears to install normally but the bdc doesn't seem to work. Looks > like a libry incompatibility problem. > > [root@web bdc]# /opt/bdc/bdc -update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > [root@web bdc]# ./bdc . > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 12 23:28:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:36 2006 Subject: install-Clam-SA package Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Is there any particular reason that you have Mail-ClamAV-0.13 in this package? I was updating for my local use, and had to go to Mail-ClamAV-0.17 to get a clean install with ClamAV-0.85. I can post if it would save you some time. I will run it for a while to look for errors for the rest of the day. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Fri May 13 03:15:47 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:36 2006 Subject: languages.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I get a ton of things like: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf And so forth in my mail log. My languages.conf is blank. Is this normal or am I missing something ? FC1/Sendmail 8.13.4/MailScanner 4.39.6 Thanks, Tracy Greggs -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and with commercial virus scanners McAfee and F-PROT and is believed to be uninfected. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Fri May 13 03:31:59 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:29:36 2006 Subject: languages.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy, Your languages.conf should not be blank. This file contains all the words, phrases and sentences that are output to a user by MailScanner. This text file has about 70 lines in it. You might consider just upgrading MS to fix the problem or reinstall. Brad >>> Tracy Greggs 5/12/2005 9:15:47 PM >>> I get a ton of things like: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf And so forth in my mail log. My languages.conf is blank. Is this normal or am I missing something ? FC1/Sendmail 8.13.4/MailScanner 4.39.6 Thanks, Tracy Greggs -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eric.sauvageau at gmail.com Fri May 13 03:35:23 2005 From: eric.sauvageau at gmail.com (Eric Sauvageau) Date: Thu Jan 12 21:29:36 2006 Subject: Chaining multiple .rules files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately, I can either use the default (which is my Email address), or supply one myself. Don't see a way to tell it not to supply any Reply-To: header at all. Next time I subscribe to this list to ask a question, I'll use a real POP3 account on my server. GMail is totally useless for mailing lists configured like this one :( I even have to manually enter the mailing list address when I try to reply to a post on the list. --- Eric On 5/12/05, Denis Beauchemin wrote: > Eric Sauvageau wrote: > > >(Is it me, or GMail is worthless with some mailing lists? It wants to > >send the reply to the original poster instead of to the list, even > >when using Reply All...) > > > > > > > > Éric, > > There is a Reply-To: in your gmail emails. Is this something you can > get rid of? Because it supersedes the list return address. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eric.sauvageau at gmail.com Fri May 13 03:40:10 2005 From: eric.sauvageau at gmail.com (Eric Sauvageau) Date: Thu Jan 12 21:29:36 2006 Subject: Chaining multiple .rules files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 5/11/05, Julian Field wrote: > But you could write a quick script to turn that ruleset-filled file into > an address-pattern-filled file pretty easily. Which would defeat the purpose of avoiding to manually maintain the file - it would still require me to open a ssh session and run the script everytime I used the web interface to modify a domain settings (and I'm not fond of having a cron job running every minutes just to check for a change that might happen once a month in average). Might as well manually maintain one single file then that will contain both lists - those listes shouldn't grow beyond 30-40 entries, so they are pretty manageable by hand. This the solution that I opted for in the end. --- Eric ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Fri May 13 05:12:58 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:36 2006 Subject: languages.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sometimes upgrading is the easiest and best fix.. all seems fine now. Tracy ----- Original Message ----- From: "Brad Beckenhauer" To: Sent: Thursday, May 12, 2005 9:31 PM Subject: Re: languages.conf > Tracy, > Your languages.conf should not be blank. This file contains all the words, > phrases and sentences that are output to a user by MailScanner. > > This text file has about 70 lines in it. > > You might consider just upgrading MS to fix the problem or reinstall. > > Brad > >>>> Tracy Greggs 5/12/2005 9:15:47 PM >>> > I get a ton of things like: > > Looked up unknown string passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Looked up unknown string archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > And so forth in my mail log. My languages.conf is blank. > > Is this normal or am I missing something ? > > FC1/Sendmail 8.13.4/MailScanner 4.39.6 > > Thanks, > Tracy Greggs > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 13 05:18:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:36 2006 Subject: install-Clam-SA package Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No reason. If I get up early enough tomorrow, I will update this. Otherwise it will have to wait until the weekend. Scott Silva wrote: >Julian, >Is there any particular reason that you have Mail-ClamAV-0.13 in this >package? >I was updating for my local use, and had to go to Mail-ClamAV-0.17 to >get a clean install with ClamAV-0.85. >I can post if it would save you some time. >I will run it for a while to look for errors for the rest of the day. >-- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: >| A beer doesn't get >--|===`-----'I `---' I | |: >| upset if you come / _ \ I I | |:' >| home with another / ( `-,----============:__;: >| beer! / (_ O __) \_ : >| ,,---.__________/ (______) (_) >:/ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 13 05:20:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:36 2006 Subject: languages.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For future reference, you should fine you have a "upgrade_languauges_conf" program. Tracy Greggs wrote: > Sometimes upgrading is the easiest and best fix.. all seems fine now. > > Tracy > > ----- Original Message ----- > From: "Brad Beckenhauer" > To: > Sent: Thursday, May 12, 2005 9:31 PM > Subject: Re: languages.conf > > >> Tracy, >> Your languages.conf should not be blank. This file contains all the >> words, >> phrases and sentences that are output to a user by MailScanner. >> >> This text file has about 70 lines in it. >> >> You might consider just upgrading MS to fix the problem or reinstall. >> >> Brad >> >>>>> Tracy Greggs 5/12/2005 9:15:47 PM >>> >>>> >> I get a ton of things like: >> >> Looked up unknown string passwordedarchive in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Looked up unknown string archivetoodeep in language translation file >> /etc/MailScanner/reports/en/languages.conf >> >> And so forth in my mail log. My languages.conf is blank. >> >> Is this normal or am I missing something ? >> >> FC1/Sendmail 8.13.4/MailScanner 4.39.6 >> >> Thanks, >> Tracy Greggs > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Fri May 13 07:24:04 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:29:36 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: Did you install the compatibility rpm's? Koen Stephen Swaney Sent by: MailScanner mailing list 12/05/2005 23:11 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Bitdefender running with CentOS 4.0 Has anyone managed to get Bitdefender running with CentOS 4.0? The rpm appears to install normally but the bdc doesn't seem to work. Looks like a libry incompatibility problem. [root@web bdc]# /opt/bdc/bdc -update BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll [root@web bdc]# ./bdc . BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: core initialization failed: Libfn initialization failed Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rggarcia at IMGAME.NET Thu May 12 22:59:47 2005 From: rggarcia at IMGAME.NET (Rosaldo Garcia) Date: Thu Jan 12 21:29:36 2006 Subject: MailScanner Help Message-ID: MailScanner Experts, Im running redhat 7.3, postfix-1.1.7-2, MailScanner-4.41.3, Clam AntiVirus Scanner 0.83 My current postfix server is up and running, i try to install this mailscanner and i got this on my maillogs.. May 13 18:06:07 mail MailScanner[8760]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 13 18:06:07 mail MailScanner[8759]: Using locktype = flock May 13 18:06:07 mail MailScanner[8759]: Cannot open dir 3 when finding depth Any help is much appreciated.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri May 13 10:44:50 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ugo, > I'm not too familiar with FreeBSD ports, but installing > directly from source would break your setup? I could install it from source without breaking too much on the machine. It would break my schedule a bit :-) Since the customer has a commercial virus scanner in place and clamav only seams to choke on files that seem to be viruses anyway (and are blocked for other reasons), it is not _that_ urgent. I can wait another day or so for the port to come out. Once 0.85 is installed I will check this again and let you know. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 13 11:53:59 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:36 2006 Subject: MailScanner Help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rosaldo Garcia said: > MailScanner Experts, > > > Im running redhat 7.3, postfix-1.1.7-2, MailScanner-4.41.3, Clam > AntiVirus > Scanner 0.83 > > My current postfix server is up and running, i try to install this > mailscanner and i got this on my maillogs.. > > > May 13 18:06:07 mail MailScanner[8760]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > May 13 18:06:07 mail MailScanner[8759]: Using locktype = flock > May 13 18:06:07 mail MailScanner[8759]: Cannot open dir 3 when finding > depth I would suggest upgrading Postfix. Version 1.x is now _very_ old and MailScanner support is not as reliable in versions earlier than 2.x I am running 2.2 with out problems and would recommend the upgrade (For RFC compliance as much as anything else. 1.x didn't support unknown user rejection or had RFC valid bounce message format). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From emmanuel.pieux at GRENOBLE-EM.COM Fri May 13 13:54:14 2005 From: emmanuel.pieux at GRENOBLE-EM.COM (Emmanuel PIEUX) Date: Thu Jan 12 21:29:36 2006 Subject: Sendmail receives mail in mqueue.in but don't forward them to mqueue Message-ID: Hello, On a FreeBSD 4.9, I've recently upgrade ports collection and upgrade Mailscanner from version 4.22.5 to 4.41.3 (the latest I think). I've also upgrade Sendmail from 8.11 to 8.13. Now, Mailscanner receives and process all incoming mails in mqueue.in, but don't transfers them to mqueue!!! It makes spam process, clamav process, identifies very well real spams, but it don't deliver mails! Is anybody has already had this problem? What can I do to fix that? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 13 14:15:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: Sendmail receives mail in mqueue.in but don't forward them to mqueue Message-ID: Emmanual if you look in MailScanner.conf you'll see a note on the locking section that talks about requiring to use a fixed file locking type for sendmail 8.13. make sure that is correct. Also make sure that email is not in the mqueue and its not a problem with the second sendmail process not starting. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Emmanuel PIEUX wrote: > Hello, > > On a FreeBSD 4.9, I've recently upgrade ports collection and upgrade > Mailscanner from version 4.22.5 to 4.41.3 (the latest I think). I've also > upgrade Sendmail from 8.11 to 8.13. > Now, Mailscanner receives and process all incoming mails in mqueue.in, but > don't transfers them to mqueue!!! > It makes spam process, clamav process, identifies very well real spams, but > it don't deliver mails! > Is anybody has already had this problem? > What can I do to fix that? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri May 13 14:15:04 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:36 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Terran Wright > Sent: Thursday, May 12, 2005 4:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bitdefender running with CentOS 4.0 > > Has been addressed here and it's also in the Wiki > > > yum -y install compat-libstdc++-296.i386 compat-libstdc++-33.i386 > > you use yum (or apt) to update your servers.. right? > > I missed this tip the first time around and admit to being guilty of not checking the archives. But I'm happy to report it quickly and easily solved the problem. Thanks Terran, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > ----- Original Message ----- > From: "Stephen Swaney" > To: > Sent: Thursday, May 12, 2005 5:11 PM > Subject: Bitdefender running with CentOS 4.0 > > > > Has anyone managed to get Bitdefender running with CentOS 4.0? > > > > The rpm appears to install normally but the bdc doesn't seem to work. > Looks > > like a libry incompatibility problem. > > > > [root@web bdc]# /opt/bdc/bdc -update > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > Error: can't find update dll > > > > [root@web bdc]# ./bdc . > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > Error: core initialization failed: Libfn initialization failed > > Thanks, > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 13 14:03:44 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:36 2006 Subject: MailScanner Help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Rosaldo Garcia said: > >>MailScanner Experts, >> >> >>Im running redhat 7.3, postfix-1.1.7-2, MailScanner-4.41.3, Clam >>AntiVirus >>Scanner 0.83 >> >>My current postfix server is up and running, i try to install this >>mailscanner and i got this on my maillogs.. >> >> >>May 13 18:06:07 mail MailScanner[8760]: MailScanner E-Mail Virus Scanner >>version 4.41.3 starting... >>May 13 18:06:07 mail MailScanner[8759]: Using locktype = flock >>May 13 18:06:07 mail MailScanner[8759]: Cannot open dir 3 when finding >>depth > > > I would suggest upgrading Postfix. Version 1.x is now _very_ old and > MailScanner support is not as reliable in versions earlier than 2.x I would recommend upgrading 7.3 as well. It is still supported by fedoralegacy, but probably not for too long. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From emmanuel.pieux at GRENOBLE-EM.COM Fri May 13 14:28:18 2005 From: emmanuel.pieux at GRENOBLE-EM.COM (Emmanuel PIEUX) Date: Thu Jan 12 21:29:36 2006 Subject: Sendmail receives mail in mqueue.in but don't forward them to mqueue Message-ID: Many thanks Martin. I've just done the changes in the MailScanner.conf file. I have replaced flock type with posix, restart MailScanner, and... it doesn't work! That's not the solution, but the "flocking" is running fine in this new mode. I'm sure the outgoing sendmail process runs. The mqueue directory remains empty, while the mqueue.in grows fast. I don't know where can I search... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri May 13 14:33:26 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:36 2006 Subject: ProcessClamAVOutput Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, > try the update to 0.85 of Clamav. This did the trick. Thanks. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 13 14:39:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: Sendmail receives mail in mqueue.in but don't forward them to mqueue Message-ID: Emmanuel OK again in MailScanner.conf change BOTH debug options to YES. Stop MailScanner and run check_MailScanner this will dump a load of stuff to the screen. Which should give you a clue as to whats not happening. If you can't anything obvious post the output to this list and more eyes maybe able to see something. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Emmanuel PIEUX wrote: > Many thanks Martin. > > I've just done the changes in the MailScanner.conf file. I have replaced > flock type with posix, restart MailScanner, and... it doesn't work! > That's not the solution, but the "flocking" is running fine in this new mode. > I'm sure the outgoing sendmail process runs. > The mqueue directory remains empty, while the mqueue.in grows fast. > I don't know where can I search... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Fri May 13 14:59:38 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:36 2006 Subject: Rulset enhancement request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have been using MailScanner very happily on Solaris with Sendmail, SpamAssassin and Sophos. I had reason to try to exclude a mailing list from being checked by SpamAssassin recently (the SpamAssassin mailing list :-). I followed the directions and created a ruleset, which should have excluded mails FromTo this list, restarted MailScanner and waited to test. This didn't work, it seemed to be just ignoring the ruleset. I did lots of digging, mailling list archives, google, documentation etc. Upgraded all packages, I even uncommented debugging prints in the code to try to work out what was going on! This wasn't high priority so kept moving on to other jobs, and returning to look into this. Anyway, to cut a long story short, I discovered my problem. I have a number of emails addresses here at work, they all get automatically forwarded to the mail server I run here. I had used one of the forwarded addresses to subscribe to the list in question (policy decisions by the PHBs). The forwarding process changed the envelope sender address, to be forwarding@MUNGED-ucl.ac.uk instead of the list address, so the rulesets were not hitting. I solved the problem by changing my subscription address to the one that comes straight here. In this instance it would have really helped if I was able to check against the 'List-ID' header in the ruleset instead of just 'From' or 'To'. I think being able to check against any header would be a useful new feature. The syntax could be: header: List-Id =~ /users.maillist.id/ yes What do others think? Would it be possible to place this on the new feature wish list? If I can find any free time, I might be able to look at the code for this, but I am swamped at the moment. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Fri May 13 14:55:19 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:36 2006 Subject: %vars% in rules Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Having pondered over this for a while in the source, it would seem that you can't do something like this: From: blah@somewhere.com and To: %mydir%/ruleinfo %myotherdir%/message.txt Reason I was looking at this is several customer details are compiled together, and where they have multiple domains I was considering one regexp file for them instead individual lines, but as the location of the rules might vary from MailScanner implementation to another using a percent var seemed a handy way to do this ... Would it break things absolutely horribly to do variable expansion before any other rule processing, something like: sub Store1Rule { $_ = shift; ... chomp; s/\%([^%]+)\%/$PercentVars{lc($1)}/g; s/\${?(\w+)\}?/$ENV{$1}/g; s/#.*$//; etc etc etc which would in principle allow some items to be set up in MailScanner.conf which can then be reflected in rulesets later on? Maybe that's too dangerous ... ! Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri May 13 15:14:16 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:36 2006 Subject: Request: clamscan --max--ratio setting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, one of our clients frequently receives ZIPs that have compression ratios far over the default 1:250. Unfortunately clamscan does not really care about clamd.conf therefore I have to use --max-ratio= in clamav-wrapper. Could you possibly implement this as an option in MailScanner.conf and push this value out to clamav-wrapper? Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Fri May 13 15:30:26 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:36 2006 Subject: Rulset enhancement request Message-ID: Hi, > my whitelist for the SA list is.. > > From: > users-return-*-martinh=solid-state-logic.com@spamassassin.apache.org > yes > > (all one line of course) > > you have to look carefully at how the actual From is constructed, > there are others that have to be handled the same way Thanks. Mine is currently: From: spamassassin.apache.org yes Which is working now that I have subscribed with my email address that comes straight to my server. My original problem was that the forwarding process from my other address was stripping the envelope 'From' and 'Return-Path' headers so the SA From (in the format you show above) was not available to compare the ruleset against. Now argueably, I should be trying to get that process to do a proper redirect and not mess with the emails. But that will be like trying to herd cats. But the more I think about it, a more general syntax for the rulesets would be useful. > (risks-digest...) -- Martin Hepworth Snr Systems Administrator Solid > State Logic Tel: +44 (0)1865 842300 > > > Anthony Peacock wrote: > > Hi, > > > > I have been using MailScanner very happily on Solaris with Sendmail, > > SpamAssassin and Sophos. > > > > I had reason to try to exclude a mailing list from being checked by > > SpamAssassin recently (the SpamAssassin mailing list :-). I > > followed the directions and created a ruleset, which should have > > excluded mails FromTo this list, restarted MailScanner and waited to > > test. This didn't work, it seemed to be just ignoring the ruleset. > > I did lots of digging, mailling list archives, google, documentation > > etc. Upgraded all packages, I even uncommented debugging prints in > > the code to try to work out what was going on! This wasn't high > > priority so kept moving on to other jobs, and returning to look into > > this. > > > > Anyway, to cut a long story short, I discovered my problem. I have > > a number of emails addresses here at work, they all get > > automatically forwarded to the mail server I run here. I had used > > one of the forwarded addresses to subscribe to the list in question > > (policy decisions by the PHBs). The forwarding process changed the > > envelope sender address, to be forwarding@MUNGED-ucl.ac.uk instead > > of the list address, so the rulesets were not hitting. I solved the > > problem by changing my subscription address to the one that comes > > straight here. > > > > In this instance it would have really helped if I was able to check > > against the 'List-ID' header in the ruleset instead of just 'From' > > or 'To'. I think being able to check against any header would be a > > useful new feature. The syntax could be: > > > > header: List-Id =~ /users.maillist.id/ yes > > > > What do others think? > > > > Would it be possible to place this on the new feature wish list? > > > > If I can find any free time, I might be able to look at the code for > > this, but I am swamped at the moment. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "It is easy to be blinded to the essential uselessness of > > computers by the sense of accomplishment you get from > > getting them to work at all." -- Douglas Adams > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 13 15:19:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:36 2006 Subject: Rulset enhancement request Message-ID: Anthony my whitelist for the SA list is.. From: users-return-*-martinh=solid-state-logic.com@spamassassin.apache.org yes (all one line of course) you have to look carefully at how the actual From is constructed, there are others that have to be handled the same way (risks-digest...) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anthony Peacock wrote: > Hi, > > I have been using MailScanner very happily on Solaris with Sendmail, > SpamAssassin and Sophos. > > I had reason to try to exclude a mailing list from being checked by > SpamAssassin recently (the SpamAssassin mailing list :-). I followed > the directions and created a ruleset, which should have excluded > mails FromTo this list, restarted MailScanner and waited to test. > This didn't work, it seemed to be just ignoring the ruleset. I did > lots of digging, mailling list archives, google, documentation etc. > Upgraded all packages, I even uncommented debugging prints in the > code to try to work out what was going on! This wasn't high priority > so kept moving on to other jobs, and returning to look into this. > > Anyway, to cut a long story short, I discovered my problem. I have a > number of emails addresses here at work, they all get automatically > forwarded to the mail server I run here. I had used one of the > forwarded addresses to subscribe to the list in question (policy > decisions by the PHBs). The forwarding process changed the envelope > sender address, to be forwarding@MUNGED-ucl.ac.uk instead of the list > address, so the rulesets were not hitting. I solved the problem by > changing my subscription address to the one that comes straight here. > > In this instance it would have really helped if I was able to check > against the 'List-ID' header in the ruleset instead of just 'From' or > 'To'. I think being able to check against any header would be a > useful new feature. The syntax could be: > > header: List-Id =~ /users.maillist.id/ yes > > What do others think? > > Would it be possible to place this on the new feature wish list? > > If I can find any free time, I might be able to look at the code for > this, but I am swamped at the moment. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "It is easy to be blinded to the essential uselessness of > computers by the sense of accomplishment you get from > getting them to work at all." -- Douglas Adams > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Fri May 13 16:07:01 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:36 2006 Subject: White listing sites that send Blocked Content? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Can sites that trigger the "Blocked Content" tag be whitelisted in the same way that one would whitelist a site that gets tagged as spam? I've tried to add the following rule to my rules/spam.whitelist.rules file but email from this site is still stopped for blocked content. My rule: From: babycenter-email@nrsvp.babycenter.com yes From: 199.106.72.73 yes I stuck the IP address in there too just in case that would make a difference, it didn't. Thanks, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgutlon at YAHOO.COM Fri May 13 16:24:49 2005 From: rgutlon at YAHOO.COM (Rick Gutlon) Date: Thu Jan 12 21:29:36 2006 Subject: White listing sites that send Blocked Content? Message-ID: Tom: If you look in your MailScanner.conf file you'll see that (by default) Dangerous Content Scanning = points to the virus.scanning.rules file. I had a similar issue and the solution was to create a new rules file (which I called content.checking.rules) and pointed Dangerous Content Scanning to this file where it offers all the flexibility I need. Hope this helps - --- Tom Combs wrote: > Hi, Can sites that trigger the "Blocked Content" > tag be whitelisted in > the same way that one would whitelist a site that > gets tagged as spam? > I've tried to add the following rule to my > rules/spam.whitelist.rules > file but email from this site is still stopped for > blocked content. Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Sun May 15 14:31:05 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > We see loads of this crap comming in, i think i will make a new SA ruleset > for this. Hi Raymond, Would appreciate if you would post a link to your SA ruleset once finished.. we are getting hammered with these as well.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun May 15 14:35:42 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: Hi! >> We see loads of this crap comming in, i think i will make a new SA ruleset >> for this. > Would appreciate if you would post a link to your SA ruleset once finished.. > we are getting hammered with these as well.. Naturally. Its online now at: http://mailscanner.prolocation.net/german.cf I have let it run at my production servers and so far: [root@fallback hosts]# grep GSPAM vmx*/current | wc -l 2090 Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Sun May 15 16:08:35 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Naturally. Its online now at: > > http://mailscanner.prolocation.net/german.cf > > I have let it run at my production servers and so far: > > [root@fallback hosts]# grep GSPAM vmx*/current | wc -l > > 2090 > > Bye, > Raymond. Hi Raymond, Just a quick note, on #15: # 15 Subject: Du wirst ausspioniert ....! You have the word "ausspioniert" in there twice: header PROLO_GSPAM15 Subject =~ /Du wirst ausspioniert ausspioniert \.\.\.\.\!/i -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun May 15 16:13:48 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: Hi! > # 15 Subject: Du wirst ausspioniert ....! > > You have the word "ausspioniert" in there twice: > > header PROLO_GSPAM15 Subject =~ /Du wirst ausspioniert ausspioniert > \.\.\.\.\!/i Thanks. I have also removed the duplicates as someone pointed out :) New version out there now. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon May 16 00:26:49 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:36 2006 Subject: How to beat this? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are getting quite a few sapms through. We have have bayes, dcc, pyzor, razor, sa3.03, mailscanner latest and heaps of SAREs. Still this type of spam get through, can anyone recommend a ruleset or something that will stop it? We operate in this nevv business model. Our chemist-site provides an interface between rnedical suppliers and individual customers. Customers can or-der rneds at the bestprices. Our professional logistic supports bring customers rnore conveniences. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Mon May 16 04:08:48 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:29:36 2006 Subject: Spam via "innocent" machines Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I'm hoping somebody might be able to help with a problem we've been having lately, but mostly today. Some of my users have told us about an increase in spam over the last couple of days. One user claims she has received 50 today. Mailscanner is not picking up these, and when I check, they are getting scores mostly of around 1, but up to 3. These emails are in various languages, but most seem to be english and German, pointing to political news pages. Looking at the headers, the originating addresses appear to be dialup accounts, adsl accounts etc, which could mean these are household computers affected with a worm of some kind. The other thing thats happening is that the user will receive 50 odd undeliverable messages which would suggest that their email address was attached to outgoing spam. I dont know how I can block these without affecting legitimate undeliverable messages. One thing I have noticed is that of the undeliverable addresses, they all seem to start with "3D". For instance 3Dsomename@somehost.com Are any of you having this same issue? Cheers, Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Mon May 16 04:12:29 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:29:36 2006 Subject: Spam via "innocent" machines Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check the thread titled "Auslaenderpolitik" Regards, Brent Addis Group Systems Administrator Times Media Group Jeff Mills wrote: >Hi all, >I'm hoping somebody might be able to help with a problem we've been having lately, but mostly today. >Some of my users have told us about an increase in spam over the last couple of days. >One user claims she has received 50 today. >Mailscanner is not picking up these, and when I check, they are getting scores mostly of around 1, but up to 3. > >These emails are in various languages, but most seem to be english and German, pointing to political news pages. >Looking at the headers, the originating addresses appear to be dialup accounts, adsl accounts etc, which could mean these are household computers affected with a worm of some kind. > >The other thing thats happening is that the user will receive 50 odd undeliverable messages which would suggest that their email address was attached to outgoing spam. I dont know how I can block these without affecting legitimate undeliverable messages. >One thing I have noticed is that of the undeliverable addresses, they all seem to start with "3D". >For instance 3Dsomename@somehost.com > >Are any of you having this same issue? > >Cheers, >Jeff > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From d.jones at FX.NET.NZ Mon May 16 04:21:24 2005 From: d.jones at FX.NET.NZ (Donovan Jones) Date: Thu Jan 12 21:29:36 2006 Subject: Spam via "innocent" machines Message-ID: On Mon, 2005-05-16 at 15:08, Jeff Mills wrote: > Hi all, > I'm hoping somebody might be able to help with a problem we've been having lately, but mostly today. > Some of my users have told us about an increase in spam over the last couple of days. > One user claims she has received 50 today. > Mailscanner is not picking up these, and when I check, they are getting scores mostly of around 1, but up to 3. > These are machines recwently infected by sober now sending german political spam here is a SA ruleset: http://mailscanner.prolocation.net/german.cf > These emails are in various languages, but most seem to be english and German, pointing to political news pages. > Looking at the headers, the originating addresses appear to be dialup accounts, adsl accounts etc, which could mean these are household computers affected with a worm of some kind. > > The other thing thats happening is that the user will receive 50 odd undeliverable messages which would suggest that their email address was attached to outgoing spam. I dont know how I can block these without affecting legitimate undeliverable messages. > One thing I have noticed is that of the undeliverable addresses, they all seem to start with "3D". > For instance 3Dsomename@somehost.com >From addresses are spoofed addresses harvested from infected hosts, usually all harvested local parts appended randomly to all harvested domains. > > Are any of you having this same issue? > yes lots of people see the internet storm center report: http://isc.sans.org/diary.php?date=2005-05-15 > Cheers, > Jeff > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Regards -- Donovan Jones Network Engineer FX Networks +64-4-498 9640 http://www.fx.net.nz ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Mon May 16 04:33:53 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:29:36 2006 Subject: Spam via "innocent" machines Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Thanks guys. A search on the subject of the spam probably would have found me the right thread! > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Donovan Jones > Sent: Monday, 16 May 2005 1:21 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spam via "innocent" machines > > > On Mon, 2005-05-16 at 15:08, Jeff Mills wrote: > > Hi all, > > I'm hoping somebody might be able to help with a problem > we've been having lately, but mostly today. > > Some of my users have told us about an increase in spam > over the last couple of days. > > One user claims she has received 50 today. > > Mailscanner is not picking up these, and when I check, they > are getting scores mostly of around 1, but up to 3. > > > These are machines recwently infected by sober now sending german > political spam > > here is a SA ruleset: > > http://mailscanner.prolocation.net/german.cf > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlm at LOANPROCESSING.NET Mon May 16 04:39:23 2005 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:29:36 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I see that crashhat has the rpms for ClamAV 0.85 for FC3 but not for FC2. Can the FC3 rpms be used on FC2? If not does someone have a repo I can pull FC2 rpms from? Thanks, Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve at NETWAYNETWORKS.COM.AU Mon May 16 05:59:11 2005 From: steve at NETWAYNETWORKS.COM.AU (Steven Evans) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: Hey guys Looks like the spamers have started to change the subjects and contents of the emails. Eg a new one just now: Subj: Auslaender bevorzugt Body: Lese selbst: http://www.npd.de/npd_info/deutschland/2005/d0305-14.html Jetzt weiss man auch, wie es dazu kommt, dass Drogen, Waffen & Handy's in die Haende der Knacki's gelangen! I think we need to make a newer filter that also filters out the 'lese selbst:' in the body and gives the emails scores of 100... Cheers, Steve -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn Sent: Monday, 16 May 2005 1:14 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Auslaenderpolitik Hi! > # 15 Subject: Du wirst ausspioniert ....! > > You have the word "ausspioniert" in there twice: > > header PROLO_GSPAM15 Subject =~ /Du wirst ausspioniert ausspioniert > \.\.\.\.\!/i Thanks. I have also removed the duplicates as someone pointed out :) New version out there now. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Mon May 16 06:11:34 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:29:36 2006 Subject: {Spam?} Re: {Spam!} Re: Auslaenderpolitik Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steven Evans wrote: > Hey guys > > Looks like the spamers have started to change the subjects and contents > of the emails. Eg a new one just now: > > Subj: Auslaender bevorzugt Not really, this subject was already in a filter list I put in after finding it on a different forum yesterday afternoon ... > > Body: > > Lese selbst: > http://www.npd.de/npd_info/deutschland/2005/d0305-14.html > > Jetzt weiss man auch, wie es dazu kommt, dass Drogen, Waffen & Handy's > in die Haende der Knacki's gelangen! > > I think we need to make a newer filter that also filters out the 'lese > selbst:' in the body and gives the emails scores of 100... Well, I wouldn't go as far as putting 100 in there, a score like 2 or so would already be sufficient from what I get through SA: X-nethinks-MailScanner-SpamCheck: spam, SpamAssassin (Wertung=34.761, benoetigt 5, BAYES_05 -0.41, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, INVALID_DATE 0.24, NO_REAL_NAME 0.01, PRIORITY_NO_NAME 1.10, RASSISMUS_MAILS_1 10.00, RASSISMUS_MAILS_2 20.00, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) OK, the two "RASSISMUS_MAILS" rules are what I put in/extended, not sure if the others hit on different Sober-Q spams ... Anyway, while "Lese selbst" is at least an unusual or even wrong sentence (should be "Lies selbst"), the better solution is just to update the subjects, they seem pretty unchanged to me ... ;) -garry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 16 08:16:44 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:36 2006 Subject: Auslaenderpolitik Message-ID: Hi! > Looks like the spamers have started to change the subjects and contents > of the emails. Eg a new one just now: > > Subj: Auslaender bevorzugt Nope, thats no new one. Its listed as subject #30 Check: http://mailscanner.prolocation.net/german.cf > I think we need to make a newer filter that also filters out the 'lese > selbst:' in the body and gives the emails scores of 100... Feel free to do that ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat May 14 22:47:37 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:37 2006 Subject: Suse install document Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have created an install document for SUSE 9.2. As a MS newbie I have found that "really basic" documentation for installing SUSE is difficult to find so I created the document. this document is a combination of me following the instructions for installing each application and the missing dependencies. So his will make it easier for new users to install the right programs to install M and all the other stuff. I am sure that I have missed some important parts for the install but the basis of the install is there. I am sure that once it is on the wiki that someone else will fill in the blanks. I have not written anything about the sendmail install as I am not sure how it needs to configured. The information that Julian wrote in the docs does not match the sendmail config files that I have found in my install. I have also not written about the postfix install for the same reasons. I will not attach this document to the email as I don't want to clog everyones e-mail. If you want to see the document please let me know and I will e-mail it to you. Ugo if you want to document for the wiki let me know Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sat May 14 23:04:16 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:29:37 2006 Subject: Bitdefender running with CentOS 4.0 Message-ID: Basically it boils down to using the 2.9x rpm with old installs, and the 3x rpm with newer installs, or use any of them if you install the "legacy development tools" package option when installing. I tried it today, using CentOS 4 and the bdc*3x*rpm thing, no probs. ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Koen Teugels Sent: Friday, May 13, 2005 1:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bitdefender running with CentOS 4.0 Did you install the compatibility rpm's? Koen Stephen Swaney Sent by: MailScanner mailing list 12/05/2005 23:11 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Bitdefender running with CentOS 4.0 Has anyone managed to get Bitdefender running with CentOS 4.0? The rpm appears to install normally but the bdc doesn't seem to work. Looks like a libry incompatibility problem. [root@web bdc]# /opt/bdc/bdc -update BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll [root@web bdc]# ./bdc . BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: core initialization failed: Libfn initialization failed Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pub at GRIZZLI.ORG Sun May 15 00:10:30 2005 From: pub at GRIZZLI.ORG (Mikael) Date: Thu Jan 12 21:29:37 2006 Subject: restart needed every day for mailscanner Message-ID: Hello, I'm using mailscanner + postfix with debian sarge on two machines and I have to manually restart in order to get mails waiting in the queue processed. I found out that there was a bug (Bug#305239 on debian-bugs-dist@lists.debian.org) but no solution. Do you know a better solution than a restart of mailscanner via a cron job ? Thanks in advance, -- Mikael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun May 15 03:39:41 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:37 2006 Subject: FW: 60 Jahre Befreiung: Wer feiert mit? Message-ID: Is anyone else seeing a ton of these? It looks like zombies are sending them out as they are coming from all over the place on dynamic IP's. Mike -----Original Message----- From: rworley@htn.net [mailto:rworley@htn.net] Sent: Saturday, May 14, 2005 9:28 PM To: Recipient2285@e-mll.net Subject: 60 Jahre Befreiung: Wer feiert mit? http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =149 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =54 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =55 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =56 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Sun May 15 03:57:03 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:37 2006 Subject: FW: 60 Jahre Befreiung: Wer feiert mit? Message-ID: Yep, getting a whole whack of them Matt >>> mike@CAMAROSS.NET 05/14/05 9:39 PM >>> Is anyone else seeing a ton of these? It looks like zombies are sending them out as they are coming from all over the place on dynamic IP's. Mike -----Original Message----- From: rworley@htn.net [mailto:rworley@htn.net] Sent: Saturday, May 14, 2005 9:28 PM To: Recipient2285@e-mll.net Subject: 60 Jahre Befreiung: Wer feiert mit? http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =149 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =54 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =55 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =56 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun May 15 05:28:57 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:37 2006 Subject: FW: 60 Jahre Befreiung: Wer feiert mit? Message-ID: It would appear that a greet pause of 10000 (under sendmail 8.13) slows them down drastically. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kehler Sent: Saturday, May 14, 2005 9:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: FW: 60 Jahre Befreiung: Wer feiert mit? Yep, getting a whole whack of them Matt >>> mike@CAMAROSS.NET 05/14/05 9:39 PM >>> Is anyone else seeing a ton of these? It looks like zombies are sending them out as they are coming from all over the place on dynamic IP's. Mike -----Original Message----- From: rworley@htn.net [mailto:rworley@htn.net] Sent: Saturday, May 14, 2005 9:28 PM To: Recipient2285@e-mll.net Subject: 60 Jahre Befreiung: Wer feiert mit? http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =149 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =54 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =55 http://www.unserforum.com/aff/include.php?path=content/content.php&contentid =56 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Sun May 15 11:52:20 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: Lese selbst: http://www.mjoelnirsseite.de/2100.htm ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun May 15 12:02:10 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: Hi! > Lese selbst: > http://www.mjoelnirsseite.de/2100.htm Oh oh... spam alert... We see loads of this crap comming in, i think i will make a new SA ruleset for this. Subjects found so far: Subject: 4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass Subject: Auf Streife durch den Berliner Wedding Subject: Auslaender bevorzugt Subject: Auslaenderpolitik Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA Subject: Deutsche werden kuenftig beim Arzt abgezockt Subject: Du wirst zum Sklaven gemacht!!! Subject: Graeberschaendung auf bundesdeutsche Anordnung Subject: Hier sind wir Lehrer die einzigen Auslaender Subject: Paranoider Deutschenmoerder kommt in Psychiatrie Subject: Tuerkei in die EU Subject: Verbrechen der deutschen Frau Subject: Vorbildliche Aktion Subject: 60 Jahre Befreiung: Wer feiert mit? Subject: Multi-Kulturell = Multi-Kriminell Subject: Turkish Tabloid Enrages Germany with Nazi Comparisons Subject: Blutige Selbstjustiz Subject: Dresden 1945 Subject: Du wirst ausspioniert ....! If anyone has seen more, please send them with private mail to me. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Fri May 13 17:38:57 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:37 2006 Subject: Outgoing Queue Dir Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I think I need some clarification over what the "Outgoing Queue Dir" directive does, as the tests I've just done have confused me a bit. Is this meant to be a sendmail queue directory, or should it be something else? I've always assumed the former, but I might have misunderstood the comment in the configuration file. The reason I'm asking is because I've recently switched the test machine over to using multiple directories for the sendmail queue; incoming works fine in that it picks up the message from whichever directory sendmail decides to put it in, but for outgoing it would appear to only place the message in the uppermost directory (/var/spool/mqueue.out) - specifying /var/spool/mqueue.out/q.* is a syntax error. This would mean that sendmail never sees the message to send (assuming it re-queues - I had my outbound running in queueonly mode to see where the files end up). So, I'm guessing that though MailScanner can handle an incoming multiple queue split, it cannot handle an outgoing one? (interestingly the admin notice must have called my sendmail.out okay as that is in the proper sendmail queue ready for outbound delivery!) The only thing I can think of atm is to use one of the real sendmail queue directories in the "Outgoing Queue Dir" field, ie. something like /var/spool/mqueue.out/q.1 ... but this does seem a bit artificial (and loses the advantage of multiple queues on a really busy machine). Does that make sense? Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri May 13 18:32:52 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:37 2006 Subject: languages.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brad Beckenhauer wrote: > Tracy, > Your languages.conf should not be blank. This file contains all the words, phrases and sentences that are output to a user by MailScanner. > > This text file has about 70 lines in it. > > You might consider just upgrading MS to fix the problem or reinstall. > > Brad > > >>>>Tracy Greggs 5/12/2005 9:15:47 PM >>> > > I get a ton of things like: > > Looked up unknown string passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Looked up unknown string archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > And so forth in my mail log. My languages.conf is blank. > > Is this normal or am I missing something ? > > FC1/Sendmail 8.13.4/MailScanner 4.39.6 > > Thanks, > Tracy Greggs > I had this happen when running the configuration upgrade script. It choked and left a blank languages.conf. I haven't had time to see why it doesn't work in my systems yet. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Fri May 13 20:25:28 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:37 2006 Subject: Outgoing Queue Dir Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chuck Foster wrote: >So, I'm guessing that though MailScanner can handle an incoming multiple >queue split, it cannot handle an outgoing one? > > I seem to recall a feature being added to handle exactly your situation. I can't find that info at the moment. Hopefully I didn't dream it up. >The only thing I can think of atm is to use one of the real sendmail queue >directories in the "Outgoing Queue Dir" field, ie. something like >/var/spool/mqueue.out/q.1 ... but this does seem a bit artificial (and loses >the advantage of multiple queues on a really busy machine). > > >Does that make sense? >Chuck > > It makes sense to me. Google isn't finding this for me, so I'll re-post an old entry from Julian. This is the "pre-new-feature" answer. -Bill > At 04:46 05/05/2004, you wrote: > >> Hi All, >> >> I am trying to seperate the outgoing queues based on domain name (and >> with a default) - how do I go about creating a seperate file for this? - >> >> ie instead of - >> Outgoing Queue Dir = /var/spool/mqueue.exim/input >> >> I wanted to have - >> domain1 = /var/spool/mqueue.exim.domain1.input >> domain2 = /var/spool/mqueue.exim.domain2.input >> default = /var/spool/mqueue.exim.default > > > It's our old favourite "use a ruleset" answer again > > Set > Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules > > And then in that file put > To: domain1.com /var/spool/mqueue.exim.domain1.input > To: domain2.com /var/spool/mqueue.exim.domain2.input > FromOrTo: default /var/spool/mqueue.exim.default > > Please read the MAQ, the location of which is at the bottom of this > posting. > -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Fri May 13 20:54:56 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:37 2006 Subject: Zip Zip error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well I think I may have solved the mystery. It appears this renaming of the zip file is caused by eTrust Antivirus InoculateIT. We have this installed to run as part of our Exchange server. It also scanned the zip file and detected the encrypted file, then took the original zip file and zipped it up in file with the .zip.zip extension, it also added a text file explaining that there was an encrypted zip file. The error messages have gone away with 0.85 Ed Bruce wrote: > Ok I've narrowed it down. I only get this error when using Outlook 2000 > or Outlook 2003. When I use Thunderbird to connect to our Exhange server > and send zip files this doesn't happen. Only when using an Outlook > client and since moving to Redhat AS 3.1. > > -- > This message has been scanned for viruses and > dangerous content by Secure Resource, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Fri May 13 22:00:38 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:37 2006 Subject: Outgoing Queue Dir Message-ID: Chuck Foster wrote: >Hi, > >I think I need some clarification over what the "Outgoing Queue Dir" >directive does, as the tests I've just done have confused me a bit. > >Is this meant to be a sendmail queue directory, or should it be something >else? I've always assumed the former, but I might have misunderstood the >comment in the configuration file. > > Chuck: Here's another re-posted bit... Still looking for the perfect feature for you. -Bill >Hi Bill, > >We've done multiple outbound queues, but not inbound. >It worked wonderfully. It gave us the ability to offset >bottleneck loads to our M$ Exchange servers (that also run our A/V). >We held up the mail in the spam queues and delivered the non-spam >mail right through during difficult times. > >We received some help from Julian when we did this. >Here is what we did for multiple outbound queues. > >In /etc/MailScanner/MailScanner.conf >change the "Outgoing Queue Dir" setting to a custom function >that get's placed in CustomConfig.pm. > > Outgoing Queue Dir = &MyQueueDir > > >Then in /usr/lib/MailScanner/MailScanner/CustomConfig.pm >add the following functions: > > sub InitMyQueueDir { > MailScanner::Log::InfoLog("Initialising Custom Queue >Directories"); > } > > sub MyQueueDir { > my($message) = @_; > > return '/var/spool/mqueue' unless $message; # catch-all if >message is duff > return '/var/spool/mqueue.highspam' if $message->{ishigh}; > return '/var/spool/mqueue.spam' if $message->{isspam}; > return '/var/spool/mqueue'; > } > > sub EndMyQueueDir { > MailScanner::Log::InfoLog("Ending Custom Queue Directories"); > } > > >Now you need queue runners that get started up.... >in /etc/init.d/MailScanner inside the "StartOutSendmail()" function >add the following lines to the "elif...MTA = sendmail" section. > > $SENDMAIL -q1m -OPidFile=$OUTPID1 -L sm-spam >-OQueueDirectory=/var/spool/mqueue.spam > $SENDMAIL -q5m -OPidFile=$OUTPID2 -L sm-highspam >-OQueueDirectory=/var/spool/mqueue.highspam > > > >Set your queue times to your appropriate needs. > >This system worked great for us. >I would imagine you should be able to the something similar for the inbound >by >modifying the "StartInSendmail" and writing a custom function. > >I hope this helps you out. >Let me know how it works out for you. > >-k > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rggarcia at IMGAME.NET Fri May 13 13:46:56 2005 From: rggarcia at IMGAME.NET (Rosaldo Garcia) Date: Thu Jan 12 21:29:37 2006 Subject: MailScanner Help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the quick response, im into it right now and hope to make this things up when im done upgrading my systems.. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Ugo Bellavance Sent: Friday, May 13, 2005 9:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Help Drew Marshall wrote: > Rosaldo Garcia said: > >>MailScanner Experts, >> >> >>Im running redhat 7.3, postfix-1.1.7-2, MailScanner-4.41.3, Clam >>AntiVirus >>Scanner 0.83 >> >>My current postfix server is up and running, i try to install this >>mailscanner and i got this on my maillogs.. >> >> >>May 13 18:06:07 mail MailScanner[8760]: MailScanner E-Mail Virus Scanner >>version 4.41.3 starting... >>May 13 18:06:07 mail MailScanner[8759]: Using locktype = flock >>May 13 18:06:07 mail MailScanner[8759]: Cannot open dir 3 when finding >>depth > > > I would suggest upgrading Postfix. Version 1.x is now _very_ old and > MailScanner support is not as reliable in versions earlier than 2.x I would recommend upgrading 7.3 as well. It is still supported by fedoralegacy, but probably not for too long. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Mon May 16 10:35:57 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:37 2006 Subject: Outgoing Queue Dir Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Bill, Thanks for those messages. I would suspect at this moment that about the only way to achieve this would be to use a custom function that worked out which sendmail queue to put the message into at the time it's called (guess will need some sort of hash to deal with multiple calls to the function). Being able to specify the same queue format in the outgoing as incoming would be rather useful ... (grin) Thanks for your help Chuck -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of William Burns Sent: 13 May 2005 22:01 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Outgoing Queue Dir Chuck Foster wrote: >Hi, > >I think I need some clarification over what the "Outgoing Queue Dir" >directive does, as the tests I've just done have confused me a bit. > >Is this meant to be a sendmail queue directory, or should it be something >else? I've always assumed the former, but I might have misunderstood the >comment in the configuration file. > > Chuck: Here's another re-posted bit... Still looking for the perfect feature for you. -Bill >Hi Bill, > >We've done multiple outbound queues, but not inbound. >It worked wonderfully. It gave us the ability to offset >bottleneck loads to our M$ Exchange servers (that also run our A/V). >We held up the mail in the spam queues and delivered the non-spam >mail right through during difficult times. > >We received some help from Julian when we did this. >Here is what we did for multiple outbound queues. > >In /etc/MailScanner/MailScanner.conf >change the "Outgoing Queue Dir" setting to a custom function >that get's placed in CustomConfig.pm. > > Outgoing Queue Dir = &MyQueueDir > > >Then in /usr/lib/MailScanner/MailScanner/CustomConfig.pm >add the following functions: > > sub InitMyQueueDir { > MailScanner::Log::InfoLog("Initialising Custom Queue >Directories"); > } > > sub MyQueueDir { > my($message) = @_; > > return '/var/spool/mqueue' unless $message; # catch-all if >message is duff > return '/var/spool/mqueue.highspam' if $message->{ishigh}; > return '/var/spool/mqueue.spam' if $message->{isspam}; > return '/var/spool/mqueue'; > } > > sub EndMyQueueDir { > MailScanner::Log::InfoLog("Ending Custom Queue Directories"); > } > > >Now you need queue runners that get started up.... >in /etc/init.d/MailScanner inside the "StartOutSendmail()" function >add the following lines to the "elif...MTA = sendmail" section. > > $SENDMAIL -q1m -OPidFile=$OUTPID1 -L sm-spam >-OQueueDirectory=/var/spool/mqueue.spam > $SENDMAIL -q5m -OPidFile=$OUTPID2 -L sm-highspam >-OQueueDirectory=/var/spool/mqueue.highspam > > > >Set your queue times to your appropriate needs. > >This system worked great for us. >I would imagine you should be able to the something similar for the inbound >by >modifying the "StartInSendmail" and writing a custom function. > >I hope this helps you out. >Let me know how it works out for you. > >-k > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 16 10:55:55 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn said: > Naturally. Its online now at: > > http://mailscanner.prolocation.net/german.cf > > I have let it run at my production servers and so far: > > [root@fallback hosts]# grep GSPAM vmx*/current | wc -l > > 2090 Raymond Just wanted to say thanks. Downloaded it last night and it's going like a trooper! Regards Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Mon May 16 11:01:59 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Thanks. I have also removed the duplicates as someone pointed out :) > New version out there now. > > Bye, > Raymond. Though I don't use Spamassassin with MS (and Postfix) - prefer to use RBL's - added your info to 'header_checks' and am catching a heap. Thanks, Jon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Mon May 16 11:30:46 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Today I recd a virus email with the name of virus as W32MyDoom. MailScanner / ClamAV didn’t catch the virus. I checked the ClamAV site but unable to find any info on that. My cvd is up to date and I am running MailScanner 4.38. with ClamAV. Should I go for secondary protection for mail server? Please advice. Regards, Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Mon May 16 11:37:24 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:37 2006 Subject: Outgoing Queue Dir Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, It would seem from the code that the "outqueuedir" value is only returned once for each message, dependent on whether it is from DeliverUnscanned(), DeliveredUnmodifiedBody(), or DeliverModifiedBody(). This should mean that I can safely use a counter in my function to cycle through the directories to save to. Can anyone else confirm this is the case, and that I hadn't missed an "obvious" place where the value is called twice for the same message. Chuck -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Chuck Foster Sent: 16 May 2005 10:36 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Outgoing Queue Dir Hi Bill, Thanks for those messages. I would suspect at this moment that about the only way to achieve this would be to use a custom function that worked out which sendmail queue to put the message into at the time it's called (guess will need some sort of hash to deal with multiple calls to the function). Being able to specify the same queue format in the outgoing as incoming would be rather useful ... (grin) Thanks for your help Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 16 11:38:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi what version of ClamAV and have you submitted a sample to Clamav.net ??? f-prot and kapersky are good pay-fors as is Sophos. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devi Sambamoorthy wrote: > Today I recd a virus email with the name of virus as W32MyDoom. > MailScanner / ClamAV didn^Òt catch the virus. I checked the ClamAV site > but unable to find any info on that. My cvd is up to date and I am > running MailScanner 4.38. with ClamAV. Should I go for secondary > protection for mail server? Please advice. > > > > Regards, > > Devi S. > > > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain > PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH > INFORMATION intended solely for the use of Tranquilmoney Inc. it's > clients and the recipient(s) named above. If you are not the intended > recipient, or the employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > review, dissemination, distribution, printing, or copying of this e-mail > message and/or any attachments is strictly prohibited. If you have > received this transmission in error, please notify the sender > immediately and permanently delete this e-mail [shred the document] and > any attachments. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Mon May 16 11:55:25 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: On Sun, 15 May 2005, Raymond Dijkxhoorn wrote: > Hi! > >> Lese selbst: >> http://www.mjoelnirsseite.de/2100.htm > > Oh oh... spam alert... more to hte point, why is teh list open to general post :) shouldnt it be tightened to members only post > > We see loads of this crap comming in, i think i will make a new SA ruleset > for this. > > Subjects found so far: > > Subject: 4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass > Subject: Auf Streife durch den Berliner Wedding > Subject: Auslaender bevorzugt > Subject: Auslaenderpolitik > Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA > Subject: Deutsche werden kuenftig beim Arzt abgezockt > Subject: Du wirst zum Sklaven gemacht!!! > Subject: Graeberschaendung auf bundesdeutsche Anordnung > Subject: Hier sind wir Lehrer die einzigen Auslaender > Subject: Paranoider Deutschenmoerder kommt in Psychiatrie > Subject: Tuerkei in die EU > Subject: Verbrechen der deutschen Frau > Subject: Vorbildliche Aktion > Subject: 60 Jahre Befreiung: Wer feiert mit? > Subject: Multi-Kulturell = Multi-Kriminell > Subject: Turkish Tabloid Enrages Germany with Nazi Comparisons > Subject: Blutige Selbstjustiz > Subject: Dresden 1945 > Subject: Du wirst ausspioniert ....! > > If anyone has seen more, please send them with private mail to me. > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 16 13:17:39 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Hi! > Today I recd a virus email with the name of virus as W32MyDoom. MailScanner > / ClamAV didn't catch the virus. I checked the ClamAV site but unable to > find any info on that. My cvd is up to date and I am running MailScanner > 4.38. with ClamAV. Should I go for secondary protection for mail server? > Please advice. Yes you should, and also submit that sample to Clam, so they can add it. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon May 16 13:36:10 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:37 2006 Subject: Fedora3 vs CentOS4 Message-ID: I would run Centos on a production machine. Fedora is more of a testbed, but Centos is enterprise level. Beware SELinux if you go Centos4. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT Sent: Monday, May 16, 2005 7:26 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Fedora3 vs CentOS4 A stupid question i know but I regard you guys high above my own skills so what track would you choose, Fedora3 or CentOS 4? I will only run mailscanner/SA/pyzor/razor/mailwatch/mailstats and some av-progs /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon May 16 13:25:50 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: A stupid question i know but I regard you guys high above my own skills so what track would you choose, Fedora3 or CentOS 4? I will only run mailscanner/SA/pyzor/razor/mailwatch/mailstats and some av-progs /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon May 16 13:44:44 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:29:37 2006 Subject: Fedora3 vs CentOS4 Message-ID: I will leave SELinux on warn-level or is sit better to just shutit down? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Monday, May 16, 2005 2:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Fedora3 vs CentOS4 > > I would run Centos on a production machine. Fedora is more > of a testbed, but Centos is enterprise level. > Beware SELinux if you go Centos4. > > Mike > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT > Sent: Monday, May 16, 2005 7:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Fedora3 vs CentOS4 > > A stupid question i know but I regard you guys high above my > own skills so what track would you choose, Fedora3 or CentOS 4? > I will only run > mailscanner/SA/pyzor/razor/mailwatch/mailstats and some av-progs > > /Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mbneto at gmail.com Mon May 16 14:14:04 2005 From: mbneto at gmail.com (mbneto) Date: Thu Jan 12 21:29:37 2006 Subject: ProcessClamAVOutput: unrecognised line Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I notice messages like this in my log file MailScanner[11689]: /var/sa/mailsc/11689/./1DXf9g-0003Gs-Jd/ojqal.txt: Empty file MailScanner[11689]: ProcessClamAVOutput: unrecognised line "/var/sa/mailsc/11689/./1DXf9g-0003Gs-Jd/ojqal.txt: Empty file". Please contact the authors! Before contacting the authors (clamav) I was wondering if this is a known issue and if there is something I can do. tks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Mon May 16 14:22:55 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:37 2006 Subject: ProcessClamAVOutput: unrecognised line Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, --- mbneto a écrit: > MailScanner[11689]: > /var/sa/mailsc/11689/./1DXf9g-0003Gs-Jd/ojqal.txt: > Empty file > MailScanner[11689]: ProcessClamAVOutput: > unrecognised line > "/var/sa/mailsc/11689/./1DXf9g-0003Gs-Jd/ojqal.txt: > Empty file". > Please contact the authors! > > Before contacting the authors (clamav) I was > wondering if this is a > known issue and if there is something I can do. Upgrade to latest MailScanner. We had the same error a few days ago, Julian told us to upgrade, and lo! the error is no more :-) Sincerely, NB. _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon May 16 14:25:17 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:37 2006 Subject: Fedora3 vs CentOS4 Message-ID: I just turn it off on my boxen. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT Sent: Monday, May 16, 2005 7:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Fedora3 vs CentOS4 I will leave SELinux on warn-level or is sit better to just shutit down? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Monday, May 16, 2005 2:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Fedora3 vs CentOS4 > > I would run Centos on a production machine. Fedora is more of a > testbed, but Centos is enterprise level. > Beware SELinux if you go Centos4. > > Mike > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT > Sent: Monday, May 16, 2005 7:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Fedora3 vs CentOS4 > > A stupid question i know but I regard you guys high above my own > skills so what track would you choose, Fedora3 or CentOS 4? > I will only run > mailscanner/SA/pyzor/razor/mailwatch/mailstats and some av-progs > > /Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Mon May 16 14:52:31 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: >so what track would you choose, Fedora3 or CentOS 4? >I will only run mailscanner/SA/pyzor/razor/mailwatch/mailstats and some >av-progs > you should test both and make your own decision. i have no problems with FC1,2,3,4t3 if you have time wait a few weeks for FC4. http://fedora.redhat.com/participate/schedule/ my understandig of the distributions chain is: - fedora xyz -> rhel n -> rhel-srpms -> rhel-clones like http://whiteboxlinux.org/ http://taolinux.org/ http://centos.org/ ... afaik redhat must not provide the SRPMS for the public, eg. ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4/en/os/i386/SRPMS/ ftp://ftp.redhat.com/pub/redhat/linux/updates/enterprise/4AS/en/os/SRPMS/ and they can stop it they want. it is your decission which role you will play in this chain. -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 16 16:01:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:37 2006 Subject: Using a Ruleset with High Scoring Spam Actions. Message-ID: hmm actions of "store deliver" works fine for me for non-spam actions and (low) spam actions.... By default this will be in the quarantine dir/spam for spam based stuff. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael H. Martel wrote: > Hello! > > I've got my High Scoring SPAM Actions set like this (line wrapped for > readability ): > > High Scoring Spam Actions = > /opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules > > In this file I have the following, which woks perfectly. > > To: me@vsc.edu deliver > To: default store > > However, if I wanted to do this : > > High Scoring Spam Actions = store deliver > > It only stores, not stores and delivers. I was hoping to have it store and > deliver it. I'm guessing that I can only have one delievery action at a > time. I know that I can do : > > High Scoring Spam Actions = notify store > > or > > High Scoring Spam Actions = notify deliver > > Thoughts ? > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon May 16 15:52:38 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:37 2006 Subject: Using a Ruleset with High Scoring Spam Actions. Message-ID: Hello! I've got my High Scoring SPAM Actions set like this (line wrapped for readability ): High Scoring Spam Actions = /opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules In this file I have the following, which woks perfectly. To: me@vsc.edu deliver To: default store However, if I wanted to do this : High Scoring Spam Actions = store deliver It only stores, not stores and delivers. I was hoping to have it store and deliver it. I'm guessing that I can only have one delievery action at a time. I know that I can do : High Scoring Spam Actions = notify store or High Scoring Spam Actions = notify deliver Thoughts ? Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Mon May 16 16:09:37 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:37 2006 Subject: Web front end for SQL &bydomainspam rules. Message-ID: Greetings Folks, I have successully setup Mailscanner with the &ByDomainSpam white and blacklist customconfig functions and currently use the phplistadmin contrib for editing rules via a web interface. I was wondering if anyone knows of a more advanced front end? Something with user authentication based on /etc/passwd would be ideal but anything with some form of authentication would be great. Many thanks in advance. Tony. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon May 16 16:06:00 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:37 2006 Subject: Suse install document Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Lance, Lance Haig wrote: > Hi, > > I have created an install document for SUSE 9.2. > As a MS newbie I have found that "really basic" documentation for > installing SUSE is difficult to find so I created the document. > this document is a combination of me following the instructions for > installing each application and the missing dependencies. > So his will make it easier for new users to install the right programs > to install M and all the other stuff. > > I am sure that I have missed some important parts for the install but > the basis of the install is there. I am sure that once it is on the wiki > that someone else will fill in the blanks. > > I have not written anything about the sendmail install as I am not sure > how it needs to configured. The information that Julian wrote in the > docs does not match the sendmail config files that I have found in my > install. > > I have also not written about the postfix install for the same reasons. > > I will not attach this document to the email as I don't want to clog > everyones e-mail. > > If you want to see the document please let me know and I will e-mail it > to you. > > Ugo if you want to document for the wiki let me know The Wiki is as free as MailScanner, If you feel you have good documentation to share, create an account and publish it on the wiki, and let me know if you want me to put it in the MAQ. Just let me know if you need help (by e-mail, ideally). > > Thanks > > Lance > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon May 16 16:06:41 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:37 2006 Subject: FW: 60 Jahre Befreiung: Wer feiert mit? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: > Is anyone else seeing a ton of these? It looks like zombies are sending > them out as they are coming from all over the place on dynamic IP's. http://isc.sans.org//index.php?up=toptrends > > Mike > > > -----Original Message----- > From: rworley@htn.net [mailto:rworley@htn.net] > Sent: Saturday, May 14, 2005 9:28 PM > To: Recipient2285@e-mll.net > Subject: 60 Jahre Befreiung: Wer feiert mit? > > http://www.unserforum.com/aff/include.php?path=content/content.php&contentid > =149 > > http://www.unserforum.com/aff/include.php?path=content/content.php&contentid > =54 > > http://www.unserforum.com/aff/include.php?path=content/content.php&contentid > =55 > > http://www.unserforum.com/aff/include.php?path=content/content.php&contentid > =56 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon May 16 16:26:28 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:37 2006 Subject: Suse install document Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo, Ok will do Lance Ugo Bellavance wrote: > Hi Lance, > > Lance Haig wrote: > >> Hi, >> >> I have created an install document for SUSE 9.2. >> As a MS newbie I have found that "really basic" documentation for >> installing SUSE is difficult to find so I created the document. >> this document is a combination of me following the instructions for >> installing each application and the missing dependencies. >> So his will make it easier for new users to install the right programs >> to install M and all the other stuff. >> >> I am sure that I have missed some important parts for the install but >> the basis of the install is there. I am sure that once it is on the wiki >> that someone else will fill in the blanks. >> >> I have not written anything about the sendmail install as I am not sure >> how it needs to configured. The information that Julian wrote in the >> docs does not match the sendmail config files that I have found in my >> install. >> >> I have also not written about the postfix install for the same reasons. >> >> I will not attach this document to the email as I don't want to clog >> everyones e-mail. >> >> If you want to see the document please let me know and I will e-mail it >> to you. >> >> Ugo if you want to document for the wiki let me know > > > The Wiki is as free as MailScanner, If you feel you have good > documentation to share, create an account and publish it on the wiki, > and let me know if you want me to put it in the MAQ. Just let me know > if you need help (by e-mail, ideally). > >> >> Thanks >> >> Lance >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon May 16 16:33:50 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:37 2006 Subject: Looks like an undetected virus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello everybody, We are receiving lots of emails with PIF/SCR/EXE files that aren't detected by McAfee but are by Bitdefender as: info-text.pif suspected: Backdoor.SDBot.187AD917 Since Bitdefender detects it as "suspect" and not "infected", MS would have let it through if it were not for my filename rules that block them. Be warned. Many messages come from fake addresses @usherbrooke.ca (hostmaster, mail, admin, ...) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Mon May 16 16:18:38 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: I think they have to give the sources all the time. Because of the OS licenses. Koen "shrek-m@gmx.de" Sent by: MailScanner mailing list 16/05/2005 15:52 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: OT: Fedora3 vs CentOS4 Anders Andersson, IT wrote: >so what track would you choose, Fedora3 or CentOS 4? >I will only run mailscanner/SA/pyzor/razor/mailwatch/mailstats and some >av-progs > you should test both and make your own decision. i have no problems with FC1,2,3,4t3 if you have time wait a few weeks for FC4. http://fedora.redhat.com/participate/schedule/ my understandig of the distributions chain is: - fedora xyz -> rhel n -> rhel-srpms -> rhel-clones like http://whiteboxlinux.org/ http://taolinux.org/ http://centos.org/ ... afaik redhat must not provide the SRPMS for the public, eg. ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4/en/os/i386/SRPMS/ ftp://ftp.redhat.com/pub/redhat/linux/updates/enterprise/4AS/en/os/SRPMS/ and they can stop it they want. it is your decission which role you will play in this chain. -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 16 17:02:18 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:37 2006 Subject: spamassassin and sendmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White said: > I'm confused - when I look at the output of > > /var/log/maillog shows... > > May 16 08:49:47 linserv2 spamd[5036]: Creating default_prefs > [/root/.spamassassin/user_prefs] > May 16 08:49:47 linserv2 spamd[5036]: Cannot write > to /root/.spamassassin/user_prefs: Permission denied > May 16 08:49:47 linserv2 spamd[5036]: Couldn't create readable > default_prefs for [/root/.spamassassin/user_prefs] You don't need spamd so turn it off and save a few cycles. However, run spamassassin --lint -D as the user your MTA runs as (root, I think you said) and look for errors. That will tell you about any problems MailScanner will see. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon May 16 17:05:18 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:37 2006 Subject: spamassassin and sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White wrote: > I'm confused - when I look at the output of > > /var/log/maillog shows... > > May 16 08:49:47 linserv2 spamd[5036]: Creating default_prefs > [/root/.spamassassin/user_prefs] > May 16 08:49:47 linserv2 spamd[5036]: Cannot write > to /root/.spamassassin/user_prefs: Permission denied > May 16 08:49:47 linserv2 spamd[5036]: Couldn't create readable > default_prefs for [/root/.spamassassin/user_prefs] > Since MailScanner doesn't use spamd, it sounds like you've got some other way of calling SA in place. Perhaps a leftover call to spamc in procmail.rc that's trying to use the bayes DB as some other user? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon May 16 16:56:28 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:37 2006 Subject: Looks like an undetected virus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Hello everybody, > > We are receiving lots of emails with PIF/SCR/EXE files that aren't > detected by McAfee but are by Bitdefender as: > info-text.pif suspected: Backdoor.SDBot.187AD917 > > Since Bitdefender detects it as "suspect" and not "infected", MS would > have let it through if it were not for my filename rules that block them. > > Be warned. > > Many messages come from fake addresses @usherbrooke.ca (hostmaster, > mail, admin, ...) > > Denis > McAfee just updated to 4492 and now detects it as: W32/Mytob.gen@MM In the meantime I modofied SweepViruses.pm to make it catch Bitdefender's *suspected* files. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From giulio.cervera at EDSPA.IT Mon May 16 17:06:47 2005 From: giulio.cervera at EDSPA.IT (Giulio Cervera) Date: Thu Jan 12 21:29:37 2006 Subject: mcafee-autoupdate proxy fix Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -- *Giulio Cervera* EDS PA SpA Via Atanasio Soldati 80 00155 Roma (Italy) tel: +39 06 22739 270 fax: +39 06 22739 233 e-mail: giulio.cervera@edspa.it mcafee-autoupdate does not work correctly with proxy, there is small bug in command line parser. I have also added --cache=off to wget for download a fresh copy of update.ini and not a cached copy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- mcafee-autoupdate.old 2005-05-16 16:20:39.000000000 +0200 +++ mcafee-autoupdate 2005-05-16 17:38:32.000000000 +0200 @@ -58,7 +58,7 @@ ;; /*) PREFIX=$arg ;; - http:) ftp_proxy=$arg + http:*) ftp_proxy=$arg http_proxy=$arg export ftp_proxy export http_proxy @@ -181,7 +181,7 @@ # work out latest dat version try=$RETRIES while : -do getver "wget --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion=" +do getver "wget --cache=off --tries=$try --waitretry=$INTERVAL --passive-ftp $FTPDIR/update.ini" update.ini "DATVersion=" VERSION=$VER case $VERSION in UNKNOWN) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Mon May 16 16:56:58 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:29:37 2006 Subject: spamassassin and sendmail Message-ID: I'm confused - when I look at the output of /var/log/maillog shows... May 16 08:49:47 linserv2 spamd[5036]: Creating default_prefs [/root/.spamassassin/user_prefs] May 16 08:49:47 linserv2 spamd[5036]: Cannot write to /root/.spamassassin/user_prefs: Permission denied May 16 08:49:47 linserv2 spamd[5036]: Couldn't create readable default_prefs for [/root/.spamassassin/user_prefs] ]# ls -al /root/.spamassassin/ total 5756 drwxrw---- 2 root root 4096 May 16 08:51 . drwxr-x--- 28 root root 4096 May 15 21:04 .. -rw-rw---- 1 root root 172032 May 16 08:50 auto-whitelist -rw------- 1 root root 28 May 16 08:51 bayes.lock -rw------- 1 root root 84 May 16 08:51 bayes.lock.linserv2.mullenpr.com.16030 -rw-rw---- 1 root root 331776 May 16 08:50 bayes_seen -rw-rw---- 1 root root 3866624 May 16 08:50 bayes_toks -rw-rw---- 1 root root 1830912 May 16 08:51 bayes_toks.new -rw-rw-r-- 1 root root 1218 Dec 14 2003 user_prefs on other systems, I am using postfix and MailScanner runs as user postfix and I don't have this problem. I note that MailScanner runs as user root in this setup. This is an upgrade from an earlier MailScanner & spamassassin and I tried to upgrade the bayes db and ended up replacing it with the downloadable starter db from fortress systems. Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 16 17:24:14 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:37 2006 Subject: spamassassin and sendmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White said: > actually, I turned on spamass-milter since if I turn spamass-milter off, > I don't see anything regarding spamassassin in the headers as if it is > not getting invoked at all. Do you get MailScanner headers? MS calls SpamAssasin using internal Perl calls so you won't see any SA headers. If you ensure that you have Use SpamAssassin = yes in MailScanner.conf, set both the debug options to yes in the same file, allow the incoming queue to fill a bit then check_mailscanner to run MS in debug mode that will give more ideas still as to what is going on during the actual process, if you think it's not working. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 16 17:27:26 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: Hi! > I think they have to give the sources all the time. Because of the OS > licenses. But they dont have to make them freely available. Besided that, the RedHat people do a lot of development also, would be fair it you run a large mailserver you just buy the beauty... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 17 00:35:36 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:37 2006 Subject: Help with German spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > Hi All, > > Over the weekend we were hammered with several thousand (>50,000) spam > messages in german. Now my german is good enough to back-pack across > Germany and order beer - alas not up to snuff for identify spam > words/phrases in german e-mail. > > Arbitrarily banning german code pages is not an option as we do legitimate > buusiness in this area. So my plea to the list: does anyone have some good > spamassassin rules to catch german spam?? > > Cheers, > > James Gray Search todays archive for Auslaenderpolitik. Someone posted a rule for this new Sober variant -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Tue May 17 02:05:49 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:37 2006 Subject: Help with German spam Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 17 May 2005 08:56 am, James Gray wrote: > Hi All, > > Over the weekend we were hammered with several thousand (>50,000) spam > messages in german. Now my german is good enough to back-pack across > Germany and order beer - alas not up to snuff for identify spam > words/phrases in german e-mail. Thanks Drew and Scott. FWIW, I sent the above message while I was offline and I hadn't checked my mail over the weekend. Apologies :) -- James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Tue May 17 02:32:52 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: Hey All, I just upgraded my MailScanner to the newest version, and I get this message upon loading: May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf Which seems straight forward however: [root@ireland MailScanner]# grep unrar MailScanner.conf [root@ireland MailScanner]# Anyone know how to unset this? What's bugging me more than anything is I'm sure this is an FAQ; apologies in advance Thanks Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue May 17 02:40:49 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: Hi Mark, It's near the TNEF options in mailscanner.conf .. Unrar Command = /usr/bin/unrar It's strange however that grep doesn't turn up anything when run against the .conf file It also may be worth installing unrar .. I found packaged rpm distros for fc3 unrar quite easy to find. Tony. Mark Campbell Sent by: MailScanner mailing list 05/17/2005 11:32 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject unrar Hey All, I just upgraded my MailScanner to the newest version, and I get this message upon loading: May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf Which seems straight forward however: [root@ireland MailScanner]# grep unrar MailScanner.conf [root@ireland MailScanner]# Anyone know how to unset this? What's bugging me more than anything is I'm sure this is an FAQ; apologies in advance Thanks Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Tue May 17 02:43:03 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Tony, Thanks for your rapid reply, I should have specified that I don't have unrar on my system (I believe it's not free?), if there is a version I could get my hands on I could resolve the problem... Thanks again Mark Mark Campbell -- IT Convergence OS Administrator ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tony Enderby Sent: Monday, May 16, 2005 6:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: unrar Hi Mark, It's near the TNEF options in mailscanner.conf .. Unrar Command = /usr/bin/unrar It's strange however that grep doesn't turn up anything when run against the .conf file It also may be worth installing unrar .. I found packaged rpm distros for fc3 unrar quite easy to find. Tony. Mark Campbell Sent by: MailScanner mailing list 05/17/2005 11:32 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject unrar Hey All, I just upgraded my MailScanner to the newest version, and I get this message upon loading: May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf Which seems straight forward however: [root@ireland MailScanner]# grep unrar MailScanner.conf [root@ireland MailScanner]# Anyone know how to unset this?  What's bugging me more than anything is I'm sure this is an FAQ; apologies in advance Thanks Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue May 17 02:43:34 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:37 2006 Subject: Web front end for SQL &bydomainspam rules. Message-ID: Many thanks Dhawal, I'll search the archive and see if there's anything I can contribute. Tony. Dhawal Doshy Sent by: MailScanner mailing list 05/17/2005 03:37 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Web front end for SQL &bydomainspam rules. Tony Enderby wrote: > > Greetings Folks, > > I have successully setup Mailscanner with the &ByDomainSpam white and > blacklist customconfig functions and currently use the phplistadmin > contrib for editing rules via a web interface. > > I was wondering if anyone knows of a more advanced front end? > > Something with user authentication based on /etc/passwd would be ideal > but anything with some form of authentication would be great. > > Many thanks in advance. > > Tony. MailWatch 0.6 [http://mailwatch.sourceforge.net], when available will feature mysql based per user / domain whitelists & blacklists. As of now there is no fixed date for the release, though you can speed it up by helping Steve with the following: :: MCP Support :: User Management (create users GUI) :: Audit logging :: XML-RPC web services for running multiple MailScanner/MailWatch boxes :: Enhanced reporting of MTA deliveries/rejections :: Better query builder for reports :: Quarantine Report :: Blacklist/Whitelist (this is what you want) And the following :: Testing CVS version for bugs :: Writing upgrade instructions :: Updating the website with new features/screen-shots of CVS Search the mailwatch-users archive on sourceforge for Steve's mail on this date '4/2/2005' for a better explanation of the features. me and quite a few others (especially Peter Russell) are eagerly waiting for 0.6 and have been pestering Steve for a beta release. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Tue May 17 02:43:18 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tony Enderby wrote: > > Hi Mark, > > It's near the TNEF options in mailscanner.conf .. > > Unrar Command = /usr/bin/unrar > > It's strange however that grep doesn't turn up anything when run > against the .conf file > > It also may be worth installing unrar .. I found packaged rpm distros > for fc3 unrar quite easy to find. > > Tony. > > > > > *Mark Campbell * > Sent by: MailScanner mailing list > > 05/17/2005 11:32 AM > Please respond to > MailScanner mailing list > > > > To > MAILSCANNER@JISCMAIL.AC.UK > cc > > Subject > unrar > > > > > > > > > > Hey All, > > I just upgraded my MailScanner to the newest version, and I get this > message upon loading: > > May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar > does not exist or is not executable, please either install it or remove > the setting from MailScanner.conf > > Which seems straight forward however: > > [root@ireland MailScanner]# grep unrar MailScanner.conf > [root@ireland MailScanner]# > > Anyone know how to unset this? What's bugging me more than anything is > I'm sure this is an FAQ; apologies in advance > > Thanks > > Mark > > Mark Campbell > -- > IT Convergence OS Administrator > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* Or maybe you did'nt do upgrade_MailScanner_conf. Mine : grep unrar /etc/MailScanner/MailScanner.conf # Where the "unrar" command is installed. Unrar Command = /usr/bin/unrar # The maximum length of time the "unrar" command is allowed to run for 1 ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From d.jones at FX.NET.NZ Tue May 17 02:44:34 2005 From: d.jones at FX.NET.NZ (Donovan Jones) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: On Tue, 2005-05-17 at 13:32, Mark Campbell wrote: > Hey All, > > I just upgraded my MailScanner to the newest version, and I get this > message upon loading: > > May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar > does not exist or is not executable, please either install it or remove > the setting from MailScanner.conf it sounds like installing unrar may be an idea, plus try 'grep -i unrar' heres the unrar section from my config (4.41.3 in debian sarge): -= cut here =- # Where the "unrar" command is installed. # If you haven't got this command, look at www.rarlab.com. # # This is used for unpacking rar archives so that the contents can be # checked for banned filenames and filetypes, and also that the # archive can be tested to see if it is password-protected. # Virus scanning the contents of rar archives is still left to the virus # scanner, with one exception: # If using the clavavmodule virus scanner, this adds external RAR checking # to that scanner which is needed for archives which are RAR version 3. Unrar Command = /usr/bin/unrar # The maximum length of time the "unrar" command is allowed to run for 1 # RAR archive (in seconds) Unrar Timeout = 50 -= cut here =- Regards -- Donovan Jones ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Tue May 17 02:56:58 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: Thanks for all your replies, I found a copy of unrar at: ftp://sunsite.unc.edu/pub/Linux/utils/compress/unrar-2.71.tar.gz Thanks again Mark Mark Campbell -- IT Convergence OS Administrator Telephone: [800] 675-0032 Ext. 2630 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Donovan Jones Sent: Monday, May 16, 2005 6:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: unrar On Tue, 2005-05-17 at 13:32, Mark Campbell wrote: > Hey All, > > I just upgraded my MailScanner to the newest version, and I get this > message upon loading: > > May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar > does not exist or is not executable, please either install it or remove > the setting from MailScanner.conf it sounds like installing unrar may be an idea, plus try 'grep -i unrar' heres the unrar section from my config (4.41.3 in debian sarge): -= cut here =- # Where the "unrar" command is installed. # If you haven't got this command, look at www.rarlab.com. # # This is used for unpacking rar archives so that the contents can be # checked for banned filenames and filetypes, and also that the # archive can be tested to see if it is password-protected. # Virus scanning the contents of rar archives is still left to the virus # scanner, with one exception: # If using the clavavmodule virus scanner, this adds external RAR checking # to that scanner which is needed for archives which are RAR version 3. Unrar Command = /usr/bin/unrar # The maximum length of time the "unrar" command is allowed to run for 1 # RAR archive (in seconds) Unrar Timeout = 50 -= cut here =- Regards -- Donovan Jones ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue May 17 03:43:28 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Mark Campbell > Sent: Monday, May 16, 2005 8:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: unrar > > > Thanks for all your replies, I found a copy of unrar at: > > ftp://sunsite.unc.edu/pub/Linux/utils/compress/unrar-2.71.tar.gz > > Thanks again > > Mark > > Mark Campbell > -- > IT Convergence OS Administrator [...] You don't mention your distro, but find something in the version 3.x range because the 2.x versions cannot unpack the later versions (which are the most common) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Tue May 17 06:42:26 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn Sent: Monday, May 16, 2005 5:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV does not detect W32MyDoom? Hi! > Today I recd a virus email with the name of virus as W32MyDoom. MailScanner > / ClamAV didn't catch the virus. I checked the ClamAV site but unable to > find any info on that. My cvd is up to date and I am running MailScanner > 4.38. with ClamAV. Should I go for secondary protection for mail server? > Please advice. >Yes you should, and also submit that sample to Clam, so they can add it. Thank you all for your advice. But any one else facing the problem with Clam? Or I am the only person facing this problem as I am running older version of Clam AV (0.75)? Regards Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue May 17 06:58:36 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi Sambamoorthy wrote: > > Thank you all for your advice. But any one else facing the problem with > Clam? Or I am the only person facing this problem as I am running older > version of Clam AV (0.75)? > > Regards > Devi S. > You shouldn't be using 0.75, as the engine doesn't have the necessary features to catch all viruses referenced in clamav database. Check the FAQ on http://wiki.clamav.net/ and upgrade at the earliest. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue May 17 07:56:09 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: Hi! > It's near the TNEF options in mailscanner.conf .. > > Unrar Command = /usr/bin/unrar > > It's strange however that grep doesn't turn up anything when run against > the .conf file > > It also may be worth installing unrar .. I found packaged rpm distros for > fc3 unrar quite easy to find. Its not strange if he didnt upgrade his configuraion yet... he might want to grep in the .rpmnew version then ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue May 17 07:57:22 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: Hi! > ftp://sunsite.unc.edu/pub/Linux/utils/compress/unrar-2.71.tar.gz > > Thanks again You should use a more recent version.... ftp://ftp.rarsoft.com Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Tue May 17 08:36:03 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:37 2006 Subject: unrar Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mark Campbell Sent: 17 May 2005 02:33 To: MAILSCANNER@JISCMAIL.AC.UK Subject: unrar Hey All, I just upgraded my MailScanner to the newest version, and I get this message upon loading: May 16 18:29:40 ireland MailScanner[18895]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf Which seems straight forward however: [root@ireland MailScanner]# grep unrar MailScanner.conf [root@ireland MailScanner]# Anyone know how to unset this? What's bugging me more than anything is I'm sure this is an FAQ; apologies in advance Thanks Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! What flavour of OS are you running? I had this issue with the upgrade and found unrar in the dag repository for Centos 3/4 so all I had to do was 'yum install unrar'. NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 08:53:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:37 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: Given 0.85.1 was announced last night prob best to "use the source Luke" ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mark Nienberg wrote: > Mike McMullen wrote: > >> Hi All, >> >> I see that crashhat has the rpms for ClamAV 0.85 for FC3 >> but not for FC2. >> >> Can the FC3 rpms be used on FC2? If not does someone have >> a repo I can pull FC2 rpms from? >> >> >> > Eventually they will be here: > http://dag.wieers.com/packages/clamav/ > > That is when I will install it. Currently only 0.84 is there. > > -- > Mark Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave > Berkeley, CA 94704 > http://www.tippingmar.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 08:56:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:37 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Devi you need to upgrade to 0.85.1 (latest as of right now:-). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devi Sambamoorthy wrote: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Raymond Dijkxhoorn > Sent: Monday, May 16, 2005 5:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV does not detect W32MyDoom? > > Hi! > > >>Today I recd a virus email with the name of virus as W32MyDoom. > > MailScanner > >>/ ClamAV didn't catch the virus. I checked the ClamAV site but unable to >>find any info on that. My cvd is up to date and I am running MailScanner >>4.38. with ClamAV. Should I go for secondary protection for mail server? >>Please advice. > > >>Yes you should, and also submit that sample to Clam, so they can add it. > > > > Thank you all for your advice. But any one else facing the problem with > Clam? Or I am the only person facing this problem as I am running older > version of Clam AV (0.75)? > > Regards > Devi S. > > > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue May 17 09:10:21 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:37 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://dag.wieers.com/packages/clamav/ already has 0.85.1 - dhawal Martin Hepworth wrote: > Given 0.85.1 was announced last night prob best to "use the source Luke" > ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mark Nienberg wrote: > >> Mike McMullen wrote: >> >>> Hi All, >>> >>> I see that crashhat has the rpms for ClamAV 0.85 for FC3 >>> but not for FC2. >>> >>> Can the FC3 rpms be used on FC2? If not does someone have >>> a repo I can pull FC2 rpms from? >>> >>> >>> >> Eventually they will be here: >> http://dag.wieers.com/packages/clamav/ >> >> That is when I will install it. Currently only 0.84 is there. >> >> -- >> Mark Nienberg, SE >> Tipping Mar + associates >> 1906 Shattuck Ave >> Berkeley, CA 94704 >> http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon May 16 17:51:28 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:37 2006 Subject: Using a Ruleset with High Scoring Spam Actions. Message-ID: --On Monday, May 16, 2005 4:01 PM +0100 Martin Hepworth wrote: > actions of "store deliver" works fine for me for non-spam actions and > (low) spam actions.... > > By default this will be in the quarantine dir/spam for spam based Right. It seems to work for me if it's not in a .rules file. Is yours in a .rules file ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 16 17:55:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:37 2006 Subject: Using a Ruleset with High Scoring Spam Actions. Message-ID: yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael H. Martel wrote: > --On Monday, May 16, 2005 4:01 PM +0100 Martin Hepworth > wrote: > >> actions of "store deliver" works fine for me for non-spam actions and >> (low) spam actions.... >> >> By default this will be in the quarantine dir/spam for spam based > > > Right. It seems to work for me if it's not in a .rules file. Is yours in a > .rules file ? > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Mon May 16 18:11:35 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My issue w/ the Fedora line is that "support" i.e. patches are not available as long. Otherwise, FC3 is the equivalent of RHEL4. (Tuned slightly differently) If you've got no problems w/ re-installing Fedora versions to keep up w/ a supported version, then that's fine. If you need patches+updates but are unwilling to reinstall at whatever rate Fedora becomes unsupported, (or "best-effort" supported) then you'll want to go w/ RHEL4, or one of it's derivatives. RHEL4 requires you to keep a subscription up to date in order to continue to get your binary updates. Other options include the "other" commercial disto SuSE. The SuSE pricing/support model is similar to the older RedHat distros. You can install one copy on multiple machines, and get your updates indefinitely. I suppose that there's a danger of SuSE changing over the new RedHat model, and becoming "stranded" without commercial updates, similarly to RH9 users. Another issue is that the latest Fedora gets new features and packages before RHEL. If that's something that you're interested in then Fedora has that in its favor. -Bill shrek-m@gmx.de wrote: > Anders Andersson, IT wrote: > >> so what track would you choose, Fedora3 or CentOS 4? >> I will only run mailscanner/SA/pyzor/razor/mailwatch/mailstats and some >> av-progs >> > > you should test both and make your own decision. > i have no problems with FC1,2,3,4t3 > > if you have time wait a few weeks for FC4. > http://fedora.redhat.com/participate/schedule/ > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon May 16 18:13:41 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:37 2006 Subject: Using a Ruleset with High Scoring Spam Actions. Message-ID: --On Monday, May 16, 2005 12:51 PM -0400 "Michael H. Martel" wrote: >> actions of "store deliver" works fine for me for non-spam actions and >> (low) spam actions.... >> >> By default this will be in the quarantine dir/spam for spam based > > Right. It seems to work for me if it's not in a .rules file. Is yours in > a > .rules file ? Now it's working. Must be I fat fingered something. Thanks for confirming that I was confused. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Mon May 16 18:26:10 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:29:37 2006 Subject: OT: Fedora3 vs CentOS4 Message-ID: Raymond Dijkxhoorn wrote: >> I think they have to give the sources all the time. Because of the OS >> licenses. > OS "Fedora Core" is free OS "RedHat Enterprise Linux" is not really free > But they dont have to make them freely available. thanks. https://www.redhat.com/archives/taroon-list/2004-February/msg00286.html not saying this is deliberate or even supposed to be this, however I think one thing needs to be very clear (and there often seems to be a misunderstanding about this): Neither the GPL nor the LGPL require Red Hat to put the sources online. The (L)GPL requirements are satisfied by either providing the source with all binaries (as we do with the CD's and with RHN) OR providing a written offer for the source OR provide them online basically (see section 3 of the GPL). Putting the src.rpm's on the ftp site is optional for us but we're glad to do so for the people who appreciate that service. https://www.redhat.com/archives/taroon-list/2004-March/msg00031.html ... > Besided that, the RedHat people do a lot of development also, would be > fair it you run a large > mailserver you just buy the beauty... 100% agreed -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon May 16 18:37:05 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:37 2006 Subject: Web front end for SQL &bydomainspam rules. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tony Enderby wrote: > > Greetings Folks, > > I have successully setup Mailscanner with the &ByDomainSpam white and > blacklist customconfig functions and currently use the phplistadmin > contrib for editing rules via a web interface. > > I was wondering if anyone knows of a more advanced front end? > > Something with user authentication based on /etc/passwd would be ideal > but anything with some form of authentication would be great. > > Many thanks in advance. > > Tony. MailWatch 0.6 [http://mailwatch.sourceforge.net], when available will feature mysql based per user / domain whitelists & blacklists. As of now there is no fixed date for the release, though you can speed it up by helping Steve with the following: :: MCP Support :: User Management (create users GUI) :: Audit logging :: XML-RPC web services for running multiple MailScanner/MailWatch boxes :: Enhanced reporting of MTA deliveries/rejections :: Better query builder for reports :: Quarantine Report :: Blacklist/Whitelist (this is what you want) And the following :: Testing CVS version for bugs :: Writing upgrade instructions :: Updating the website with new features/screen-shots of CVS Search the mailwatch-users archive on sourceforge for Steve's mail on this date '4/2/2005' for a better explanation of the features. me and quite a few others (especially Peter Russell) are eagerly waiting for 0.6 and have been pestering Steve for a beta release. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon May 16 18:35:19 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:29:37 2006 Subject: Auslaenderpolitik Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Naturally. Its online now at: > > http://mailscanner.prolocation.net/german.cf > Hi Raymond, Thanks for posting your rules. I came in this morning to see that my systems had received close to 10k of these messages. Definitely not very nice ;-) Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Mon May 16 18:40:14 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:29:37 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike McMullen wrote: >Hi All, > >I see that crashhat has the rpms for ClamAV 0.85 for FC3 >but not for FC2. > >Can the FC3 rpms be used on FC2? If not does someone have >a repo I can pull FC2 rpms from? > > > Eventually they will be here: http://dag.wieers.com/packages/clamav/ That is when I will install it. Currently only 0.84 is there. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at WOZENILEK.DE Mon May 16 18:46:54 2005 From: mail at WOZENILEK.DE (Martin Wozenilek) Date: Thu Jan 12 21:29:37 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ClamAV 0.85 for FC2 is out now: http://crash.fce.vutbr.cz/crash-hat/2/clamav/ Mark Nienberg wrote: > Mike McMullen wrote: > >> Hi All, >> >> I see that crashhat has the rpms for ClamAV 0.85 for FC3 >> but not for FC2. >> >> Can the FC3 rpms be used on FC2? If not does someone have >> a repo I can pull FC2 rpms from? >> >> >> > Eventually they will be here: > http://dag.wieers.com/packages/clamav/ > > That is when I will install it. Currently only 0.84 is there. > > -- > Mark Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave > Berkeley, CA 94704 > http://www.tippingmar.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: mail@wozenilek.de PGP-Key-ID: 0x00105C52 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlm at LOANPROCESSING.NET Mon May 16 19:05:24 2005 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:29:37 2006 Subject: OT: ClamAV 0.85 for FC2 Repo? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: "Martin Wozenilek" > >ClamAV 0.85 for FC2 is out now: >http://crash.fce.vutbr.cz/crash-hat/2/clamav/ > Thanks I just pulled it down. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Mon May 16 20:21:17 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:37 2006 Subject: Reading Archived Mail Message-ID: Ok, I have enabled mail archiving to date-coded folders under /var/spool/MailScanner/archive - so what's the best way to search/read these messages? Thanks NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Mon May 16 22:37:08 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:37 2006 Subject: bayes DB not growing Message-ID: I have a new installation of mailscanner, and for the last few days I keep noticing the following message: debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 now today, it has finally changed to: debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite a few spams that have gone through, and have been marked as spam, and i see "autolearn=spam" in the log. shouldn't these be added to the bayes DB?? here is the rest of that part of the log that deals with bayes: debug: bayes: 2357 tie-ing to DB file R/O /home/exim/.spamassassin/bayes_toks debug: bayes: 2357 tie-ing to DB file R/O /home/exim/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB < 200 debug: bayes: 2357 untie-ing debug: bayes: 2357 untie-ing db_toks debug: bayes: 2357 untie-ing db_seen debug: Score set 1 chosen. any idea what i might be doing wrong ? it is odd to me that 1 email did finally end up in the bayes db... thanks for any help!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 16 23:05:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:38 2006 Subject: install-Clam-SA package Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > No reason. If I get up early enough tomorrow, I will update this. > Otherwise it will have to wait until the weekend. > > Scott Silva wrote: > >> Julian, >> Is there any particular reason that you have Mail-ClamAV-0.13 in this >> package? >> I was updating for my local use, and had to go to Mail-ClamAV-0.17 to >> get a clean install with ClamAV-0.85. >> I can post if it would save you some time. >> I will run it for a while to look for errors for the rest of the day. I have it done, and running all week with no errors. ClamAV and clamavmodule have identical detections so far. If you want to save yourself some time, I can send to you offlist, or on, your preference. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon May 16 23:54:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:38 2006 Subject: install-Clam-SA package Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Julian Field wrote: > >>No reason. If I get up early enough tomorrow, I will update this. >>Otherwise it will have to wait until the weekend. >> >>Scott Silva wrote: >> >> >>>Julian, >>>Is there any particular reason that you have Mail-ClamAV-0.13 in this >>>package? >>>I was updating for my local use, and had to go to Mail-ClamAV-0.17 to >>>get a clean install with ClamAV-0.85. >>>I can post if it would save you some time. >>>I will run it for a while to look for errors for the rest of the day. > > I have it done, and running all week with no errors. ClamAV and > clamavmodule have identical detections so far. > > If you want to save yourself some time, I can send to you offlist, or > on, your preference. > Probably too large for the list, must remember to use brain before hitting the send button! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Mon May 16 23:56:52 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:38 2006 Subject: Help with German spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, Over the weekend we were hammered with several thousand (>50,000) spam messages in german. Now my german is good enough to back-pack across Germany and order beer - alas not up to snuff for identify spam words/phrases in german e-mail. Arbitrarily banning german code pages is not an option as we do legitimate buusiness in this area. So my plea to the list: does anyone have some good spamassassin rules to catch german spam?? Cheers, James Gray -- Mail Administrator Open Channel Solutions Web: http://www.ocs.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Tue May 17 00:34:05 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:38 2006 Subject: Help with German spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: >Hi All, > >Over the weekend we were hammered with several thousand (>50,000) spam >messages in german. Now my german is good enough to back-pack across >Germany and order beer - alas not up to snuff for identify spam >words/phrases in german e-mail. > >Arbitrarily banning german code pages is not an option as we do legitimate >buusiness in this area. So my plea to the list: does anyone have some good >spamassassin rules to catch german spam?? > >Cheers, > >James Gray > > If you had checked the archive you would have found this discussed over the weekend. :-) Try this rule from here http://mailscanner.prolocation.net/german.cf kindly donated by Raymond Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue May 17 00:40:03 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:38 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.85.1 Message-ID: FYI -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Monday, May 16, 2005 7:25 PM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.85.1 Dear ClamAV users, release 0.85.1 is available for download. A problem where an email with more than one content-disposition type line, one or more of which was empty, could crash libclamav has been fixed. Other minor bugfixes have been made. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue May 17 09:59:10 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] have a look on this link to see whether it answer your question. http://wiki.apache.org/spamassassin/AutolearningNotWorking Cheers Raylund Arif Malik wrote: > I have a new installation of mailscanner, and for the last few days I > keep noticing the following message: > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 > > now today, it has finally changed to: debug: bayes: Not available for > scanning, only 1 spam(s) in Bayes DB < 200 > but there has been quite a few spams that have gone through, and have > been marked as spam, and i see "autolearn=spam" in the log. shouldn't > these be added to the bayes DB?? here is the rest of that part of the > log that deals with bayes: > > debug: bayes: 2357 tie-ing to DB file R/O > /home/exim/.spamassassin/bayes_toks > debug: bayes: 2357 tie-ing to DB file R/O > /home/exim/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB < 200 > debug: bayes: 2357 untie-ing > debug: bayes: 2357 untie-ing db_toks > debug: bayes: 2357 untie-ing db_seen > debug: Score set 1 chosen. > > any idea what i might be doing wrong ? it is odd to me that 1 email > did finally end up in the bayes db... thanks for any help!!! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 10:23:39 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: I'm getting errors in my logs after upgrading the sophos engine SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538)::..... I've found a reference to it from google but no solution - anyone here know the answer? SophosSAVI 3.93 (engine 2.29) GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 10:45:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: Greg yes is is. upgrade to latest which is 3.93.2 and you'll need a new sophos-wrapper as well so it catches the version properly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Matthews wrote: > I'm getting errors in my logs after upgrading the sophos engine > > SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted > (538)::..... > > I've found a reference to it from google but no solution - anyone here > know the answer? > SophosSAVI 3.93 (engine 2.29) > > GREG > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 10:56:12 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: On Tue, 2005-05-17 at 10:45 +0100, Martin Hepworth wrote: > Greg > > yes is is. > > upgrade to latest which is 3.93.2 and you'll need a new sophos-wrapper > as well so it catches the version properly. great - its the upgrade to 3.93.2 that has brought this up, do I need to upgrade MailScanner to get the new sophos wrapper? I've only just upgraded to 4.40.11-1 on all the relays. GREG > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Greg Matthews wrote: > > I'm getting errors in my logs after upgrading the sophos engine > > > > SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted > > (538)::..... > > > > I've found a reference to it from google but no solution - anyone here > > know the answer? > > SophosSAVI 3.93 (engine 2.29) > > > > GREG > > > > -- > > Greg Matthews 01491 692445 > > Head of UNIX/Linux, iTSS Wallingford > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 11:02:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: Greg http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/sophos-autoupdate should work OK with 4.40.11 I think.. Also I've heard 3.93.2 still isn't 100% happy with savi on Linux. Someone one list had problems after the upgrade so maybe they've not fixed it properly. i think they placed a support call with Sophos... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Matthews wrote: > On Tue, 2005-05-17 at 10:45 +0100, Martin Hepworth wrote: > >>Greg >> >>yes is is. >> >>upgrade to latest which is 3.93.2 and you'll need a new sophos-wrapper >>as well so it catches the version properly. > > > great - its the upgrade to 3.93.2 that has brought this up, do I need to > upgrade MailScanner to get the new sophos wrapper? I've only just > upgraded to 4.40.11-1 on all the relays. > > GREG > > >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Greg Matthews wrote: >> >>>I'm getting errors in my logs after upgrading the sophos engine >>> >>>SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted >>>(538)::..... >>> >>>I've found a reference to it from google but no solution - anyone here >>>know the answer? >>>SophosSAVI 3.93 (engine 2.29) >>> >>>GREG >>> >>>-- >>>Greg Matthews 01491 692445 >>>Head of UNIX/Linux, iTSS Wallingford >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Tue May 17 11:02:45 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:29:38 2006 Subject: Spam via "innocent" machines Message-ID: Jeff, Yes, same here. I block with this rule From: 3d*@* yes rgds Patrickc Jeff Mills wrote: Hi all, I'm hoping somebody might be able to help with a problem we've been having lately, but mostly today. Some of my users have told us about an increase in spam over the last couple of days. One user claims she has received 50 today. Mailscanner is not picking up these, and when I check, they are getting scores mostly of around 1, but up to 3. These emails are in various languages, but most seem to be english and German, pointing to political news pages. Looking at the headers, the originating addresses appear to be dialup accounts, adsl accounts etc, which could mean these are household computers affected with a worm of some kind. The other thing thats happening is that the user will receive 50 odd undeliverable messages which would suggest that their email address was attached to outgoing spam. I dont know how I can block these without affec! ting legitimate undeliverable messages. One thing I have noticed is that of the undeliverable addresses, they all seem to start with "3D". For instance 3Dsomename@somehost.com Are any of you having this same issue? Cheers, Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Tue May 17 11:26:02 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:38 2006 Subject: Reading Archived Mail - repost - anyone? Message-ID: I'm drawing a blank with my Web/FAQ/MFAQ searches on this - is it better to archive to a mailbox and just use that to check old mails later if the need arises? Thanks -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Nigel Kendrick Sent: 16 May 2005 20:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Reading Archived Mail Ok, I have enabled mail archiving to date-coded folders under /var/spool/MailScanner/archive - so what's the best way to search/read these messages? Thanks NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 11:33:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: Reading Archived Mail - repost - anyone? Message-ID: Nigel I use mailwatch to produce reports and do header based searches. If you want to search in the body you'll have to do something else. Depends why you want to search the body, and I presume your users have signed (this is important under RIPA) an email policy document that allows you to keep and monitor their communications... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Nigel Kendrick wrote: > I'm drawing a blank with my Web/FAQ/MFAQ searches on this - is it better to > archive to a mailbox and just use that to check old mails later if the need > arises? > > Thanks > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Nigel Kendrick > Sent: 16 May 2005 20:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Reading Archived Mail > > > Ok, I have enabled mail archiving to date-coded folders under > /var/spool/MailScanner/archive - so what's the best way to search/read these > messages? > > Thanks > > NK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 11:31:15 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: On Tue, 2005-05-17 at 11:02 +0100, Martin Hepworth wrote: > Greg > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/sophos-autoupdate > > should work OK with 4.40.11 I think.. seems good - many thanks GREG > > Also I've heard 3.93.2 still isn't 100% happy with savi on Linux. > Someone one list had problems after the upgrade so maybe they've not > fixed it properly. i think they placed a support call with Sophos... -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Tue May 17 11:44:25 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/sophos-autoupdate > should work OK with 4.40.11 I think.. It works for MailScanner version 4.40.11 but i still have this problem with sophossavi: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538 The wrapper works for me ... so i changed to sophos direct into the Mailscanner.conf. Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Tue May 17 12:05:16 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:38 2006 Subject: Reading Archived Mail - repost - anyone? Message-ID: >I use mailwatch to produce reports and do header based searches.. > >If you want to search in the body you'll have to do something else. > >Depends why you want to search the body, and I presume your users have signed (this is important under RIPA) an email >policy document that allows you to keep and monitor their communications... Thanks for the reply - all employees (it's an in-house mail server) have to sign an AUP document that covers their use of the Internet and email services and what monitoring we perform. If I check headers and then find the emails I want, can I just re-submit them to be forwarded to me in order to see them in their reassembled glory - if not, it seems that there's a 'gap in the market' for a mail archive searcher/browser - I'll perhaps have to get my programming skills up to speed again?! NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 13:50:11 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: I'm running three mail relays served round-robin by DNS. Over the last month these have started to struggle to cope with the load. I've installed a caching DNS server on one and it may have a small effect offsetting the RBL lookups but it's too small to be definite. All 3 have a DNS server close by on the local network. I'm thinking about changing the file system used to hold the mqueue.in directory. At the moment, it is ext3. Do people have recommendations for this? I'm running with an older redhat kernel so XFS isnt an immediate option but ReiserFS is. At the moment I have around 10000 emails in the incoming queue on each machine and typical iostat numbers look like: Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util /dev/sda 0.80 621.80 12.00 232.00 104.00 6873.60 52.00 3436.80 28.60 964.72 394.43 3.07 74.80 /dev/sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 /dev/sda2 0.80 621.80 12.00 232.00 104.00 6873.60 52.00 3436.80 28.60 964.72 394.43 3.07 74.80 /dev/sdb 0.00 620.40 8.80 233.40 70.40 6873.60 35.20 3436.80 28.67 967.70 398.60 3.13 75.80 /dev/sdb1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 /dev/sdb2 0.00 620.40 8.80 233.40 70.40 6873.60 35.20 3436.80 28.67 967.70 398.60 3.13 75.80 I'm not exactly expert on interpreting this but the await numbers look high as does the queue size (I've just seen it at 951). The relays are using md to create a raid1 mirror of two scsi disks, could the md be a bottleneck too? Each box has dual 2.8GHz Xeons with hyperthreading turned on - is HT a winner or should I turn it off? Perhaps I just need more/faster hardware? Any comments and suggestions most welcome. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue May 17 14:10:02 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Greg Matthews wrote: > I'm running three mail relays served round-robin by DNS. Over the last > month these have started to struggle to cope with the load. > ext2 seems like an excellent choice still. If you have lots of little mail, maybe ReiserFS. Personally most servers that struggle which I have seen were killed by disk I/O needs. Is that a fast SCSI Raid controller? (like an IBM 6M for example) are those disks fastest scsi disks ? - -d - -- nee anata wo mitsukete soshite nidoto wasurezu donna ni munega itakutemo soba ni iru no zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCie0qPMoaMn4kKR4RA3joAJ9HtxXHL11G9hbBZV5ZI/aXELMLAACfaHI0 gyFochnMYC9DiNtB8/uMrcc= =VSLt -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From HancockS at MORGANCO.COM Tue May 17 14:14:21 2005 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:29:38 2006 Subject: Conf file change request spam.assassin.prefs.conf Message-ID: Could this section of spam.assassin.prefs.conf call a file similar to the whitelist file? # =============== Change SpamAssassin Rules scores =============== I'm hoping it would make upgrading mailscanner easier. Thanks Scott Hancock -Morgan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 14:20:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: Conf file change request spam.assassin.prefs.conf Message-ID: Scott you could alway put you site specific things in a file in /etc/mail/spamassassin. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Hancock, Scott wrote: > Could this section of spam.assassin.prefs.conf call a file similar to > the whitelist file? > > # =============== Change SpamAssassin Rules scores =============== > > I'm hoping it would make upgrading mailscanner easier. > > Thanks > > Scott Hancock > -Morgan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 14:41:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: Hi Greg Do you reject unknown users on the inbound MTA - we 550 reject 70% of our inbound traffic that way. (nice to see you on another list other than oxlug) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Matthews wrote: > I'm running three mail relays served round-robin by DNS. Over the last > month these have started to struggle to cope with the load. > > I've installed a caching DNS server on one and it may have a small > effect offsetting the RBL lookups but it's too small to be definite. All > 3 have a DNS server close by on the local network. > > I'm thinking about changing the file system used to hold the mqueue.in > directory. At the moment, it is ext3. Do people have recommendations for > this? I'm running with an older redhat kernel so XFS isnt an immediate > option but ReiserFS is. > > At the moment I have around 10000 emails in the incoming queue on each > machine and typical iostat numbers look like: > > Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util > /dev/sda 0.80 621.80 12.00 232.00 104.00 6873.60 52.00 3436.80 28.60 964.72 394.43 3.07 74.80 > /dev/sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 > /dev/sda2 0.80 621.80 12.00 232.00 104.00 6873.60 52.00 3436.80 28.60 964.72 394.43 3.07 74.80 > /dev/sdb 0.00 620.40 8.80 233.40 70.40 6873.60 35.20 3436.80 28.67 967.70 398.60 3.13 75.80 > /dev/sdb1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 > /dev/sdb2 0.00 620.40 8.80 233.40 70.40 6873.60 35.20 3436.80 28.67 967.70 398.60 3.13 75.80 > > I'm not exactly expert on interpreting this but the await numbers look > high as does the queue size (I've just seen it at 951). > > The relays are using md to create a raid1 mirror of two scsi disks, > could the md be a bottleneck too? > > Each box has dual 2.8GHz Xeons with hyperthreading turned on - is HT a > winner or should I turn it off? > > Perhaps I just need more/faster hardware? > > Any comments and suggestions most welcome. > > GREG > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue May 17 15:08:17 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: Here's what I sent to Sophos last Friday on my open ticket with them. I ran across this thread online today. http://www.vanja.com/listarc/vtools/2005-May/thread.html#1746 I've been running SAV for Linux libc 6 with glibc 2.2 ever since we switched to Sophos a few years ago. After reading the above thread I removed SAV 3.93.2 for libc 6 with glibc 2.2 and installed SAV 3.93.2 for Linux libc 6. So far it's working as it should be without any corrupted file warnings by SAVI. It appears that 3.93 has some serious issues with some version of glibc 2.2 and above. I'm running on a Fedora Core 1 box with the following version glibc rpms installed. glibc-devel-2.3.2-101.4 glibc-common-2.3.2-101.4 glibc-headers-2.3.2-101.4 glibc-kernheaders-2.4-8.36 glibc-2.3.2-101.4 -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Martin Hepworth wrote: > Greg > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/sophos-autoupdate > > should work OK with 4.40.11 I think.. > > Also I've heard 3.93.2 still isn't 100% happy with savi on Linux. > Someone one list had problems after the upgrade so maybe they've not > fixed it properly. i think they placed a support call with Sophos... > > > Greg Matthews wrote: >> On Tue, 2005-05-17 at 10:45 +0100, Martin Hepworth wrote: >> >>> Greg >>> >>> yes is is. >>> >>> upgrade to latest which is 3.93.2 and you'll need a new >>> sophos-wrapper as well so it catches the version properly. >> >> >> great - its the upgrade to 3.93.2 that has brought this up, do I >> need to upgrade MailScanner to get the new sophos wrapper? I've only >> just upgraded to 4.40.11-1 on all the relays. >> >> GREG >> >> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Greg Matthews wrote: >>> >>>> I'm getting errors in my logs after upgrading the sophos engine >>>> >>>> SophosSAVI::ERROR:: Sweep could not proceed, the file was >>>> corrupted (538)::..... >>>> >>>> I've found a reference to it from google but no solution - anyone >>>> here know the answer? SophosSAVI 3.93 (engine 2.29) >>>> >>>> GREG >>>> >>>> -- >>>> Greg Matthews 01491 692445 >>>> Head of UNIX/Linux, iTSS Wallingford >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 11:35:06 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: no, I spoke too soon, the problem is still there. On Tue, 2005-05-17 at 11:02 +0100, Martin Hepworth wrote: > Greg > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/sophos-autoupdate > > should work OK with 4.40.11 I think.. > > Also I've heard 3.93.2 still isn't 100% happy with savi on Linux. > Someone one list had problems after the upgrade so maybe they've not > fixed it properly. i think they placed a support call with Sophos... I'll be monitoring the list for a solution. GREG > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From HancockS at MORGANCO.COM Tue May 17 14:58:14 2005 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:29:38 2006 Subject: Conf file change request spam.assassin.prefs.conf Message-ID: Ok, I did some more looking. Seems I air balled this one. It looks like I should put my changes in /var/lib/MailScanner/user_prefs - owner and group of run-as user in MailScanner.conf. Thanks Scott ------------------------------------------- From Glenn.Steen at AP1.SE Tue May 17 15:04:29 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: Greg Matthews wrote: (snipped mangled quote by OutLook-QuoteFix. Sigh) > Any comments and suggestions most welcome. > > GREG Seems that write performance might be what is killing you. Do you use the tmpfs thing for the incoming (MS work-) directory? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 15:20:48 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: On Tue, 2005-05-17 at 16:04 +0200, Steen, Glenn wrote: > Greg Matthews wrote: > (snipped mangled quote by OutLook-QuoteFix. Sigh) as bad as groupwise? > > Any comments and suggestions most welcome. > Seems that write performance might be what is killing you. > Do you use the tmpfs thing for the incoming (MS work-) directory? yes, I already tmpfs for the work dir. I am thinking that with 10,000 mails in the mqueue.in directory (~20000 files) the system might be stalling just reading the dir. I've just increased max children from 9 to 20 to see if that helps. The comments recommend 5 per cpu but doesnt mention HT processors. > > -- Glenn > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue May 17 15:51:59 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: You should probably manually run sa-learn on 200 spam emails and subsequently 200 ham emails so that the bayes db will then start being used. HTH, Sean Smith IT Administrator RedRed!com Billy A. Pumphrey wrote: >That is a good link. On my mailwatch, I look at the spam messages and I >do see this a lot: >Autolearn=spam > >I also see that some messages do not have a autolearn= >I am guessing that it was not autolearned because from the link, it said >that a message needs 3 points from the header and 3 points from the body >to be autolearned. > >When I do a spamassassin -D --lint. I get: >debug: bayes: found bayes db version 3 >debug: using "/root/.spamassassin" for user state dir >debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < >200 > >So mine says that there are only 0 spams. Does this mean that I need to >fix something? > > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > > >>-----Original Message----- >>From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] >>Sent: Tuesday, May 17, 2005 3:59 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>have a look on this link to see whether it answer your question. >>http://wiki.apache.org/spamassassin/AutolearningNotWorking >> >>Cheers >>Raylund >> >>Arif Malik wrote: >> >> >> >>>I have a new installation of mailscanner, and for the last few days >>> >>> >I > > >>>keep noticing the following message: >>> >>>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB >>> >>> >< > > >>200 >> >> >>>now today, it has finally changed to: debug: bayes: Not available >>> >>> >for > > >>>scanning, only 1 spam(s) in Bayes DB < 200 >>>but there has been quite a few spams that have gone through, and >>> >>> >have > > >>>been marked as spam, and i see "autolearn=spam" in the log. >>> >>> >shouldn't > > >>>these be added to the bayes DB?? here is the rest of that part of >>> >>> >the > > >>>log that deals with bayes: >>> >>>debug: bayes: 2357 tie-ing to DB file R/O >>>/home/exim/.spamassassin/bayes_toks >>>debug: bayes: 2357 tie-ing to DB file R/O >>>/home/exim/.spamassassin/bayes_seen >>>debug: bayes: found bayes db version 3 >>>debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB >>> >>> >< > > >>200 >> >> >>>debug: bayes: 2357 untie-ing >>>debug: bayes: 2357 untie-ing db_toks >>>debug: bayes: 2357 untie-ing db_seen >>>debug: Score set 1 chosen. >>> >>>any idea what i might be doing wrong ? it is odd to me that 1 email >>>did finally end up in the bayes db... thanks for any help!!! >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 15:40:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: swamped mail relays - suggestions Message-ID: Greg at that level the emergency mode of MailScanner should be kicking in... # If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only". Max Normal Queue Size = some number what MTA are you using and can it do split dirs like postfix and exim can do? Also are you rejecting unknown users on the inbound MTA? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Matthews wrote: > On Tue, 2005-05-17 at 16:04 +0200, Steen, Glenn wrote: > >>Greg Matthews wrote: >>(snipped mangled quote by OutLook-QuoteFix. Sigh) > > > as bad as groupwise? > > >>>Any comments and suggestions most welcome. > > >>Seems that write performance might be what is killing you. >>Do you use the tmpfs thing for the incoming (MS work-) directory? > > > yes, I already tmpfs for the work dir. I am thinking that with 10,000 > mails in the mqueue.in directory (~20000 files) the system might be > stalling just reading the dir. > > I've just increased max children from 9 to 20 to see if that helps. The > comments recommend 5 per cpu but doesnt mention HT processors. > > >>-- Glenn >> > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 17 15:47:52 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: That is a good link. On my mailwatch, I look at the spam messages and I do see this a lot: Autolearn=spam I also see that some messages do not have a autolearn= I am guessing that it was not autolearned because from the link, it said that a message needs 3 points from the header and 3 points from the body to be autolearned. When I do a spamassassin -D --lint. I get: debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 So mine says that there are only 0 spams. Does this mean that I need to fix something? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > Sent: Tuesday, May 17, 2005 3:59 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > have a look on this link to see whether it answer your question. > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > Cheers > Raylund > > Arif Malik wrote: > > > I have a new installation of mailscanner, and for the last few days I > > keep noticing the following message: > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > > > now today, it has finally changed to: debug: bayes: Not available for > > scanning, only 1 spam(s) in Bayes DB < 200 > > but there has been quite a few spams that have gone through, and have > > been marked as spam, and i see "autolearn=spam" in the log. shouldn't > > these be added to the bayes DB?? here is the rest of that part of the > > log that deals with bayes: > > > > debug: bayes: 2357 tie-ing to DB file R/O > > /home/exim/.spamassassin/bayes_toks > > debug: bayes: 2357 tie-ing to DB file R/O > > /home/exim/.spamassassin/bayes_seen > > debug: bayes: found bayes db version 3 > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB < > 200 > > debug: bayes: 2357 untie-ing > > debug: bayes: 2357 untie-ing db_toks > > debug: bayes: 2357 untie-ing db_seen > > debug: Score set 1 chosen. > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > did finally end up in the bayes db... thanks for any help!!! > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 15:52:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Billy depends where you have the bayes_path set to in spam.assassin.prefs.conf. Try.... spamassassin -D --lint -p /spam.assassin.prefs.conf spam.assassin.prefs.conf in the same directory as MailScanner.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Billy A. Pumphrey wrote: > That is a good link. On my mailwatch, I look at the spam messages and I > do see this a lot: > Autolearn=spam > > I also see that some messages do not have a autolearn= > I am guessing that it was not autolearned because from the link, it said > that a message needs 3 points from the header and 3 points from the body > to be autolearned. > > When I do a spamassassin -D --lint. I get: > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > So mine says that there are only 0 spams. Does this mean that I need to > fix something? > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > >>-----Original Message----- >>From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] >>Sent: Tuesday, May 17, 2005 3:59 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>have a look on this link to see whether it answer your question. >>http://wiki.apache.org/spamassassin/AutolearningNotWorking >> >>Cheers >>Raylund >> >>Arif Malik wrote: >> >> >>>I have a new installation of mailscanner, and for the last few days > > I > >>>keep noticing the following message: >>> >>>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB > > < > >>200 >> >>>now today, it has finally changed to: debug: bayes: Not available > > for > >>>scanning, only 1 spam(s) in Bayes DB < 200 >>>but there has been quite a few spams that have gone through, and > > have > >>>been marked as spam, and i see "autolearn=spam" in the log. > > shouldn't > >>>these be added to the bayes DB?? here is the rest of that part of > > the > >>>log that deals with bayes: >>> >>>debug: bayes: 2357 tie-ing to DB file R/O >>>/home/exim/.spamassassin/bayes_toks >>>debug: bayes: 2357 tie-ing to DB file R/O >>>/home/exim/.spamassassin/bayes_seen >>>debug: bayes: found bayes db version 3 >>>debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB > > < > >>200 >> >>>debug: bayes: 2357 untie-ing >>>debug: bayes: 2357 untie-ing db_toks >>>debug: bayes: 2357 untie-ing db_seen >>>debug: Score set 1 chosen. >>> >>>any idea what i might be doing wrong ? it is odd to me that 1 email >>>did finally end up in the bayes db... thanks for any help!!! >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue May 17 16:28:31 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:38 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: Quite a while back there was a discussion on this list regarding using the MTA to split incoming emails to multiple recipients into individual messages, one per recipient, before dropping the messages into MailScanner's incoming queue. This allows MailScanner to apply an individual's spam preferences and rules to each message. I posted instructions to the old FAQ for how to do this for sendmail and Exim and there was a post to this list saying that is was also possible to do this with postfix. Unfortunately I can't find any instructions that tell how to configure postfix to split emails into individual messages for each recipient. If anyone can forward any instructions or pointers for accomplishing this using postfix, I would greatly appreciate it and I will see that they get into the new MAQ. Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Tue May 17 16:32:01 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: On May 17, 2005, at 2:45 AM, Martin Hepworth wrote: > upgrade to latest which is 3.93.2 and you'll need a new sophos-wrapper For anyone who was reading through this discussion and panicked when they saw the above line: It's wrong. You don't need a new sophos-wrapper. You need a new sophos-autoupdate (and this is the same "new" sophos-autoupdate that was mentioned a week or so ago). This became clear a few posts later when the "file you need" link given was in fact sophos-autoupdate and not sophos-wrapper. (and I did some testing here to be sure) The sophos-wrapper going back to MailScanner-4.25-14 appears to work just fine. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Tue May 17 16:39:27 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Hmm - what I am seeing in my logs, is EVERY message shows "autolearn=spam" - even though my bayes DB isn't growing... even messages that aren't tagged as spam are showing it - for example: May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv from 209.0.2 4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not spam, SpamA ssassin (score=2.733, required 4, autolearn=spam, AWL 1.02, HTML_90_100 0.19, HT ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, NO_REAL_NAME 0 .18, URIBL_SBL 0.63) shouldn't only messages that are considered spam be showing the "autolearn=spam" ??? I still don't know why the bayes DB only has 1 spam in it still, but I will try using sa-learn to feed it 200 spams and hams and see what happens... but I am still wondering about the autolearn behavior, if anyone has any insight.. thanks! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey Sent: Tuesday, May 17, 2005 7:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing That is a good link. On my mailwatch, I look at the spam messages and I do see this a lot: Autolearn=spam I also see that some messages do not have a autolearn= I am guessing that it was not autolearned because from the link, it said that a message needs 3 points from the header and 3 points from the body to be autolearned. When I do a spamassassin -D --lint. I get: debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 So mine says that there are only 0 spams. Does this mean that I need to fix something? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > Sent: Tuesday, May 17, 2005 3:59 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > have a look on this link to see whether it answer your question. > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > Cheers > Raylund > > Arif Malik wrote: > > > I have a new installation of mailscanner, and for the last few days I > > keep noticing the following message: > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > > > now today, it has finally changed to: debug: bayes: Not available for > > scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite > > a few spams that have gone through, and have > > been marked as spam, and i see "autolearn=spam" in the log. shouldn't > > these be added to the bayes DB?? here is the rest of that part of the > > log that deals with bayes: > > > > debug: bayes: 2357 tie-ing to DB file R/O > > /home/exim/.spamassassin/bayes_toks > > debug: bayes: 2357 tie-ing to DB file R/O > > /home/exim/.spamassassin/bayes_seen > > debug: bayes: found bayes db version 3 > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB < > 200 > > debug: bayes: 2357 untie-ing > > debug: bayes: 2357 untie-ing db_toks > > debug: bayes: 2357 untie-ing db_seen > > debug: Score set 1 chosen. > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > did finally end up in the bayes db... thanks for any help!!! > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 17 16:44:30 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Hhmm...I am a newbie so I don't know why that is. I did go and check some non spam messages and here is an example: spam autolearn=not -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.70 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.00 HTML_MESSAGE HTML included in message So I getting at least one autolearn=not. So looks like my autolearn reporting is working OK. BTW: How do you feed spamassassin ham and spam? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] > Sent: Tuesday, May 17, 2005 10:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Hmm - what I am seeing in my logs, is EVERY message shows > "autolearn=spam" - even though my bayes DB isn't growing... even > messages that aren't tagged as spam are showing it - for example: > > May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv from > 209.0.2 > 4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not > spam, SpamA > ssassin (score=2.733, required 4, autolearn=spam, AWL 1.02, HTML_90_100 > 0.19, HT > ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, > NO_REAL_NAME 0 > .18, URIBL_SBL 0.63) > > shouldn't only messages that are considered spam be showing the > "autolearn=spam" ??? I still don't know why the bayes DB only has 1 spam > in it still, but I will try using sa-learn to feed it 200 spams and hams > and see what happens... but I am still wondering about the autolearn > behavior, if anyone has any insight.. thanks! > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, May 17, 2005 7:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > That is a good link. On my mailwatch, I look at the spam messages and I > do see this a lot: > Autolearn=spam > > I also see that some messages do not have a autolearn= I am guessing > that it was not autolearned because from the link, it said that a > message needs 3 points from the header and 3 points from the body to be > autolearned. > > When I do a spamassassin -D --lint. I get: > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > So mine says that there are only 0 spams. Does this mean that I need to > fix something? > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > -----Original Message----- > > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > > Sent: Tuesday, May 17, 2005 3:59 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes DB not growing > > > > have a look on this link to see whether it answer your question. > > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > > > Cheers > > Raylund > > > > Arif Malik wrote: > > > > > I have a new installation of mailscanner, and for the last few days > I > > > keep noticing the following message: > > > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB > < > > 200 > > > > > > now today, it has finally changed to: debug: bayes: Not available > for > > > scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite > > > a few spams that have gone through, and > have > > > been marked as spam, and i see "autolearn=spam" in the log. > shouldn't > > > these be added to the bayes DB?? here is the rest of that part of > the > > > log that deals with bayes: > > > > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_toks > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_seen > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB > < > > 200 > > > debug: bayes: 2357 untie-ing > > > debug: bayes: 2357 untie-ing db_toks > > > debug: bayes: 2357 untie-ing db_seen > > > debug: Score set 1 chosen. > > > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > > did finally end up in the bayes db... thanks for any help!!! > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 17 16:46:02 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: I was going to say also that sometimes there is no autolearn statement, like this: -0.41 BAYES_05 Bayesian spam probability is 1 to 5% 0.01 NO_REAL_NAME From: does not include a real name Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] > Sent: Tuesday, May 17, 2005 10:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Hmm - what I am seeing in my logs, is EVERY message shows > "autolearn=spam" - even though my bayes DB isn't growing... even > messages that aren't tagged as spam are showing it - for example: > > May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv from > 209.0.2 > 4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not > spam, SpamA > ssassin (score=2.733, required 4, autolearn=spam, AWL 1.02, HTML_90_100 > 0.19, HT > ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, > NO_REAL_NAME 0 > .18, URIBL_SBL 0.63) > > shouldn't only messages that are considered spam be showing the > "autolearn=spam" ??? I still don't know why the bayes DB only has 1 spam > in it still, but I will try using sa-learn to feed it 200 spams and hams > and see what happens... but I am still wondering about the autolearn > behavior, if anyone has any insight.. thanks! > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, May 17, 2005 7:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > That is a good link. On my mailwatch, I look at the spam messages and I > do see this a lot: > Autolearn=spam > > I also see that some messages do not have a autolearn= I am guessing > that it was not autolearned because from the link, it said that a > message needs 3 points from the header and 3 points from the body to be > autolearned. > > When I do a spamassassin -D --lint. I get: > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > So mine says that there are only 0 spams. Does this mean that I need to > fix something? > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > -----Original Message----- > > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > > Sent: Tuesday, May 17, 2005 3:59 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes DB not growing > > > > have a look on this link to see whether it answer your question. > > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > > > Cheers > > Raylund > > > > Arif Malik wrote: > > > > > I have a new installation of mailscanner, and for the last few days > I > > > keep noticing the following message: > > > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB > < > > 200 > > > > > > now today, it has finally changed to: debug: bayes: Not available > for > > > scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite > > > a few spams that have gone through, and > have > > > been marked as spam, and i see "autolearn=spam" in the log. > shouldn't > > > these be added to the bayes DB?? here is the rest of that part of > the > > > log that deals with bayes: > > > > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_toks > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_seen > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB > < > > 200 > > > debug: bayes: 2357 untie-ing > > > debug: bayes: 2357 untie-ing db_toks > > > debug: bayes: 2357 untie-ing db_seen > > > debug: Score set 1 chosen. > > > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > > did finally end up in the bayes db... thanks for any help!!! > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue May 17 16:50:28 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: you must keep some spam messages in a seperate folder on the server, then keep some ham messages in another folder on the server. Say the spam is in /home/user/Maildir/Spam/ then you would run the following command: sa-learn --spam /home/user/Maildir/Spam/ And the same goes for ham. If your ham is in /home/user/Maildir/Ham/ then run: sa-learn --ham /home/user/Maildir/Ham/ Sean Billy A. Pumphrey wrote: >Hhmm...I am a newbie so I don't know why that is. > >I did go and check some non spam messages and here is an example: >spam autolearn=not >-2.60 BAYES_00 Bayesian spam probability is 0 to 1% >0.70 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date >0.00 HTML_MESSAGE HTML included in message > >So I getting at least one autolearn=not. So looks like my autolearn >reporting is working OK. > >BTW: How do you feed spamassassin ham and spam? > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 16:50:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Billy sa-learn -p /spam.assassin.prefs.conf -ham < message man sa-learn for all the options. There's a nice started kit available at www.fsl.com/support -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Billy A. Pumphrey wrote: > Hhmm...I am a newbie so I don't know why that is. > > I did go and check some non spam messages and here is an example: > spam autolearn=not > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > 0.70 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date > 0.00 HTML_MESSAGE HTML included in message > > So I getting at least one autolearn=not. So looks like my autolearn > reporting is working OK. > > BTW: How do you feed spamassassin ham and spam? > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >>-----Original Message----- >>From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] >>Sent: Tuesday, May 17, 2005 10:39 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>Hmm - what I am seeing in my logs, is EVERY message shows >>"autolearn=spam" - even though my bayes DB isn't growing... even >>messages that aren't tagged as spam are showing it - for example: >> >>May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv > > from > >>209.0.2 >>4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not >>spam, SpamA >>ssassin (score=2.733, required 4, autolearn=spam, AWL 1.02, > > HTML_90_100 > >>0.19, HT >>ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, >>NO_REAL_NAME 0 >>.18, URIBL_SBL 0.63) >> >>shouldn't only messages that are considered spam be showing the >>"autolearn=spam" ??? I still don't know why the bayes DB only has 1 > > spam > >>in it still, but I will try using sa-learn to feed it 200 spams and > > hams > >>and see what happens... but I am still wondering about the autolearn >>behavior, if anyone has any insight.. thanks! >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Billy A. Pumphrey >>Sent: Tuesday, May 17, 2005 7:48 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>That is a good link. On my mailwatch, I look at the spam messages and > > I > >>do see this a lot: >>Autolearn=spam >> >>I also see that some messages do not have a autolearn= I am guessing >>that it was not autolearned because from the link, it said that a >>message needs 3 points from the header and 3 points from the body to > > be > >>autolearned. >> >>When I do a spamassassin -D --lint. I get: >>debug: bayes: found bayes db version 3 >>debug: using "/root/.spamassassin" for user state dir >>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < >>200 >> >>So mine says that there are only 0 spams. Does this mean that I need > > to > >>fix something? >> >> >>Billy Pumphrey >>IT Manager >>Wooden & McLaughlin >> >>>-----Original Message----- >>>From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] >>>Sent: Tuesday, May 17, 2005 3:59 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: bayes DB not growing >>> >>>have a look on this link to see whether it answer your question. >>>http://wiki.apache.org/spamassassin/AutolearningNotWorking >>> >>>Cheers >>>Raylund >>> >>>Arif Malik wrote: >>> >>> >>>>I have a new installation of mailscanner, and for the last few > > days > >>I >> >>>>keep noticing the following message: >>>> >>>>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes > > DB > >>< >> >>>200 >>> >>>>now today, it has finally changed to: debug: bayes: Not available >> >>for >> >>>>scanning, only 1 spam(s) in Bayes DB < 200 but there has been > > quite > >>>>a few spams that have gone through, and >> >>have >> >>>>been marked as spam, and i see "autolearn=spam" in the log. >> >>shouldn't >> >>>>these be added to the bayes DB?? here is the rest of that part of >> >>the >> >>>>log that deals with bayes: >>>> >>>>debug: bayes: 2357 tie-ing to DB file R/O >>>>/home/exim/.spamassassin/bayes_toks >>>>debug: bayes: 2357 tie-ing to DB file R/O >>>>/home/exim/.spamassassin/bayes_seen >>>>debug: bayes: found bayes db version 3 >>>>debug: bayes: Not available for scanning, only 1 spam(s) in Bayes > > DB > >>< >> >>>200 >>> >>>>debug: bayes: 2357 untie-ing >>>>debug: bayes: 2357 untie-ing db_toks >>>>debug: bayes: 2357 untie-ing db_seen >>>>debug: Score set 1 chosen. >>>> >>>>any idea what i might be doing wrong ? it is odd to me that 1 > > email > >>>>did finally end up in the bayes db... thanks for any help!!! >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>------------------------ MailScanner list ------------------------ > > To > >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the > >>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 17 16:53:32 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: -------------------------------------------------------------------- Ok, Good deal. I now am getting different results. I was reading the spam.assassin.prefs.conf and it said rename the local.cf file in etc/mail/spamassassin. I have done something that I read about putting a link. If I do ls, the spamassassin.local.cf looks like this: lrwxrwxrwx 1 root root 36 May 6 10:46 spamassassin.local.cf -> /etc/MailSc anner/spam.assassin.prefs Is this good? Does this mean that my setup is using the correct pref file? Here are my results of the spamassassin --lint command with the -p: debug: bayes: 8634 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks debug: bayes: 8634 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: opportunistic call attempt skipped, found fresh running expire mag ic token debug: Score set 3 chosen. Then goes through some more stuff. Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 16:48:56 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: On Tue, 2005-05-17 at 08:32 -0700, John Rudd wrote: > On May 17, 2005, at 2:45 AM, Martin Hepworth wrote: > > > upgrade to latest which is 3.93.2 and you'll need a new sophos-wrapper > > > For anyone who was reading through this discussion and panicked when > they saw the above line: > > It's wrong. You don't need a new sophos-wrapper. You need a new > sophos-autoupdate (and this is the same "new" sophos-autoupdate that > was mentioned a week or so ago). This became clear a few posts later > when the "file you need" link given was in fact sophos-autoupdate and > not sophos-wrapper. (and I did some testing here to be sure) to clarify further: this doesnt solve the problem with sophos error. The current solution is to use the libc6 version rather than the glibc2.2 version. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 17 16:35:00 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: On Tue, 2005-05-17 at 09:08 -0500, Aaron K. Moore wrote: > Here's what I sent to Sophos last Friday on my open ticket with them. > > I ran across this thread online today. > > http://www.vanja.com/listarc/vtools/2005-May/thread.html#1746 this seems to have fixed it for me too. GREG > > I've been running SAV for Linux libc 6 with glibc 2.2 ever since we > switched to Sophos a few years ago. > > After reading the above thread I removed SAV 3.93.2 for libc 6 with > glibc 2.2 and installed SAV 3.93.2 for Linux libc 6. So far it's > working as it should be without any corrupted file warnings by SAVI. It > appears that 3.93 has some serious issues with some version of glibc 2.2 > and above. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 17 16:56:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Billy yes that's good -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Billy A. Pumphrey wrote: > -------------------------------------------------------------------- > > Ok, > > Good deal. I now am getting different results. I was reading the > spam.assassin.prefs.conf and it said rename the local.cf file in > etc/mail/spamassassin. > > I have done something that I read about putting a link. If I do ls, the > spamassassin.local.cf looks like this: > > lrwxrwxrwx 1 root root 36 May 6 10:46 spamassassin.local.cf -> > /etc/MailSc > anner/spam.assassin.prefs > > Is this good? Does this mean that my setup is using the correct pref > file? > > Here are my results of the spamassassin --lint command with the -p: > > debug: bayes: 8634 tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_toks > debug: bayes: 8634 tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_seen > debug: bayes: found bayes db version 3 > debug: bayes: opportunistic call attempt skipped, found fresh running > expire mag ic token > debug: Score set 3 chosen. > > Then goes through some more stuff. > > > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue May 17 17:00:27 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:38 2006 Subject: latest sophos broken? Message-ID: It's definitely a work around. While it performs better than having sweep scan the messages, it doesn't seem to be as fast as the glibc 2.2 version. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Greg Matthews wrote: > On Tue, 2005-05-17 at 08:32 -0700, John Rudd wrote: >> On May 17, 2005, at 2:45 AM, Martin Hepworth wrote: >> >>> upgrade to latest which is 3.93.2 and you'll need a new >>> sophos-wrapper >> >> >> For anyone who was reading through this discussion and panicked when >> they saw the above line: >> >> It's wrong. You don't need a new sophos-wrapper. You need a new >> sophos-autoupdate (and this is the same "new" sophos-autoupdate that >> was mentioned a week or so ago). This became clear a few posts later >> when the "file you need" link given was in fact sophos-autoupdate and >> not sophos-wrapper. (and I did some testing here to be sure) > > to clarify further: this doesnt solve the problem with sophos error. > The current solution is to use the libc6 version rather than the > glibc2.2 version. > > GREG ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Tue May 17 17:31:51 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: Thanks, Billy.. I don't even get any mention of BAYES in the point scoring part like you do below... im not sure what im missing here, does anyone have any suggestions?? here is another log entry - notice it is marked as "not spam" but then it has "autolearn=spam". Also it doesn't show any Bayes probability entry either as Billy's does. May 17 08:17:38 filter MailScanner[4736]: Message 1DY3op-0001Fb-G3 from 65.249.2 45.178 (1-21388026-fitblog.com?reef@stderr.megadealz.net) to aergasg.com is not spam, SpamAssassin (score=3.007, required 4, autolearn=spam, DNS_FROM_AHBL_RHSBL 0.07, HTML_FONT_INVISIBLE 0.07, HTML_IMAGE_ONLY_24 1.00, HTML_MESSAGE 0.00, HTM L_TAG_EXIST_TBODY 0.23, RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15) when I am in debug mode I see this also.. should it have some kind of entry like BAYES in it?? I used one of those bayes starter kits, so I don't get that <200 spam error any more.. but it still doesn't seem to be active! debug: tests=DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UN USABLE_MSGID -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey Sent: Tuesday, May 17, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing I was going to say also that sometimes there is no autolearn statement, like this: -0.41 BAYES_05 Bayesian spam probability is 1 to 5% 0.01 NO_REAL_NAME From: does not include a real name Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] > Sent: Tuesday, May 17, 2005 10:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Hmm - what I am seeing in my logs, is EVERY message shows > "autolearn=spam" - even though my bayes DB isn't growing... even > messages that aren't tagged as spam are showing it - for example: > > May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv from > 209.0.2 > 4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not > spam, SpamA > ssassin (score=2.733, required 4, autolearn=spam, AWL 1.02, HTML_90_100 > 0.19, HT > ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, > NO_REAL_NAME 0 > .18, URIBL_SBL 0.63) > > shouldn't only messages that are considered spam be showing the > "autolearn=spam" ??? I still don't know why the bayes DB only has 1 spam > in it still, but I will try using sa-learn to feed it 200 spams and hams > and see what happens... but I am still wondering about the autolearn > behavior, if anyone has any insight.. thanks! > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, May 17, 2005 7:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > That is a good link. On my mailwatch, I look at the spam messages and I > do see this a lot: > Autolearn=spam > > I also see that some messages do not have a autolearn= I am guessing > that it was not autolearned because from the link, it said that a > message needs 3 points from the header and 3 points from the body to be > autolearned. > > When I do a spamassassin -D --lint. I get: > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > So mine says that there are only 0 spams. Does this mean that I need to > fix something? > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > -----Original Message----- > > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > > Sent: Tuesday, May 17, 2005 3:59 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes DB not growing > > > > have a look on this link to see whether it answer your question. > > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > > > Cheers > > Raylund > > > > Arif Malik wrote: > > > > > I have a new installation of mailscanner, and for the last few days > I > > > keep noticing the following message: > > > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB > < > > 200 > > > > > > now today, it has finally changed to: debug: bayes: Not available > for > > > scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite > > > a few spams that have gone through, and > have > > > been marked as spam, and i see "autolearn=spam" in the log. > shouldn't > > > these be added to the bayes DB?? here is the rest of that part of > the > > > log that deals with bayes: > > > > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_toks > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_seen > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB > < > > 200 > > > debug: bayes: 2357 untie-ing > > > debug: bayes: 2357 untie-ing db_toks > > > debug: bayes: 2357 untie-ing db_seen > > > debug: Score set 1 chosen. > > > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > > did finally end up in the bayes db... thanks for any help!!! > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Tue May 17 17:03:26 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] tried installing through CPAN and got the following error any ideas? Manifying blib/man3/Mail::ClamAV.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Tue May 17 18:03:28 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:38 2006 Subject: bayes DB not growing Message-ID: ok sorry, now that I am using the bayes starter kit thing, I do have something like this in my logs: BAYES_95 2.06 so that part looks good to me - but now I am just worried about the autolearn=spam thing - from what I have read, messages tagged like this are fed to the bayes filter as spam... but EVERY one of my messages is showing this, even the ones that arent tagged as spam... so I am worried the ham messages are being fed to it as well. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Arif Malik Sent: Tuesday, May 17, 2005 9:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing Thanks, Billy.. I don't even get any mention of BAYES in the point scoring part like you do below... im not sure what im missing here, does anyone have any suggestions?? here is another log entry - notice it is marked as "not spam" but then it has "autolearn=spam". Also it doesn't show any Bayes probability entry either as Billy's does. May 17 08:17:38 filter MailScanner[4736]: Message 1DY3op-0001Fb-G3 from 65.249.2 45.178 (1-21388026-fitblog.com?reef@stderr.megadealz.net) to aergasg.com is not spam, SpamAssassin (score=3.007, required 4, autolearn=spam, DNS_FROM_AHBL_RHSBL 0.07, HTML_FONT_INVISIBLE 0.07, HTML_IMAGE_ONLY_24 1.00, HTML_MESSAGE 0.00, HTM L_TAG_EXIST_TBODY 0.23, RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15) when I am in debug mode I see this also.. should it have some kind of entry like BAYES in it?? I used one of those bayes starter kits, so I don't get that <200 spam error any more.. but it still doesn't seem to be active! debug: tests=DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UN USABLE_MSGID -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey Sent: Tuesday, May 17, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing I was going to say also that sometimes there is no autolearn statement, like this: -0.41 BAYES_05 Bayesian spam probability is 1 to 5% 0.01 NO_REAL_NAME From: does not include a real name Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] > Sent: Tuesday, May 17, 2005 10:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Hmm - what I am seeing in my logs, is EVERY message shows > "autolearn=spam" - even though my bayes DB isn't growing... even > messages that aren't tagged as spam are showing it - for example: > > May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv from > 209.0.2 > 4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not > spam, SpamA ssassin (score=2.733, required 4, autolearn=spam, AWL > 1.02, HTML_90_100 > 0.19, HT > ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, > NO_REAL_NAME 0 .18, URIBL_SBL 0.63) > > shouldn't only messages that are considered spam be showing the > "autolearn=spam" ??? I still don't know why the bayes DB only has 1 spam > in it still, but I will try using sa-learn to feed it 200 spams and hams > and see what happens... but I am still wondering about the autolearn > behavior, if anyone has any insight.. thanks! > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, May 17, 2005 7:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > That is a good link. On my mailwatch, I look at the spam messages and I > do see this a lot: > Autolearn=spam > > I also see that some messages do not have a autolearn= I am guessing > that it was not autolearned because from the link, it said that a > message needs 3 points from the header and 3 points from the body to be > autolearned. > > When I do a spamassassin -D --lint. I get: > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > 200 > > So mine says that there are only 0 spams. Does this mean that I need to > fix something? > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > -----Original Message----- > > From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] > > Sent: Tuesday, May 17, 2005 3:59 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: bayes DB not growing > > > > have a look on this link to see whether it answer your question. > > http://wiki.apache.org/spamassassin/AutolearningNotWorking > > > > Cheers > > Raylund > > > > Arif Malik wrote: > > > > > I have a new installation of mailscanner, and for the last few days > I > > > keep noticing the following message: > > > > > > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB > < > > 200 > > > > > > now today, it has finally changed to: debug: bayes: Not available > for > > > scanning, only 1 spam(s) in Bayes DB < 200 but there has been quite > > > a few spams that have gone through, and > have > > > been marked as spam, and i see "autolearn=spam" in the log. > shouldn't > > > these be added to the bayes DB?? here is the rest of that part of > the > > > log that deals with bayes: > > > > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_toks > > > debug: bayes: 2357 tie-ing to DB file R/O > > > /home/exim/.spamassassin/bayes_seen > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB > < > > 200 > > > debug: bayes: 2357 untie-ing > > > debug: bayes: 2357 untie-ing db_toks > > > debug: bayes: 2357 untie-ing db_seen > > > debug: Score set 1 chosen. > > > > > > any idea what i might be doing wrong ? it is odd to me that 1 email > > > did finally end up in the bayes db... thanks for any help!!! > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 17 18:05:57 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I get the same thing on Redhat ES4. Tried everything I can think of, no go. Google found ONE other post about it; person was using Fedora (not sure which), same issue, no resolution. What OS are you using? Matt >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> tried installing through CPAN and got the following error any ideas? Manifying blib/man3/Mail::ClamAV.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Tue May 17 17:20:37 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Using CentOS.... have you implemented a workaround. I'm preparing for an installation on a production box and in dire need of making progress. ----- Original Message ----- From: "Matt Kehler" To: Sent: Tuesday, May 17, 2005 1:05 PM Subject: Re: OT: Mail::ClamAV > I get the same thing on Redhat ES4. Tried everything I can think of, no > go. Google found ONE other post about it; person was using Fedora (not > sure which), same issue, no resolution. What OS are you using? > > Matt > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > tried installing through CPAN and got the following error any ideas? > > > > > Manifying blib/man3/Mail::ClamAV.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > 188 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > # Compilation failed in require at (eval 1) line 2. > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > line > 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > -------------------------------------------------------------------------- -- > --- > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Tue May 17 18:25:36 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:29:38 2006 Subject: New SpamAssassin config file Message-ID: Hey Guys, I recently upgraded from spamassassin 2.6 to 3.03, I was wondering if someone could let me know if the following config file is some way sane? Any feedback is much appreciated. Thanks in advance for any advise Mark grep -v '#' spam.assassin.prefs.conf dns_available yes ok_locales en bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0660 bayes_auto_expire 0 bayes_ignore_header X-MailScanner bayes_ignore_header X-MailScanner-SpamCheck bayes_ignore_header X-MailScanner-SpamScore bayes_ignore_header X-MailScanner-Information lock_method flock use_auto_whitelist 0 pyzor_path /usr/bin/pyzor dcc_path /usr/local/bin/dccproc dcc_home /var/dcc rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 envelope_sender_header X-MailScanner-From header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS 100.0 header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS2 100.0 uri IE_VULN /%([01][0-9a-f]|7f).*@/i score IE_VULN 100.0 describe IE_VULN Internet Explorer vulnerability score RCVD_IN_RSL 0 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 17 18:32:36 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm in the exact same boat...have a site waiting for their production box but can't get it working. Matt >>> wright@CYBERVALE.COM 5/17/2005 11:20:37 AM >>> Using CentOS.... have you implemented a workaround. I'm preparing for an installation on a production box and in dire need of making progress. ----- Original Message ----- From: "Matt Kehler" To: Sent: Tuesday, May 17, 2005 1:05 PM Subject: Re: OT: Mail::ClamAV > I get the same thing on Redhat ES4. Tried everything I can think of, no > go. Google found ONE other post about it; person was using Fedora (not > sure which), same issue, no resolution. What OS are you using? > > Matt > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > tried installing through CPAN and got the following error any ideas? > > > > > Manifying blib/man3/Mail::ClamAV.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > 188 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > # Compilation failed in require at (eval 1) line 2. > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > line > 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > -------------------------------------------------------------------------- -- > --- > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue May 17 18:42:52 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:38 2006 Subject: New SpamAssassin config file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Campbell wrote: > Hey Guys, > > I recently upgraded from spamassassin 2.6 to 3.03, I was wondering if > someone could let me know if the following config file is some way sane? > Any feedback is much appreciated. > > Thanks in advance for any advise > > Mark > > grep -v '#' spam.assassin.prefs.conf > > dns_available yes > ok_locales en > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0660 Change that to 0770 That mask sometimes gets used for creating directories so it needs to have the X bit. (note: when creating bayes DB normal files, this will not cause them to have the X bit, as SA will request 0666, and end up with 0660 after the mask gets applied) The rest looks fine. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue May 17 18:32:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:38 2006 Subject: New SpamAssassin config file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Campbell wrote: > Hey Guys, > > I recently upgraded from spamassassin 2.6 to 3.03, I was wondering if > someone could let me know if the following config file is some way sane? > Any feedback is much appreciated. > Makes sense to me. You may want to compare with the one available at http://www.fsl.com/support hth Ugo > Thanks in advance for any advise > > Mark > > grep -v '#' spam.assassin.prefs.conf > > dns_available yes > ok_locales en > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0660 > bayes_auto_expire 0 > bayes_ignore_header X-MailScanner > bayes_ignore_header X-MailScanner-SpamCheck > bayes_ignore_header X-MailScanner-SpamScore > bayes_ignore_header X-MailScanner-Information > lock_method flock > use_auto_whitelist 0 > pyzor_path /usr/bin/pyzor > dcc_path /usr/local/bin/dccproc > dcc_home /var/dcc > rbl_timeout 20 > razor_timeout 10 > pyzor_timeout 10 > envelope_sender_header X-MailScanner-From > header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i > describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS 100.0 > header FRIEND_GREETINGS2 Subject =~ /you have a greeting card > from/i > describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS2 100.0 > uri IE_VULN /%([01][0-9a-f]|7f).*@/i > score IE_VULN 100.0 > describe IE_VULN Internet Explorer vulnerability > score RCVD_IN_RSL 0 > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > score URIBL_JP_SURBL 4.0 > > > Mark > > Mark Campbell > -- > IT Convergence OS Administrator > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 17 19:12:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Find out where the libclamav.so is installed for starters, it should have been built by your ClamAV installation/build process. It will hopefully be in somewhere like /usr/local/lib or something like that. Make sure this directory is listed in /etc/ld.so.conf. If the directory isn't there (and the directory is somewhere sensible) then add it to that file and run ldconfig to update the ld.so cache file. If you can find the file installed (it may be called libclamav.so or libclamav.so.1 for example) and want to know if it is somewhere "sensible" then mail us back and we will tell if is sounds likely. You need to have installed ClamAV (and its libraries) before installing the Mail::ClamAV module. How did you install ClamAV? From source or from RPM files or what? And where did the RPM files come from? Matt Kehler wrote: > I'm in the exact same boat...have a site waiting for their production > box but can't get it working. > > Matt > > >>> wright@CYBERVALE.COM 5/17/2005 11:20:37 AM >>> > Using CentOS.... have you implemented a workaround. I'm preparing for an > installation on a production box and in dire need of making progress. > > ----- Original Message ----- > From: "Matt Kehler" > To: > Sent: Tuesday, May 17, 2005 1:05 PM > Subject: Re: OT: Mail::ClamAV > > > > I get the same thing on Redhat ES4. Tried everything I can think of, no > > go. Google found ONE other post about it; person was using Fedora (not > > sure which), same issue, no resolution. What OS are you using? > > > > Matt > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > > > tried installing through CPAN and got the following error any ideas? > > > > > > > > > > Manifying blib/man3/Mail::ClamAV.3pm > > /usr/bin/make -- OK > > Running make test > > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > # Tried to use 'Mail::ClamAV'. > > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > > # > > # Can't load > > > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > > file: No > > such file or directory at > > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > > # > > # > > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > > 188 > > # BEGIN failed--compilation aborted at > > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > > # Compilation failed in require at (eval 1) line 2. > > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > > line > > 11 > > Can't continue after import errors at t/Mail-ClamAV.t line 11 > > # Looks like you planned 10 tests but only ran 1. > > t/Mail-ClamAV....dubious > > Test returned status 10 (wstat 2560, 0xa00) > > DIED. FAILED tests 1-10 > > Failed 10/10 tests, 0.00% okay > > Failed Test Stat Wstat Total Fail Failed List of Failed > > > -------------------------------------------------------------------------- > -- > > --- > > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > > okay. > > make: *** [test_dynamic] Error 2 > > /usr/bin/make test -- NOT OK > > Running make install > > make test had returned bad status, won't install without force > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Tue May 17 19:33:11 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:29:38 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Steve, You probably want either default_destination_recipient_limit or smtpd_recipient_limit, which is described at http://www.postfix.org/rate.html#recipients I haven't played with either of them, but they appear to be the right variable to test with. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue May 17 19:45:39 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:38 2006 Subject: OT: Mail::ClamAV Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Tuesday, May 17, 2005 2:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Mail::ClamAV > > Find out where the libclamav.so is installed for starters, it should > have been built by your ClamAV installation/build process. > It will hopefully be in somewhere like /usr/local/lib or something like > that. > Make sure this directory is listed in /etc/ld.so.conf. > If the directory isn't there (and the directory is somewhere sensible) > then add it to that file and run ldconfig to update the ld.so cache file. > If you can find the file installed (it may be called libclamav.so or > libclamav.so.1 for example) and want to know if it is somewhere > "sensible" then mail us back and we will tell if is sounds likely. > > You need to have installed ClamAV (and its libraries) before installing > the Mail::ClamAV module. How did you install ClamAV? From source or from > RPM files or what? And where did the RPM files come from? > Adding: /usr/local/lib to /etc/ld.so.conf and then running ldconfig works on CentOS so I'll bet it works on RH ES4 :) Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Matt Kehler wrote: > > > I'm in the exact same boat...have a site waiting for their production > > box but can't get it working. > > > > Matt > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:20:37 AM >>> > > Using CentOS.... have you implemented a workaround. I'm preparing for an > > installation on a production box and in dire need of making progress. > > > > ----- Original Message ----- > > From: "Matt Kehler" > > To: > > Sent: Tuesday, May 17, 2005 1:05 PM > > Subject: Re: OT: Mail::ClamAV > > > > > > > I get the same thing on Redhat ES4. Tried everything I can think of, > no > > > go. Google found ONE other post about it; person was using Fedora > (not > > > sure which), same issue, no resolution. What OS are you using? > > > > > > Matt > > > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > > > > > tried installing through CPAN and got the following error any ideas? > > > > > > > > > > > > > > > Manifying blib/man3/Mail::ClamAV.3pm > > > /usr/bin/make -- OK > > > Running make test > > > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > > > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > > > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > > # Tried to use 'Mail::ClamAV'. > > > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > > > # > > > # Can't load > > > > > '/root/.cpan/build/Mail-ClamAV- > 0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > > > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > > > file: No > > > such file or directory at > > > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > > > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > > > # > > > # > > > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > > > 188 > > > # BEGIN failed--compilation aborted at > > > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > > > # Compilation failed in require at (eval 1) line 2. > > > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > > > line > > > 11 > > > Can't continue after import errors at t/Mail-ClamAV.t line 11 > > > # Looks like you planned 10 tests but only ran 1. > > > t/Mail-ClamAV....dubious > > > Test returned status 10 (wstat 2560, 0xa00) > > > DIED. FAILED tests 1-10 > > > Failed 10/10 tests, 0.00% okay > > > Failed Test Stat Wstat Total Fail Failed List of Failed > > > > > ------------------------------------------------------------------------ > -- > > -- > > > --- > > > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > > > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > > > okay. > > > make: *** [test_dynamic] Error 2 > > > /usr/bin/make test -- NOT OK > > > Running make install > > > make test had returned bad status, won't install without force > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue May 17 19:52:54 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:39 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joshua Hirsh > Sent: Tuesday, May 17, 2005 2:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: off topic: postfix and email to multiple recipients > > Hi Steve, > > You probably want either default_destination_recipient_limit or > smtpd_recipient_limit, which is described at > http://www.postfix.org/rate.html#recipients > > > I haven't played with either of them, but they appear to be the right > variable to test with. > > Regards, > -Joshua Thanks Josh but I don't think this will do the trick. It states that: "The default_destination_recipient_limit parameter (default: 50) controls how many recipients a Postfix delivery agent (smtp, uucp, etc.) will send with each copy of an email message. If an email message has more than $default_destination_recipient_limit recipients at the same destination, the list of recipients will be broken up into smaller lists, and multiple copies of the message will be sent." And as I read this means the default_destination_recipient_limit controls only outgoing (destination_recipient) parameters. I nees something that works on the incoming messages :( Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Tue May 17 20:04:15 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:29:39 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > And as I read this means the > default_destination_recipient_limit controls > only outgoing (destination_recipient) parameters. I nees > something that > works on the incoming messages :( You mean like smtpd_recipient_limit? Changing that setting would do it, however, it would probably have a negative impact on the server as it would now have to accept one message per recipient. For small sites I wouldn't see this as a problem, but for large sites, it would be a pretty excessive waste of I/O. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 17 20:05:28 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:39 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Boom, works on es4. thanks! Matt >>> steve.swaney@FSL.COM 5/17/2005 1:45:39 PM >>> > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Tuesday, May 17, 2005 2:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Mail::ClamAV > > Find out where the libclamav.so is installed for starters, it should > have been built by your ClamAV installation/build process. > It will hopefully be in somewhere like /usr/local/lib or something like > that. > Make sure this directory is listed in /etc/ld.so.conf. > If the directory isn't there (and the directory is somewhere sensible) > then add it to that file and run ldconfig to update the ld.so cache file. > If you can find the file installed (it may be called libclamav.so or > libclamav.so.1 for example) and want to know if it is somewhere > "sensible" then mail us back and we will tell if is sounds likely. > > You need to have installed ClamAV (and its libraries) before installing > the Mail::ClamAV module. How did you install ClamAV? From source or from > RPM files or what? And where did the RPM files come from? > Adding: /usr/local/lib to /etc/ld.so.conf and then running ldconfig works on CentOS so I'll bet it works on RH ES4 :) Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Matt Kehler wrote: > > > I'm in the exact same boat...have a site waiting for their production > > box but can't get it working. > > > > Matt > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:20:37 AM >>> > > Using CentOS.... have you implemented a workaround. I'm preparing for an > > installation on a production box and in dire need of making progress. > > > > ----- Original Message ----- > > From: "Matt Kehler" > > To: > > Sent: Tuesday, May 17, 2005 1:05 PM > > Subject: Re: OT: Mail::ClamAV > > > > > > > I get the same thing on Redhat ES4. Tried everything I can think of, > no > > > go. Google found ONE other post about it; person was using Fedora > (not > > > sure which), same issue, no resolution. What OS are you using? > > > > > > Matt > > > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > > > > > tried installing through CPAN and got the following error any ideas? > > > > > > > > > > > > > > > Manifying blib/man3/Mail::ClamAV.3pm > > > /usr/bin/make -- OK > > > Running make test > > > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > > > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > > > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > > # Tried to use 'Mail::ClamAV'. > > > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > > > # > > > # Can't load > > > > > '/root/.cpan/build/Mail-ClamAV- > 0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > > > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > > > file: No > > > such file or directory at > > > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > > > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > > > # > > > # > > > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > > > 188 > > > # BEGIN failed--compilation aborted at > > > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > > > # Compilation failed in require at (eval 1) line 2. > > > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > > > line > > > 11 > > > Can't continue after import errors at t/Mail-ClamAV.t line 11 > > > # Looks like you planned 10 tests but only ran 1. > > > t/Mail-ClamAV....dubious > > > Test returned status 10 (wstat 2560, 0xa00) > > > DIED. FAILED tests 1-10 > > > Failed 10/10 tests, 0.00% okay > > > Failed Test Stat Wstat Total Fail Failed List of Failed > > > > > ------------------------------------------------------------------------ > -- > > -- > > > --- > > > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > > > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > > > okay. > > > make: *** [test_dynamic] Error 2 > > > /usr/bin/make test -- NOT OK > > > Running make install > > > make test had returned bad status, won't install without force > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Tue May 17 19:12:14 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:39 2006 Subject: OT: Mail::ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] sure enough it worked. Thanks Julian, Stephen..... Matt I suppose you should be ok now too. Thanks again guys. Terran ----- Original Message ----- From: "Stephen Swaney" To: Sent: Tuesday, May 17, 2005 2:45 PM Subject: Re: OT: Mail::ClamAV > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Julian Field > > Sent: Tuesday, May 17, 2005 2:12 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: OT: Mail::ClamAV > > > > Find out where the libclamav.so is installed for starters, it should > > have been built by your ClamAV installation/build process. > > It will hopefully be in somewhere like /usr/local/lib or something like > > that. > > Make sure this directory is listed in /etc/ld.so.conf. > > If the directory isn't there (and the directory is somewhere sensible) > > then add it to that file and run ldconfig to update the ld.so cache file. > > If you can find the file installed (it may be called libclamav.so or > > libclamav.so.1 for example) and want to know if it is somewhere > > "sensible" then mail us back and we will tell if is sounds likely. > > > > You need to have installed ClamAV (and its libraries) before installing > > the Mail::ClamAV module. How did you install ClamAV? From source or from > > RPM files or what? And where did the RPM files come from? > > > > Adding: > > /usr/local/lib > > to /etc/ld.so.conf and then running ldconfig works on CentOS so I'll bet it > works on RH ES4 :) > > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > > > Matt Kehler wrote: > > > > > I'm in the exact same boat...have a site waiting for their production > > > box but can't get it working. > > > > > > Matt > > > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:20:37 AM >>> > > > Using CentOS.... have you implemented a workaround. I'm preparing for an > > > installation on a production box and in dire need of making progress. > > > > > > ----- Original Message ----- > > > From: "Matt Kehler" > > > To: > > > Sent: Tuesday, May 17, 2005 1:05 PM > > > Subject: Re: OT: Mail::ClamAV > > > > > > > > > > I get the same thing on Redhat ES4. Tried everything I can think of, > > no > > > > go. Google found ONE other post about it; person was using Fedora > > (not > > > > sure which), same issue, no resolution. What OS are you using? > > > > > > > > Matt > > > > > > > > >>> wright@CYBERVALE.COM 5/17/2005 11:03:26 AM >>> > > > > > > > > tried installing through CPAN and got the following error any ideas? > > > > > > > > > > > > > > > > > > > > Manifying blib/man3/Mail::ClamAV.3pm > > > > /usr/bin/make -- OK > > > > Running make test > > > > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > > > > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > > > > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > > > > # Tried to use 'Mail::ClamAV'. > > > > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > > > > # > > > > # Can't load > > > > > > > '/root/.cpan/build/Mail-ClamAV- > > 0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > > > > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > > > > file: No > > > > such file or directory at > > > > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > > > > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > > > > # > > > > # > > > > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line > > > > 188 > > > > # BEGIN failed--compilation aborted at > > > > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > > > > # Compilation failed in require at (eval 1) line 2. > > > > "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t > > > > line > > > > 11 > > > > Can't continue after import errors at t/Mail-ClamAV.t line 11 > > > > # Looks like you planned 10 tests but only ran 1. > > > > t/Mail-ClamAV....dubious > > > > Test returned status 10 (wstat 2560, 0xa00) > > > > DIED. FAILED tests 1-10 > > > > Failed 10/10 tests, 0.00% okay > > > > Failed Test Stat Wstat Total Fail Failed List of Failed > > > > > > > ------------------------------------------------------------------------ > > -- > > > -- > > > > --- > > > > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > > > > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > > > > okay. > > > > make: *** [test_dynamic] Error 2 > > > > /usr/bin/make test -- NOT OK > > > > Running make install > > > > make test had returned bad status, won't install without force > > > > > > > > ------------------------ MailScanner list ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue May 17 20:38:03 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:39 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joshua Hirsh > Sent: Tuesday, May 17, 2005 3:04 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: off topic: postfix and email to multiple recipients > > > And as I read this means the > > default_destination_recipient_limit controls > > only outgoing (destination_recipient) parameters. I nees > > something that > > works on the incoming messages :( > > You mean like smtpd_recipient_limit? Changing that setting would do it, > however, it would probably have a negative impact on the server as it > would now have to accept one message per recipient. For small sites I > wouldn't see this as a problem, but for large sites, it would be a pretty > excessive waste of I/O. > > I think this setting just rejects any email thats over the limit, hence the high default setting of 1000 but I'll try testing. You are right about load. Using this configuration with sendmail can add 30% to the server load. But if you want to be sure that individual user's spam preferences are strictly enforced, It the only way I know of doing it. Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > Regards, > > -Joshua > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue May 17 20:46:12 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:39 2006 Subject: Mail::ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Terran Wright > Sent: Tuesday, May 17, 2005 11:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Mail::ClamAV > > > tried installing through CPAN and got the following error any ideas? > > > > > Manifying blib/man3/Mail::ClamAV.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared ^^^^^^^^^^^^^ > object file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 {...] Have you checked that the path containing libclamav.so.1 appears in /etc/ld.so.conf ? Seems like I had to manually add it on a Fedora FC2 installation, (/usr/local/lib IIRC) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue May 17 21:47:40 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:39 2006 Subject: sendmail-out.pid missing Message-ID: I just installed 4.41.3 on a SuSE 9.3 system running sendmail. It seems to be working as advertised, but I get an error in /var/log/mail at startup: May 17 11:58:21 mxg sendmail-in[7447]: starting daemon (8.13.3): SMTP May 17 11:58:21 mxg sendmail-client[7450]: starting daemon (8.13.3): persistent-queueing@00:01:00 May 17 11:58:22 mxg sendmail-out[7454]: starting daemon (8.13.3): queueing@00:30:00 May 17 11:58:22 mxg sendmail-out[7454]: unable to write pid to /var/run/sendmail.pid: file in use by another process May 17 11:58:23 mxg MailScanner[7475]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... The sendmail.pid file is created, but the sendmail-out.pid file isn't and it complains. Doing a 'ps aux' I get the following: -------------------------------------- root 7447 0.0 0.5 6676 2820 ? Ss 11:58 0:00 sendmail: accepting connections mail 7450 0.0 0.4 5956 2348 ? Ss 11:58 0:00 sendmail: Queue control mail 7451 0.0 0.4 5956 2396 ? S 11:58 0:00 sendmail: running queue: /var/spool/clientmqueue root 7454 0.0 0.4 6168 2464 ? Ss 11:58 0:00 sendmail: Queue runner@00:30:00 for /var/spool/mqueue root 7474 0.0 3.4 20356 17500 ? Ss 11:58 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 7475 0.7 8.9 48528 45684 ? S 11:58 0:11 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 7481 1.0 9.0 48516 45768 ? S 11:58 0:15 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 7495 1.4 9.0 48880 46004 ? R 11:58 0:21 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 7553 1.1 9.0 48832 45956 ? S 11:58 0:16 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 9693 0.0 0.6 6716 3456 ? S 12:23 0:00 sendmail: server imo-m26.mx.aol.com [64.12.137.7] cmd read root 9756 0.0 9.0 48880 46004 ? R 12:23 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf -------------------------------------- The first sendmail process (7447) is apparently the one started by the /etc/init.d/MailScanner script: mxg:/home/mkm # cat /var/run/sendmail.pid 7447 /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -L sendmail-in -Am -bd -om I looked on an older MS box and see the same thing, although no error message in the logs. That is, sendmail-out apparently starts, but there is no sendmail-out.pid created. It seems that startproc isn't honoring the -p flag being passed in the script. Is anybody else seeing this? Is it of any concern? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 17 21:59:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:39 2006 Subject: sendmail-out.pid missing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I must set up another SuSE system to use for testing this. What's the latest version out there? Kevin Miller wrote: >I just installed 4.41.3 on a SuSE 9.3 system running sendmail. It seems to >be working as advertised, but I get an error in /var/log/mail at startup: > >May 17 11:58:21 mxg sendmail-in[7447]: starting daemon (8.13.3): SMTP >May 17 11:58:21 mxg sendmail-client[7450]: starting daemon (8.13.3): >persistent-queueing@00:01:00 >May 17 11:58:22 mxg sendmail-out[7454]: starting daemon (8.13.3): >queueing@00:30:00 >May 17 11:58:22 mxg sendmail-out[7454]: unable to write pid to >/var/run/sendmail.pid: file in use by another process >May 17 11:58:23 mxg MailScanner[7475]: MailScanner E-Mail Virus Scanner >version 4.41.3 starting... > > >The sendmail.pid file is created, but the sendmail-out.pid file isn't and it >complains. Doing a 'ps aux' I get the following: >-------------------------------------- >root 7447 0.0 0.5 6676 2820 ? Ss 11:58 0:00 sendmail: >accepting connections > >mail 7450 0.0 0.4 5956 2348 ? Ss 11:58 0:00 sendmail: >Queue control >mail 7451 0.0 0.4 5956 2396 ? S 11:58 0:00 sendmail: >running queue: /var/spool/clientmqueue >root 7454 0.0 0.4 6168 2464 ? Ss 11:58 0:00 sendmail: >Queue runner@00:30:00 for /var/spool/mqueue >root 7474 0.0 3.4 20356 17500 ? Ss 11:58 0:00 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >root 7475 0.7 8.9 48528 45684 ? S 11:58 0:11 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >root 7481 1.0 9.0 48516 45768 ? S 11:58 0:15 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >root 7495 1.4 9.0 48880 46004 ? R 11:58 0:21 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >root 7553 1.1 9.0 48832 45956 ? S 11:58 0:16 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >root 9693 0.0 0.6 6716 3456 ? S 12:23 0:00 sendmail: >server imo-m26.mx.aol.com [64.12.137.7] cmd read > >root 9756 0.0 9.0 48880 46004 ? R 12:23 0:00 >/usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner >/etc/MailScanner/MailScanner.conf >-------------------------------------- > >The first sendmail process (7447) is apparently the one started by the >/etc/init.d/MailScanner script: > >mxg:/home/mkm # cat /var/run/sendmail.pid >7447 >/usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly >-OQueueDirectory=/var/spool/mqueue.in -L sendmail-in -Am -bd -om > >I looked on an older MS box and see the same thing, although no error >message in the logs. That is, sendmail-out apparently starts, but there is >no sendmail-out.pid created. > >It seems that startproc isn't honoring the -p flag being passed in the >script. Is anybody else seeing this? Is it of any concern? > >TIA... > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Admin., Mail Admin. >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue May 17 22:11:52 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:39 2006 Subject: sendmail-out.pid missing Message-ID: Julian Field wrote: > I must set up another SuSE system to use for testing this. What's the > latest version out there? > 9.3 is the latest SuSE. The interesting thing is that the older system I mentioned was running on SuSE 8.0 with MS 4.33 or somewhere thereabouts. Same thing, just no error in /var/log/mail. Both systems seem to be running just fine. /var/log/mail shows sendmail, sendmail-out, and MailScanner owned activity... S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 07:07:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:39 2006 Subject: sendmail-out.pid missing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Great. I would like to test against SuSE 9.3 to get this fixed. Unfortunately they don't have it out for FTP yet. Any chance you could either put the DVD iso on a web site somewhere and mail me a private link to it, or send me a copy of the DVD in the post please? Kevin Miller wrote: >Julian Field wrote: > > >>I must set up another SuSE system to use for testing this. What's the >>latest version out there? >> >> >> >9.3 is the latest SuSE. The interesting thing is that the older system I >mentioned was running on SuSE 8.0 with MS 4.33 or somewhere thereabouts. >Same thing, just no error in /var/log/mail. > >Both systems seem to be running just fine. /var/log/mail shows sendmail, >sendmail-out, and MailScanner owned activity... > >S'later... > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Admin., Mail Admin. >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed May 18 08:06:15 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:39 2006 Subject: sendmail-out.pid missing Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Kevin Miller [cut] >It seems that startproc isn't honoring the -p flag being passed in the >script. Is anybody else seeing this? Is it of any concern? I'm also using SuSE 9.3 and it's working flawlessly. I made some changes to the sendmail init.d script and added the MailScanner init.d script (see attached tar.bz2). Please note, that I installed MailScanner manually (config in /etc/MailScanner-, with a symbolic link /etc/MailScanner, rest is in /opt/MailScanner-, also with a symbolic link /opt/MailScanner) >TIA... Hope this helps. >...Kevin Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "MS-SuSE-9.3.tar.bz2" Application/OCTET-STREAM (Name: ] [ "MS-SuSE-9.3.tar.bz2") 7.7KB. ] [ Unable to print this part. ] From patrickchan at GOODMARK.COM.CN Wed May 18 08:41:43 2005 From: patrickchan at GOODMARK.COM.CN (Patrick Chan) Date: Thu Jan 12 21:29:39 2006 Subject: Machine slow Message-ID: [ The following text is in the "gb2312" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I'm using Redhat 9.0 + MailScanner 4.31.6 + clamav 0.83 I've used MailScanner for a year. Recently, I find that my machine is very slow. Load average is over 4.0. My users can't receive mail via ipop3d because from the result of command "top", the CPU resource is used up by MailScanner. When I stop using MailScanner (simply just using sendmail and procmail to block certain file extension), the speed becomes normal, load average drops back to below 1.0 I checked maillog, there are many such messages: MailScanner[8280]: New Batch: Found 31 messages waiting But those 31 messages are not the mails for my users. Those mails seem to be spam mails. Is there any good solution for this situation? Thanks very much in advance. From martinh at SOLID-STATE-LOGIC.COM Wed May 18 09:09:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:39 2006 Subject: Machine slow Message-ID: Patrick have you looked at the MAQ on tuning? What options and extra rules have you got on the Spamassassin side of things. Do you reject non-existant email addresses in the inbound sendmail? I find I drop 70% of my inbound email that way. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Patrick Chan wrote: > Hi all, > > I'm using Redhat 9.0 + MailScanner 4.31.6 + clamav 0.83 > I've used MailScanner for a year. Recently, I find that my machine is very slow. > Load average is over 4.0. My users can't receive mail via ipop3d because > from the result of command "top", the CPU resource is used up by MailScanner. > > When I stop using MailScanner (simply just using sendmail and procmail to block certain file extension), the speed becomes normal, load average drops back to below 1.0 > > I checked maillog, there are many such messages: > MailScanner[8280]: New Batch: Found 31 messages waiting > > But those 31 messages are not the mails for my users. Those mails seem to be spam mails. > > Is there any good solution for this situation? Thanks very much in advance. > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 18 09:13:17 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:39 2006 Subject: Web front end for SQL &bydomainspam rules. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does this include the ability for each user to log in using AD credentials to vbiew mail addressed to them thatr has been quarantined - allowing users to release if the score is low enough or permanantly delete if they wish. ? Dhawal Doshy wrote: > Tony Enderby wrote: > >> >> Greetings Folks, >> >> I have successully setup Mailscanner with the &ByDomainSpam white and >> blacklist customconfig functions and currently use the phplistadmin >> contrib for editing rules via a web interface. >> >> I was wondering if anyone knows of a more advanced front end? >> >> Something with user authentication based on /etc/passwd would be ideal >> but anything with some form of authentication would be great. >> >> Many thanks in advance. >> >> Tony. > > > MailWatch 0.6 [http://mailwatch.sourceforge.net], when available will > feature mysql based per user / domain whitelists & blacklists. > > As of now there is no fixed date for the release, though you can speed > it up by helping Steve with the following: > > :: MCP Support > :: User Management (create users GUI) > :: Audit logging > :: XML-RPC web services for running multiple MailScanner/MailWatch boxes > :: Enhanced reporting of MTA deliveries/rejections > :: Better query builder for reports > :: Quarantine Report > :: Blacklist/Whitelist (this is what you want) > > And the following > :: Testing CVS version for bugs > :: Writing upgrade instructions > :: Updating the website with new features/screen-shots of CVS > > Search the mailwatch-users archive on sourceforge for Steve's mail on > this date '4/2/2005' for a better explanation of the features. > > me and quite a few others (especially Peter Russell) are eagerly waiting > for 0.6 and have been pestering Steve for a beta release. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 18 09:19:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:39 2006 Subject: swamped mail relays - suggestions Message-ID: Greg Matthews wrote: > On Tue, 2005-05-17 at 16:04 +0200, Steen, Glenn wrote: >> Greg Matthews wrote: >> (snipped mangled quote by OutLook-QuoteFix. Sigh) > > as bad as groupwise? Been so since last I looked at GW that I really couldn't tell:-). But it mangled the iostat beyond recognition. > >>> Any comments and suggestions most welcome. > >> Seems that write performance might be what is killing you. >> Do you use the tmpfs thing for the incoming (MS work-) directory? > > yes, I already tmpfs for the work dir. I am thinking that with 10,000 > mails in the mqueue.in directory (~20000 files) the system might be > stalling just reading the dir. > > I've just increased max children from 9 to 20 to see if that helps. > The comments recommend 5 per cpu but doesnt mention HT processors. > >> >> -- Glenn Ok, that's good then. And you might well be right that 2x10K-file-directories might be the problem (Not perhaps for MS as much as the actual MTA)... Have you turned off atime updating too? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 09:24:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:39 2006 Subject: bayes DB not growing Message-ID: Looks like the autolearn threshhold is too low to me. the defaults in /usr/local/share/spamassassin/10_misc.cf are bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 I'd make sure you're not overriding these values in any of your site specific rules in /etc/mail/spamassassin or spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > ok sorry, now that I am using the bayes starter kit thing, I do have > something like this in my logs: > BAYES_95 2.06 > > so that part looks good to me - but now I am just worried about the > autolearn=spam thing - from what I have read, messages tagged like this > are fed to the bayes filter as spam... but EVERY one of my messages is > showing this, even the ones that arent tagged as spam... so I am worried > the ham messages are being fed to it as well. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Arif Malik > Sent: Tuesday, May 17, 2005 9:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Thanks, Billy.. I don't even get any mention of BAYES in the point > scoring part like you do below... im not sure what im missing here, does > anyone have any suggestions?? here is another log entry - notice it is > marked as "not spam" but then it has "autolearn=spam". Also it doesn't > show any Bayes probability entry either as Billy's does. > > May 17 08:17:38 filter MailScanner[4736]: Message 1DY3op-0001Fb-G3 from > 65.249.2 > 45.178 (1-21388026-fitblog.com?reef@stderr.megadealz.net) to aergasg.com > is not spam, SpamAssassin (score=3.007, required 4, autolearn=spam, > DNS_FROM_AHBL_RHSBL 0.07, HTML_FONT_INVISIBLE 0.07, HTML_IMAGE_ONLY_24 > 1.00, HTML_MESSAGE 0.00, HTM L_TAG_EXIST_TBODY 0.23, > RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15) > > when I am in debug mode I see this also.. should it have some kind of > entry like BAYES in it?? I used one of those bayes starter kits, so I > don't get that <200 spam error any more.. but it still doesn't seem to > be active! > > debug: tests=DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UN > USABLE_MSGID > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, May 17, 2005 8:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > I was going to say also that sometimes there is no autolearn statement, > like this: > > -0.41 BAYES_05 Bayesian spam probability is 1 to 5% > 0.01 NO_REAL_NAME From: does not include a real name > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >>-----Original Message----- >>From: Arif Malik [mailto:Arifm@TOMASJEWELRY.COM] >>Sent: Tuesday, May 17, 2005 10:39 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>Hmm - what I am seeing in my logs, is EVERY message shows >>"autolearn=spam" - even though my bayes DB isn't growing... even >>messages that aren't tagged as spam are showing it - for example: >> >>May 15 07:05:42 filter MailScanner[11331]: Message 1DXJk9-00083F-Tv > > from > >>209.0.2 >>4.12 (bounce-flnl-45112503@mx01.gamerival.com) to adggdwe.com is not >>spam, SpamA ssassin (score=2.733, required 4, autolearn=spam, AWL >>1.02, > > HTML_90_100 > >>0.19, HT >>ML_FONT_BIG 0.23, HTML_MESSAGE 0.00, MIME_HEADER_CTYPE_ONLY 0.48, >>NO_REAL_NAME 0 .18, URIBL_SBL 0.63) >> >>shouldn't only messages that are considered spam be showing the >>"autolearn=spam" ??? I still don't know why the bayes DB only has 1 > > spam > >>in it still, but I will try using sa-learn to feed it 200 spams and > > hams > >>and see what happens... but I am still wondering about the autolearn >>behavior, if anyone has any insight.. thanks! >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Billy A. Pumphrey >>Sent: Tuesday, May 17, 2005 7:48 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes DB not growing >> >>That is a good link. On my mailwatch, I look at the spam messages and > > I > >>do see this a lot: >>Autolearn=spam >> >>I also see that some messages do not have a autolearn= I am guessing >>that it was not autolearned because from the link, it said that a >>message needs 3 points from the header and 3 points from the body to > > be > >>autolearned. >> >>When I do a spamassassin -D --lint. I get: >>debug: bayes: found bayes db version 3 >>debug: using "/root/.spamassassin" for user state dir >>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < > > >>200 >> >>So mine says that there are only 0 spams. Does this mean that I need > > to > >>fix something? >> >> >>Billy Pumphrey >>IT Manager >>Wooden & McLaughlin >> >>>-----Original Message----- >>>From: Raylund Lai [mailto:raylund.lai@KANKANWOO.COM] >>>Sent: Tuesday, May 17, 2005 3:59 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: bayes DB not growing >>> >>>have a look on this link to see whether it answer your question. >>>http://wiki.apache.org/spamassassin/AutolearningNotWorking >>> >>>Cheers >>>Raylund >>> >>>Arif Malik wrote: >>> >>> >>>>I have a new installation of mailscanner, and for the last few > > days > >>I >> >>>>keep noticing the following message: >>>> >>>>debug: bayes: Not available for scanning, only 0 spam(s) in Bayes > > DB > >>< >> >>>200 >>> >>>>now today, it has finally changed to: debug: bayes: Not available >> >>for >> >>>>scanning, only 1 spam(s) in Bayes DB < 200 but there has been > > quite > >>>>a few spams that have gone through, and >> >>have >> >>>>been marked as spam, and i see "autolearn=spam" in the log. >> >>shouldn't >> >>>>these be added to the bayes DB?? here is the rest of that part of >> >>the >> >>>>log that deals with bayes: >>>> >>>>debug: bayes: 2357 tie-ing to DB file R/O >>>>/home/exim/.spamassassin/bayes_toks >>>>debug: bayes: 2357 tie-ing to DB file R/O >>>>/home/exim/.spamassassin/bayes_seen >>>>debug: bayes: found bayes db version 3 >>>>debug: bayes: Not available for scanning, only 1 spam(s) in Bayes > > DB > >>< >> >>>200 >>> >>>>debug: bayes: 2357 untie-ing >>>>debug: bayes: 2357 untie-ing db_toks >>>>debug: bayes: 2357 untie-ing db_seen >>>>debug: Score set 1 chosen. >>>> >>>>any idea what i might be doing wrong ? it is odd to me that 1 > > email > >>>>did finally end up in the bayes db... thanks for any help!!! >>>>------------------------ MailScanner list ------------------------ > > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>------------------------ MailScanner list ------------------------ > > To > >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the > >>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 18 09:28:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:39 2006 Subject: swamped mail relays - suggestions Message-ID: Steen, Glenn wrote: > Greg Matthews wrote: >> On Tue, 2005-05-17 at 16:04 +0200, Steen, Glenn wrote: >>> Greg Matthews wrote: >>> (snipped mangled quote by OutLook-QuoteFix. Sigh) >> >> as bad as groupwise? > > Been so since last I looked at GW that I really couldn't tell:-). > But it mangled the iostat beyond recognition. > >> >>>> Any comments and suggestions most welcome. >> >>> Seems that write performance might be what is killing you. >>> Do you use the tmpfs thing for the incoming (MS work-) directory? >> >> yes, I already tmpfs for the work dir. I am thinking that with 10,000 >> mails in the mqueue.in directory (~20000 files) the system might be >> stalling just reading the dir. >> >> I've just increased max children from 9 to 20 to see if that helps. >> The comments recommend 5 per cpu but doesnt mention HT processors. >> >>> >>> -- Glenn > > Ok, that's good then. > And you might well be right that 2x10K-file-directories might be the > problem (Not perhaps for MS as much as the actual MTA)... Have you > turned off atime updating too? > > -- Glenn ... And perhaps try getting rid of ext3 journal updating too (as suggested by David), by "reverting" to ext2. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Wed May 18 09:58:15 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:39 2006 Subject: swamped mail relays - suggestions Message-ID: On Wed, 2005-05-18 at 10:28 +0200, Steen, Glenn wrote: > > Ok, that's good then. > > And you might well be right that 2x10K-file-directories might be the > > problem (Not perhaps for MS as much as the actual MTA)... Have you > > turned off atime updating too? > > > > -- Glenn > > ... And perhaps try getting rid of ext3 journal updating too (as > suggested by David), by "reverting" to ext2. These seem like good suggestions - I've implemented them on one of the relays to compare performance. The load is down at the moment so too early to tell the effect. Incidentally, I'm still seeing await numbers (from iostat) up to 400-500ms even when lightly loaded so perhaps my interpretation of the figures is off. GREG > > -- Glenn -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Wed May 18 10:33:48 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:29:39 2006 Subject: SpamAssassin still isn't upgraded Message-ID: Hi! I recently did a complete new install of CentOS 4 and SA 3.02 I tried using the MS tarball to upgrade to SpamAss 3.03 but again the script reports I already have 3.03 installed whereas MailScanner -v really shows that 3.02 is installed. Any ideas why this problem keeps coming up? Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed May 18 10:57:00 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:39 2006 Subject: MCP logging action question Message-ID: Am using MCP facility for first time to deal with "German" spam from Sober.Q worm. In MailScanner.conf have: MCP Checks = yes # Do the spam checks first, or the MCP checks first? # This cannot be the filename of a ruleset, only a fixed value. First Check = mcp # The rest of these options are clones of the equivalent spam options MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = delete Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?!} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes I am seeing as expected in the logs: May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 from 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP-Checker (score=10, required 1, PROLO_GMCP24 10.00) BUT I am not seeing in the logs the expected ...MCP Actions: message j4I9gwgT004139 actions are delete although the message does not appear to be delivered according to the logs. I am running MS 4.41.3-1. NOTE: I am doing the Sober.Q filtering with MCP rather than normal spam filtering because we whitelist from spam tagging some domains from which the Sober.Q messages apparently originate. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 11:02:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:39 2006 Subject: SpamAssassin still isn't upgraded Message-ID: Usual cause is multiple perl installations. Does /usr/bin/perl -v report the same as perl -v ? On 18 May 2005, at 10:33, Remco Barendse wrote: > Hi! > > I recently did a complete new install of CentOS 4 and SA 3.02 > > I tried using the MS tarball to upgrade to SpamAss 3.03 but again > the script > reports I already have 3.03 installed whereas MailScanner -v really > shows that > 3.02 is installed. > > Any ideas why this problem keeps coming up? > > Thanks! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 11:03:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:39 2006 Subject: MCP logging action question Message-ID: On 18 May 2005, at 10:57, Quentin Campbell wrote: > Am using MCP facility for first time to deal with "German" spam from > Sober.Q worm. > > In MailScanner.conf have: > > MCP Checks = yes > > # Do the spam checks first, or the MCP checks first? > # This cannot be the filename of a ruleset, only a fixed value. > First Check = mcp > > # The rest of these options are clones of the equivalent spam options > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver I suspect you mean "delete" and not "deliver". > High Scoring MCP Actions = delete > Bounce MCP As Attachment = no > > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?!} > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = yes > Detailed MCP Report = yes > Include Scores In MCP Report = yes > Log MCP = yes > > I am seeing as expected in the logs: > > May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 > from > 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- > Checker > (score=10, required 1, PROLO_GMCP24 10.00) > > BUT I am not seeing in the logs the expected > > ...MCP Actions: message j4I9gwgT004139 actions are delete > > although the message does not appear to be delivered according to the > logs. > > I am running MS 4.41.3-1. > > NOTE: I am doing the Sober.Q filtering with MCP rather than normal > spam > filtering because we whitelist from spam tagging some domains from > which > the Sober.Q messages apparently originate. > > > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed May 18 11:44:40 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:39 2006 Subject: MCP logging action question Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 18 May 2005 11:03 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MCP logging action question > >On 18 May 2005, at 10:57, Quentin Campbell wrote: > >> Am using MCP facility for first time to deal with "German" spam from >> Sober.Q worm. >> >> In MailScanner.conf have: >> >> MCP Checks = yes >> >> # Do the spam checks first, or the MCP checks first? >> # This cannot be the filename of a ruleset, only a fixed value. >> First Check = mcp >> >> # The rest of these options are clones of the equivalent spam options >> MCP Required SpamAssassin Score = 1 >> MCP High SpamAssassin Score = 10 >> MCP Error Score = 1 >> >> MCP Header = X-%org-name%-MailScanner-MCPCheck: >> Non MCP Actions = deliver >> MCP Actions = deliver > >I suspect you mean "delete" and not "deliver". I only want "delete" action if MCP score >= 10. Otherwise deliver. I thought that is what I have specified? > >> High Scoring MCP Actions = delete >> Bounce MCP As Attachment = no >> >> MCP Modify Subject = yes >> MCP Subject Text = {MCP?} >> High Scoring MCP Modify Subject = yes >> High Scoring MCP Subject Text = {MCP?!} >> >> Is Definitely MCP = no >> Is Definitely Not MCP = no >> Definite MCP Is High Scoring = no >> Always Include MCP Report = yes >> Detailed MCP Report = yes >> Include Scores In MCP Report = yes >> Log MCP = yes >> >> I am seeing as expected in the logs: >> >> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 >> from >> 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- >> Checker >> (score=10, required 1, PROLO_GMCP24 10.00) >> >> BUT I am not seeing in the logs the expected >> >> ...MCP Actions: message j4I9gwgT004139 actions are delete >> >> although the message does not appear to be delivered according to the >> logs. >> >> I am running MS 4.41.3-1. >> >> NOTE: I am doing the Sober.Q filtering with MCP rather than normal >> spam >> filtering because we whitelist from spam tagging some domains from >> which >> the Sober.Q messages apparently originate. >> >> >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> >---------------------------------------------------------------------- >> -- >> "Any opinion expressed above is mine. The University can get >its own." >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 11:52:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:39 2006 Subject: MCP logging action question Message-ID: On 18 May 2005, at 11:44, Quentin Campbell wrote: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 18 May 2005 11:03 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MCP logging action question >> >> On 18 May 2005, at 10:57, Quentin Campbell wrote: >> >> >>> Am using MCP facility for first time to deal with "German" spam from >>> Sober.Q worm. >>> >>> In MailScanner.conf have: >>> >>> MCP Checks = yes >>> >>> # Do the spam checks first, or the MCP checks first? >>> # This cannot be the filename of a ruleset, only a fixed value. >>> First Check = mcp >>> >>> # The rest of these options are clones of the equivalent spam >>> options >>> MCP Required SpamAssassin Score = 1 >>> MCP High SpamAssassin Score = 10 >>> MCP Error Score = 1 >>> >>> MCP Header = X-%org-name%-MailScanner-MCPCheck: >>> Non MCP Actions = deliver >>> MCP Actions = deliver >>> >> >> I suspect you mean "delete" and not "deliver". >> > > I only want "delete" action if MCP score >= 10. Otherwise deliver. I > thought that is what I have specified? But what score have you attached to your MCP rule(s)? > > >> >> >>> High Scoring MCP Actions = delete >>> Bounce MCP As Attachment = no >>> >>> MCP Modify Subject = yes >>> MCP Subject Text = {MCP?} >>> High Scoring MCP Modify Subject = yes >>> High Scoring MCP Subject Text = {MCP?!} >>> >>> Is Definitely MCP = no >>> Is Definitely Not MCP = no >>> Definite MCP Is High Scoring = no >>> Always Include MCP Report = yes >>> Detailed MCP Report = yes >>> Include Scores In MCP Report = yes >>> Log MCP = yes >>> >>> I am seeing as expected in the logs: >>> >>> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 >>> from >>> 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- >>> Checker >>> (score=10, required 1, PROLO_GMCP24 10.00) >>> >>> BUT I am not seeing in the logs the expected >>> >>> ...MCP Actions: message j4I9gwgT004139 actions are delete >>> >>> although the message does not appear to be delivered according to >>> the >>> logs. >>> >>> I am running MS 4.41.3-1. >>> >>> NOTE: I am doing the Sober.Q filtering with MCP rather than normal >>> spam >>> filtering because we whitelist from spam tagging some domains from >>> which >>> the Sober.Q messages apparently originate. >>> >>> >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> >>> >> --------------------------------------------------------------------- >> - >> >>> -- >>> "Any opinion expressed above is mine. The University can get >>> >> its own." >> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 18 13:25:13 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:39 2006 Subject: {SPAM?} Re: {Spam?} Re: Auslaenderpolitik Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> KNowing nothing about creating own rulesets, does the following format >> have any advantages over your format? Could either be faster? Yours is >> easier to read, but took more lines to write. (the first line is one >> line its been wrapped) >> >> header SOBER_Q_SUBJECT Subject =~ /4,8 Mill\. Osteuropaeer durch >> Fischer-Volmer Erlass|Auf Streife durch den Berliner Wedding|Auslaender >> bevorzugt|Deutsche Buerger trauen sich nicht > > > This is actually slower, since it has to do some regexp on this rule alone > again... > > Bye, > Raymond Cool thanks What about these ones? http://www.viruswatch.nl/info/soberq_filter.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Wed May 18 13:29:08 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:29:39 2006 Subject: {Spam?} Re: Auslaenderpolitik Message-ID: Pete Russell asked: > What about these ones? > http://www.viruswatch.nl/info/soberq_filter.html Try these ones: http://weir.dattitu.de/archives/9-Filtering-Sober-P.html Catches them all, zero false positives so far. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed May 18 13:34:08 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Where should I place the rules that are found here? http://mailscanner.prolocation.net/german.cf Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Wed May 18 13:44:18 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: > Where should I place the rules that are found here? > > http://mailscanner.prolocation.net/german.cf depends how you have implemented SPAM control. Because I don't have spamasssasin I have rewritten it a little. Now I can use it direct by our Postfix mailserver (header_checks): # ---------------------------------------------------------------------- # machines infected by sober sending german political spam # ---------------------------------------------------------------------- /^Subject:.*here comes your text1 you don't like/ REJECT Header Spam Rule x.y /^Subject:.*here comes your text2 you don't like/ REJECT Header Spam Rule x.y Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed May 18 13:46:36 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:39 2006 Subject: underline in mailheader Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, anyone know about problems with underscore in mailheaders ? from a external contact i heard they cant get mail from our mailscanner because we use underscores in our mailheader (%org-name%). dont know that mutch about the rfc but ive never heard something like that greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed May 18 13:47:20 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Beat Jucker wrote: >>Where should I place the rules that are found here? >> >>http://mailscanner.prolocation.net/german.cf >> >> > >depends how you have implemented SPAM control. Because I don't have >spamasssasin I have rewritten it a little. Now I can use it direct >by our Postfix mailserver (header_checks): > > # ---------------------------------------------------------------------- > # machines infected by sober sending german political spam > # ---------------------------------------------------------------------- > /^Subject:.*here comes your text1 you don't like/ REJECT Header Spam Rule x.y > /^Subject:.*here comes your text2 you don't like/ REJECT Header Spam Rule x.y > >Regards >-- Beat > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > I'm using SpamAssassin 3.02 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Wed May 18 13:45:27 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: Find where "SpamAssassin Site Rules Dir" i.e. /etc/mail/spamassassin Put the .cf file in there and restart MailScanner. I learned this yesterday myself, thanks to Julian's book!!! Regards, Diane -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green Sent: Wednesday, May 18, 2005 7:34 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: german spam rules Hello, Where should I place the rules that are found here? http://mailscanner.prolocation.net/german.cf Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Wed May 18 13:53:52 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rod, Great, Thank you....! I have had a lot of users complaining about this spam. I downloaded these rules and place the file in /etc/mail/spamassassin and restarted MailScanner. Works great, I've seen a few get caught and deleted already...! Thanks again. Ryan Pitt IT Manager Marino Crane Service Corp. Tel. (860)347-0827 Fax. (860)347-9871 Rodney Green wrote: > Hello, > > Where should I place the rules that are found here? > > http://mailscanner.prolocation.net/german.cf > > Thanks, > Rod > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed May 18 13:53:25 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:39 2006 Subject: german spam rules Message-ID: I put mine in /usr/share/spamassassin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green Sent: Wednesday, May 18, 2005 7:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: german spam rules Beat Jucker wrote: >>Where should I place the rules that are found here? >> >>http://mailscanner.prolocation.net/german.cf >> >> > >depends how you have implemented SPAM control. Because I don't have >spamasssasin I have rewritten it a little. Now I can use it direct by >our Postfix mailserver (header_checks): > > # > ---------------------------------------------------------------------- > # machines infected by sober sending german political spam # > ---------------------------------------------------------------------- > /^Subject:.*here comes your text1 you don't like/ REJECT Header Spam > Rule x.y /^Subject:.*here comes your text2 you don't like/ REJECT > Header Spam Rule x.y > >Regards >-- Beat > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > I'm using SpamAssassin 3.02 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 13:52:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:39 2006 Subject: underline in mailheader Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yes, not a valid character for mail headers most MTA's don't mind but Novell's (I think) does. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dörfler Andreas wrote: > hi there, > > anyone know about problems with underscore in mailheaders ? > > from a external contact i heard they cant get mail from > our mailscanner because we use underscores in our mailheader > (%org-name%). > > dont know that mutch about the rfc but ive never heard something > like that > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed May 18 13:53:43 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I'm trying local.cf to see if that will work okay. Diane Rolland wrote: >Find where "SpamAssassin Site Rules Dir" i.e. /etc/mail/spamassassin > >Put the .cf file in there and restart MailScanner. > >I learned this yesterday myself, thanks to Julian's book!!! > >Regards, >Diane > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Rodney Green >Sent: Wednesday, May 18, 2005 7:34 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: german spam rules > >Hello, > >Where should I place the rules that are found here? > >http://mailscanner.prolocation.net/german.cf > >Thanks, >Rod > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Wed May 18 14:00:02 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: You can just put the german.cf file in that directory; Mailscanner will use any .cf files located there. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green Sent: Wednesday, May 18, 2005 7:54 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: german spam rules Thanks. I'm trying local.cf to see if that will work okay. Diane Rolland wrote: >Find where "SpamAssassin Site Rules Dir" i.e. /etc/mail/spamassassin > >Put the .cf file in there and restart MailScanner. > >I learned this yesterday myself, thanks to Julian's book!!! > >Regards, >Diane > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Rodney Green >Sent: Wednesday, May 18, 2005 7:34 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: german spam rules > >Hello, > >Where should I place the rules that are found here? > >http://mailscanner.prolocation.net/german.cf > >Thanks, >Rod > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed May 18 13:56:26 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:40 2006 Subject: MCP logging action question Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 18 May 2005 11:53 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MCP logging action question > >On 18 May 2005, at 11:44, Quentin Campbell wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 18 May 2005 11:03 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: MCP logging action question >>> >>> On 18 May 2005, at 10:57, Quentin Campbell wrote: >>> >>> >>>> Am using MCP facility for first time to deal with "German" >spam from >>>> Sober.Q worm. >>>> >>>> In MailScanner.conf have: >>>> >>>> MCP Checks = yes >>>> >>>> # Do the spam checks first, or the MCP checks first? >>>> # This cannot be the filename of a ruleset, only a fixed value. >>>> First Check = mcp >>>> >>>> # The rest of these options are clones of the equivalent spam >>>> options >>>> MCP Required SpamAssassin Score = 1 >>>> MCP High SpamAssassin Score = 10 >>>> MCP Error Score = 1 >>>> >>>> MCP Header = X-%org-name%-MailScanner-MCPCheck: >>>> Non MCP Actions = deliver >>>> MCP Actions = deliver >>>> >>> >>> I suspect you mean "delete" and not "deliver". >>> >> >> I only want "delete" action if MCP score >= 10. Otherwise deliver. I >> thought that is what I have specified? > >But what score have you attached to your MCP rule(s)? The score is 10 on each rules. This was shown in the log extract I provided below. This shows that the "Message ... is MCP ..." with a score of 10. > >> > >> >>> >>> >>>> High Scoring MCP Actions = delete >>>> Bounce MCP As Attachment = no >>>> >>>> MCP Modify Subject = yes >>>> MCP Subject Text = {MCP?} >>>> High Scoring MCP Modify Subject = yes >>>> High Scoring MCP Subject Text = {MCP?!} >>>> >>>> Is Definitely MCP = no >>>> Is Definitely Not MCP = no >>>> Definite MCP Is High Scoring = no >>>> Always Include MCP Report = yes >>>> Detailed MCP Report = yes >>>> Include Scores In MCP Report = yes >>>> Log MCP = yes >>>> >>>> I am seeing as expected in the logs: >>>> >>>> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 >>>> from >>>> 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- >>>> Checker >>>> (score=10, required 1, PROLO_GMCP24 10.00) >>>> >>>> BUT I am not seeing in the logs the expected >>>> >>>> ...MCP Actions: message j4I9gwgT004139 actions are delete >>>> >>>> although the message does not appear to be delivered according to >>>> the >>>> logs. >>>> >>>> I am running MS 4.41.3-1. >>>> >>>> NOTE: I am doing the Sober.Q filtering with MCP rather than normal >>>> spam >>>> filtering because we whitelist from spam tagging some domains from >>>> which >>>> the Sober.Q messages apparently originate. >>>> >>>> >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> >>>> >>> >--------------------------------------------------------------------- >>> - >>> >>>> -- >>>> "Any opinion expressed above is mine. The University can get >>>> >>> its own." >>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 14:04:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: Bad idea that dir will get deleted when you upgrade SA. The default place for site rules is normally /etc/mail/spamassassin and there should already be a local.cf in there to start with (and on 3.x an init.pre) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Kercher wrote: > I put mine in /usr/share/spamassassin > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Rodney Green > Sent: Wednesday, May 18, 2005 7:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: german spam rules > > Beat Jucker wrote: > > >>>Where should I place the rules that are found here? >>> >>>http://mailscanner.prolocation.net/german.cf >>> >>> >> >>depends how you have implemented SPAM control. Because I don't have >>spamasssasin I have rewritten it a little. Now I can use it direct by >>our Postfix mailserver (header_checks): >> >> # >>---------------------------------------------------------------------- >> # machines infected by sober sending german political spam # >>---------------------------------------------------------------------- >> /^Subject:.*here comes your text1 you don't like/ REJECT Header Spam >>Rule x.y /^Subject:.*here comes your text2 you don't like/ REJECT >>Header Spam Rule x.y >> >>Regards >>-- Beat >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > > I'm using SpamAssassin 3.02 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed May 18 14:09:30 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just added it the file to the directory /etc/mail/spamassassin. There are just so many places to add rules that I wasn't sure which to use. Martin Hepworth wrote: > Bad idea > > that dir will get deleted when you upgrade SA. > > The default place for site rules is normally /etc/mail/spamassassin and > there should already be a local.cf in there to start with (and on 3.x an > init.pre) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Mike Kercher wrote: > >> I put mine in /usr/share/spamassassin >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf >> Of Rodney Green >> Sent: Wednesday, May 18, 2005 7:47 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: german spam rules >> >> Beat Jucker wrote: >> >> >>>> Where should I place the rules that are found here? >>>> >>>> http://mailscanner.prolocation.net/german.cf >>>> >>>> >>> >>> depends how you have implemented SPAM control. Because I don't have >>> spamasssasin I have rewritten it a little. Now I can use it direct by >>> our Postfix mailserver (header_checks): >>> >>> # >>> ---------------------------------------------------------------------- >>> # machines infected by sober sending german political spam # >>> ---------------------------------------------------------------------- >>> /^Subject:.*here comes your text1 you don't like/ REJECT Header Spam >>> Rule x.y /^Subject:.*here comes your text2 you don't like/ REJECT >>> Header Spam Rule x.y >>> >>> Regards >>> -- Beat >>> >>> ------------------------ MailScanner list ------------------------ To >>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> >> >> I'm using SpamAssassin 3.02 >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Wed May 18 14:19:39 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 18/05/2005 13:34, Rodney Green wrote: > Where should I place the rules that are found here? > > http://mailscanner.prolocation.net/german.cf On my RHEL 3 box I did: cd /etc/mail/spamassassin wget http://mailscanner.prolocation.net/german.cf /etc/init.d/MailScanner reload Regards, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed May 18 14:43:50 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:29:40 2006 Subject: OT: clustering or separate config databaseserver Message-ID: Hi Just wondered if someone have managed to get some kind of cluster running so all changes is config files, whitelists, accesfiles etc only need to be managed from one point. I guess another solution would be a seperate server having all that inf in a sql/ldap server. What are your prefered method? What happens if the datebase/ldap server shuts down? Is the config casched on the server? /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed May 18 15:38:34 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: Quick verification on load average if I may. I do not understand how those numbers work. They appear not to be percent usage. How do the load average numbers work? On my mailwatch, my usually is around .60-1.4 Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: Patrick Chan [mailto:patrickchan@GOODMARK.COM.CN] > Sent: Wednesday, May 18, 2005 2:42 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Machine slow > > Hi all, > > I'm using Redhat 9.0 + MailScanner 4.31.6 + clamav 0.83 > I've used MailScanner for a year. Recently, I find that my machine is very > slow. > Load average is over 4.0. My users can't receive mail via ipop3d because > from the result of command "top", the CPU resource is used up by > MailScanner. > > When I stop using MailScanner (simply just using sendmail and procmail to > block certain file extension), the speed becomes normal, load average > drops back to below 1.0 > > I checked maillog, there are many such messages: > MailScanner[8280]: New Batch: Found 31 messages waiting > > But those 31 messages are not the mails for my users. Those mails seem to > be spam mails. > > Is there any good solution for this situation? Thanks very much in > advance. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcampbell at ITCONVERGENCE.COM Wed May 18 15:45:32 2005 From: mcampbell at ITCONVERGENCE.COM (Mark Campbell) Date: Thu Jan 12 21:29:40 2006 Subject: Support for other languages Message-ID: Hey Guys, I'm having more and more legitimate emails from countries that are non English speaking based, such as the following pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SUB_HELLO Subject starts with "Hello" 1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers 0.1 HTML_80_90 BODY: Message is 80 HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 0.1 MSGID_FROM_MTA_HEADER Message-Id was added by a relay 0.5 HTML_CHARSET_FARAWAY A foreign language charset used in HTML markup 2.5 MIME_CHARSET_FARAWAY MIME character set indicates foreign language Is there a way to specify a list of valid languages or should I just configure spamassassin to set the FARAWAY rules to a lower spam score? Thanks for any advise. Mark Mark Campbell -- IT Convergence OS Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 18 15:48:41 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: Billy A. Pumphrey wrote: > Quick verification on load average if I may. > > I do not understand how those numbers work. They appear not to be > percent usage. > > How do the load average numbers work? > On my mailwatch, my usually is around .60-1.4 > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > (snip) The "load factors" are perhaps the most abused "performance statistics" around... They're just the CPU run queue size (+ running jobs) averages calculated for 1, 5 and 15 minutes. Nice to know and a quick indicator, but nothing else. For example: on a one CPU system a load of 2 might be less than desirable, while on a system with 4 CPUs it shows two CPUs idling away... So one needs weigh the system as a whole when determining if a certain load is fine or not. If you're on Linux or Solaris I'd recommend the very goo Swordfish book from o'reilly (System Perfomance Tuning). An excellent read. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed May 18 15:43:42 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:40 2006 Subject: OT: Who is the Proper authorities? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a user who has received an email that has so upset her, she wants me to forward it to the Proper authorities to have it investigated. I am in the US, if that matters. Can anyone give me some insight as to a good way to handle this? I have not yet looked at the reason MS did not catch it as I don't have the email yet. Thanks for any help. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 18 16:01:01 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:40 2006 Subject: Support for other languages Message-ID: Mark Campbell wrote: > Hey Guys, > > I'm having more and more legitimate emails from countries that are non > English speaking based, such as the following > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 SUB_HELLO Subject starts with "Hello" > 1.7 MSGID_FROM_MTA_ID Message-Id for external message added > locally > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 0.1 HTML_80_90 BODY: Message is 80 HTML > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64 > encoding > 0.1 MSGID_FROM_MTA_HEADER Message-Id was added by a relay > 0.5 HTML_CHARSET_FARAWAY A foreign language charset used in HTML > markup > 2.5 MIME_CHARSET_FARAWAY MIME character set indicates foreign > language > > > Is there a way to specify a list of valid languages or should I just > configure spamassassin to set the FARAWAY rules to a lower spam score? > > Thanks for any advise. > > Mark > > Mark Campbell If they cannot be bothered to even add a valid message ID header, why should you care?-):-) You could of course "disable" the FARAWAY rules by settin the score to 0, or "whitelist" 'em (either in MS proper, or by identifying the senders and adding a rule with a negative score for 'em). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 16:07:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: It's not quite that bad. The SpamAss milter thingy score was -3.1, not 3.1. On 18 May 2005, at 15:57, Craig White wrote: > I am having a hell of a time with a system that I upgraded. > > I know that I shouldn't be doing this but...I am currently running > both > spamass-milter and MailScanner until this weekend when I plan to > remove > all spamassassin and MailScanner stuff and re-install. > > But when a message comes through now...it is marked twice > > X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_50, > HTML_80_90,HTML_IMAGE_RATIO_08,HTML_MESSAGE autolearn=failed > version=3.0.3 > X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on > linserv2.mullenpr.com > X-Virus-Scanned: ClamAV 0.85.1/886/Wed May 18 03:32:36 2005 on > linserv2.mullenpr.com > X-Virus-Status: Clean > X-Mullen-MailScanner-Information: Please contact the ISP for more > information > X-Mullen-MailScanner: Found to be clean > X-Mullen-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 6, > autolearn=not spam) > > I am presuming that the first score of 3.1 relates to the spamass- > milter > scoring and the second score (0) is from MailScanner's invocation of > spamassassin. > > I am also experiencing corruption of the bayes db and that is a > separate > issue but if I don't have the spamass-milter on this week NOTHING is > marked as spam and I can't have that. > > Not that I expect anyone to solve this issue and I am going to > clean it > all out and start over and this was an upgrade from originally > MailScanner 4.25-14 to 4.41-3 and spamassassin (I think somewhere > in the > 2.64 range to 3.0.3) > > Craig > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brichter at INTERACCESS.COM Wed May 18 16:04:00 2005 From: brichter at INTERACCESS.COM (brichter) Date: Thu Jan 12 21:29:40 2006 Subject: OT: Getting bayes info from a seperate box(Spam trap of a sorrt) Message-ID: I figured there had to be someone doing something similar with MailScanner/Spam Assassin so I figured I would start here. Has anyone setup another box with separate domain to help increase bayes scoring? What I was thinking of doing was setting up a separate box with Mail Scanner/Spam Assassin with an unused domain of ours. Put some email addresses for this unused domain out there (web sites, Usenet groups, get the ball rolling so to speak) so the Spammers get a hold of them and then somehow pipe ALL mail that comes into this spam trap domain as SPAM automatically into bayes that resides on this separate box. Then somehow share this bayes database with my 3 real Mail Scanner/Spam Assassin boxes that handle the valid email traffic for our real domains that receive mail. Would there be any issues since the destination domain on all the learned Spam would be different then the domains on the 3 real mail servers? Is this a bad idea, can you do a check against a bayes database but not do any learning? (I am thinking I would not want to have the 3 real mail servers updating against the spam trap db) If I did this, would I then want to just disable the bayes use on the 3 real mail servers and JUST have them compare against the spam trap bayes database. (I am assuming this would increase the efficiency of the 3 mail servers that would no longer maintain their own bayes databases, as they currently do) Waste of time? Or could this positively help fighting spam? Thanks for any feedback on this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed May 18 16:09:46 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:40 2006 Subject: Getting bayes info from a seperate box(Spam trap of a sorrt) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can share bayes and autowhitelist databases between various servers if you put them in MySql. Adri. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of brichter > Sent: 18 May, 2005 17:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Getting bayes info from a seperate box(Spam trap of a > sorrt) > > > I figured there had to be someone doing something similar with > MailScanner/Spam Assassin so I figured I would start here. > > Has anyone setup another box with separate domain to help > increase bayes > scoring? > > What I was thinking of doing was setting up a separate box with Mail > Scanner/Spam Assassin with an unused domain of ours. Put some email > addresses for this unused domain out there (web sites, Usenet > groups, get > the ball rolling so to speak) so the Spammers get a hold of > them and then > somehow pipe ALL mail that comes into this spam trap domain as SPAM > automatically into bayes that resides on this separate box. > > Then somehow share this bayes database with my 3 real Mail > Scanner/Spam > Assassin boxes that handle the valid email traffic for our > real domains > that receive mail. Would there be any issues since the > destination domain > on all the learned Spam would be different then the domains > on the 3 real > mail servers? > > Is this a bad idea, can you do a check against a bayes > database but not do > any learning? (I am thinking I would not want to have the 3 real mail > servers updating against the spam trap db) > > If I did this, would I then want to just disable the bayes > use on the 3 > real mail servers and JUST have them compare against the spam > trap bayes > database. (I am assuming this would increase the efficiency > of the 3 mail > servers that would no longer maintain their own bayes > databases, as they > currently do) > > Waste of time? Or could this positively help fighting spam? > > Thanks for any feedback on this. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 18 16:20:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: On 18 May 2005, at 15:48, Steen, Glenn wrote: > Billy A. Pumphrey wrote: > >> Quick verification on load average if I may. >> >> I do not understand how those numbers work. They appear not to be >> percent usage. >> >> How do the load average numbers work? >> On my mailwatch, my usually is around .60-1.4 >> >> Billy Pumphrey >> IT Manager >> Wooden & McLaughlin >> >> > (snip) > > The "load factors" are perhaps the most abused "performance > statistics" > around... They're just the CPU run queue size (+ running jobs) > averages > calculated for 1, 5 and 15 minutes. Nice to know and a quick > indicator, > but nothing else. > > For example: on a one CPU system a load of 2 might be less than > desirable, > while on a system with 4 CPUs it shows two CPUs idling away... So one > needs weigh the system as a whole when determining if a certain > load is > fine or not. It's not as simple as that. Jobs can be in the run queue if they are waiting for disk or network response. So if you have 10 processes all waiting to do DNS lookup, for example, then you will have a load greater than 10, but totally idle CPU(s). This is why a busy MailScanner having a load of up to about 15 is nothing to worry about. It merely means there are 15 processes waiting for any of (a) CPU time (b) network response (c) disk i/o. And that is a very simple view of it. When the figure is over 1, it really doesn't tell you very much of any use at all. And all it tells you when it is less than 1 is that there is some time when your system is not doing anything. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed May 18 16:28:54 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:40 2006 Subject: Who is the Proper authorities? Message-ID: Steve, Bigger question is what was the content of the e-mail? Depending on that, then there's a wide variety of places to forward the e-mail for investigation. It could potentially be anything from your ISP/HSP service provider to eBay or a Bank or even the FTC or some other Gov't agency. Content in the key... David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Campbell > Sent: Wednesday, May 18, 2005 10:44 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Who is the Proper authorities? > > I have a user who has received an email that has so upset > her, she wants me to forward it to the Proper authorities to > have it investigated. I am in the US, if that matters. > > Can anyone give me some insight as to a good way to handle this? > > I have not yet looked at the reason MS did not catch it as I > don't have the email yet. > > Thanks for any help. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed May 18 16:39:33 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:40 2006 Subject: Who is the Proper authorities? Message-ID: Steve Campbell <> wrote: > I have a user who has received an email that has so upset her, she > wants me to forward it to the Proper authorities to have it > investigated. I am in the US, if that matters. > > Can anyone give me some insight as to a good way to handle this? > > I have not yet looked at the reason MS did not catch it as I don't > have the email yet. I know you don't have the email yet, but in order to help we need a bit more context. What is the nature of this email? Is it threatening? Simply pornographic? Is it untargeted spam, or did some individual target your user? Something else entirely? It's quite possible that *you* are the proper authority (scary thought, eh?) If this is something deserving attention you will most likely need to file a report with your local police and they will get the ball rolling. If this was a personal threat to your user then she will be better off if she files a police report, if she didn't forward it to you then you wouldn't have known about it -- you're not exactly a witness. Your may wish to offer your server logs (with a proper warrant or subpoena, of course.) On rare occasions your local police will be unable (or unwilling) do to anything about it, and in that case you should escalate it to the FBI (if you think it is really something that needs to be addressed.) If it's just regular-old-spam and your user is just a ninny -- you probably can't do anything more than you are now. That being said, I've had users threaten me with physical violence because they've received multiple copies of an email newsletter that they signed up for. The moral of the story is that users are weird and should most likely be locked up, or at the very least ignored 99% of the time. HTH, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 16:54:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: Craig make sure you have Detailed Spam Report = yes in MailScanner.conf and you'll see what rules it's hitting.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Craig White wrote: > On Wed, 2005-05-18 at 16:07 +0100, Julian Field wrote: > >>It's not quite that bad. The SpamAss milter thingy score was -3.1, >>not 3.1. >> > > ---- > ok - that one perhaps but I have this one, where spamass-milter thingy > score was 6.8 and MailScanner invocation still shows a score of 0 (which > is why I turned the spamass-milter thingy back on > > X-Spam-Flag: YES > X-Spam-Status: Yes, score=6.8 required=5.0 tests=ADDRESS_IN_SUBJECT, > > ALL_TRUSTED,BAYES_99,EXCUSE_3,EXCUSE_7,EXCUSE_REMOVE,HTML_90_100, > HTML_IMAGE_ONLY_24,HTML_IMAGE_RATIO_02,HTML_MESSAGE, > MARKETING_PARTNERS,URIBL_SBL,URIBL_WS_SURBL autolearn=no > version=3.0.3 > X-Spam-Report: > * 1.8 ADDRESS_IN_SUBJECT To: address appears in Subject > * -3.3 ALL_TRUSTED Did not pass through any untrusted hosts > * 0.1 EXCUSE_3 BODY: Claims you can be removed from the list > * 0.0 EXCUSE_7 BODY: Claims you can be removed from the list > * 1.4 MARKETING_PARTNERS BODY: Claims you registered with a > partner > * 0.3 EXCUSE_REMOVE BODY: Talks about how to be removed from > mailings > * 0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to > image area > * 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML > * 0.5 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 > bytes of words > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > * [score: 0.9983] > * 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist > * [URIs: datdir.com 1100i.com] > * 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > * [URIs: 1100i.com] > X-Spam-Level: ****** > X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on > linserv2.mullenpr.com > X-Virus-Scanned: ClamAV 0.85.1/884/Tue May 17 15:14:26 2005 on > linserv2.mullenpr.com > X-Virus-Status: Clean > X-Mullen-MailScanner-Information: Please contact the ISP for more > information > X-Mullen-MailScanner: Found to be clean > X-Mullen-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 6, > autolearn=not spam) > X-Mullen-MailScanner-From: > 1zyz3mxevirzfllqmqtcbxq9yfjsmlcd7@159651.reply.datdir.com > > Craig > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed May 18 16:53:33 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:40 2006 Subject: Who is the Proper authorities? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks all, I have reviewed the email that sparked this discussion, and find the email itself was not very bad (compared to some I review). Unfortunately, this request was from a pregnant lady who may have been more upset than usual, although I don't feel any of this is OK. The content was about "private youngest teenagers" and a link to the site. We received 11 of these, and only one slipped through to a user due to the RBLs not having this particular site listed. All of them were of course from different domains and IPs. I was mostly wanting to know how to proceed when something worthy of reporting occurs, and the concensus is the local police. I doubt if our local police handle any of this on a regular basis, with the size of our city here being what it is, but still, it is a good start to let it find it's own way. After showing her our list of dropped mail, she feels a little better now. So thanks to all who replied and for MS/SA itself for stopping 98% of these. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Wed May 18 17:03:36 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:29:40 2006 Subject: SpamAssassin still isn't upgraded Message-ID: Yes, and I was 100% sure that my other boxes did not have multiple perl installations either. [root@ms]# /usr/bin/perl -v This is perl, v5.8.5 built for i386-linux-thread-multi [root@ms]# perl -v This is perl, v5.8.5 built for i386-linux-thread-multi Strange isn't it? On Wed, 18 May 2005, Julian Field wrote: > Usual cause is multiple perl installations. > > Does > /usr/bin/perl -v > report the same as > perl -v > ? > > On 18 May 2005, at 10:33, Remco Barendse wrote: > >> Hi! >> >> I recently did a complete new install of CentOS 4 and SA 3.02 >> >> I tried using the MS tarball to upgrade to SpamAss 3.03 but again >> the script >> reports I already have 3.03 installed whereas MailScanner -v really >> shows that >> 3.02 is installed. >> >> Any ideas why this problem keeps coming up? >> >> Thanks! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed May 18 16:51:35 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: Craig White <> wrote: > autolearn=not spam) I haven't been following closely, but I suspect this might have something to do with it. And this isn't cagey sarcasm either, I just suspect that it might and I don't know the exact mechanics. Hopefully that doesn't point you down a road that takes you nowhere, though. Good luck, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From psolanky at WS.K12.NY.US Wed May 18 16:59:09 2005 From: psolanky at WS.K12.NY.US (Solanky, Prayer S.) Date: Thu Jan 12 21:29:40 2006 Subject: MailScanner Version Message-ID: Hi everyone, Can someone please tell me how one would going about finding which version of MailScanner is running on a server? Thanks, Prayer - - - - - - - - - - - - - - - - - - - - Prayer S. Solanky Washingtonville Schools 54 West Main Street Washingtonville, NY Voice : 845.497.2200 x24544 Fax : 845.497.4015 www.ws.k12.ny.us ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed May 18 17:23:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:40 2006 Subject: OT: clustering or separate config databaseserver Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: > Hi > Just wondered if someone have managed to get some kind of cluster > running so all changes is config files, whitelists, accesfiles etc only > need to be managed from one point. > I guess another solution would be a seperate server having all that inf > in a sql/ldap server. > > What are your prefered method? > What happens if the datebase/ldap server shuts down? Is the config > casched on the server? > > /Anders A simple 'grep -ir ldap /etc/MailScanner/* & 'grep -ir ldap /usr/lib/MailScanner/*' will get you started in a way. Other than that you could search the mailing list archives for 'ldap' & 'ldif' i'd interested as well if you could figure it all out and put up a howto on the wiki, since currently none (that i know of) exists. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 17:33:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: MailScanner Version Message-ID: Prayer if it's after 4.31 then MailScanner -v will tell you.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Solanky, Prayer S. wrote: > Hi everyone, > > > > Can someone please tell me how one would going about finding which > version of MailScanner is running on a server? > > > > Thanks, > > Prayer > > > > > > > > - - - - - - - - - - - - - - - - - - - - > > Prayer S. Solanky > > **Washingtonville Schools** > > 54 West Main Street > > Washingtonville, NY > > Voice : 845.497.2200 x24544 > > Fax : 845.497.4015 > > www.ws.k12.ny.us > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From psolanky at WS.K12.NY.US Wed May 18 17:36:14 2005 From: psolanky at WS.K12.NY.US (Solanky, Prayer S.) Date: Thu Jan 12 21:29:40 2006 Subject: MailScanner Version Message-ID: Nice, thank you very much. Prayer -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Wednesday, May 18, 2005 12:33 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Version Prayer if it's after 4.31 then MailScanner -v will tell you.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Solanky, Prayer S. wrote: > Hi everyone, > > > > Can someone please tell me how one would going about finding which > version of MailScanner is running on a server? > > > > Thanks, > > Prayer > > > > > > > > - - - - - - - - - - - - - - - - - - - - > > Prayer S. Solanky > > **Washingtonville Schools** > > 54 West Main Street > > Washingtonville, NY > > Voice : 845.497.2200 x24544 > > Fax : 845.497.4015 > > www.ws.k12.ny.us > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed May 18 17:41:42 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Patrick, Are you using RBL's? Looks like you are listed, maybe that is why? Thanks, Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Patrick Chan Sent: Wednesday, May 18, 2005 2:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: {Spam?} Machine slow The Cracker Barrel Email Firewall believes that the attachment to this message sent to you From: owner-mailscanner@jiscmail.ac.uk Subject: Machine slow is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to MailScanner@crackerbarrel.com. pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [61.145.153.148 listed in dnsbl.sorbs.net] 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [] Hi all, I'm using Redhat 9.0 + MailScanner 4.31.6 + clamav 0.83 I've used MailScanner for a year. Recently, I find that my machine is very slow. Load average is over 4.0. My users can't receive mail via ipop3d because from the result of command "top", the CPU resource is used up by MailScanner. When I stop using MailScanner (simply just using sendmail and procmail to block certain file extension), the speed becomes normal, load average drops back to below 1.0 I checked maillog, there are many such messages: MailScanner[8280]: New Batch: Found 31 messages waiting But those 31 messages are not the mails for my users. Those mails seem to be spam mails. Is there any good solution for this situation? Thanks very much in advance. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Wed May 18 17:44:07 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: FWIW - it is set to yes Craig On Wed, 2005-05-18 at 16:54 +0100, Martin Hepworth wrote: > Craig > > make sure you have > > Detailed Spam Report = yes > > in MailScanner.conf and you'll see what rules it's hitting.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Craig White wrote: > > On Wed, 2005-05-18 at 16:07 +0100, Julian Field wrote: > > > >>It's not quite that bad. The SpamAss milter thingy score was -3.1, > >>not 3.1. > >> > > > > ---- > > ok - that one perhaps but I have this one, where spamass-milter thingy > > score was 6.8 and MailScanner invocation still shows a score of 0 (which > > is why I turned the spamass-milter thingy back on > > > > X-Spam-Flag: YES > > X-Spam-Status: Yes, score=6.8 required=5.0 tests=ADDRESS_IN_SUBJECT, > > > > ALL_TRUSTED,BAYES_99,EXCUSE_3,EXCUSE_7,EXCUSE_REMOVE,HTML_90_100, > > HTML_IMAGE_ONLY_24,HTML_IMAGE_RATIO_02,HTML_MESSAGE, > > MARKETING_PARTNERS,URIBL_SBL,URIBL_WS_SURBL autolearn=no > > version=3.0.3 > > X-Spam-Report: > > * 1.8 ADDRESS_IN_SUBJECT To: address appears in Subject > > * -3.3 ALL_TRUSTED Did not pass through any untrusted hosts > > * 0.1 EXCUSE_3 BODY: Claims you can be removed from the list > > * 0.0 EXCUSE_7 BODY: Claims you can be removed from the list > > * 1.4 MARKETING_PARTNERS BODY: Claims you registered with a > > partner > > * 0.3 EXCUSE_REMOVE BODY: Talks about how to be removed from > > mailings > > * 0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to > > image area > > * 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML > > * 0.5 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 > > bytes of words > > * 0.0 HTML_MESSAGE BODY: HTML included in message > > * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > > * [score: 0.9983] > > * 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist > > * [URIs: datdir.com 1100i.com] > > * 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > > blocklist > > * [URIs: 1100i.com] > > X-Spam-Level: ****** > > X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on > > linserv2.mullenpr.com > > X-Virus-Scanned: ClamAV 0.85.1/884/Tue May 17 15:14:26 2005 on > > linserv2.mullenpr.com > > X-Virus-Status: Clean > > X-Mullen-MailScanner-Information: Please contact the ISP for more > > information > > X-Mullen-MailScanner: Found to be clean > > X-Mullen-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > > required 6, > > autolearn=not spam) > > X-Mullen-MailScanner-From: > > 1zyz3mxevirzfllqmqtcbxq9yfjsmlcd7@159651.reply.datdir.com > > > > Craig > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Wed May 18 17:52:12 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:40 2006 Subject: Need Recommendations - Problem resovled Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for all of your suggestions... Once I setup the local caching name server on my MX servers mail is routing as expected. No more delays :-) I apologize for the delay on my feedback. Thanks, Derek Mike Kercher wrote: >I would HIGHLY recommend a local caching nameserver on your MX boxen. You >might also consider using the clamavmodule instead of straight clamav. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Derek Catanzaro >Sent: Wednesday, May 04, 2005 12:01 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Need Recommendations > >2 MX servers with the following > >Dual 933Mhz 1 Gig of memory >FC1 (mailscanner and spamassassin need to be upgraded) >mailscanner-4.31.6-1 >spamassassin-2.63 > >1.7Mhz 512 Memory (desktop) >FC2 >mailscanner-4.40.11-1 >spamassassin-3.0.2-1 > >I am experiencing a slow down in the delivery/processing of email on my >MailScanner servers. I receive roughly 50,000 emails on a daily basis and >if there is a delay in the processing of any emails it can get backed up >very quickly. I'm not sure if it is a DNS timing issue?, would anyone >recommend using local DNS in this case, or does anyone use it and have they >seen improvements? Can anyone recommend anything in the MailScanner.conf >file that may help? > >I have "Max children" set to 10 on the server with dual process and 5 on the >server with one processor, and "queue scan interval" is set to 6 on both >servers as well. I am using Clamav as my virus scanner. Please let me know >if you need additional info, and thanks in advance for your assistance. > >Derek > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed May 18 17:56:04 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:40 2006 Subject: [Semi OT] Who is the Proper authorities? Message-ID: Steve, Sadly even I get quite a few 'detailed' e-mails that pass by filters and all the methods we use to block those types of mail. Some with pictures that contain 'stars' which barely cover portions of those pics and are severely borderline on pure porn. Unfortunately there isn't much we as providers can do beyond snagging the first few and trying to use things like Mailwatch/SpanAssassin to block them out. But those who send it constantly look for new ways to spew the garbage and it keeps on coming. On the 'authorities' side, best you could do there is work with your clients to react to stuff that slips through the system if it contains items that are illegal in some form. It's tricky, most of what people find objectionable isn't illegal, thus there isn't much in the way of recourse. If you do find links or clues in them that could be persued, then you're looking at manhours spent to resolve the issue and if that's profitable for you as the ISP/HSP. Now, that being said, then you have those free-speech nutballs who object to the fact you're blocking anything in the first place... 50% want the sludge and you not blocking, 50% never want to see it. It's a full Catch 22. So, my best suggestion from what we do is simply tighen up your Acceptable Use Policy and other Terms & Conditions. Our clearly states that when someone becomes a customer and has an e-mail account, they agree to our terms in mail handling. The Policy package includes all sorts of legal-eze stating we take a harder line stance on spam & mail transfers and that by accepting and using an account they agree to how we handle things. We do block a ton of overseas traffic as it's 99% garbage, so those who deal with people outside the US may have issues on mail transfer. Overall, since taking that CYA stance about 2 years ago we get 1-2 rare calls for opening up specific UK points that are 'kosher' and some other random points. We have also had 1-2 rare complaints, but we've pointed those to the Policies and it stops there. We've also provided GMail invites to those who really have an issue with restricted mail flow, never had negative feedback from that as well. So it's a format that's worked quite well for us. There's no way to make everyone happy, best you can do is cover yourself by placing your contractual agreement with your customers in a position where you have the most control and buffer zone against them trying to come back at you for a block or other problem. David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Campbell > Sent: Wednesday, May 18, 2005 11:54 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Who is the Proper authorities? > > > Thanks all, > > I have reviewed the email that sparked this discussion, and > find the email itself was not very bad (compared to some I review). > > Unfortunately, this request was from a pregnant lady who may > have been more upset than usual, although I don't feel any of > this is OK. The content was about "private youngest > teenagers" and a link to the site. We received 11 of these, > and only one slipped through to a user due to the RBLs not > having this particular site listed. All of them were of > course from different domains and IPs. > > I was mostly wanting to know how to proceed when something > worthy of reporting occurs, and the concensus is the local > police. I doubt if our local police handle any of this on a > regular basis, with the size of our city here being what it > is, but still, it is a good start to let it find it's own way. > > After showing her our list of dropped mail, she feels a > little better now. > > So thanks to all who replied and for MS/SA itself for > stopping 98% of these. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 18 17:51:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: Ah sorry you also need Always Include SpamAssassin Report = yes SpamScore Number Instead Of Stars = yes Spam Score Number Format = %5.2f so it will drop the scores/rule always and a in a sensible format -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Craig White wrote: > FWIW - it is set to yes > > Craig > > On Wed, 2005-05-18 at 16:54 +0100, Martin Hepworth wrote: > >>Craig >> >>make sure you have >> >>Detailed Spam Report = yes >> >>in MailScanner.conf and you'll see what rules it's hitting.. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Craig White wrote: >> >>>On Wed, 2005-05-18 at 16:07 +0100, Julian Field wrote: >>> >>> >>>>It's not quite that bad. The SpamAss milter thingy score was -3.1, >>>>not 3.1. >>>> >>> >>>---- >>>ok - that one perhaps but I have this one, where spamass-milter thingy >>>score was 6.8 and MailScanner invocation still shows a score of 0 (which >>>is why I turned the spamass-milter thingy back on >>> >>>X-Spam-Flag: YES >>>X-Spam-Status: Yes, score=6.8 required=5.0 tests=ADDRESS_IN_SUBJECT, >>> >>>ALL_TRUSTED,BAYES_99,EXCUSE_3,EXCUSE_7,EXCUSE_REMOVE,HTML_90_100, >>> HTML_IMAGE_ONLY_24,HTML_IMAGE_RATIO_02,HTML_MESSAGE, >>> MARKETING_PARTNERS,URIBL_SBL,URIBL_WS_SURBL autolearn=no >>>version=3.0.3 >>>X-Spam-Report: >>> * 1.8 ADDRESS_IN_SUBJECT To: address appears in Subject >>> * -3.3 ALL_TRUSTED Did not pass through any untrusted hosts >>> * 0.1 EXCUSE_3 BODY: Claims you can be removed from the list >>> * 0.0 EXCUSE_7 BODY: Claims you can be removed from the list >>> * 1.4 MARKETING_PARTNERS BODY: Claims you registered with a >>>partner >>> * 0.3 EXCUSE_REMOVE BODY: Talks about how to be removed from >>>mailings >>> * 0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to >>>image area >>> * 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML >>> * 0.5 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 >>>bytes of words >>> * 0.0 HTML_MESSAGE BODY: HTML included in message >>> * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% >>> * [score: 0.9983] >>> * 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist >>> * [URIs: datdir.com 1100i.com] >>> * 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL >>>blocklist >>> * [URIs: 1100i.com] >>>X-Spam-Level: ****** >>>X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on >>> linserv2.mullenpr.com >>>X-Virus-Scanned: ClamAV 0.85.1/884/Tue May 17 15:14:26 2005 on >>>linserv2.mullenpr.com >>>X-Virus-Status: Clean >>>X-Mullen-MailScanner-Information: Please contact the ISP for more >>>information >>>X-Mullen-MailScanner: Found to be clean >>>X-Mullen-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, >>>required 6, >>> autolearn=not spam) >>>X-Mullen-MailScanner-From: >>>1zyz3mxevirzfllqmqtcbxq9yfjsmlcd7@159651.reply.datdir.com >>> >>>Craig >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed May 18 17:59:07 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the directions and definitely to whoever provided these SP rules, working great. Thanks again. Mike Zanker wrote: On 18/05/2005 13:34, Rodney Green wrote: Where should I place the rules that are found here? http://mailscanner.prolocation.net/german.cf On my RHEL 3 box I did: cd /etc/mail/spamassassin wget http://mailscanner.prolocation.net/german.cf /etc/init.d/MailScanner reload Regards, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Wed May 18 18:39:16 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:29:40 2006 Subject: performance variations Message-ID: On Wed, 2005-05-18 at 17:51 +0100, Martin Hepworth wrote: > Ah sorry > > you also need > > Always Include SpamAssassin Report = yes > SpamScore Number Instead Of Stars = yes > Spam Score Number Format = %5.2f > > ---- I will try that but I believe that I may have found the problem... [root@linserv2 opt]# ls - l /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm -rw-r--r-- 1 root root 46653 Dec 14 2003 /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm [root@linserv2 opt]# ls - l /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm -r--r--r-- 1 root root 21746 Oct 22 2004 /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Arifm at TOMASJEWELRY.COM Wed May 18 18:44:10 2005 From: Arifm at TOMASJEWELRY.COM (Arif Malik) Date: Thu Jan 12 21:29:40 2006 Subject: bayes DB not growing Message-ID: thanks for the reply, Martin! I checked all the confs I could find, and the only one I found is identical to what you pasted below... still I get every message showing "autolearn=spam". Shouldn't anything under 12 points be marked as "autolearn=no"? and anything under .1 "autolearn=ham" ?? when I run sa-learn --dump magic, it looks like the number of spams is not growing, so it doesn't appear to actually be feeding it to bayes... I just did a test also to see if anything is being fed to bayes, and changed the bayes_auto_learn_threshold_spam to 4 - since every message I am receiving currently is spam anyways, I figured I could have that number low - but when I sa-learn --dump magic the number of spams is not growing. And still, every message is tagged with "autolearn=spam". -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Wednesday, May 18, 2005 1:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing Looks like the autolearn threshhold is too low to me. the defaults in /usr/local/share/spamassassin/10_misc.cf are bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 I'd make sure you're not overriding these values in any of your site specific rules in /etc/mail/spamassassin or spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > ok sorry, now that I am using the bayes starter kit thing, I do have > something like this in my logs: > BAYES_95 2.06 > > so that part looks good to me - but now I am just worried about the > autolearn=spam thing - from what I have read, messages tagged like > this are fed to the bayes filter as spam... but EVERY one of my > messages is showing this, even the ones that arent tagged as spam... > so I am worried the ham messages are being fed to it as well. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed May 18 19:07:56 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules Message-ID: Yes, I apologize for not posting my appreciation earlier. I downloaded the rules monday morning as soon as I saw the link, and it has been working wonderfully since. Thank you very much for your time and effort on helping the rest of us, whether intentional or not. Sean Ed Bruce wrote: > Thanks for the directions and definitely to whoever provided these SP > rules, working great. Thanks again. > > Mike Zanker wrote: > >>On 18/05/2005 13:34, Rodney Green wrote: >> >> >> >>>Where should I place the rules that are found here? >>> >>>http://mailscanner.prolocation.net/german.cf >>> >>> >> >>On my RHEL 3 box I did: >> >>cd /etc/mail/spamassassin >>wget http://mailscanner.prolocation.net/german.cf >>/etc/init.d/MailScanner reload >> >>Regards, >> >>Mike. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by Secure Resource, and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at WEALDCLOSE.CO.UK Wed May 18 19:42:04 2005 From: mailscanner at WEALDCLOSE.CO.UK (Kristian Shaw) Date: Thu Jan 12 21:29:40 2006 Subject: bayes DB not growing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I experienced a similar problem this week - my bayes database didn't appear to be learning new messages even though I wasn't getting any errors. The database was well established (>6 months old) and I was seeing bayes scores in spam reports. In the end I did a backup of the bayes database, removed the bayes files from ~/.spamassassin and then did a restore. After that, I've been seeing learning activity (nham/nspam increasing). I assume that the backup/restore rebuilt a clean database without whatever error it had before. Regards, Kris. ----- Original Message ----- From: "Arif Malik" To: Sent: Wednesday, May 18, 2005 6:44 PM Subject: Re: bayes DB not growing thanks for the reply, Martin! I checked all the confs I could find, and the only one I found is identical to what you pasted below... still I get every message showing "autolearn=spam". Shouldn't anything under 12 points be marked as "autolearn=no"? and anything under .1 "autolearn=ham" ?? when I run sa-learn --dump magic, it looks like the number of spams is not growing, so it doesn't appear to actually be feeding it to bayes... I just did a test also to see if anything is being fed to bayes, and changed the bayes_auto_learn_threshold_spam to 4 - since every message I am receiving currently is spam anyways, I figured I could have that number low - but when I sa-learn --dump magic the number of spams is not growing. And still, every message is tagged with "autolearn=spam". -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Wednesday, May 18, 2005 1:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes DB not growing Looks like the autolearn threshhold is too low to me. the defaults in /usr/local/share/spamassassin/10_misc.cf are bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 I'd make sure you're not overriding these values in any of your site specific rules in /etc/mail/spamassassin or spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > ok sorry, now that I am using the bayes starter kit thing, I do have > something like this in my logs: > BAYES_95 2.06 > > so that part looks good to me - but now I am just worried about the > autolearn=spam thing - from what I have read, messages tagged like > this are fed to the bayes filter as spam... but EVERY one of my > messages is showing this, even the ones that arent tagged as spam... > so I am worried the ham messages are being fed to it as well. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed May 18 20:48:04 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:40 2006 Subject: SpamAssassin still isn't upgraded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Remco Barendse wrote: > Yes, and I was 100% sure that my other boxes did not have multiple perl > installations either. > > [root@ms]# /usr/bin/perl -v > This is perl, v5.8.5 built for i386-linux-thread-multi > > [root@ms]# perl -v > This is perl, v5.8.5 built for i386-linux-thread-multi > > Strange isn't it? > > > On Wed, 18 May 2005, Julian Field wrote: > >> Usual cause is multiple perl installations. >> >> Does >> /usr/bin/perl -v >> report the same as >> perl -v >> ? >> >> On 18 May 2005, at 10:33, Remco Barendse wrote: >> >>> Hi! >>> >>> I recently did a complete new install of CentOS 4 and SA 3.02 >>> >>> I tried using the MS tarball to upgrade to SpamAss 3.03 but again >>> the script >>> reports I already have 3.03 installed whereas MailScanner -v really >>> shows that >>> 3.02 is installed. >>> >>> Any ideas why this problem keeps coming up? I had this problem with the script also, I just broke out the tar for Spamassassin and installed it. My script skills are not good enough to debug this. For some reason the script doesn't get the proper version, and only on spamassassin. Maybe the script could just parse the output of spamassassin --version? Or just force the install like ClamAV is. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at YAHOO.COM Wed May 18 21:30:19 2005 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:29:40 2006 Subject: Performance Issues Message-ID: I'm running MailScanner in my Exim based MX with 20K+ boxes. Since sunday, my mail queue doesn't get lower than 12K without human interference. Anyone having same problems lately? Machine: PIV HT 2.8GHz, 1GB RAM Versions I use: Fedora Core 3 2.6.11-1.14_FC3smp Exim 4.50 (compiled) Clamav 0.85.1 (compiled) perl-5.8.5-12.FC3 mailscanner-4.41.3-1 (rpm based) I have 5 mailscanner children running. I upgraded MailScanner monday. Same behaviour. I appreciate any tips. Thanks. __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed May 18 22:25:36 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: Thanks for the info. Glad to know that my server (dual 600mhz, 1024 RAM) is not very taxed at all at processing about 2-3k messages per day. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, May 18, 2005 10:21 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Machine slow > > On 18 May 2005, at 15:48, Steen, Glenn wrote: > > > Billy A. Pumphrey wrote: > > > >> Quick verification on load average if I may. > >> > >> I do not understand how those numbers work. They appear not to be > >> percent usage. > >> > >> How do the load average numbers work? > >> On my mailwatch, my usually is around .60-1.4 > >> > >> Billy Pumphrey > >> IT Manager > >> Wooden & McLaughlin > >> > >> > > (snip) > > > > The "load factors" are perhaps the most abused "performance > > statistics" > > around... They're just the CPU run queue size (+ running jobs) > > averages > > calculated for 1, 5 and 15 minutes. Nice to know and a quick > > indicator, > > but nothing else. > > > > For example: on a one CPU system a load of 2 might be less than > > desirable, > > while on a system with 4 CPUs it shows two CPUs idling away... So one > > needs weigh the system as a whole when determining if a certain > > load is > > fine or not. > > It's not as simple as that. Jobs can be in the run queue if they are > waiting for disk or network response. So if you have 10 processes all > waiting to do DNS lookup, for example, then you will have a load > greater than 10, but totally idle CPU(s). > > This is why a busy MailScanner having a load of up to about 15 is > nothing to worry about. It merely means there are 15 processes > waiting for any of > (a) CPU time > (b) network response > (c) disk i/o. > And that is a very simple view of it. > > When the figure is over 1, it really doesn't tell you very much of > any use at all. And all it tells you when it is less than 1 is that > there is some time when your system is not doing anything. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 18 23:29:06 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules - Raymond Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Raymond, this one http://weblog.erenkrantz.com/~jerenk/german_spam.cf has 60 or more subjects - do you want to add them to your rules? Pete RedRed!com IT Department wrote: > Yes, I apologize for not posting my appreciation earlier. I downloaded > the rules monday morning as soon as I saw the link, and it has been > working wonderfully since. Thank you very much for your time and effort > on helping the rest of us, whether intentional or not. > > Sean > > Ed Bruce wrote: > >> Thanks for the directions and definitely to whoever provided these SP >> rules, working great. Thanks again. >> >> Mike Zanker wrote: >> >>> On 18/05/2005 13:34, Rodney Green wrote: >>> >>> >>> >>>> Where should I place the rules that are found here? >>>> >>>> http://mailscanner.prolocation.net/german.cf >>>> >>>> >>> >>> On my RHEL 3 box I did: >>> >>> cd /etc/mail/spamassassin >>> wget http://mailscanner.prolocation.net/german.cf >>> /etc/init.d/MailScanner reload >>> >>> Regards, >>> >>> Mike. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by Secure Resource, and is >> believed to be clean. >> MailScanner thanks transtec Computers for >> their support. ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu May 19 00:31:02 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules - Raymond Message-ID: Hi! > Hi Raymond, this one http://weblog.erenkrantz.com/~jerenk/german_spam.cf > has 60 or more subjects - do you want to add them to your rules? > Pete Uhm no, why should i. If you look on the ruleset its a OLD ruleset that they altered. Around _1_ year ago there was a attack allmost the same like this. also Sober. Thats the extra subjects. Dont waste resources in those old ones. They dont come by, the 30 subjects in my ruleset is all there is. So why scan for more and perhaps generate false positivesDoesnt sound smart to me :) Bye, Raymond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu May 19 01:19:14 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:40 2006 Subject: underline in mailheader Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 18 May 2005 10:52 pm, Martin Hepworth wrote: > yes, not a valid character for mail headers > > most MTA's don't mind but Novell's (I think) does. I believe you're right. We had a user add a "custom" header to all his outgoing mail so that recipients would know for sure if it came from him (brain dead, but gotta admire the effort). Sure enough, all our internal sendmail and exchange servers routed his mail correctly - as soon as it hit a Groupwise machine, it would bounce. Took me a while to track it down, but the header was something like (he even managed to get the "X" for eXperimental right!): X_ID_Verify:This_message_came_from_ I've since introduced our intrepid hero to PGP :P James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 19 02:31:47 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:40 2006 Subject: How to beat this? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have got heaps of these emails getting through now Anyone got any good tips to stop them? Pete "Thanks to your wonderful offfers on rnedicals, I can gget these lovvprice tablets. And your quick and professional services do bring me better convenience. I will tell others these superb advantages for eshopping. Thank you again. --Tina D. in LA " Peter Russell wrote: > We are getting quite a few sapms through. We have have bayes, dcc, > pyzor, razor, sa3.03, mailscanner latest and heaps of SAREs. > > Still this type of spam get through, can anyone recommend a ruleset or > something that will stop it? > > > We operate in this nevv business model. Our chemist-site provides an > interface between rnedical suppliers and individual customers. Customers > can or-der rneds at the bestprices. > Our professional logistic supports bring customers rnore conveniences. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 02:29:59 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:40 2006 Subject: Performance Issues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anakin SkyWalker wrote: > I'm running MailScanner in my Exim based MX with 20K+ > boxes. Since sunday, my mail queue doesn't get lower > than 12K without human interference. > Anyone having same problems lately? > > Machine: > PIV HT 2.8GHz, 1GB RAM > > Versions I use: > Fedora Core 3 > > 2.6.11-1.14_FC3smp > Exim 4.50 (compiled) > Clamav 0.85.1 (compiled) > perl-5.8.5-12.FC3 > mailscanner-4.41.3-1 (rpm based) > > I have 5 mailscanner children running. > I upgraded MailScanner monday. Same behaviour. I suggest you start here: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance and http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > I appreciate any tips. > Thanks. > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > http://promotions.yahoo.com/new_mail > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 19 06:13:51 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:40 2006 Subject: german spam rules - Raymond Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] :) too msart for me. All German stuff is totally blocked for me now - am very happy and many thanks Pete Raymond Dijkxhoorn wrote: > Hi! > >> Hi Raymond, this one http://weblog.erenkrantz.com/~jerenk/german_spam.cf >> has 60 or more subjects - do you want to add them to your rules? >> Pete > > > Uhm no, why should i. If you look on the ruleset its a OLD ruleset that > they altered. Around _1_ year ago there was a attack allmost the same like > this. also Sober. Thats the extra subjects. Dont waste resources in those > old ones. They dont come by, the 30 subjects in my ruleset is all there > is. So why scan for more and perhaps generate false positivesDoesnt sound > smart to me :) > > Bye, > Raymond > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu May 19 07:29:13 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:40 2006 Subject: MCP logging action question - bug in 4.41.3-1 or not? Message-ID: Julian Is there a bug in MCP handling in 4.41.3-1? I asked in an earlier message why I am _not_ seeing "...MCP Actions: message j4I9gwgT004139 actions are delete" records in the log files when I am getting an MCP score of 10 for a message and have in MailScanner.conf: MCP High SpamAssassin Score = 10 High Scoring MCP Actions = delete Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes The logs say: May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 from 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP-Checker (score=10, required 1, PROLO_GMCP24 10.00) Although the logs do not say that MailScanner MCP actions are "delete" for this message it is clear that it was not delivered. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." -----Original Message----- From: Quentin Campbell Sent: 18 May 2005 13:56 To: 'MailScanner mailing list' Subject: RE: MCP logging action question >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 18 May 2005 11:53 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MCP logging action question > >On 18 May 2005, at 11:44, Quentin Campbell wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 18 May 2005 11:03 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: MCP logging action question >>> >>> On 18 May 2005, at 10:57, Quentin Campbell wrote: >>> >>> >>>> Am using MCP facility for first time to deal with "German" >spam from >>>> Sober.Q worm. >>>> >>>> In MailScanner.conf have: >>>> >>>> MCP Checks = yes >>>> >>>> # Do the spam checks first, or the MCP checks first? >>>> # This cannot be the filename of a ruleset, only a fixed value. >>>> First Check = mcp >>>> >>>> # The rest of these options are clones of the equivalent spam >>>> options >>>> MCP Required SpamAssassin Score = 1 >>>> MCP High SpamAssassin Score = 10 >>>> MCP Error Score = 1 >>>> >>>> MCP Header = X-%org-name%-MailScanner-MCPCheck: >>>> Non MCP Actions = deliver >>>> MCP Actions = deliver >>>> >>> >>> I suspect you mean "delete" and not "deliver". >>> >> >> I only want "delete" action if MCP score >= 10. Otherwise deliver. I >> thought that is what I have specified? > >But what score have you attached to your MCP rule(s)? The score is 10 on each rules. This was shown in the log extract I provided below. This shows that the "Message ... is MCP ..." with a score of 10. > >> > >> >>> >>> >>>> High Scoring MCP Actions = delete >>>> Bounce MCP As Attachment = no >>>> >>>> MCP Modify Subject = yes >>>> MCP Subject Text = {MCP?} >>>> High Scoring MCP Modify Subject = yes >>>> High Scoring MCP Subject Text = {MCP?!} >>>> >>>> Is Definitely MCP = no >>>> Is Definitely Not MCP = no >>>> Definite MCP Is High Scoring = no >>>> Always Include MCP Report = yes >>>> Detailed MCP Report = yes >>>> Include Scores In MCP Report = yes >>>> Log MCP = yes >>>> >>>> I am seeing as expected in the logs: >>>> >>>> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 >>>> from >>>> 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- >>>> Checker >>>> (score=10, required 1, PROLO_GMCP24 10.00) >>>> >>>> BUT I am not seeing in the logs the expected >>>> >>>> ...MCP Actions: message j4I9gwgT004139 actions are delete >>>> >>>> although the message does not appear to be delivered according to >>>> the >>>> logs. >>>> >>>> I am running MS 4.41.3-1. >>>> >>>> NOTE: I am doing the Sober.Q filtering with MCP rather than normal >>>> spam >>>> filtering because we whitelist from spam tagging some domains from >>>> which >>>> the Sober.Q messages apparently originate. >>>> >>>> >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> >>>> >>> >--------------------------------------------------------------------- >>> - >>> >>>> -- >>>> "Any opinion expressed above is mine. The University can get >>>> >>> its own." >>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu May 19 08:19:16 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:40 2006 Subject: Semi-OT: installing MS on an old redhat box - perl version? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry for the off-topic, but I know many here will have the necessary experience... I've inherited a colocated redhat 7.2 box. Upgrading the OS is not an option. This box originally had perl 5.6.0 and has been updated to 5.6.1 using the official redhat rpm for rh7.2. I now want to install MailScanner, SpamAssassin, ClamAV, MailWatch, etc. on the box. Can I stick with perl 5.6.1 or would I be better going to 5.8.x? If I choose to (or need to) upgrade perl, what's the best and cleanest way of going about it? I'd like to avoid the horror situations we sometimes hear about on this list and elsewhere when boxes have multiple versions of perl installed, or remnants of old versions. Would I be better off letting CPAN upgrade perl for me, or should I get a recent fedora SRPM and rebuild it, or what? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 19 09:10:29 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: Julian Field wrote: > On 18 May 2005, at 15:48, Steen, Glenn wrote: > >> Billy A. Pumphrey wrote: >> >>> Quick verification on load average if I may. >>> >>> I do not understand how those numbers work. They appear not to be >>> percent usage. >>> >>> How do the load average numbers work? >>> On my mailwatch, my usually is around .60-1.4 >>> >>> Billy Pumphrey >>> IT Manager >>> Wooden & McLaughlin >>> >>> >> (snip) >> >> The "load factors" are perhaps the most abused "performance >> statistics" around... They're just the CPU run queue size (+ running >> jobs) averages calculated for 1, 5 and 15 minutes. Nice to know and >> a quick indicator, but nothing else. >> >> For example: on a one CPU system a load of 2 might be less than >> desirable, while on a system with 4 CPUs it shows two CPUs idling >> away... So one needs weigh the system as a whole when determining if >> a certain >> load is >> fine or not. > > It's not as simple as that. Jobs can be in the run queue if they are > waiting for disk or network response. So if you have 10 processes all > waiting to do DNS lookup, for example, then you will have a load > greater than 10, but totally idle CPU(s). > > This is why a busy MailScanner having a load of up to about 15 is > nothing to worry about. It merely means there are 15 processes > waiting for any of > (a) CPU time > (b) network response > (c) disk i/o. > And that is a very simple view of it. > > When the figure is over 1, it really doesn't tell you very much of > any use at all. And all it tells you when it is less than 1 is that > there is some time when your system is not doing anything. It was just an example Julian. To be more precise the "unconditional 1" is added per process in state D (non-interruptible wait state) which _usually_ means some form of IO wait, but can be other things... As you already know, of course:-). Sole purpose of the example was to make Billy go buy not only your MS book, but also the (in my view) excellent swordfish book too. It's a friend to bring to the WC, trainride and nightstand....:-):-) Your (as usual) excellent explanation should bring the point over. Cheers -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 09:12:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: Machine slow Message-ID: Billy ny old machine was a single 500mhz celeron with 512MB ram and could handle that load (and MailWatch + db etc) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Billy A. Pumphrey wrote: > Thanks for the info. Glad to know that my server (dual 600mhz, 1024 > RAM) is not very taxed at all at processing about 2-3k messages per day. > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Wednesday, May 18, 2005 10:21 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Machine slow >> >>On 18 May 2005, at 15:48, Steen, Glenn wrote: >> >> >>>Billy A. Pumphrey wrote: >>> >>> >>>>Quick verification on load average if I may. >>>> >>>>I do not understand how those numbers work. They appear not to be >>>>percent usage. >>>> >>>>How do the load average numbers work? >>>>On my mailwatch, my usually is around .60-1.4 >>>> >>>>Billy Pumphrey >>>>IT Manager >>>>Wooden & McLaughlin >>>> >>>> >>> >>>(snip) >>> >>>The "load factors" are perhaps the most abused "performance >>>statistics" >>>around... They're just the CPU run queue size (+ running jobs) >>>averages >>>calculated for 1, 5 and 15 minutes. Nice to know and a quick >>>indicator, >>>but nothing else. >>> >>>For example: on a one CPU system a load of 2 might be less than >>>desirable, >>>while on a system with 4 CPUs it shows two CPUs idling away... So > > one > >>>needs weigh the system as a whole when determining if a certain >>>load is >>>fine or not. >> >>It's not as simple as that. Jobs can be in the run queue if they are >>waiting for disk or network response. So if you have 10 processes all >>waiting to do DNS lookup, for example, then you will have a load >>greater than 10, but totally idle CPU(s). >> >>This is why a busy MailScanner having a load of up to about 15 is >>nothing to worry about. It merely means there are 15 processes >>waiting for any of >> (a) CPU time >> (b) network response >> (c) disk i/o. >>And that is a very simple view of it. >> >>When the figure is over 1, it really doesn't tell you very much of >>any use at all. And all it tells you when it is less than 1 is that >>there is some time when your system is not doing anything. >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 09:11:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: Performance Issues Message-ID: Anakin (!) check the RBL's are behaving properly, are you running any extra SA rules and do you run a local cachine nameserver? Could the load increase be all these German spams from sober.q, or is the number of emails about the same? I guess by human interferance you mean restarting MS os something???? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anakin SkyWalker wrote: > I'm running MailScanner in my Exim based MX with 20K+ > boxes. Since sunday, my mail queue doesn't get lower > than 12K without human interference. > Anyone having same problems lately? > > Machine: > PIV HT 2.8GHz, 1GB RAM > > Versions I use: > Fedora Core 3 > > 2.6.11-1.14_FC3smp > Exim 4.50 (compiled) > Clamav 0.85.1 (compiled) > perl-5.8.5-12.FC3 > mailscanner-4.41.3-1 (rpm based) > > I have 5 mailscanner children running. > I upgraded MailScanner monday. Same behaviour. > > I appreciate any tips. > Thanks. > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 09:16:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: underline in mailheader Message-ID: james yeah groupwise is very picky, doesn't like dots '.' in headers either. Of course thie is strictly correct just it's the only 'major' MTA I'm aware of that is this particular about obeying the RFC. And interestingly enough theres a thread running on nanog at the moment about underscores in machine/domain names! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > On Wed, 18 May 2005 10:52 pm, Martin Hepworth wrote: > >>yes, not a valid character for mail headers >> >>most MTA's don't mind but Novell's (I think) does. > > > I believe you're right. We had a user add a "custom" header to all his > outgoing mail so that recipients would know for sure if it came from him > (brain dead, but gotta admire the effort). Sure enough, all our internal > sendmail and exchange servers routed his mail correctly - as soon as it hit > a Groupwise machine, it would bounce. > > Took me a while to track it down, but the header was something like (he even > managed to get the "X" for eXperimental right!): > > X_ID_Verify:This_message_came_from_ > > I've since introduced our intrepid hero to PGP :P > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Thu May 19 09:19:25 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:29:40 2006 Subject: SpamAssassin still isn't upgraded Message-ID: >>>> I recently did a complete new install of CentOS 4 and SA 3.02 >>>> >>>> I tried using the MS tarball to upgrade to SpamAss 3.03 but again >>>> the script >>>> reports I already have 3.03 installed whereas MailScanner -v really >>>> shows that >>>> 3.02 is installed. >>>> >>>> Any ideas why this problem keeps coming up? > > I had this problem with the script also, I just broke out the tar for > Spamassassin and installed it. > My script skills are not good enough to debug this. > For some reason the script doesn't get the proper version, and only on > spamassassin. > Maybe the script could just parse the output of spamassassin --version? > Or just force the install like ClamAV is. Thanks for the reply, I was starting to think the problem was with me (guess it still is) :) How do you force the install of SA? Cheers! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 09:17:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: How to beat this? Message-ID: Pete can you post the full email (headers and all) to somewhere i can pick it up from. I'll run it over my system and see what rules hit.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Russell wrote: > I have got heaps of these emails getting through now > > Anyone got any good tips to stop them? > Pete > > > > "Thanks to your wonderful offfers on rnedicals, I can gget these > lovvprice tablets. And your quick and professional services do bring me > better convenience. I will tell others these superb advantages for > eshopping. Thank > you again. --Tina D. in LA " > > Peter Russell wrote: > >> We are getting quite a few sapms through. We have have bayes, dcc, >> pyzor, razor, sa3.03, mailscanner latest and heaps of SAREs. >> >> Still this type of spam get through, can anyone recommend a ruleset or >> something that will stop it? >> >> >> We operate in this nevv business model. Our chemist-site provides an >> interface between rnedical suppliers and individual customers. Customers >> can or-der rneds at the bestprices. >> Our professional logistic supports bring customers rnore conveniences. >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Thu May 19 09:17:54 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:40 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Hi, After 0.85.1 I think I am in safer side. But for the past two days I didn't receive that virus (MyDoom) also! Thanks to all for your valuable inputs. Regards Devi S. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Tuesday, May 17, 2005 1:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV does not detect W32MyDoom? Devi you need to upgrade to 0.85.1 (latest as of right now:-). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devi Sambamoorthy wrote: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Raymond Dijkxhoorn > Sent: Monday, May 16, 2005 5:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV does not detect W32MyDoom? > > Hi! > > >>Today I recd a virus email with the name of virus as W32MyDoom. > > MailScanner > >>/ ClamAV didn't catch the virus. I checked the ClamAV site but unable to >>find any info on that. My cvd is up to date and I am running MailScanner >>4.38. with ClamAV. Should I go for secondary protection for mail server? >>Please advice. > > >>Yes you should, and also submit that sample to Clam, so they can add it. > > > > Thank you all for your advice. But any one else facing the problem with > Clam? Or I am the only person facing this problem as I am running older > version of Clam AV (0.75)? > > Regards > Devi S. > > > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 09:22:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:40 2006 Subject: bayes DB not growing Message-ID: Arif If you aren't running MailScanner as a non-root user make sure the permissions on the bayes dir is fine As someone else suggested, backup the bayes DB with sa-learn --backup, delete the bayes files and then restore the bayes db. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Arif Malik wrote: > thanks for the reply, Martin! I checked all the confs I could find, and > the only one I found is identical to what you pasted below... still I > get every message showing "autolearn=spam". Shouldn't anything under 12 > points be marked as "autolearn=no"? and anything under .1 > "autolearn=ham" ?? when I run sa-learn --dump magic, it looks like the > number of spams is not growing, so it doesn't appear to actually be > feeding it to bayes... > > I just did a test also to see if anything is being fed to bayes, and > changed the bayes_auto_learn_threshold_spam to 4 - since every message I > am receiving currently is spam anyways, I figured I could have that > number low - but when I sa-learn --dump magic the number of spams is not > growing. And still, every message is tagged with "autolearn=spam". > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Wednesday, May 18, 2005 1:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes DB not growing > > Looks like the autolearn threshhold is too low to me. > > the defaults in /usr/local/share/spamassassin/10_misc.cf are > > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 12.0 > > I'd make sure you're not overriding these values in any of your site > specific rules in /etc/mail/spamassassin or spam.assassin.prefs.conf > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Arif Malik wrote: > >> ok sorry, now that I am using the bayes starter kit thing, I do have >>something like this in my logs: >>BAYES_95 2.06 >> >>so that part looks good to me - but now I am just worried about the >>autolearn=spam thing - from what I have read, messages tagged like >>this are fed to the bayes filter as spam... but EVERY one of my >>messages is showing this, even the ones that arent tagged as spam... >>so I am worried the ham messages are being fed to it as well. >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 19 09:23:28 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:40 2006 Subject: Who is the Proper authorities? Message-ID: Jason Balicki wrote: > Steve Campbell <> wrote: (snip) > for. The moral of the story is that users are > weird and should most likely be locked up, or > at the very least ignored 99% of the time. > > HTH, > > --J(K) This is where a good well-balanced LART comes in handy (mine is a nice little sledgehammer... Good for LARTing as well as "unformatting" HDDs:-) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Thu May 19 09:41:45 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:29:40 2006 Subject: OT: MailScanner message size limit per user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is it possible to limit - in a rule - the message size in MailScanner? If not, if would turn this into a feature request ;). In postfix this is currently not possible. The message_size_limit parameter applies to the whole mailserver. I believe Amavisd-new is able to reject email bases on message size per user. Regards, Remy de Ruysscher. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 3.9KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu May 19 09:49:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: underline in mailheader Message-ID: I have added a note about this to the MailScanner.conf file. It now warns against both "." and "_" characters appearing in %org-name%. On 19 May 2005, at 01:19, James Gray wrote: > On Wed, 18 May 2005 10:52 pm, Martin Hepworth wrote: > >> yes, not a valid character for mail headers >> >> most MTA's don't mind but Novell's (I think) does. >> > > I believe you're right. We had a user add a "custom" header to all > his > outgoing mail so that recipients would know for sure if it came > from him > (brain dead, but gotta admire the effort). Sure enough, all our > internal > sendmail and exchange servers routed his mail correctly - as soon > as it hit > a Groupwise machine, it would bounce. > > Took me a while to track it down, but the header was something like > (he even > managed to get the "X" for eXperimental right!): > > X_ID_Verify:This_message_came_from_ > > I've since introduced our intrepid hero to PGP :P > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 09:56:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: MCP logging action question - bug in 4.41.3-1 or not? Message-ID: Found and fixed. Thanks for reporting it. I'll put out a new beta fairly soon, which will include this fix. On 19 May 2005, at 07:29, Quentin Campbell wrote: > Julian > > Is there a bug in MCP handling in 4.41.3-1? > > I asked in an earlier message why I am _not_ seeing > > "...MCP Actions: message j4I9gwgT004139 actions are delete" > > records in the log files when I am getting an MCP score of 10 for a > message and have in MailScanner.conf: > > MCP High SpamAssassin Score = 10 > High Scoring MCP Actions = delete > Always Include MCP Report = yes > Detailed MCP Report = yes > Include Scores In MCP Report = yes > Log MCP = yes > > The logs say: > > May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 > from > 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- > Checker > (score=10, required 1, PROLO_GMCP24 10.00) > > Although the logs do not say that MailScanner MCP actions are "delete" > for this message it is clear that it was not delivered. > > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 18 May 2005 11:53 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MCP logging action question >> >> On 18 May 2005, at 11:44, Quentin Campbell wrote: >> >> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>> Sent: 18 May 2005 11:03 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: MCP logging action question >>>> >>>> On 18 May 2005, at 10:57, Quentin Campbell wrote: >>>> >>>> >>>> >>>>> Am using MCP facility for first time to deal with "German" >>>>> >> spam from >> >>>>> Sober.Q worm. >>>>> >>>>> In MailScanner.conf have: >>>>> >>>>> MCP Checks = yes >>>>> >>>>> # Do the spam checks first, or the MCP checks first? >>>>> # This cannot be the filename of a ruleset, only a fixed value. >>>>> First Check = mcp >>>>> >>>>> # The rest of these options are clones of the equivalent spam >>>>> options >>>>> MCP Required SpamAssassin Score = 1 >>>>> MCP High SpamAssassin Score = 10 >>>>> MCP Error Score = 1 >>>>> >>>>> MCP Header = X-%org-name%-MailScanner-MCPCheck: >>>>> Non MCP Actions = deliver >>>>> MCP Actions = deliver >>>>> >>>>> >>>> >>>> I suspect you mean "delete" and not "deliver". >>>> >>>> >>> >>> I only want "delete" action if MCP score >= 10. Otherwise deliver. I >>> thought that is what I have specified? >>> >> >> But what score have you attached to your MCP rule(s)? >> > > The score is 10 on each rules. This was shown in the log extract I > provided below. This shows that the "Message ... is MCP ..." with a > score of 10. > > >> >> >>> >>> >> >> >>> >>> >>>> >>>> >>>> >>>>> High Scoring MCP Actions = delete >>>>> Bounce MCP As Attachment = no >>>>> >>>>> MCP Modify Subject = yes >>>>> MCP Subject Text = {MCP?} >>>>> High Scoring MCP Modify Subject = yes >>>>> High Scoring MCP Subject Text = {MCP?!} >>>>> >>>>> Is Definitely MCP = no >>>>> Is Definitely Not MCP = no >>>>> Definite MCP Is High Scoring = no >>>>> Always Include MCP Report = yes >>>>> Detailed MCP Report = yes >>>>> Include Scores In MCP Report = yes >>>>> Log MCP = yes >>>>> >>>>> I am seeing as expected in the logs: >>>>> >>>>> May 18 10:43:24 cheviot8 MailScanner[1518]: Message j4I9gwgT004139 >>>>> from >>>>> 128.240.233.53 (xxx@hotmail.com) to maildb.ncl.ac.uk is MCP, MCP- >>>>> Checker >>>>> (score=10, required 1, PROLO_GMCP24 10.00) >>>>> >>>>> BUT I am not seeing in the logs the expected >>>>> >>>>> ...MCP Actions: message j4I9gwgT004139 actions are delete >>>>> >>>>> although the message does not appear to be delivered according to >>>>> the >>>>> logs. >>>>> >>>>> I am running MS 4.41.3-1. >>>>> >>>>> NOTE: I am doing the Sober.Q filtering with MCP rather than normal >>>>> spam >>>>> filtering because we whitelist from spam tagging some domains from >>>>> which >>>>> the Sober.Q messages apparently originate. >>>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 10:00:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: Semi-OT: installing MS on an old redhat box - perl version? Message-ID: MailScanner and SpamAssassin should both run okay on Perl 5.6.1. I would download the source tarball of Perl, or the SRPM of it, and work on that. Remove the whole of /usr/lib/perl and the RPM's of it all before you actually do the "install" step. Then you can be confident that your old installation has gone. On 19 May 2005, at 08:19, John Wilcock wrote: > Sorry for the off-topic, but I know many here will have the necessary > experience... > > I've inherited a colocated redhat 7.2 box. Upgrading the OS is not an > option. This box originally had perl 5.6.0 and has been updated to > 5.6.1 > using the official redhat rpm for rh7.2. > > I now want to install MailScanner, SpamAssassin, ClamAV, MailWatch, > etc. > on the box. Can I stick with perl 5.6.1 or would I be better going to > 5.8.x? If I choose to (or need to) upgrade perl, what's the best and > cleanest way of going about it? I'd like to avoid the horror > situations > we sometimes hear about on this list and elsewhere when boxes have > multiple versions of perl installed, or remnants of old versions. > > Would I be better off letting CPAN upgrade perl for me, or should I > get > a recent fedora SRPM and rebuild it, or what? > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 10:05:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:40 2006 Subject: OT: MailScanner message size limit per user? Message-ID: To quote from MailScanner.conf: # The maximum size, in bytes, of any message including the headers. # If this is set to zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # dialup users so their email applications don't time out downloading huge # messages. Maximum Message Size = 0 On 19 May 2005, at 09:41, Remy de Ruysscher wrote: > Hi, > > Is it possible to limit - in a rule - the message size in MailScanner? > If not, if would turn this into a feature request ;). > > In postfix this is currently not possible. The message_size_limit > parameter applies to the whole mailserver. > I believe Amavisd-new is able to reject email bases on message size > per > user. > > Regards, > > Remy de Ruysscher. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Thu May 19 10:18:56 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:40 2006 Subject: Turning all rules off Message-ID: Hi, I have some clients that asked if we can disable all scanning. Now I have some options to set the spam or virus settings. But is there a simple way to turn all scanning off with one setting? Settings as "Allow IFrame Tags", or "Filename Rules" etc etc etc, there are so many setting and turning all off is much work. (also lower performance with many configuration files) It would be nice if there was an option so you can turn on/of MailScanner at once. (with ruleset for some domains) Regards, Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Thu May 19 10:40:05 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:29:40 2006 Subject: OT: MailScanner message size limit per user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, great! I've overlooked it. Thanks Julian. Julian Field wrote: > To quote from MailScanner.conf: > > # The maximum size, in bytes, of any message including the headers. > # If this is set to zero, then no size checking is done. > # This can also be the filename of a ruleset, so you can have different > # settings for different users. You might want to set this quite > small for > # dialup users so their email applications don't time out downloading > huge > # messages. > Maximum Message Size = 0 > > > On 19 May 2005, at 09:41, Remy de Ruysscher wrote: > >> Hi, >> >> Is it possible to limit - in a rule - the message size in MailScanner? >> If not, if would turn this into a feature request ;). >> >> In postfix this is currently not possible. The message_size_limit >> parameter applies to the whole mailserver. >> I believe Amavisd-new is able to reject email bases on message size >> per >> user. >> >> Regards, >> >> Remy de Ruysscher. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 3.9KB. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Thu May 19 11:26:26 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:40 2006 Subject: Turning all rules off Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul van Brouwershaven wrote: > Hi, > > I have some clients that asked if we can disable all scanning. Now I have > some options to set the spam or virus settings. But is there a simple way > to turn all scanning off with one setting? > > Settings as "Allow IFrame Tags", or "Filename Rules" etc etc etc, there > are so many setting and turning all off is much work. (also lower > performance with many configuration files) > > It would be nice if there was an option so you can turn on/of MailScanner > at once. (with ruleset for some domains) > You need to put 3 settings to 'no': Spam Checks = Virus Scanning = and Dangerous Content Scanning = Or just don't have this domain going through your MailScanner box. > > Regards, > > Paul > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tgc at STATSBIBLIOTEKET.DK Thu May 19 11:32:37 2005 From: tgc at STATSBIBLIOTEKET.DK (Tom G. Christensen) Date: Thu Jan 12 21:29:40 2006 Subject: Semi-OT: installing MS on an old redhat box - perl version? Message-ID: Julian Field wrote: > MailScanner and SpamAssassin should both run okay on Perl 5.6.1. > And they do. I have several RHEL 2.1 machines that are running a Mailscanner, Spamassassin, ClamAV, Etrust, Bitdefender and Mailwatch combo. They're plain RHEL 2.1 with only a few strategic upgrades to some perl modules, all done with cpan2rpm for cleanliness. > I would download the source tarball of Perl, or the SRPM of it, and > work on that. Remove the whole of /usr/lib/perl and the RPM's of it > all before you actually do the "install" step. Then you can be > confident that your old installation has gone. > I just had a go at the FC3 SRPM on my RHEL 2.1 buildhost and with a little tweaking it works. -tgc > On 19 May 2005, at 08:19, John Wilcock wrote: > >> Sorry for the off-topic, but I know many here will have the necessary >> experience... >> >> I've inherited a colocated redhat 7.2 box. Upgrading the OS is not an >> option. This box originally had perl 5.6.0 and has been updated to >> 5.6.1 >> using the official redhat rpm for rh7.2. >> >> I now want to install MailScanner, SpamAssassin, ClamAV, MailWatch, >> etc. >> on the box. Can I stick with perl 5.6.1 or would I be better going to >> 5.8.x? If I choose to (or need to) upgrade perl, what's the best and >> cleanest way of going about it? I'd like to avoid the horror >> situations >> we sometimes hear about on this list and elsewhere when boxes have >> multiple versions of perl installed, or remnants of old versions. >> >> Would I be better off letting CPAN upgrade perl for me, or should I >> get >> a recent fedora SRPM and rebuild it, or what? >> >> John. >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu May 19 12:09:47 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:41 2006 Subject: Semi-OT: installing MS on an old redhat box - perl version? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > MailScanner and SpamAssassin should both run okay on Perl 5.6.1. ... but would they run "better" on 5.8.x? Is it worth it? As far as I can tell from the current snapshot, even the forthcoming SA 3.1 will run on 5.6.1. > I would download the source tarball of Perl, or the SRPM of it, and > work on that. Remove the whole of /usr/lib/perl and the RPM's of it > all before you actually do the "install" step. Then you can be > confident that your old installation has gone. Thanks Julian. So if I do decide to go through with the update, here's my understanding of what I need to do in a bit more detail. Is this right? 0. Build an RPM of perl 5.8.x 1. Note all perl modules currently installed 2. rpm -e those perl modules that have been installed by rpm 3. rpm -e perl --nodeps 4. rm -rf /usr/lib/perl5 (or rather rename it just in case) 5. rpm -i perl-5.8...rpm 6. Reinstall (the latest versions of) perl module RPMs 7. Reinstall (the latest versions of) all other modules using CPAN and of course 8. Install spamassassin and MailScanner! Any gotchas? Anything I've overlooked? Am I safe doing the --nodeps when I remove the perl or would I be better off letting it remove everything and reinstalling afterwards? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 12:29:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: Semi-OT: installing MS on an old redhat box - perl version? Message-ID: On 19 May 2005, at 12:09, John Wilcock wrote: > Julian Field wrote: > >> MailScanner and SpamAssassin should both run okay on Perl 5.6.1. >> > > ... but would they run "better" on 5.8.x? Is it worth it? As far as I > can tell from the current snapshot, even the forthcoming SA 3.1 > will run > on 5.6.1. > > >> I would download the source tarball of Perl, or the SRPM of it, and >> work on that. Remove the whole of /usr/lib/perl and the RPM's of it >> all before you actually do the "install" step. Then you can be >> confident that your old installation has gone. >> > > Thanks Julian. > > So if I do decide to go through with the update, here's my > understanding > of what I need to do in a bit more detail. Is this right? > > 0. Build an RPM of perl 5.8.x > 1. Note all perl modules currently installed > 2. rpm -e those perl modules that have been installed by rpm > 3. rpm -e perl --nodeps > 4. rm -rf /usr/lib/perl5 (or rather rename it just in case) > 5. rpm -i perl-5.8...rpm > 6. Reinstall (the latest versions of) perl module RPMs > 7. Reinstall (the latest versions of) all other modules using CPAN > > and of course > > 8. Install spamassassin and MailScanner! That all looks okay to me. > > Any gotchas? Anything I've overlooked? Am I safe doing the --nodeps > when > I remove the perl or would I be better off letting it remove > everything > and reinstalling afterwards? > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Thu May 19 12:00:33 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:41 2006 Subject: Turning all rules off Message-ID: I have tryed this, but it's still checking for filenames. Ugo Bellavance wrote: > Paul van Brouwershaven wrote: > >> Hi, >> >> I have some clients that asked if we can disable all scanning. Now I have >> some options to set the spam or virus settings. But is there a simple way >> to turn all scanning off with one setting? >> >> Settings as "Allow IFrame Tags", or "Filename Rules" etc etc etc, there >> are so many setting and turning all off is much work. (also lower >> performance with many configuration files) >> >> It would be nice if there was an option so you can turn on/of MailScanner >> at once. (with ruleset for some domains) >> > > You need to put 3 settings to 'no': > > Spam Checks = > > Virus Scanning = > > and > > Dangerous Content Scanning = > > Or just don't have this domain going through your MailScanner box. > >> >> Regards, >> >> Paul >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Thu May 19 13:04:30 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:41 2006 Subject: SA "body" rules for German Sober generated spam. Message-ID: I've uploaded a SA ruleset that stops messages with spoofed "Undeliverable Mail" subject lines containing links to the same sober generated German web sites. We've been getting a few of these slip through each day. Adjust the score weight based on rules you already have in place. http://members.iinet.net.au/~onyx/german_sober_body.cf Hope it helps. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlieshout at COCOMOWEBBEHEER.NL Thu May 19 13:02:30 2005 From: mlieshout at COCOMOWEBBEHEER.NL (Maarten van Lieshout) Date: Thu Jan 12 21:29:41 2006 Subject: german spam rules - Raymond Message-ID: Hi there, This is not working for for me, I see them still listed in Mailwatch. The SA Score also is zero. I want these messages to be marked as High Score Spam, so I know they get caught by Mailscanner. How can I do this? regards, -- Maarten On Thu, 2005-05-19 at 15:13 +1000, Peter Russell wrote: > :) too msart for me. > > All German stuff is totally blocked for me now - am very happy and many > thanks > Pete > > Raymond Dijkxhoorn wrote: > > Hi! > > > >> Hi Raymond, this one http://weblog.erenkrantz.com/~jerenk/german_spam.cf > >> has 60 or more subjects - do you want to add them to your rules? > >> Pete > > > > > > Uhm no, why should i. If you look on the ruleset its a OLD ruleset that > > they altered. Around _1_ year ago there was a attack allmost the same like > > this. also Sober. Thats the extra subjects. Dont waste resources in those > > old ones. They dont come by, the 30 subjects in my ruleset is all there > > is. So why scan for more and perhaps generate false positivesDoesnt sound > > smart to me :) > > > > Bye, > > Raymond > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu May 19 13:04:56 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:41 2006 Subject: german spam rules - Raymond Message-ID: Hi! > This is not working for for me, I see them still listed in Mailwatch. > The SA Score also is zero. I want these messages to be marked as High > Score Spam, so I know they get caught by Mailscanner. How can I do this? It was posted more then once... ohw well... Copy it to: /etc/mail/spamassassin And do a MailScanner reload. Bye, Raymond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu May 19 13:30:50 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:41 2006 Subject: Who is the Proper authorities? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] LART??? Steve Steen, Glenn wrote: > Jason Balicki wrote: >> Steve Campbell <> wrote: > (snip) >> for. The moral of the story is that users are >> weird and should most likely be locked up, or >> at the very least ignored 99% of the time. >> >> HTH, >> >> --J(K) > This is where a good well-balanced LART comes in handy > (mine is a nice little sledgehammer... Good for LARTing > as well as "unformatting" HDDs:-) > > -- Glenn > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Thu May 19 13:39:37 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin (MBLEA it)) Date: Thu Jan 12 21:29:41 2006 Subject: FW: Who is the Proper authorities? Message-ID: Apologies, sent this direct to Steve when I meant to send to the list... -----Original Message----- From: Spicer, Kevin (MBLEA it) Sent: 19 May 2005 13:39 To: 'Steve Campbell' Subject: RE: Who is the Proper authorities? Check here... http://eps.mcgill.ca/jargon/html/entry/LART.html -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Campbell Sent: 19 May 2005 13:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Who is the Proper authorities? LART??? Steve Steen, Glenn wrote: > Jason Balicki wrote: >> Steve Campbell <> wrote: > (snip) >> for. The moral of the story is that users are weird and should most >> likely be locked up, or at the very least ignored 99% of the time. >> >> HTH, >> >> --J(K) > This is where a good well-balanced LART comes in handy (mine is a nice > little sledgehammer... Good for LARTing as well as "unformatting" > HDDs:-) > > -- Glenn > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- _________________________________________________________________ KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlieshout at COCOMOWEBBEHEER.NL Thu May 19 13:49:00 2005 From: mlieshout at COCOMOWEBBEHEER.NL (Maarten van Lieshout) Date: Thu Jan 12 21:29:41 2006 Subject: german spam rules - Raymond Message-ID: Hmm, I thought I had to put them into the mcp-directory and than enable mcp in Mailscanner. What is the difference?? -- Maarten On Thu, 2005-05-19 at 14:04 +0200, Raymond Dijkxhoorn wrote: > Hi! > > > This is not working for for me, I see them still listed in Mailwatch. > > The SA Score also is zero. I want these messages to be marked as High > > Score Spam, so I know they get caught by Mailscanner. How can I do this? > > It was posted more then once... ohw well... > > Copy it to: > > /etc/mail/spamassassin > > And do a MailScanner reload. > > Bye, > Raymond > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From thomas.zajic at ROCKSTARVIENNA.COM Thu May 19 14:11:37 2005 From: thomas.zajic at ROCKSTARVIENNA.COM (Thomas Zajic) Date: Thu Jan 12 21:29:41 2006 Subject: Who is the Proper authorities? Message-ID: * Steve Campbell , 19/05/2005, 08:30 > LART??? 'man jargon' - http://www.catb.org/~esr/jargon/html/L/LART.html ;-) HTH, Thomas -- ----------------------------- Thomas Zajic senior system administrator ROCKSTAR VIENNA www.rockstarvienna.com *** Please be aware that all content of this email *** *** plus its attachments are strictly confidential *** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 14:23:56 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: Turning all rules off Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul van Brouwershaven wrote: > I have tryed this, but it's still checking for filenames. Then add Filetype Rules = and Filename Rules = to this list. > > Ugo Bellavance wrote: > >> Paul van Brouwershaven wrote: >> >>> Hi, >>> >>> I have some clients that asked if we can disable all scanning. Now I >>> have >>> some options to set the spam or virus settings. But is there a simple >>> way >>> to turn all scanning off with one setting? >>> >>> Settings as "Allow IFrame Tags", or "Filename Rules" etc etc etc, there >>> are so many setting and turning all off is much work. (also lower >>> performance with many configuration files) >>> >>> It would be nice if there was an option so you can turn on/of >>> MailScanner >>> at once. (with ruleset for some domains) >>> >> >> You need to put 3 settings to 'no': >> >> Spam Checks = >> >> Virus Scanning = >> >> and >> >> Dangerous Content Scanning = >> >> Or just don't have this domain going through your MailScanner box. >> >>> >>> Regards, >>> >>> Paul >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu May 19 14:55:25 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:41 2006 Subject: Who is the Proper authorities? Message-ID: Steen, Glenn <> wrote: > This is where a good well-balanced LART comes in handy > (mine is a nice little sledgehammer... Good for LARTing > as well as "unformatting" HDDs:-) Zl YNEG vf n yratgu bs oenvqrq png 5 -- znxrf n unaql qnaql juvc. ABA RK GENAFIREFB FRQ QRBEFHZ Sorry, all done now. :) --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 14:43:03 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi Sambamoorthy wrote: > Hi, > After 0.85.1 I think I am in safer side. But for the past two days I didn't > receive that virus (MyDoom) also! What is the output of clamscan -V ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Thu May 19 15:13:43 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:41 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Thursday, May 19, 2005 7:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV does not detect W32MyDoom? Devi Sambamoorthy wrote: > Hi, > After 0.85.1 I think I am in safer side. But for the past two days I didn't > receive that virus (MyDoom) also! >What is the output of clamscan -V ? ClamAV 0.85/886/Wed May 18 16:02:36 2005 Regards Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 14:41:59 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: SpamAssassin still isn't upgraded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Remco Barendse wrote: >>>>> I recently did a complete new install of CentOS 4 and SA 3.02 >>>>> >>>>> I tried using the MS tarball to upgrade to SpamAss 3.03 but again >>>>> the script >>>>> reports I already have 3.03 installed whereas MailScanner -v really >>>>> shows that >>>>> 3.02 is installed. >>>>> >>>>> Any ideas why this problem keeps coming up? >> >> >> I had this problem with the script also, I just broke out the tar for >> Spamassassin and installed it. >> My script skills are not good enough to debug this. >> For some reason the script doesn't get the proper version, and only on >> spamassassin. >> Maybe the script could just parse the output of spamassassin --version? >> Or just force the install like ClamAV is. > > > > Thanks for the reply, I was starting to think the problem was with > me (guess it still is) :) > > How do you force the install of SA? A simple way would be : perl -MCPAN -e 'install Mail::SpamAssassin' or download the tarball and install it. > > Cheers! > Remco > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Thu May 19 15:16:37 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: In the attached html file I see some content as “Mailscanner has detected possible fraud on ” – What does that indicate? Can some one clarify? I have recd this as mail from CNET. I am getting this message for the past two days. Regards, Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/HTML (Name: "CNET NEWS.COM Microsoft offers peek at ] [ next Office suite.htm") 1,014 lines. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu May 19 15:24:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi this is the phishing net firing. add any updates for whitelisting to your phishing.safe.sites.conf file -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devi Sambamoorthy wrote: > In the attached html file I see some content as ^ÓMailscanner has > detected possible fraud on ^Ô ^Ö What does that indicate? > > Can some one clarify? I have recd this as mail from CNET. I am getting > this message for the past two days. > > > > Regards, > > Devi S. > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain > PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH > INFORMATION intended solely for the use of Tranquilmoney Inc. it's > clients and the recipient(s) named above. If you are not the intended > recipient, or the employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > review, dissemination, distribution, printing, or copying of this e-mail > message and/or any attachments is strictly prohibited. If you have > received this transmission in error, please notify the sender > immediately and permanently delete this e-mail [shred the document] and > any attachments. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > ------------------------------------------------------------------------ > > *From:* CNET News.com Morning Dispatch > [CNET_Networks_Member_Services@newsletter.online.com] > *Sent:* Thursday, May 19, 2005 7:32 PM > *To:* devi@tranquilmoney.com > *Subject:* CNET NEWS.COM: Microsoft offers peek at next Office suite > Trouble viewing this mail? Read it online. > > > > > > > > > In the News > May 19, 2005 > Microsoft offers peek at next Office suite > > FAQ: Why the FCC is targeting VoIP 911 calls > > New Samsung panel pictures inch-thick TV > > Microsoft downplays Windows flaw severity > > Is your boss monitoring your e-mail? > > Netscape update takes aim at phishing > > > Microsoft offers peek at next Office suite > Software giant offers few specifics, but areas it sees ripe for > improvement include enhanced collaboration and individual productivity. > Wed May 18 21:00:00 PDT 2005 | *Read Full Story * > > > * * > > *FAQ: Why the FCC is targeting VoIP 911 calls** > The unreliability of VoIP 911 calls is drawing lots of publicity and > regulatory action. > Thu May 19 04:00:00 PDT 2005 | > **Read > Full Story * > > > * * > > *New Samsung panel pictures inch-thick TV** > South Korean electronics giant plans to show off a prototype 40-inch > panel made from a single-sheet organic LED. > Wed May 18 18:45:00 PDT 2005 | > **Read > Full Story * > > > * * > > *Microsoft downplays Windows flaw severity** > Software giant is alerted by a French security company about a Windows > flaw--but says it already fixed the issue. > Wed May 18 18:20:00 PDT 2005 | > **Read > Full Story * > > > * * > > *Is your boss monitoring your e-mail?** > A quarter of employers have sacked workers for how they use their > e-mail--and even for misuse of the office phone, a study shows. > Wed May 18 16:21:00 PDT 2005 | > **Read > Full Story * > > > * * > > *Netscape update takes aim at phishing** > Version 8 of the Web browser promises to warn surfers when they visit > fraud sites that aim to nab their personal details. > Wed May 18 21:00:00 PDT 2005 | > **Read > Full Story * > > > * * > > * * > > * Newsmakers* > * * > **The man who's got mainstream radio quaking* > Adam Curry is part of a techno-vanguard changing conventional notions > about radio. But can he and other podcasters live up to the hype?* > * > **Read > Full Story * > * * > > * * > > * * > > *News.com Extra* > * * > *Top Stories: Use your oven to surf the Web. Porn Valley goes blogging.* > * > **Read > it now * > * * > > * * > > * * > > *From our partners:* > **Should cities be in the business of broadband?* > Should Internet access be viewed as city infrastructure, like telephone > poles or city streets? > Knowledge@Wharton | *Read Full Story* > > * > > > *Live Audiocast: Stop Virus Attacks at Time Zero * > * > > Wed., May 25, 2005 > 12:30 PM ET / > 9:30 AM PT > > You /can/ stop a virus from speading even before its signature is > available. Find out how during this live audiocast on e-mail security > , > featuring industry experts from *Ferris Research, Avinti,* and > *MailFrontier*. > > Discover how a new, comprehensive anti-virus security solution can: > > * Stop viruses when they first appear > * Observe actual e-mail behavior in a virtual machine > * Respond rapidly to suspicious e-mails > > *Pre-register today > * for > this FREE, live audiocast! > > *Sponsored by:* > MailFrontier > * > > *Search* > > Advanced Search > > > > *MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be* Investor.news.com > > arrow Read market commentary > , > before the bell, mid-day, and post-closing. > > *S&P 500* > * > 1,186.36 0.80 > ------------------------------------------------------------------------ > > **NASDAQ* > * > 2,033.28 2.63 > ------------------------------------------------------------------------ > > **CNET > TECH* > * > 1,267.01 0.00 > > Symbol Lookup > > > arrow > **My > Portfolio* > * > arrow > **Real-Time > Quotes* * * > * > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > * > > > > > > *Videocast* > *DreamWorks renders digital jungle* > ** > At the "Madagascar" press junket in San Francisco, we spoke to > Production Designer Kendall Cronkhite to find out how the analog world > of painting, drawing, clay sculptures and cardboard models goes through > the animation pipeline and comes to life. > Watch videocast > > > > > > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > *The Net* > * *MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be* Wal-Mart, Netflix agree on DVD > deal > > * eBay tiptoes into cable > > * Outrage over desecrated Koran bought on Amazon > > > > > *Enterprise Software* > * *MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be* Profit shoots up at > Salesforce.com > > * BEA System's profit perks up > > * Kagermann: Tech needs to be business-friendly > > > *Personal Technology* > * Games rest thumbs with switch to drums > > * E3: The battle of the boxes > > * Photos: Live from the E3 floor > > > > > *Enterprise Hardware* > * Gateway chairman Waitt retires from board > > * VeriSign buys RFID consulting boutique > > * Report: U.S. on right path with nano > > > *Networking* > * Symbian names new CEO > > * Cell phone technology to track dolphins > > * FCC set to require 911 service for Net phones > > > > > *Security* > * U.S. taps Entrust for e-passports > > * Netscape ready to launch antiphishing browser > > * Personal data for the taking > > > > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > > *Be a Web Master in paradise* > Are you an explorer at heart who is always looking for a new adventure? > Then you would be hard-pressed to get a better recommendation for a city > to not only visit but to live in than Jacques Cousteau, who said that > Cozumel, Mexico is one of the most beautiful scubing diving areas in the > world. If you fill the position for a Web Master in Cozumel, you could > not only scuba dive, but also snorkel, visit Mayan ruins, and sunbathe > on the beach during your off-hours. *MailScanner has detected a possible > fraud attempt from "ct.news.com.com" claiming to be* *Visit Dice.com to > learn more about this opening* > > (position ID: COZ, Dice ID: electron), as well as more than 65,000 other > tech listings.Web Bug from > http://ad.doubleclick.net/ad/N1841.cnet.com/B1518597.2;sz=1x1;ord=20050519? > > > *White Papers from our partners* Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Audiocast: Mainframe Migration: Users Won't Notice (But Your Budget > Will) > (Sun Microsystems) > Stopping the Spam Flood with IronMail Connection Control > > (CipherTrust) > Blades for Small Business > > (Hewlett-Packard) > Audiocast: E-mail policy management and compliance--Is your business > safe? > (Sophos) > - - - Partner Marketplace - - - > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > *Sign up for more free newsletters > > from CNET!* > To manage your account settings or to remove yourself from all CNET > communications, > please visit our Subscription Center > . > The e-mail address for your subscription is devi@tranquilmoney.com > News.com newsletters are now RSS friendly Check out our Newsletter RSS > feeds > Unsubscribe from this e-mail > > FAQ | > Advertise > > For questions, comments, or concerns please go to *MailScanner has > detected a possible fraud attempt from "ct.news.com.com" claiming to be* > http://news.com.com/2030-12-5253404.html > . > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Price > comparisons > | > Product > reviews > | > Tech > news | > Downloads > | > All > CNET services > Web > Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Copyright 2005 CNET Networks, Inc. All rights reserved. > CNET Networks, Inc. > 235 Second Street > San Francisco, CA 94105 > U.S.A. > Web Bug from > http://dw.com.com/clear/OutboundNewsletter.gif?ts=0505190712&edId=3&ptId=5100&OBID=55205185&eIssue=20050519&onId=6665&eCode=e703&sId=12&hId=1&dwpubsysid=1&locclc=1&locuid=WgCjI5MPBm8w2ZRt > > Web Bug from http://ct.com.com/click?q=07-HqCznIr69Ufou8Di77U6rgzOiDdR > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 15:25:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: I have just released a new beta version 4.42.2. Please download as usual from www.mailscanner.info. The changes are: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/ bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Thu May 19 15:28:26 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: Very simple. The link concerned appears to take you to a page on the "investor.news.com" website, while really taking you to a page on the "ct.news.com.com" website. This is exactly the same trick the scammers use in phishing attacks, and so MailScanner has (quite rightly) highlighted the fact that the message is trying to deceive you about the real destination of a link. On 19 May 2005, at 15:16, Devi Sambamoorthy wrote: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu May 19 15:22:04 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It means that the link's text does not match the link's actual url. Therefore it is a possible fraud website trying to steal your information. Sean Devi Sambamoorthy wrote: > In the attached html file I see some content as ^ÓMailscanner has > detected possible fraud on ^Ô ^Ö What does that indicate? > > Can some one clarify? I have recd this as mail from CNET. I am getting > this message for the past two days. > > Regards, > > Devi S. > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain > PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT > HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. > it's clients and the recipient(s) named above. If you are not the > intended recipient, or the employee or agent responsible for > delivering this message to the intended recipient, you are hereby > notified that any review, dissemination, distribution, printing, or > copying of this e-mail message and/or any attachments is strictly > prohibited. If you have received this transmission in error, please > notify the sender immediately and permanently delete this e-mail > [shred the document] and any attachments. ------------------------ > MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------------------------------------------------------ > > From: CNET News.com Morning Dispatch > [CNET_Networks_Member_Services@newsletter.online.com] > Sent: Thursday, May 19, 2005 7:32 PM > To: devi@tranquilmoney.com > Subject: CNET NEWS.COM: Microsoft offers peek at next Office suite > Trouble viewing this mail? Read it online. > > > > > > > > > > > > > > > > > In the News > May 19, 2005 > Microsoft offers peek at next Office suite > > FAQ: Why the FCC is targeting VoIP 911 calls > > New Samsung panel pictures inch-thick TV > > Microsoft downplays Windows flaw severity > > Is your boss monitoring your e-mail? > > Netscape update takes aim at phishing > > > Microsoft offers peek at next Office suite > Software giant offers few specifics, but areas it sees ripe for > improvement include enhanced collaboration and individual productivity. > Wed May 18 21:00:00 PDT 2005 | Read Full Story > > > FAQ: Why the FCC is targeting VoIP 911 calls > The unreliability of VoIP 911 calls is drawing lots of publicity and > regulatory action. > Thu May 19 04:00:00 PDT 2005 | Read Full Story > > > New Samsung panel pictures inch-thick TV > South Korean electronics giant plans to show off a prototype 40-inch > panel made from a single-sheet organic LED. > Wed May 18 18:45:00 PDT 2005 | Read Full Story > > > Microsoft downplays Windows flaw severity > Software giant is alerted by a French security company about a Windows > flaw--but says it already fixed the issue. > Wed May 18 18:20:00 PDT 2005 | Read Full Story > > > Is your boss monitoring your e-mail? > A quarter of employers have sacked workers for how they use their > e-mail--and even for misuse of the office phone, a study shows. > Wed May 18 16:21:00 PDT 2005 | Read Full Story > > > Netscape update takes aim at phishing > Version 8 of the Web browser promises to warn surfers when they visit > fraud sites that aim to nab their personal details. > Wed May 18 21:00:00 PDT 2005 | Read Full Story > > > Newsmakers > The man who's got mainstream radio quaking > Adam Curry is part of a techno-vanguard changing conventional notions > about radio. But can he and other podcasters live up to the hype? > Read Full Story > > > News.com Extra > Top Stories: Use your oven to surf the Web. Porn Valley goes blogging. > Read it now > > > From our partners: > Should cities be in the business of broadband? > Should Internet access be viewed as city infrastructure, like > telephone poles or city streets? > Knowledge@Wharton | Read Full Story > > > > Live Audiocast: Stop Virus Attacks at Time Zero > > > Wed., May 25, 2005 > 12:30 PM ET / > 9:30 AM PT > > You can stop a virus from speading even before its signature is > available. Find out how during this live audiocast on e-mail security > , > featuring industry experts from Ferris Research, Avinti, and MailFrontier. > > Discover how a new, comprehensive anti-virus security solution can: > > * Stop viruses when they first appear > * Observe actual e-mail behavior in a virtual machine > * Respond rapidly to suspicious e-mails > > Pre-register today > for > this FREE, live audiocast! > > Sponsored by: > MailFrontier > > > Search > > Advanced Search > > > > MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be Investor.news.com > > arrow Read market commentary > , > before the bell, mid-day, and post-closing. > > S&P 500 > > 1,186.36 0.80 > ------------------------------------------------------------------------ > NASDAQ > > 2,033.28 2.63 > ------------------------------------------------------------------------ > CNET TECH > > 1,267.01 0.00 > > Symbol Lookup > > > arrow My Portfolio > > arrow Real-Time Quotes > > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > > > > > > > > > Videocast > DreamWorks renders digital jungle > > At the "Madagascar" press junket in San Francisco, we spoke to > Production Designer Kendall Cronkhite to find out how the analog world > of painting, drawing, clay sculptures and cardboard models goes > through the animation pipeline and comes to life. > Watch videocast > > > > > > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > The Net > * MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be Wal-Mart, Netflix agree on DVD > deal > > * eBay tiptoes into cable > > * Outrage over desecrated Koran bought on Amazon > > > > > Enterprise Software > * MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be Profit shoots up at > Salesforce.com > > * BEA System's profit perks up > > * Kagermann: Tech needs to be business-friendly > > > Personal Technology > * Games rest thumbs with switch to drums > > * E3: The battle of the boxes > > * Photos: Live from the E3 floor > > > > > Enterprise Hardware > * Gateway chairman Waitt retires from board > > * VeriSign buys RFID consulting boutique > > * Report: U.S. on right path with nano > > > Networking > * Symbian names new CEO > > * Cell phone technology to track dolphins > > * FCC set to require 911 service for Net phones > > > > > Security > * U.S. taps Entrust for e-passports > > * Netscape ready to launch antiphishing browser > > * Personal data for the taking > > > > > > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > > > > > > Be a Web Master in paradise > Are you an explorer at heart who is always looking for a new > adventure? Then you would be hard-pressed to get a better > recommendation for a city to not only visit but to live in than > Jacques Cousteau, who said that Cozumel, Mexico is one of the most > beautiful scubing diving areas in the world. If you fill the position > for a Web Master in Cozumel, you could not only scuba dive, but also > snorkel, visit Mayan ruins, and sunbathe on the beach during your > off-hours. MailScanner has detected a possible fraud attempt from > "ct.news.com.com" claiming to be Visit Dice.com to learn more about > this opening > > (position ID: COZ, Dice ID: electron), as well as more than 65,000 > other tech listings.Web Bug from > http://ad.doubleclick.net/ad/N1841.cnet.com/B1518597.2;sz=1x1;ord=20050519? > > > White Papers from our partners Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Audiocast: Mainframe Migration: Users Won't Notice (But Your Budget > Will) > (Sun > Microsystems) > Stopping the Spam Flood with IronMail Connection Control > > (CipherTrust) > Blades for Small Business > > (Hewlett-Packard) > Audiocast: E-mail policy management and compliance--Is your business > safe? > (Sophos) > - - - Partner Marketplace - - - > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > Sign up for more free newsletters > > from CNET! > To manage your account settings or to remove yourself from all CNET > communications, > please visit our Subscription Center > . > The e-mail address for your subscription is devi@tranquilmoney.com > News.com newsletters are now RSS friendly Check out our Newsletter RSS > feeds > Unsubscribe from this e-mail > > FAQ > | Advertise > > For questions, comments, or concerns please go to MailScanner has > detected a possible fraud attempt from "ct.news.com.com" claiming to > be http://news.com.com/2030-12-5253404.html > . > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif Web Bug from > http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > > Price comparisons > | > Product reviews > | > Tech news > | > Downloads > | > All CNET services > Web > Bug from http://i.i.com.com/cnwk.1d/b.gif > > Web Bug from http://i.i.com.com/cnwk.1d/b.gif > Copyright 2005 CNET Networks, Inc. All rights reserved. > CNET Networks, Inc. > 235 Second Street > San Francisco, CA 94105 > U.S.A. > Web Bug from > http://dw.com.com/clear/OutboundNewsletter.gif?ts=0505190712&edId=3&ptId=5100&OBID=55205185&eIssue=20050519&onId=6665&eCode=e703&sId=12&hId=1&dwpubsysid=1&locclc=1&locuid=WgCjI5MPBm8w2ZRt > > Web Bug from http://ct.com.com/click?q=07-HqCznIr69Ufou8Di77U6rgzOiDdR > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 19 15:18:16 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:41 2006 Subject: Who is the Proper authorities? Message-ID: Jason Balicki wrote: > Steen, Glenn <> wrote: >> This is where a good well-balanced LART comes in handy >> (mine is a nice little sledgehammer... Good for LARTing >> as well as "unformatting" HDDs:-) > > Zl YNEG vf n yratgu bs oenvqrq png 5 -- znxrf n unaql qnaql juvc. > > ABA RK GENAFIREFB FRQ QRBEFHZ > > Sorry, all done now. :) > > --J(K) > Zna, vg'f LRNEF fvapr ynfg V fnj fbzrbar ebg13 n zrffntr. Jbaqreshy, jung n gevc qbja zrzbel ynar...:-) Cheers -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu May 19 15:28:29 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:41 2006 Subject: Who is the Proper authorities? Message-ID: Glenn wrote: > Jason Balicki wrote: >> Steen, Glenn <> wrote: >>> This is where a good well-balanced LART comes in handy (mine is a >>> nice little sledgehammer... Good for LARTing as well as >>> "unformatting" HDDs:-) >> >> Zl YNEG vf n yratgu bs oenvqrq png 5 -- znxrf n unaql qnaql juvc. >> >> ABA RK GENAFIREFB FRQ QRBEFHZ >> >> Sorry, all done now. :) >> >> --J(K) >> > Zna, vg'f LRNEF fvapr ynfg V fnj fbzrbar ebg13 n zrffntr. > Jbaqreshy, jung n gevc qbja zrzbel ynar...:-) Yeesh... next we'll all be waving our chickens and entering the scary devil monastery. Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu May 19 15:35:32 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:29:41 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Devi Sambamoorthy wrote: Devi Sambamoorthy wrote: > > Hi, > > After 0.85.1 I think I am in safer side. But for the past two days I > didn't > > receive that virus (MyDoom) also! > > >What is the output of clamscan -V ? > > ClamAV 0.85/886/Wed May 18 16:02:36 2005 > > Regards > Devi S. On our setup clamscan -V produces ClamAV 0.85.1/886/Wed May 18 11:32:36 2005 So something's not quite right on your box. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 19 15:41:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: Installed - running........so far so good.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just released a new beta version 4.42.2. > > Please download as usual from www.mailscanner.info. > > The changes are: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate > from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ > bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 15:27:04 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi Sambamoorthy wrote: > In the attached html file I see some content as ^ÓMailscanner has > detected possible fraud on ^Ô ^Ö What does that indicate? It indicates that MailScanner's phishing net thinks there is a fraud attempt. Phishing is using HTML tags that make a link appear like another site. This is probably a false positive, so you can add the e-mail to your phishing net whitelist. > > Can some one clarify? I have recd this as mail from CNET. I am getting > this message for the past two days. > > > > Regards, > > Devi S. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Thu May 19 15:41:02 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:41 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: Devi Sambamoorthy wrote: > > Hi, > > After 0.85.1 I think I am in safer side. But for the past two days I > didn't > > receive that virus (MyDoom) also! > > >What is the output of clamscan -V ? > > ClamAV 0.85/886/Wed May 18 16:02:36 2005 > > Regards > Devi S. >On our setup clamscan -V produces > ClamAV 0.85.1/886/Wed May 18 11:32:36 2005 >So something's not quite right on your box. Hi thanks for alerting - and sorry for the typo. I downloaded and installed 0.85 only. Regards, Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 15:30:20 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: ClamAV does not detect W32MyDoom? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devi Sambamoorthy wrote: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Ugo Bellavance > Sent: Thursday, May 19, 2005 7:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamAV does not detect W32MyDoom? > > Devi Sambamoorthy wrote: > >>Hi, >>After 0.85.1 I think I am in safer side. But for the past two days I > > didn't > >>receive that virus (MyDoom) also! > > >>What is the output of clamscan -V ? > > > ClamAV 0.85/886/Wed May 18 16:02:36 2005 Your virus defs seems to be up to date. But this is 0.85, not 0.85.1. Regards, > > Regards > Devi S. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Thu May 19 15:46:48 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:41 2006 Subject: Mailscanner has detected possible fraud Message-ID: Thanks for the flood of replies! I am yet read about MailScanner & its phishing features (I have an older version of Mailscanner MANUAL) and hence (might be) a dumbo question! Regards, Devi S. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Thursday, May 19, 2005 7:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner has detected possible fraud Devi Sambamoorthy wrote: > In the attached html file I see some content as "Mailscanner has > detected possible fraud on " - What does that indicate? It indicates that MailScanner's phishing net thinks there is a fraud attempt. Phishing is using HTML tags that make a link appear like another site. This is probably a false positive, so you can add the e-mail to your phishing net whitelist. > > Can some one clarify? I have recd this as mail from CNET. I am getting > this message for the past two days. > > > > Regards, > > Devi S. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu May 19 15:55:28 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:41 2006 Subject: Machine slow Message-ID: I have the MailScanner book :) Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Thursday, May 19, 2005 3:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Machine slow > > Julian Field wrote: > > On 18 May 2005, at 15:48, Steen, Glenn wrote: > > > >> Billy A. Pumphrey wrote: > >> > >>> Quick verification on load average if I may. > >>> > >>> I do not understand how those numbers work. They appear not to be > >>> percent usage. > >>> > >>> How do the load average numbers work? > >>> On my mailwatch, my usually is around .60-1.4 > >>> > >>> Billy Pumphrey > >>> IT Manager > >>> Wooden & McLaughlin > >>> > >>> > >> (snip) > >> > >> The "load factors" are perhaps the most abused "performance > >> statistics" around... They're just the CPU run queue size (+ running > >> jobs) averages calculated for 1, 5 and 15 minutes. Nice to know and > >> a quick indicator, but nothing else. > >> > >> For example: on a one CPU system a load of 2 might be less than > >> desirable, while on a system with 4 CPUs it shows two CPUs idling > >> away... So one needs weigh the system as a whole when determining if > >> a certain > >> load is > >> fine or not. > > > > It's not as simple as that. Jobs can be in the run queue if they are > > waiting for disk or network response. So if you have 10 processes all > > waiting to do DNS lookup, for example, then you will have a load > > greater than 10, but totally idle CPU(s). > > > > This is why a busy MailScanner having a load of up to about 15 is > > nothing to worry about. It merely means there are 15 processes > > waiting for any of > > (a) CPU time > > (b) network response > > (c) disk i/o. > > And that is a very simple view of it. > > > > When the figure is over 1, it really doesn't tell you very much of > > any use at all. And all it tells you when it is less than 1 is that > > there is some time when your system is not doing anything. > > It was just an example Julian. To be more precise the "unconditional 1" > is added per process in state D (non-interruptible wait state) which > _usually_ means some form of IO wait, but can be other things... As > you already know, of course:-). > > Sole purpose of the example was to make Billy go buy not only your > MS book, but also the (in my view) excellent swordfish book too. > It's a friend to bring to the WC, trainride and nightstand....:-):-) > Your (as usual) excellent explanation should bring the point over. > > Cheers > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu May 19 16:11:44 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: Seems like you spend a lot of time on MailScanner, and not just now but for however long you have wrote MailScanner. Thank you for doing this. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Thursday, May 19, 2005 9:25 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Beta release 4.42.2 > > I have just released a new beta version 4.42.2. > > Please download as usual from www.mailscanner.info. > > The changes are: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate > from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ > bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 16:33:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: "A lot of time" is probably an understatement :-) I have worked on it for an average of 350 days out of each of the past 5 years. :-) On 19 May 2005, at 16:11, Billy A. Pumphrey wrote: > Seems like you spend a lot of time on MailScanner, and not just now > but > for however long you have wrote MailScanner. > > Thank you for doing this. > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: Thursday, May 19, 2005 9:25 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Beta release 4.42.2 >> >> I have just released a new beta version 4.42.2. >> >> Please download as usual from www.mailscanner.info. >> >> The changes are: >> >> * New Features and Improvements * >> - Now automatically detects and warns if the "Incoming Work >> Directory" >> setting contains any links. It also corrects the path (but not in >> > the > >> MailScanner.conf file) and continues to work properly. >> - Added support for Sophos 3.93.2. You must use the sophos-autoupdate >> from >> this version if you want Sophos to work (both the sophos and >> sophossavi >> scanner settings). >> - Tar and RPM distribution installation scripts now look for gtar if >> > GNU > >> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >> bin/perl >> point to the same place. >> - SophosSAVI errors are detected as if they were viruses, and are not >> ignored. >> - Panda support completely reimplemented a lot better by Rick Cooper. >> >> * Fixes* >> - Fixed problem that could cause harmless header files to be left in >> > the > >> temporary working directories when using Postfix. >> - Fixed problem where attachment size checks were made on the >> contents of >> zip files and not just the zip files themselves. >> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >> > occasionally. > >> - No longer import missing whine method from MIME-tools. >> - Fixed problems with incomplete reporting of viruses in zip files. >> - Fixed problem with "Delete" MCP action not being logged in syslog. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu May 19 16:36:08 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For some reason I just can't figure this out. We have our default filename blocking rules config, and want to allow ONE user to get .exe's, which NOBODY else gets. This part I can figure out. But we also want the default blocking rules to apply to that user as well. So my question is, can I have an 'exceptions' rule for that user, which only contains the one line allowing exe's, and then somehow also have the default blocking rules ALSO get hit as a second rule? OR, for this one user, do I basically have to have their own ENTIRE ruleset, which will essentially will replicate our default ruleset, with the exception of allowing one filename? Hopefully its not another replication of rulesets. If we have 10 users with exceptions...then we would have 11 rulesets (11users + one default). And if we decide we want to add an extension to the block list..we would then have to edit all 11 files. Or am I waaay off base here? thx! Matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 16:41:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: But fortunately I have a real job too, to (a) keep me (relatively) sane and (b) pay the bills... Some of you may well argue over (a) :-) On 19 May 2005, at 16:33, Julian Field wrote: > "A lot of time" is probably an understatement :-) > I have worked on it for an average of 350 days out of each of the > past 5 years. > > :-) > > On 19 May 2005, at 16:11, Billy A. Pumphrey wrote: > > >> Seems like you spend a lot of time on MailScanner, and not just now >> but >> for however long you have wrote MailScanner. >> >> Thank you for doing this. >> >> Billy Pumphrey >> IT Manager >> Wooden & McLaughlin >> >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Julian Field >>> Sent: Thursday, May 19, 2005 9:25 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Beta release 4.42.2 >>> >>> I have just released a new beta version 4.42.2. >>> >>> Please download as usual from www.mailscanner.info. >>> >>> The changes are: >>> >>> * New Features and Improvements * >>> - Now automatically detects and warns if the "Incoming Work >>> Directory" >>> setting contains any links. It also corrects the path (but not in >>> >>> >> the >> >> >>> MailScanner.conf file) and continues to work properly. >>> - Added support for Sophos 3.93.2. You must use the sophos- >>> autoupdate >>> from >>> this version if you want Sophos to work (both the sophos and >>> sophossavi >>> scanner settings). >>> - Tar and RPM distribution installation scripts now look for gtar if >>> >>> >> GNU >> >> >>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >>> bin/perl >>> point to the same place. >>> - SophosSAVI errors are detected as if they were viruses, and are >>> not >>> ignored. >>> - Panda support completely reimplemented a lot better by Rick >>> Cooper. >>> >>> * Fixes* >>> - Fixed problem that could cause harmless header files to be left in >>> >>> >> the >> >> >>> temporary working directories when using Postfix. >>> - Fixed problem where attachment size checks were made on the >>> contents of >>> zip files and not just the zip files themselves. >>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>> >>> >> occasionally. >> >> >>> - No longer import missing whine method from MIME-tools. >>> - Fixed problems with incomplete reporting of viruses in zip files. >>> - Fixed problem with "Delete" MCP action not being logged in syslog. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu May 19 16:37:59 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] installed and running - Looks good here. Using Postfix and the tarball "other linux" install Brad >>> Julian Field 5/19/2005 9:25 AM >>> I have just released a new beta version 4.42.2. Please download as usual from www.mailscanner.info. The changes are: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/ bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu May 19 16:57:54 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:41 2006 Subject: Beta release 4.42.2 Message-ID: I suppose that relying on free software would not be a steady source of income. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Brad Beckenhauer > Sent: Thursday, May 19, 2005 10:38 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.42.2 > > installed and running - Looks good here. > > Using Postfix and the tarball "other linux" install > > Brad > > >>> Julian Field 5/19/2005 9:25 AM >>> > I have just released a new beta version 4.42.2. > > Please download as usual from www.mailscanner.info. > > The changes are: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate > from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ > bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Thu May 19 17:08:36 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:29:41 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -some headers kept for reminder purposes- >>>>>>>>>> We have two mail servers running on Solaris 9 Sparc. Sendmail >>>>>>>>>> 8.12.10 >>>>>>>>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. >>>>>>>>>> Earlier >>>>>>>>>> today, one of our large mailing lists got hit a couple of times >>>>>>>>>> and >>>>>>>>>> the servers got a bit busy. However, something went wrong and >>>>>>>>>> /tmp >>>>>>>>>> filled up with >>>>>>>>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands >>>>>>>>>> were >>>>>>>>>> created in a short time, running /tmp out of i-nodes and thus >>>>>>>>>> effectively stopping MailScanner. >>>>>>>>>> >>>>>>>>>> Killing MailScanner, cleaning /tmp and restarting would then >>>>>>>>>> reproduce >>>>>>>>>> the problem again soon after. I truss'd the output of a few of >>>>>>>>>> the >>>>>>>>>> MailScanner processes that were going bad and all they were >>>>>>>>>> doing >>>>>>>>>> was >>>>>>>>>> trying to open new files in /tmp. >>>>>>>>> >>>>>>>>> We have further discovered that this problem definitely only >>>>>>>>> occurs >>>>>>>>> when >>>>>>>>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin >>>>>>>>> and >>>>>>>>> there are zero problems. So, being relatively unknowledgable >>>>>>>>> about >>>>>>>>> MailScanner, the question that comes up is what is creating these >>>>>>>>> temporary files? It is either SpamAssassin itself or >>>>>>>>> something in >>>>>>>>> MailScanner that gets switched on when you tell it to use >>>>>>>>> SpamAssassin. >>>>>>>>> >>>>>>>>> Can anybody offer any guidance on whether MailScanner itself >>>>>>>>> creates >>>>>>>>> these files? >>>>>>>> Just to prove that I do (eventually) update when I say i'm going to...... I am now happy to say that this problem has been fixed. The solution was an updated Perl. 5.6.1 should have been fine but wasn't. 5.8.6 is. Much relief. Cheers for all suggestions Ade ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 16:59:20 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > For some reason I just can't figure this out. We have our default > filename blocking rules config, and want to allow ONE user to get > .exe's, which NOBODY else gets. This part I can figure out. But we > also want the default blocking rules to apply to that user as well. > > So my question is, can I have an 'exceptions' rule for that user, which > only contains the one line allowing exe's, and then somehow also have > the default blocking rules ALSO get hit as a second rule? OR, for this > one user, do I basically have to have their own ENTIRE ruleset, which > will essentially will replicate our default ruleset, with the exception > of allowing one filename? Yes, there is nothing like exceptions in MailScanner right now. > > Hopefully its not another replication of rulesets. If we have 10 users > with exceptions...then we would have 11 rulesets (11users + one > default). And if we decide we want to add an extension to the block > list..we would then have to edit all 11 files. > > Or am I waaay off base here? > > thx! > Matt > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu May 19 17:27:59 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:41 2006 Subject: The German Spam Message-ID: I don't think that I missed any German spam converstations. I did turn on MCP to try and help it get them. What is everyone doing to try and get the German Spam? My server looks like it is getting a nice bit of them, but users are still getting them. A user reported about 10 a week. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 17:24:12 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler said: > For some reason I just can't figure this out. We have our default > filename blocking rules config, and want to allow ONE user to get > .exe's, which NOBODY else gets. This part I can figure out. But we > also want the default blocking rules to apply to that user as well. > > So my question is, can I have an 'exceptions' rule for that user, which > only contains the one line allowing exe's, and then somehow also have > the default blocking rules ALSO get hit as a second rule? OR, for this > one user, do I basically have to have their own ENTIRE ruleset, which > will essentially will replicate our default ruleset, with the exception > of allowing one filename? Well providing you don't mind this user being able to receive _all_ .exe files then all you have to do is copy the filenames.conf to another file, e.g. exeption_user.filenames.conf then make a rule set like: To: @domain.com exeption_user.filenames.conf ToOrFrom: default filename.conf and enter this rule set in the suitable place in MailScanner.conf Obviously this change won't affect AV scanning nut may leave that user potentially exposed in the time between new viruses and definition updates. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Thu May 19 17:35:37 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:41 2006 Subject: Turning all rules off Message-ID: Ugo Bellavance wrote: > Then add Filetype Rules = and Filename Rules = to this list. Ok, you can turn it off when you set all the options to a ruleset and set that ruleset to not scan this domain. But can we do/make this more simple? Just one option to turn all scanning off? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 19 17:31:35 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:41 2006 Subject: SpamAssassin still isn't upgraded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Remco Barendse wrote: > >>>>>> I recently did a complete new install of CentOS 4 and SA 3.02 >>>>>> >>>>>> I tried using the MS tarball to upgrade to SpamAss 3.03 but again >>>>>> the script >>>>>> reports I already have 3.03 installed whereas MailScanner -v really >>>>>> shows that >>>>>> 3.02 is installed. >>>>>> >>>>>> Any ideas why this problem keeps coming up? >>> >>> >>> >>> I had this problem with the script also, I just broke out the tar for >>> Spamassassin and installed it. >>> My script skills are not good enough to debug this. >>> For some reason the script doesn't get the proper version, and only on >>> spamassassin. >>> Maybe the script could just parse the output of spamassassin --version? >>> Or just force the install like ClamAV is. >> >> >> >> >> Thanks for the reply, I was starting to think the problem was with >> me (guess it still is) :) >> >> How do you force the install of SA? > > > A simple way would be : > > perl -MCPAN -e 'install Mail::SpamAssassin' > > or download the tarball and install it. > >> >> Cheers! >> Remco >> > If you already have the tarball install from Julian, the source is already in your possession. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu May 19 17:55:32 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:29:41 2006 Subject: The German Spam Message-ID: Attached are two spamassassin .cf files which will get them (and the bounces). And this will catch the originals too: header __SOBER_P_MSGID Message-ID =~ /<[0-9a-f\.]{15,22}\@/ header __SOBER_P_CTYPE Content-Type =~ /text\/plain.*charset=\"us-ascii\"/ header __SOBER_P_PRIO X-Priority =~ /^3 / header __SOBER_P_IMP Importance =~ /^Normal/ meta SOBER_P_SPAM (__SOBER_P_MSGID && __SOBER_P_CTYPE && __SOBER_P_PRIO && __SOBER_P_IMP ) score SOBER_P_SPAM 18.0 describe SOBER_P_SPAM Rassistische Mail Sober-P Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Billy A. Pumphrey > Sent: 19 May 2005 17:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: The German Spam > > I don't think that I missed any German spam converstations. > I did turn on MCP to try and help it get them. > > What is everyone doing to try and get the German Spam? My > server looks like it is getting a nice bit of them, but users > are still getting them. > A user reported about 10 a week. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "german.cf") 6.5KB. ] [ Unable to print this part. ] [ Part 3, Application/OCTET-STREAM (Name: "german_bounce.cf") 7.6KB. ] [ Unable to print this part. ] From newsgroup2 at SPACELINK.COM.AU Thu May 19 18:04:12 2005 From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark) Date: Thu Jan 12 21:29:41 2006 Subject: german.cf Message-ID: Hi all I put the file german.cf in /etc/mail/spamassassin Restarted MailScanner Sent a test email to myself with "Gegen das Vergessen" in the subject And it made it through I thought the lines below in german.cf shoulda stopped it??? -------------------------------------------------------------- # 01 Subject: Gegen das Vergessen header PROLO_GSPAM01 Subject =~ /Gegen das Vergessen/i score PROLO_GSPAM01 8 describe PROLO_GSPAM01 German Spam from Sober virus --------------------------------------------------------------- Kind Regards Stuart Clark Director Spacelink Communications Pty Ltd Ph. 98570800 Fx. 98597577 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu May 19 18:30:55 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can always just whitelist mail sent to those users on the gateway box. -Vlad ExchangeDefender.com reef wrote: >Any suggestions how I could have all users have their mail filtered by AV >software, but not have any spam filtering done on them?? I am filtering mail >and then forwarding on to an exchange server.. I would like to give users >the choice of having their mail filtered or not. THANKS!! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From reefro at GMAIL.COM Thu May 19 18:16:49 2005 From: reefro at GMAIL.COM (reef) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: Any suggestions how I could have all users have their mail filtered by AV software, but not have any spam filtering done on them?? I am filtering mail and then forwarding on to an exchange server.. I would like to give users the choice of having their mail filtered or not. THANKS!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at ADCATANZARO.COM Thu May 19 18:32:48 2005 From: derek at ADCATANZARO.COM (Derek Catanzaro) Date: Thu Jan 12 21:29:41 2006 Subject: Performance Issues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you running a local caching name server either on your MX boxes or somewhere on your LAN that the MX boxes can do nslookups to? I had a similar issue, my /var/spool/mqueue.in would get backed up to anywhere from 1 to 2 thousand messages. After implementing the local caching name server I have been good to go for the whole week so far. Also, use Ugo's suggestions. Anakin SkyWalker wrote: >I'm running MailScanner in my Exim based MX with 20K+ >boxes. Since sunday, my mail queue doesn't get lower >than 12K without human interference. >Anyone having same problems lately? > >Machine: >PIV HT 2.8GHz, 1GB RAM > >Versions I use: >Fedora Core 3 > >2.6.11-1.14_FC3smp >Exim 4.50 (compiled) >Clamav 0.85.1 (compiled) >perl-5.8.5-12.FC3 >mailscanner-4.41.3-1 (rpm based) > >I have 5 mailscanner children running. >I upgraded MailScanner monday. Same behaviour. > >I appreciate any tips. >Thanks. > > > > >__________________________________ >Do you Yahoo!? >Yahoo! Mail - You care about security. So do we. >http://promotions.yahoo.com/new_mail > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 18:36:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Matt Kehler wrote: > >> For some reason I just can't figure this out. We have our default >> filename blocking rules config, and want to allow ONE user to get >> .exe's, which NOBODY else gets. This part I can figure out. But we >> also want the default blocking rules to apply to that user as well. >> >> So my question is, can I have an 'exceptions' rule for that user, which >> only contains the one line allowing exe's, and then somehow also have >> the default blocking rules ALSO get hit as a second rule? OR, for this >> one user, do I basically have to have their own ENTIRE ruleset, which >> will essentially will replicate our default ruleset, with the exception >> of allowing one filename? > > > Yes, there is nothing like exceptions in MailScanner right now. Yes there is! Drew's response tells you how. It's what rulesets are for. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu May 19 18:25:11 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:41 2006 Subject: german.cf Message-ID: You don't have your address or domain whitelisted do you? Sean Stuart Clark wrote: >Hi all > >I put the file german.cf in /etc/mail/spamassassin >Restarted MailScanner >Sent a test email to myself with "Gegen das Vergessen" in the subject > >And it made it through > > >I thought the lines below in german.cf shoulda stopped it??? > >-------------------------------------------------------------- ># 01 Subject: Gegen das Vergessen >header PROLO_GSPAM01 Subject =~ /Gegen das Vergessen/i >score PROLO_GSPAM01 8 >describe PROLO_GSPAM01 German Spam from Sober virus >--------------------------------------------------------------- >Kind Regards > >Stuart Clark >Director >Spacelink Communications Pty Ltd >Ph. 98570800 Fx. 98597577 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 18:39:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: german.cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you have your SpamAssassin score threshold set to a useful value, which these rules trigger (with a score of +8) and a spam action set to delete them? The rules themselves are the major part of the solution, but you have to tell your system to do something useful with the result. Stuart Clark wrote: >Hi all > >I put the file german.cf in /etc/mail/spamassassin >Restarted MailScanner >Sent a test email to myself with "Gegen das Vergessen" in the subject > >And it made it through > > >I thought the lines below in german.cf shoulda stopped it??? > >-------------------------------------------------------------- ># 01 Subject: Gegen das Vergessen >header PROLO_GSPAM01 Subject =~ /Gegen das Vergessen/i >score PROLO_GSPAM01 8 >describe PROLO_GSPAM01 German Spam from Sober virus >--------------------------------------------------------------- > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu May 19 18:37:55 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Virus Scanners = < list your scanners here> Spam Checks = No >>> reef 5/19/2005 12:16 PM >>> Any suggestions how I could have all users have their mail filtered by AV software, but not have any spam filtering done on them?? I am filtering mail and then forwarding on to an exchange server.. I would like to give users the choice of having their mail filtered or not. THANKS!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 18:40:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read up on rulesets. This is covered in a) the book b) the MAQ c) the FAQ d) the Wiki (wiki.mailscanner.info) e) the archives of this list f) /etc/MailScanner/rules You will find tutorials and/or examples of rulesets in all of those places. reef wrote: >Any suggestions how I could have all users have their mail filtered by AV >software, but not have any spam filtering done on them?? I am filtering mail >and then forwarding on to an exchange server.. I would like to give users >the choice of having their mail filtered or not. THANKS!! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu May 19 18:45:07 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drews response basically means that your filenames.conf is duplicated, with a one line modification for the exe's, is it not? I was looking for an actual EXCEPTION, where I basically say " let BobUser receive all files listed FILE1, and after that, use the rules as per FILE2'. And everyone else, just use FILE2 What Drews says to me is that you can't really do a true exception...its more like "copy FILE2 that everyone uses to FILE1, change one line for exe's in FILE1, and then give BobUser FILE1. So Bobuser would never actually process the file2 rules.. So its not really an exception then. Its just an entirely separate ruleset, that happens to only have a one line difference... Or am I missing the boat again? Matt >>> MailScanner@ECS.SOTON.AC.UK 5/19/2005 12:36 PM >>> Ugo Bellavance wrote: > Matt Kehler wrote: > >> For some reason I just can't figure this out. We have our default >> filename blocking rules config, and want to allow ONE user to get >> .exe's, which NOBODY else gets. This part I can figure out. But we >> also want the default blocking rules to apply to that user as well. >> >> So my question is, can I have an 'exceptions' rule for that user, which >> only contains the one line allowing exe's, and then somehow also have >> the default blocking rules ALSO get hit as a second rule? OR, for this >> one user, do I basically have to have their own ENTIRE ruleset, which >> will essentially will replicate our default ruleset, with the exception >> of allowing one filename? > > > Yes, there is nothing like exceptions in MailScanner right now. Yes there is! Drew's response tells you how. It's what rulesets are for. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu May 19 19:01:29 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Matt Kehler Sent: Thursday, May 19, 2005 12:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: rules help Drews response basically means that your filenames.conf is duplicated, with a one line modification for the exe's, is it not? I was looking for an actual EXCEPTION, where I basically say " let BobUser receive all files listed FILE1, and after that, use the rules as per FILE2'. And everyone else, just use FILE2 What Drews says to me is that you can't really do a true exception...its more like "copy FILE2 that everyone uses to FILE1, change one line for exe's in FILE1, and then give BobUser FILE1. So Bobuser would never actually process the file2 rules.. So its not really an exception then. Its just an entirely separate ruleset, that happens to only have a one line difference... Or am I missing the boat again? Matt [Rick Cooper] Nope, you just on the semtantecs boat. It's an exception that says let everyone use rules in File1 EXCEPT BobUser who uses rules in File2 (and JoeUser who uses File3, etc) Rules are processed top down so each rule other than DefaultToOrFrom is an exception to the norm (default) What you are saying is use one filename/type rule file and have the rule point to a rules file like Deny \.exe$ Exe's are bad Exe's are Bad %rules-dir%/filenameuserrules.rule where filenameuserrules.rule would look like: To: bobuser@mydomain.com no DefaultToOrFrom: yes I think that would further complicate things, not to mention require quite a rewrite most likely... interesting concept, however. Rick >>> MailScanner@ECS.SOTON.AC.UK 5/19/2005 12:36 PM >>> Ugo Bellavance wrote: > Matt Kehler wrote: > >> For some reason I just can't figure this out. We have our default >> filename blocking rules config, and want to allow ONE user to get >> .exe's, which NOBODY else gets. This part I can figure out. But we >> also want the default blocking rules to apply to that user as well. >> >> So my question is, can I have an 'exceptions' rule for that user, which >> only contains the one line allowing exe's, and then somehow also have >> the default blocking rules ALSO get hit as a second rule? OR, for this >> one user, do I basically have to have their own ENTIRE ruleset, which >> will essentially will replicate our default ruleset, with the exception >> of allowing one filename? > > > Yes, there is nothing like exceptions in MailScanner right now. Yes there is! Drew's response tells you how. It's what rulesets are for. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 19 19:08:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The "Filename Rules" and "Filetype Rules" are "all matches" settings. So in this example: To: user@domain.com filename.allowexe.conf To *@domain.com filename.normal.conf FromOrTo: default filename.rules.conf If a message arrives addressed to user@domain.com, the rules applied are all those in filename.allowexe.conf followed by filename.normal.conf. If a message arrives addressed to any-other-user@domain.com, the rules applied are all those in filename.normal.conf. Mail from or to anywhere else has the filename.rules.conf applied. So you can have filename.allowexe.conf contain a single line allow \.exe$ - - and use the normal rules for filename.normal.conf. The rulesets are strung together in the order they are specified in the ruleset (as in the example above). The "default" rules are only applied when no other rule in the ruleset matches the email message. I hope that clears it up a bit. If you agree that the above does indeed do what you want, please can you add this to the wiki (wiki.mailscanner.info) so other people can easily find it. Oh, and exactly the same above applies to the "Filetype Rules" as well. Matt Kehler wrote: > Drews response basically means that your filenames.conf is duplicated, > with a one line modification for the exe's, is it not? > > I was looking for an actual EXCEPTION, where I basically say " let > BobUser receive all files listed FILE1, and after that, use the rules > as per FILE2'. And everyone else, just use FILE2 > > What Drews says to me is that you can't really do a true > exception...its more like "copy FILE2 that everyone uses to FILE1, > change one line for exe's in FILE1, and then give BobUser FILE1. > > So Bobuser would never actually process the file2 rules.. So its not > really an exception then. Its just an entirely separate ruleset, that > happens to only have a one line difference... > > Or am I missing the boat again? > > Matt > > >>> MailScanner@ECS.SOTON.AC.UK 5/19/2005 12:36 PM >>> > Ugo Bellavance wrote: > > > Matt Kehler wrote: > > > >> For some reason I just can't figure this out. We have our default > >> filename blocking rules config, and want to allow ONE user to get > >> .exe's, which NOBODY else gets. This part I can figure out. But we > >> also want the default blocking rules to apply to that user as well. > >> > >> So my question is, can I have an 'exceptions' rule for that user, which > >> only contains the one line allowing exe's, and then somehow also have > >> the default blocking rules ALSO get hit as a second rule? OR, for this > >> one user, do I basically have to have their own ENTIRE ruleset, which > >> will essentially will replicate our default ruleset, with the exception > >> of allowing one filename? > > > > > > Yes, there is nothing like exceptions in MailScanner right now. > > Yes there is! > Drew's response tells you how. It's what rulesets are for. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu May 19 19:12:42 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Excellent, NOW its perfectly clear! And yes, that will do just what I want (being not having to duplicate my huge filename/type.conf files. thankyou! Matt >>> MailScanner@ECS.SOTON.AC.UK 5/19/2005 1:08 PM >>> The "Filename Rules" and "Filetype Rules" are "all matches" settings. So in this example: To: user@domain.com filename.allowexe.conf To *@domain.com filename.normal.conf FromOrTo: default filename.rules.conf If a message arrives addressed to user@domain.com, the rules applied are all those in filename.allowexe.conf followed by filename.normal.conf. If a message arrives addressed to any-other-user@domain.com, the rules applied are all those in filename.normal.conf. Mail from or to anywhere else has the filename.rules.conf applied. So you can have filename.allowexe.conf contain a single line allow \.exe$ - - and use the normal rules for filename.normal.conf. The rulesets are strung together in the order they are specified in the ruleset (as in the example above). The "default" rules are only applied when no other rule in the ruleset matches the email message. I hope that clears it up a bit. If you agree that the above does indeed do what you want, please can you add this to the wiki (wiki.mailscanner.info) so other people can easily find it. Oh, and exactly the same above applies to the "Filetype Rules" as well. Matt Kehler wrote: > Drews response basically means that your filenames.conf is duplicated, > with a one line modification for the exe's, is it not? > > I was looking for an actual EXCEPTION, where I basically say " let > BobUser receive all files listed FILE1, and after that, use the rules > as per FILE2'. And everyone else, just use FILE2 > > What Drews says to me is that you can't really do a true > exception...its more like "copy FILE2 that everyone uses to FILE1, > change one line for exe's in FILE1, and then give BobUser FILE1. > > So Bobuser would never actually process the file2 rules.. So its not > really an exception then. Its just an entirely separate ruleset, that > happens to only have a one line difference... > > Or am I missing the boat again? > > Matt > > >>> MailScanner@ECS.SOTON.AC.UK 5/19/2005 12:36 PM >>> > Ugo Bellavance wrote: > > > Matt Kehler wrote: > > > >> For some reason I just can't figure this out. We have our default > >> filename blocking rules config, and want to allow ONE user to get > >> .exe's, which NOBODY else gets. This part I can figure out. But we > >> also want the default blocking rules to apply to that user as well. > >> > >> So my question is, can I have an 'exceptions' rule for that user, which > >> only contains the one line allowing exe's, and then somehow also have > >> the default blocking rules ALSO get hit as a second rule? OR, for this > >> one user, do I basically have to have their own ENTIRE ruleset, which > >> will essentially will replicate our default ruleset, with the exception > >> of allowing one filename? > > > > > > Yes, there is nothing like exceptions in MailScanner right now. > > Yes there is! > Drew's response tells you how. It's what rulesets are for. > > -- > Julian Field ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From reefro at GMAIL.COM Thu May 19 19:09:32 2005 From: reefro at GMAIL.COM (reef) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: Well, I have tried using 'all_spam_to', which gives a -100 points to the message... but I am still having it marked as spam, as below: pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_ALL_SPAM_TO User is listed in 'all_spam_to' 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_NONELEMENT_00_10 BODY: 0% to 10% of HTML elements are non-standard 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 2.3 AWL AWL: From: address is in the auto white-list I'd like for the message to just not be processed by the spam filters at all.. Or at least not be marked as spam! It doesn't make sense that something with a score of -96 got marked as spam still.. hrmmm also a side note - what is different when I see reports that have 'Content preview' , and 'Content analysis details (X points, X required)' .. and start out saying 'Spam detection software, running on the system'. Whereas mine starts out saying 'Our MailScanner believes that the attachment to this message sent to you' etc.And doesn't have a content preview nor show how many points total there are... THANKS AGAIN!!! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Vlad Mazek Sent: Thursday, May 19, 2005 10:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: can I do virus filtering but not spam filtering - by user?? You can always just whitelist mail sent to those users on the gateway box. -Vlad ExchangeDefender.com reef wrote: >Any suggestions how I could have all users have their mail filtered by >AV software, but not have any spam filtering done on them?? I am >filtering mail and then forwarding on to an exchange server.. I would >like to give users the choice of having their mail filtered or not. THANKS!! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 19:24:01 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] reef wrote: > > >I'd like for the message to just not be processed by the spam filters at >all.. Or at least not be marked as spam! It doesn't make sense that >something with a score of -96 got marked as spam still.. hrmmm > > Check MailScanner.conf, do you have RBL's listed under the Spam section? If so your mail is being triggered from there. Take them out. Better option is to make a ruleset against the option Spam Checks and exclude the users you don't want scanned and leave those who do (Or which ever way round your exceptions are). >also a side note - what is different when I see reports that have 'Content >preview' , and 'Content analysis details (X points, X required)' .. and >start out saying 'Spam detection software, running on the system'. Whereas >mine starts out saying 'Our MailScanner believes that the attachment to this >message sent to you' etc.And doesn't have a content preview nor show how >many points total there are... THANKS AGAIN!!! > You will have to show me some examples. My brain is being a bit ZX84 like at the moment... :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu May 19 19:46:54 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > reef wrote: > >> >> >> I'd like for the message to just not be processed by the spam filters at >> all.. Or at least not be marked as spam! It doesn't make sense that >> something with a score of -96 got marked as spam still.. hrmmm >> >> > Check MailScanner.conf, do you have RBL's listed under the Spam section? > If so your mail is being triggered from there. Take them out. Better > option is to make a ruleset against the option Spam Checks and exclude > the users you don't want scanned and leave those who do (Or which ever > way round your exceptions are). > >> also a side note - what is different when I see reports that have >> 'Content >> preview' , and 'Content analysis details (X points, X required)' .. and >> start out saying 'Spam detection software, running on the system'. >> Whereas >> mine starts out saying 'Our MailScanner believes that the attachment >> to this >> message sent to you' etc.And doesn't have a content preview nor show how >> many points total there are... THANKS AGAIN!!! >> > You will have to show me some examples. My brain is being a bit ZX84 > like at the moment... :-) > Don't you mean ZX81? As in Sinclair? > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 19:51:28 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman wrote: >> You will have to show me some examples. My brain is being a bit ZX84 >> like at the moment... :-) >> > Don't you mean ZX81? As in Sinclair? Yup :-[ . Told you so... -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 19:54:36 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: Turning all rules off Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul van Brouwershaven wrote: > Ugo Bellavance wrote: > > Then add Filetype Rules = and Filename Rules = to this list. > > Ok, you can turn it off when you set all the options to a ruleset and set > that ruleset to not scan this domain. > > But can we do/make this more simple? > > Just one option to turn all scanning off? > Probably, but... I'm curious... why make it go through your MailScanner server if it is to not scan it? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 19:45:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > Drews response basically means that your filenames.conf is duplicated, > with a one line modification for the exe's, is it not? > > I was looking for an actual EXCEPTION, where I basically say " let > BobUser receive all files listed FILE1, and after that, use the rules as > per FILE2'. And everyone else, just use FILE2 > > What Drews says to me is that you can't really do a true exception...its > more like "copy FILE2 that everyone uses to FILE1, change one line for > exe's in FILE1, and then give BobUser FILE1. > > So Bobuser would never actually process the file2 rules.. So its not > really an exception then. Its just an entirely separate ruleset, that > happens to only have a one line difference... > > Or am I missing the boat again? > > Matt I understand what you mean and that is why I told you it wasn't possible to have an exception. But how would you implement that? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 19 19:52:48 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The "Filename Rules" and "Filetype Rules" are "all matches" settings. > So in this example: > > To: user@domain.com filename.allowexe.conf > To *@domain.com filename.normal.conf > FromOrTo: default filename.rules.conf > > If a message arrives addressed to user@domain.com, the rules applied are > all those in filename.allowexe.conf followed by filename.normal.conf. > > If a message arrives addressed to any-other-user@domain.com, the rules > applied are all those in filename.normal.conf. > > Mail from or to anywhere else has the filename.rules.conf applied. > > So you can have filename.allowexe.conf contain a single line > allow \.exe$ - - > and use the normal rules for filename.normal.conf. > > The rulesets are strung together in the order they are specified in the > ruleset (as in the example above). > The "default" rules are only applied when no other rule in the ruleset > matches the email message. > > I hope that clears it up a bit. > If you agree that the above does indeed do what you want, please can you > add this to the wiki (wiki.mailscanner.info) so other people can easily > find it. > > Oh, and exactly the same above applies to the "Filetype Rules" as well. Pretty nice, but this assumes that the default also fits his needs (in this case, I think it is ok). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 19 20:16:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Alex Neuman wrote: > >>> You will have to show me some examples. My brain is being a bit ZX84 >>> like at the moment... :-) >>> >> Don't you mean ZX81? As in Sinclair? > > > Yup :-[ . Told you so... > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > The ZX84 was the "business" version of the ZX81. Came after the Spectrum, but I don't know if any actually sold. http://www.worldofspectrum.org/hardware/featd.html -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 20:42:40 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:41 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: I understand what you mean and that is why I told you it wasn't possible to have an exception. But how would you implement that? True enough. However Julian must be an optimist as opposed to pessimist (The glass is half full not half empty!) :-) . As you know, the structure of rulesets works on what you want to happen as opposed to not want to happen, hence no exceptions. It's always 'if this criteria matches then do this' and 'if it doesn't do something else'. Never 'if the criteria matches don't do this'. I am not sure it's a weakness, it just means you have to turn any negative thoughts in to positive ones! ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 20:44:00 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:41 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: Drew Marshall wrote: Alex Neuman wrote: You will have to show me some examples. My brain is being a bit ZX84 like at the moment... :-) Don't you mean ZX81? As in Sinclair? Yup :-[ . Told you so... -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy The ZX84 was the "business" version of the ZX81. Came after the Spectrum, but I don't know if any actually sold. http://www.worldofspectrum.org/hardware/featd.html Sadly (Or maybe not, I'm not sure really ;-) ), I didn't know this when I (mis)typed the above... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trooster at INTERSTROOM.NL Thu May 19 20:44:45 2005 From: trooster at INTERSTROOM.NL (Joris Trooster / Interstroom) Date: Thu Jan 12 21:29:42 2006 Subject: Your own Real Time Blacklist (RBL) Message-ID: Hello, I just added an article to the mailscanner wiki about setting up your own real time blacklist (RBL). http://wiki.mailscanner.info/doku.php?id=rbl A Very Short Non-Tech Summary: If MailScanner detects a virus, the sender IP, virusname, headers etc. are inserted in a database. Every 5 minutes all non-whitelisted IP numbers from the last 24 hours are added to a real-time-blacklist dns. The mailserver is using this blacklist to reject mail from these IP numbers before they enter your server. Feel free to edit (English is not my native language) or to use for your own needs. The article is intented for mail administrators, it's not a step-by-step howto. Regards, Joris Met vriendelijke groet, Interstroom informatietechnologie b.v. ir. Joris J. Trooster =========== DISCLAIMER De informatie in dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n). Verstrekking aan en gebruik door anderen van deze informatie is niet toegestaan. Door de electronische verzending kunnen aan de inhoud van dit bericht geen rechten worden ontleend. De afzender aanvaardt onder geen enkel beding enige vorm van aansprakelijkheid voor eventuele onjuistheden in, of verkeerde uitleg van, de informatie. Evenmin aanvaardt afzender enige aansprakelijkheid voor de handelingen die de ontvanger verricht op basis van deze informatie. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu May 19 20:48:32 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:42 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just to clarify this, lets say that an exe gets sent to user@domain.com . the first line in filename.allowexe.conf will allow it to pass...but if exe's are set to deny in filename.normal.conf...then what? Is the exe already 'passed' at this point? Or will the last rule apply..which will be block exe's in filename.normal.conf? Sorry to ask again, but this part confuses me. I'm used to the world of firewalls, where in most cases, once you have a rule hit, processing STOPS at that point. But it seems as though MailScanner will keep processing through all the rules? Basically, in the below example, will solitaire.exe get through to user@domain.com?? thanks Matt >>> ugob@CAMO-ROUTE.COM 5/19/2005 1:52 PM >>> Julian Field wrote: > The "Filename Rules" and "Filetype Rules" are "all matches" settings. > So in this example: > > To: user@domain.com filename.allowexe.conf > To *@domain.com filename.normal.conf > FromOrTo: default filename.rules.conf > > If a message arrives addressed to user@domain.com, the rules applied are > all those in filename.allowexe.conf followed by filename.normal.conf. > > If a message arrives addressed to any-other-user@domain.com, the rules > applied are all those in filename.normal.conf. > > Mail from or to anywhere else has the filename.rules.conf applied. > > So you can have filename.allowexe.conf contain a single line > allow \.exe$ - - > and use the normal rules for filename.normal.conf. > > The rulesets are strung together in the order they are specified in the > ruleset (as in the example above). > The "default" rules are only applied when no other rule in the ruleset > matches the email message. > > I hope that clears it up a bit. > If you agree that the above does indeed do what you want, please can you > add this to the wiki (wiki.mailscanner.info) so other people can easily > find it. > > Oh, and exactly the same above applies to the "Filetype Rules" as well. Pretty nice, but this assumes that the default also fits his needs (in this case, I think it is ok). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 19 20:53:06 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:42 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: Just to clarify this, lets say that an exe gets sent to user@domain.com . the first line in filename.allowexe.conf will allow it to pass...but if exe's are set to deny in filename.normal.conf...then what? Is the exe already 'passed' at this point? Or will the last rule apply..which will be block exe's in filename.normal.conf? Sorry to ask again, but this part confuses me. I'm used to the world of firewalls, where in most cases, once you have a rule hit, processing STOPS at that point. But it seems as though MailScanner will keep processing through all the rules? No first match stops processing (Like Firewall rules) hence you need to list them in the order Julian gave you. It's only if there isn't a match will MailScanner continue into filename.normal.conf Basically, in the below example, will solitaire.exe get through to user@domain.com?? Yes! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at YAHOO.COM Thu May 19 20:53:33 2005 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:29:42 2006 Subject: Performance Issues Message-ID: RBLs working fine within Exim No SA extras, I had to stop SA scanning to increase the speed. Yes I have a caching name server running on. Lots of german stuff, yes! Human interference means: flush incoming connections, let mailscanner work all alone with the queue until its stable again. --- Martin Hepworth wrote: > Anakin (!) > > check the RBL's are behaving properly, are you > running any extra SA > rules and do you run a local cachine nameserver? > > Could the load increase be all these German spams > from sober.q, or is > the number of emails about the same? > > I guess by human interferance you mean restarting MS > os something???? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anakin SkyWalker wrote: > > I'm running MailScanner in my Exim based MX with > 20K+ > > boxes. Since sunday, my mail queue doesn't get > lower > > than 12K without human interference. > > Anyone having same problems lately? > > > > Machine: > > PIV HT 2.8GHz, 1GB RAM > > > > Versions I use: > > Fedora Core 3 > > > > 2.6.11-1.14_FC3smp > > Exim 4.50 (compiled) > > Clamav 0.85.1 (compiled) > > perl-5.8.5-12.FC3 > > mailscanner-4.41.3-1 (rpm based) > > > > I have 5 mailscanner children running. > > I upgraded MailScanner monday. Same behaviour. > > > > I appreciate any tips. > > Thanks. > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are > confidential and > intended solely for the use of the individual or > entity to whom they > are addressed. If you have received this email in > error please notify > the system manager. > > This footnote confirms that this email message has > been swept > for the presence of computer viruses and is believed > to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 19 23:41:52 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:42 2006 Subject: How to beat this? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ahve attached santized headers and email in a text file. I cant work out how to provide in any other format from bloody Outlook - grr Thanks you for your kind offer. Pete Martin Hepworth wrote: > Pete > > can you post the full email (headers and all) to somewhere i can pick it > up from. I'll run it over my system and see what rules hit.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Peter Russell wrote: > >> I have got heaps of these emails getting through now >> >> Anyone got any good tips to stop them? >> Pete >> >> >> >> "Thanks to your wonderful offfers on rnedicals, I can gget these >> lovvprice tablets. And your quick and professional services do bring me >> better convenience. I will tell others these superb advantages for >> eshopping. Thank >> you again. --Tina D. in LA " >> >> Peter Russell wrote: >> >>> We are getting quite a few sapms through. We have have bayes, dcc, >>> pyzor, razor, sa3.03, mailscanner latest and heaps of SAREs. >>> >>> Still this type of spam get through, can anyone recommend a ruleset or >>> something that will stop it? >>> >>> >>> We operate in this nevv business model. Our chemist-site provides an >>> interface between rnedical suppliers and individual customers. Customers >>> can or-der rneds at the bestprices. >>> Our professional logistic supports bring customers rnore conveniences. >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] Microsoft Mail Internet Headers Version 2.0 Received: from mail.x.edu ([10.2.2.10]) by mail.x.edu with Microsoft SMTPSVC(6.0.3790.211); Thu, 19 May 2005 11:20:00 +1000 Received: from car-x-sw2.x.edu ([128.250.x.x]) by mail.mbs.edu with Microsoft SMTPSVC(6.0.3790.211); Thu, 19 May 2005 11:20:00 +1000 Received: from smtp.x.com.au (smtp.x.biz [203.55.x.x]) by car-x-sw2.x.edu (Postfix) with ESMTP id 56901A411F for ; Thu, 19 May 2005 11:18:36 +1000 (EST) Received: from mail01.x.com.au ([203.55.x.x]) by smtp.x.com.au (Lotus Domino Release 5.0.13a) with ESMTP id 2005051911013792:27166 ; Thu, 19 May 2005 11:01:37 +1000 Received: from negotino.org.mk (unknown [222.64.193.218]) by mail01.x.com.au (Postfix) with SMTP id 1DF2077E66; Thu, 19 May 2005 11:18:12 +1000 (EST) Message-ID: Date: Thu, 19 May 2005 01:16:50 +0000 Reply-To: "clint hurter" From: "clint hurter" User-Agent: QUALCOMM Windows Eudora Version 6.0.0.22 X-Accept-Language: en-us MIME-Version: 1.0 To: "Andre Matthys" Subject: Rely on one reliable rneds supplier for betterddeals. X-x-MailScanner: Found to be clean, Found to be clean X-x-MailScanner-SpamScore: 4 X-MIMETrack: Itemize by SMTP Server on SMTP/MMBS(Release 5.0.13a |April 8, 2004) at 19/05/2005 11:01:37 AM, Serialize by Router on SMTP/MMBS(Release 5.0.13a |April 8, 2004) at 19/05/2005 11:01:49 AM, Serialize complete at 19/05/2005 11:01:49 AM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii" X-x-MailScanner-Information: Please contact the ISP for more information X-MailScanner-From: amberbilly@negotino.org.mk Return-Path: amberbilly@negotino.org.mk X-OriginalArrivalTime: 19 May 2005 01:20:00.0182 (UTC) FILETIME=[E045A560:01C55C10] Thanks to your wonderful offfers on rnedicals, I can gget these lovvprice tablets. And your quick and professional services do bring me better convenience. I will tell others these superb advantages for eshopping. Thank you again. --Tina D. in LA Your offfers on rnedis are absolutely super. All the rnedis are sold at the bestprices. With your quick and convenient handling and distribution services, I gget the or-der in a timely manner. -- Lydia D. in NY Our company provides customers all the top-selling rneds on pain, swelling, ereection dysfunction, highcholesterol, sleeping disorder, stress, musclerelaxant and man's care. http://fvor.slTw.lifeandmelody.com Review all the bestofffers on rnedicals at our chemist-site. Betsey, The appearance of the little si in The Fox and the Goat A FOX one day fell into a deep a ou that he has not given to uspoor mortals," s hurry. tting-room as they entered,was tr 1 'Don't do aid Emily to 13 that! Come, ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu May 19 23:49:06 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:42 2006 Subject: [Possible Spam] Re: How to beat this? Message-ID: Mine caught it as spam. See the scores below: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, May 19, 2005 5:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [Possible Spam] Re: How to beat this? Our MailScanner believes that the attachment to this message sent to you From: owner-mailscanner@jiscmail.ac.uk Subject: Re: How to beat this? is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.1 TW_VV BODY: Odd Letter Triples with VV -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: lifeandmelody.com] 4.0 URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html [URIs: lifeandmelody.com] 3.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: lifeandmelody.com] 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: lifeandmelody.com] -3.7 AWL AWL: From: address is in the auto white-list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 19 23:52:20 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:42 2006 Subject: Beta release 4.42.2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian why not add your amazon wishlist link to the bottom of each release announcement. Julian Field wrote: > But fortunately I have a real job too, to (a) keep me (relatively) > sane and (b) pay the bills... > > Some of you may well argue over (a) :-) > > On 19 May 2005, at 16:33, Julian Field wrote: > >> "A lot of time" is probably an understatement :-) >> I have worked on it for an average of 350 days out of each of the >> past 5 years. >> >> :-) >> >> On 19 May 2005, at 16:11, Billy A. Pumphrey wrote: >> >> >>> Seems like you spend a lot of time on MailScanner, and not just now >>> but >>> for however long you have wrote MailScanner. >>> >>> Thank you for doing this. >>> >>> Billy Pumphrey >>> IT Manager >>> Wooden & McLaughlin >>> >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: Thursday, May 19, 2005 9:25 AM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Beta release 4.42.2 >>>> >>>> I have just released a new beta version 4.42.2. >>>> >>>> Please download as usual from www.mailscanner.info. >>>> >>>> The changes are: >>>> >>>> * New Features and Improvements * >>>> - Now automatically detects and warns if the "Incoming Work >>>> Directory" >>>> setting contains any links. It also corrects the path (but not in >>>> >>>> >>> the >>> >>> >>>> MailScanner.conf file) and continues to work properly. >>>> - Added support for Sophos 3.93.2. You must use the sophos- >>>> autoupdate >>>> from >>>> this version if you want Sophos to work (both the sophos and >>>> sophossavi >>>> scanner settings). >>>> - Tar and RPM distribution installation scripts now look for gtar if >>>> >>>> >>> GNU >>> >>> >>>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >>>> bin/perl >>>> point to the same place. >>>> - SophosSAVI errors are detected as if they were viruses, and are >>>> not >>>> ignored. >>>> - Panda support completely reimplemented a lot better by Rick >>>> Cooper. >>>> >>>> * Fixes* >>>> - Fixed problem that could cause harmless header files to be left in >>>> >>>> >>> the >>> >>> >>>> temporary working directories when using Postfix. >>>> - Fixed problem where attachment size checks were made on the >>>> contents of >>>> zip files and not just the zip files themselves. >>>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>>> >>>> >>> occasionally. >>> >>> >>>> - No longer import missing whine method from MIME-tools. >>>> - Fixed problems with incomplete reporting of viruses in zip files. >>>> - Fixed problem with "Delete" MCP action not being logged in syslog. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 19 23:46:40 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:42 2006 Subject: german spam rules - Raymond Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] They are Spamassassin rules, they are used by spamassassin not mailscanner. Check out the spamassassin wiki and the rules emporium for further details. Pete Maarten van Lieshout wrote: > Hmm, I thought I had to put them into the mcp-directory and than enable > mcp in Mailscanner. What is the difference?? > > -- > Maarten > > On Thu, 2005-05-19 at 14:04 +0200, Raymond Dijkxhoorn wrote: > >>Hi! >> >> >>>This is not working for for me, I see them still listed in Mailwatch. >>>The SA Score also is zero. I want these messages to be marked as High >>>Score Spam, so I know they get caught by Mailscanner. How can I do this? >> >>It was posted more then once... ohw well... >> >>Copy it to: >> >>/etc/mail/spamassassin >> >>And do a MailScanner reload. >> >>Bye, >>Raymond >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Thu May 19 23:09:09 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:42 2006 Subject: OT: CentOS and SELinux Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Evening guys, The issue was raised concerning SELinux, could someone please shed some light on why SELinux is bad and what problems it might pose. TIA Terran ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri May 20 00:30:00 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:42 2006 Subject: CentOS and SELinux Message-ID: It's not that SELinux is bad, per se. SELinux can just be difficult to figure out for the uninitiated. You have the option of enabling SELinux in a WARN mode. If it were me, I'd install CentOS 4 with SELinux on a test box and learn all the tricks before lighting the fire on a production machine and spending many late nights behind a keyboard. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Terran Wright Sent: Thursday, May 19, 2005 5:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: CentOS and SELinux Evening guys, The issue was raised concerning SELinux, could someone please shed some light on why SELinux is bad and what problems it might pose. TIA Terran ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri May 20 01:59:43 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:42 2006 Subject: CentOS and SELinux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Some stuf doesnt even work with SElinux on at all, eg Bitdefender. Pete Mike Kercher wrote: > It's not that SELinux is bad, per se. SELinux can just be difficult to > figure out for the uninitiated. You have the option of enabling SELinux in > a WARN mode. If it were me, I'd install CentOS 4 with SELinux on a test box > and learn all the tricks before lighting the fire on a production machine > and spending many late nights behind a keyboard. > > Mike > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Terran Wright > Sent: Thursday, May 19, 2005 5:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: CentOS and SELinux > > Evening guys, > > The issue was raised concerning SELinux, could someone please shed some > light on why SELinux is bad and what problems it might pose. > > TIA > > Terran > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at YAHOO.COM Fri May 20 02:43:14 2005 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:29:42 2006 Subject: Performance Issues Message-ID: How do I setup MaiLScanner to work with exim's splitted spool directory ? I have changed "Split Exim Spool" to `yes` in MailScanner.conf Both exim's queues (in queue out-queue) set to split_spool_directory. The result is: mailscanner didn't do anything. Any other thing I'm missing? --- Anakin SkyWalker wrote: > RBLs working fine within Exim > No SA extras, I had to stop SA scanning to increase > the speed. > Yes I have a caching name server running on. > Lots of german stuff, yes! > Human interference means: flush incoming > connections, > let mailscanner work all alone with the queue until > its stable again. > > --- Martin Hepworth > wrote: > > Anakin (!) > > > > check the RBL's are behaving properly, are you > > running any extra SA > > rules and do you run a local cachine nameserver? > > > > Could the load increase be all these German spams > > from sober.q, or is > > the number of emails about the same? > > > > I guess by human interferance you mean restarting > MS > > os something???? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Anakin SkyWalker wrote: > > > I'm running MailScanner in my Exim based MX with > > 20K+ > > > boxes. Since sunday, my mail queue doesn't get > > lower > > > than 12K without human interference. > > > Anyone having same problems lately? > > > > > > Machine: > > > PIV HT 2.8GHz, 1GB RAM > > > > > > Versions I use: > > > Fedora Core 3 > > > > > > 2.6.11-1.14_FC3smp > > > Exim 4.50 (compiled) > > > Clamav 0.85.1 (compiled) > > > perl-5.8.5-12.FC3 > > > mailscanner-4.41.3-1 (rpm based) > > > > > > I have 5 mailscanner children running. > > > I upgraded MailScanner monday. Same behaviour. > > > > > > I appreciate any tips. > > > Thanks. > > > > > > > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are > > confidential and > > intended solely for the use of the individual or > > entity to whom they > > are addressed. If you have received this email in > > error please notify > > the system manager. > > > > This footnote confirms that this email message has > > been swept > > for the presence of computer viruses and is > believed > > to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with > > the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and > > the archives > > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off > > the website! > > > > > > __________________________________ > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your > mobile phone. > http://mobile.yahoo.com/learn/mail > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Fri May 20 05:31:34 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:29:42 2006 Subject: German Spam still getting through? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I still appear to be getting some of the German spam through MailScanner, even though I have the spamassassin rules in place. May 20 11:15:30 proxy2 postfix/smtpd[27650]: 2D9E5357047: client=eth191.nsw.adsl.internode.on.net[150.101.196.190] May 20 11:15:30 proxy2 postfix/cleanup[27868]: 2D9E5357047: message-id=<3512b9c1fd944f8b9f@ebanctrade.com> May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: from=, size=1352, nrcpt=2 (queue active) May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=, relay=none, delay=0, status=deferred (delivery temporarily su$ May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=, relay=none, delay=0, status=deferred (delivery temporarily susp$ May 20 11:15:30 proxy2 postfix/smtpd[27650]: disconnect from eth191.nsw.adsl.internode.on.net[150.101.196.190] May 20 11:15:32 proxy2 MailScanner[22332]: New Batch: Scanning 1 messages, 1766 bytes May 20 11:15:32 proxy2 MailScanner[22332]: MCP Checks: Starting May 20 11:15:32 proxy2 MailScanner[22332]: Spam Checks: Starting May 20 11:15:43 proxy2 MailScanner[22332]: Virus and Content Scanning: Starting May 20 11:15:44 proxy2 MailScanner[22332]: Requeue: 2D9E5357047.5197D to A61FC357058 May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: from=, size=1544, nrcpt=2 (queue active) May 20 11:15:44 proxy2 MailScanner[22332]: Uninfected: Delivered 1 messages May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (25$ May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (250 $ May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: removed The resulting email is below, and the spam assassin rules is as follows: header PROLO_GSPAM23 Subject =~ /Tuerkei in die EU/i I've had a few of these come through today with varying subject lines. Its got me beat as to why some are getting through and some are caught. After reading through some recent threads, I noticed I had put the rule file in /usr/share/spamassassin instead of /etc/spamassassin (which is where my local.cf is located), so I have moved it, but it does not explain why some are picked up and some are getting through. proxy2 root # grep GSPAM /var/log/mail.log | wc -l 43 Any ideas? Cheers, Jeff -----Original Message----- From: nsw.rs@ebanctrade.com [mailto:nsw.rs@ebanctrade.com] Sent: Friday, May 20, 2005 11:15 AM To: server3129@pocold.com.au Subject: Tuerkei in die EU GEWALTEXZESS: http://www.spiegel.de/politik/ausland/0,1518,345203,00.html Politiker zerreißt Menschenrechtsbericht: http://www.spiegel.de/politik/ausland/0,1518,325983,00.html Schily = Hitler http://www.spiegel.de/politik/deutschland/0,1518,345929,00.html Schily wehrt sich gegen Hitler-Vergleiche: http://www.spiegel.de/politik/deutschland/0,1518,345749,00.html Sie hat ja wie eine Deutsche gelebt: http://www.spiegel.de/panorama/0,1518,342484,00.html http://www.npd.de/npd_info/deutschland/2005/d0205-31.html Parallelgesellschaften - Feind hoerte mit: http://www.npd.de/npd_info/meldungen/2005/m0305-15.html Sie war unerlaubt spazieren: http://www.taz.de/pt/2004/11/25/a0143.nf/text Tiere an Autobahn geschlachtet: http://forum.gofeminin.de/forum/actu1/__f384_actu1-TuRKEI-NEIN-DANKE.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Fri May 20 05:33:56 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:29:42 2006 Subject: German Spam still getting through? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is still happening? The last one of these any of our servers received was on monday (being friday afternoon now) Regards, Brent Addis Group Systems Administrator Times Media Group Jeff Mills wrote: >Hi all, >I still appear to be getting some of the German spam through MailScanner, even though I have the spamassassin rules in place. > >May 20 11:15:30 proxy2 postfix/smtpd[27650]: 2D9E5357047: client=eth191.nsw.adsl.internode.on.net[150.101.196.190] >May 20 11:15:30 proxy2 postfix/cleanup[27868]: 2D9E5357047: message-id=<3512b9c1fd944f8b9f@ebanctrade.com> >May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: from=, size=1352, nrcpt=2 (queue active) >May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=, relay=none, delay=0, status=deferred (delivery temporarily su$ >May 20 11:15:30 proxy2 postfix/qmgr[22186]: 2D9E5357047: to=, relay=none, delay=0, status=deferred (delivery temporarily susp$ >May 20 11:15:30 proxy2 postfix/smtpd[27650]: disconnect from eth191.nsw.adsl.internode.on.net[150.101.196.190] >May 20 11:15:32 proxy2 MailScanner[22332]: New Batch: Scanning 1 messages, 1766 bytes >May 20 11:15:32 proxy2 MailScanner[22332]: MCP Checks: Starting >May 20 11:15:32 proxy2 MailScanner[22332]: Spam Checks: Starting >May 20 11:15:43 proxy2 MailScanner[22332]: Virus and Content Scanning: Starting >May 20 11:15:44 proxy2 MailScanner[22332]: Requeue: 2D9E5357047.5197D to A61FC357058 >May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: from=, size=1544, nrcpt=2 (queue active) >May 20 11:15:44 proxy2 MailScanner[22332]: Uninfected: Delivered 1 messages >May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (25$ >May 20 11:15:44 proxy2 postfix/smtp[28096]: A61FC357058: to=, relay=10.100.100.40[10.100.100.40], delay=14, status=sent (250 $ >May 20 11:15:44 proxy2 postfix/qmgr[22233]: A61FC357058: removed > >The resulting email is below, and the spam assassin rules is as follows: > >header PROLO_GSPAM23 Subject =~ /Tuerkei in die EU/i > >I've had a few of these come through today with varying subject lines. >Its got me beat as to why some are getting through and some are caught. >After reading through some recent threads, I noticed I had put the rule file in /usr/share/spamassassin instead of /etc/spamassassin (which is where my local.cf is located), so I have moved it, but it does not explain why some are picked up and some are getting through. > >proxy2 root # grep GSPAM /var/log/mail.log | wc -l >43 > > >Any ideas? > >Cheers, >Jeff > > > >-----Original Message----- >From: nsw.rs@ebanctrade.com [mailto:nsw.rs@ebanctrade.com] >Sent: Friday, May 20, 2005 11:15 AM >To: server3129@pocold.com.au >Subject: Tuerkei in die EU > > >GEWALTEXZESS: >http://www.spiegel.de/politik/ausland/0,1518,345203,00.html > >Politiker zerreißt Menschenrechtsbericht: >http://www.spiegel.de/politik/ausland/0,1518,325983,00.html > >Schily = Hitler >http://www.spiegel.de/politik/deutschland/0,1518,345929,00.html > >Schily wehrt sich gegen Hitler-Vergleiche: >http://www.spiegel.de/politik/deutschland/0,1518,345749,00.html > >Sie hat ja wie eine Deutsche gelebt: >http://www.spiegel.de/panorama/0,1518,342484,00.html > >http://www.npd.de/npd_info/deutschland/2005/d0205-31.html > >Parallelgesellschaften - Feind hoerte mit: >http://www.npd.de/npd_info/meldungen/2005/m0305-15.html > >Sie war unerlaubt spazieren: >http://www.taz.de/pt/2004/11/25/a0143.nf/text > >Tiere an Autobahn geschlachtet: >http://forum.gofeminin.de/forum/actu1/__f384_actu1-TuRKEI-NEIN-DANKE.html >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Fri May 20 05:39:51 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:29:42 2006 Subject: German Spam still getting through? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We've got a customer who appear to have ADSL connections to each of their sites connected to (obviously) pretty much unprotected PCs :/ I have emailed their IT dept about the addresses that are sending us spam and they have fixed a few, but over the last two days they dont seem to have done anything more. Unfortunately these stores have the email address of our ordering people and others, so they are still getting plenty of this stuff through. Some are being blocked though (43 today), but I just dont know why some are sneaking through. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Brent Addis > Sent: Friday, 20 May 2005 2:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: German Spam still getting through? > > > This is still happening? > > The last one of these any of our servers received was on > monday (being > friday afternoon now) > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Fri May 20 05:44:11 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:29:42 2006 Subject: German Spam still getting through? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As a test I just put the score higher (from 8 to 20). I'm wondering if some of the mails are getting enough of a negative score to push the score under the spam limit. See how things go now... > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Brent Addis > Sent: Friday, 20 May 2005 2:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: German Spam still getting through? > > > This is still happening? > > The last one of these any of our servers received was on > monday (being > friday afternoon now) > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve at NETWAYNETWORKS.COM.AU Fri May 20 06:00:56 2005 From: steve at NETWAYNETWORKS.COM.AU (Steven Evans) Date: Thu Jan 12 21:29:42 2006 Subject: German Spam still getting through? Message-ID: I've been noticing some getting through too, but in closer inspection its either the AWL rules beating the spam (ie -17 making it under 5 in the end) or that the spoofed address is a whitelist address, like @ato.gov.au. I've also noticed that some are getting through MailScanner unscanned. Beit that I'm running 4.35.9, the headers only have these lines: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff Mills Sent: Friday, 20 May 2005 2:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: German Spam still getting through? As a test I just put the score higher (from 8 to 20). I'm wondering if some of the mails are getting enough of a negative score to push the score under the spam limit. See how things go now... > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Brent Addis > Sent: Friday, 20 May 2005 2:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: German Spam still getting through? > > > This is still happening? > > The last one of these any of our servers received was on > monday (being > friday afternoon now) > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Fri May 20 07:24:00 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:42 2006 Subject: Beta release 4.42.2 Message-ID: Testing machine: Fedora core 2 (HP server) Postfix Spamassassin 3.0.3 Sophos 393.2 All OK. --- S pozdravom Peter Zimen --- IM: ephendi@jabber.org On 19.5.2005, at 17:33, Julian Field wrote: > "A lot of time" is probably an understatement :-) > I have worked on it for an average of 350 days out of each of the > past 5 years. > > :-) > > On 19 May 2005, at 16:11, Billy A. Pumphrey wrote: > > >> Seems like you spend a lot of time on MailScanner, and not just now >> but >> for however long you have wrote MailScanner. >> >> Thank you for doing this. >> >> Billy Pumphrey >> IT Manager >> Wooden & McLaughlin >> >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Julian Field >>> Sent: Thursday, May 19, 2005 9:25 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Beta release 4.42.2 >>> >>> I have just released a new beta version 4.42.2. >>> >>> Please download as usual from www.mailscanner.info. >>> >>> The changes are: >>> >>> * New Features and Improvements * >>> - Now automatically detects and warns if the "Incoming Work >>> Directory" >>> setting contains any links. It also corrects the path (but not in >>> >>> >> the >> >> >>> MailScanner.conf file) and continues to work properly. >>> - Added support for Sophos 3.93.2. You must use the sophos- >>> autoupdate >>> from >>> this version if you want Sophos to work (both the sophos and >>> sophossavi >>> scanner settings). >>> - Tar and RPM distribution installation scripts now look for gtar if >>> >>> >> GNU >> >> >>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >>> bin/perl >>> point to the same place. >>> - SophosSAVI errors are detected as if they were viruses, and are >>> not >>> ignored. >>> - Panda support completely reimplemented a lot better by Rick >>> Cooper. >>> >>> * Fixes* >>> - Fixed problem that could cause harmless header files to be left in >>> >>> >> the >> >> >>> temporary working directories when using Postfix. >>> - Fixed problem where attachment size checks were made on the >>> contents of >>> zip files and not just the zip files themselves. >>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>> >>> >> occasionally. >> >> >>> - No longer import missing whine method from MIME-tools. >>> - Fixed problems with incomplete reporting of viruses in zip files. >>> - Fixed problem with "Delete" MCP action not being logged in syslog. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From rakesh at NETCORE.CO.IN Fri May 20 08:14:43 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:43 2006 Subject: Your own Real Time Blacklist (RBL) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joris Trooster / Interstroom wrote: > Hello, > > I just added an article to the mailscanner wiki about setting up your > own real time blacklist (RBL). > > http://wiki.mailscanner.info/doku.php?id=rbl > > A Very Short Non-Tech Summary: If MailScanner detects a virus, the > sender IP, virusname, headers etc. are inserted in a database. Every > 5 minutes all non-whitelisted IP numbers from the last 24 hours are > added to a real-time-blacklist dns. The mailserver is using this > blacklist to reject mail from these IP numbers before they enter your > server. > > Feel free to edit (English is not my native language) or to use for > your own needs. The article is intented for mail administrators, it's > not a step-by-step howto. > Thats a good idea, infact I have already setup something like this, but instead of tracking down on the IPs relaying viruses, I have made the setup to block IPs that come into my decoy accounts. I have a custom function the inserts the IP into a database along with subject and headers and a different script archives the mail with a unique id in a separate storage area which is accessible through our support interface as a proof of spam. The rbldnsd files are updated every 30 mins from the database and the further incoming mails from that are blocked at the MTA level itself without need to pass it again through the MailScanner. There are further in house support people, who coordinate with the Administrator of the IP to unblock it and maintain a auto count on how many times the IP has been released and had again been blocked. That really helps me in blocking a good amount of spam as the decoy accounts tend to receive spams earlier than the geniune ids. -- Regards, Rakesh B. Pal Project Leader Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri May 20 08:51:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:43 2006 Subject: OT: rot13 (was RE: Who is the Proper authorities?) Message-ID: Stef Morrell wrote: > Glenn wrote: >> Jason Balicki wrote: >>> Steen, Glenn <> wrote: >>>> This is where a good well-balanced LART comes in handy (mine is a >>>> nice little sledgehammer... Good for LARTing as well as >>>> "unformatting" HDDs:-) >>> >>> Zl YNEG vf n yratgu bs oenvqrq png 5 -- znxrf n unaql qnaql juvc. >>> >>> ABA RK GENAFIREFB FRQ QRBEFHZ >>> >>> Sorry, all done now. :) >>> >>> --J(K) >>> >> Zna, vg'f LRNEF fvapr ynfg V fnj fbzrbar ebg13 n zrffntr. >> Jbaqreshy, jung n gevc qbja zrzbel ynar...:-) > > Yeesh... next we'll all be waving our chickens and entering the scary > devil monastery. > > Stef > Stefan Morrell | Director > Tel: 0870 365 2813 | Level 5 Internet Ltd > Fax: 0192 450 7307 | Part of the Alpha Omega Group > stef@l5net.net | stef@aoc-uk.com I gather you don't remember the good/bad old days when everyone rot13'd (or "ceasar-rolled") every message containing even the slightest expletive or minorly offensive statement... As you'll see once you've decoded the above, JK and I are just reminiscing (boy do I feel like a very old middle-aged man today... wait, eh, that's what I am.... Sigh, that's depressing). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 20 09:03:43 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:43 2006 Subject: can I do virus filtering but not spam filtering - by user?? Message-ID: Scott Silva wrote: > Drew Marshall wrote: > >>Alex Neuman wrote: >> >> >>>>You will have to show me some examples. My brain is being a bit ZX84 >>>>like at the moment... :-) >>>> >>> >>>Don't you mean ZX81? As in Sinclair? >> >> >>Yup :-[ . Told you so... >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> > > The ZX84 was the "business" version of the ZX81. Came after the > Spectrum, but I don't know if any actually sold. > http://www.worldofspectrum.org/hardware/featd.html > > Hmm looks like a first go at what turned into the QL...note no real picture just marketing fluff. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 20 09:06:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: hmm have you gone through the MAQ/wiki on performance tuning.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anakin SkyWalker wrote: > RBLs working fine within Exim > No SA extras, I had to stop SA scanning to increase > the speed. > Yes I have a caching name server running on. > Lots of german stuff, yes! > Human interference means: flush incoming connections, > let mailscanner work all alone with the queue until > its stable again. > > --- Martin Hepworth > wrote: > >>Anakin (!) >> >>check the RBL's are behaving properly, are you >>running any extra SA >>rules and do you run a local cachine nameserver? >> >>Could the load increase be all these German spams >>from sober.q, or is >>the number of emails about the same? >> >>I guess by human interferance you mean restarting MS >>os something???? >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Anakin SkyWalker wrote: >> >>>I'm running MailScanner in my Exim based MX with >> >>20K+ >> >>>boxes. Since sunday, my mail queue doesn't get >> >>lower >> >>>than 12K without human interference. >>>Anyone having same problems lately? >>> >>>Machine: >>>PIV HT 2.8GHz, 1GB RAM >>> >>>Versions I use: >>>Fedora Core 3 >>> >>>2.6.11-1.14_FC3smp >>>Exim 4.50 (compiled) >>>Clamav 0.85.1 (compiled) >>>perl-5.8.5-12.FC3 >>>mailscanner-4.41.3-1 (rpm based) >>> >>>I have 5 mailscanner children running. >>>I upgraded MailScanner monday. Same behaviour. >>> >>>I appreciate any tips. >>>Thanks. >>> >>> >>> >> >> > ********************************************************************** > >>This email and any files transmitted with it are >>confidential and >>intended solely for the use of the individual or >>entity to whom they >>are addressed. If you have received this email in >>error please notify >>the system manager. >> >>This footnote confirms that this email message has >>been swept >>for the presence of computer viruses and is believed >>to be clean. >> >> > > ********************************************************************** > >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> > > > > > __________________________________ > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your mobile phone. > http://mobile.yahoo.com/learn/mail > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 20 09:12:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: I presume you restarted MailScanner after altering the MailScanner.conf If things stop working 1st point of call is to enable both Debug options in MailScanner.conf. Stop Mailscanner and run check_MailScanner. This will dump debug to th screen and you may be able to spot what's happening. If you ca't spot anything post the debug here and someelse might be able to spot something. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anakin SkyWalker wrote: > How do I setup MaiLScanner to work with exim's > splitted spool directory ? > I have changed "Split Exim Spool" to `yes` in > MailScanner.conf > Both exim's queues (in queue out-queue) set to > split_spool_directory. > The result is: mailscanner didn't do anything. > > Any other thing I'm missing? > > --- Anakin SkyWalker > wrote: > >>RBLs working fine within Exim >>No SA extras, I had to stop SA scanning to increase >>the speed. >>Yes I have a caching name server running on. >>Lots of german stuff, yes! >>Human interference means: flush incoming >>connections, >>let mailscanner work all alone with the queue until >>its stable again. >> >>--- Martin Hepworth >>wrote: >> >>>Anakin (!) >>> >>>check the RBL's are behaving properly, are you >>>running any extra SA >>>rules and do you run a local cachine nameserver? >>> >>>Could the load increase be all these German spams >>>from sober.q, or is >>>the number of emails about the same? >>> >>>I guess by human interferance you mean restarting >> >>MS >> >>>os something???? >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>Anakin SkyWalker wrote: >>> >>>>I'm running MailScanner in my Exim based MX with >>> >>>20K+ >>> >>>>boxes. Since sunday, my mail queue doesn't get >>> >>>lower >>> >>>>than 12K without human interference. >>>>Anyone having same problems lately? >>>> >>>>Machine: >>>>PIV HT 2.8GHz, 1GB RAM >>>> >>>>Versions I use: >>>>Fedora Core 3 >>>> >>>>2.6.11-1.14_FC3smp >>>>Exim 4.50 (compiled) >>>>Clamav 0.85.1 (compiled) >>>>perl-5.8.5-12.FC3 >>>>mailscanner-4.41.3-1 (rpm based) >>>> >>>>I have 5 mailscanner children running. >>>>I upgraded MailScanner monday. Same behaviour. >>>> >>>>I appreciate any tips. >>>>Thanks. >>>> >>>> >>>> >>> >>> > ********************************************************************** > >>>This email and any files transmitted with it are >>>confidential and >>>intended solely for the use of the individual or >>>entity to whom they >>>are addressed. If you have received this email in >>>error please notify >>>the system manager. >>> >>>This footnote confirms that this email message has >>>been swept >>>for the presence of computer viruses and is >> >>believed >> >>>to be clean. >>> >>> >> > ********************************************************************** > >>>------------------------ MailScanner list >>>------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>>the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki >>>(http://wiki.mailscanner.info/) and >>>the archives >>> >> >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>>Support MailScanner development - buy the book off >>>the website! >>> >> >> >> >>__________________________________ >>Yahoo! Mail Mobile >>Take Yahoo! Mail with you! Check email on your >>mobile phone. >>http://mobile.yahoo.com/learn/mail >> > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri May 20 11:26:26 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:43 2006 Subject: rot13 (was RE: Who is the Proper authorities?) Message-ID: Glenn wrote: > > I gather you don't remember the good/bad old days when > everyone rot13'd (or "ceasar-rolled") every message > containing even the slightest expletive or minorly offensive > statement... As you'll see once you've decoded the above, JK > and I are just reminiscing (boy do I feel like a very old > middle-aged man today... wait, eh, that's what I am.... Sigh, that's > depressing). > On the contrary, I remember only too well. I imagine it's still used in the scary devil monastery (alt.sysadmin.recovery), a place I've not visited in a very long time. Chicken waving is a "code word" used on that group. I could tell you what it means, but I'd have to kill you. See http://www.faqs.org/faqs/sysadmin-recovery/ for further illumination. *grins* Like you, I at once realised the message contained pgp13 ;) encoded text. Takes me back a couple of decades too... It's Down... not across. Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 20 11:55:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:43 2006 Subject: rot13 (was RE: Who is the Proper authorities?) Message-ID: On 20 May 2005, at 11:26, Stef Morrell wrote: > It's Down... not across. I've heard warm water helps too :-) P.S. I think we've exceeded our "in-joke" quota for the day now... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri May 20 11:55:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:43 2006 Subject: rot13 (was RE: Who is the Proper authorities?) Message-ID: Stef Morrell wrote: > Glenn wrote: >> >> I gather you don't remember the good/bad old days when >> everyone rot13'd (or "ceasar-rolled") every message >> containing even the slightest expletive or minorly offensive >> statement... As you'll see once you've decoded the above, JK >> and I are just reminiscing (boy do I feel like a very old >> middle-aged man today... wait, eh, that's what I am.... Sigh, that's >> depressing). >> > > On the contrary, I remember only too well. I imagine it's still used > in the scary devil monastery (alt.sysadmin.recovery), a place I've not > visited in a very long time. Chicken waving is a "code word" used on > that group. I could tell you what it means, but I'd have to kill you. > > See http://www.faqs.org/faqs/sysadmin-recovery/ for further > illumination. > > *grins* Like you, I at once realised the message contained pgp13 ;) > encoded text. > > Takes me back a couple of decades too... > > It's Down... not across. > > Stef > Stefan Morrell | Director > Tel: 0870 365 2813 | Level 5 Internet Ltd > Fax: 0192 450 7307 | Part of the Alpha Omega Group > stef@l5net.net | stef@aoc-uk.com > Ah, we'll settle for "bad old days" then:-). Had actually forgotten about alt.sysadmin.* ... Along with a lot of other useless things (col. adv, simula/sintran, apl etc etc). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.vanbrouwershaven at NETWORKING4ALL.COM Fri May 20 14:29:57 2005 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven) Date: Thu Jan 12 21:29:43 2006 Subject: Turning all rules off Message-ID: Bacause we have thousands of domainnames running ons these servers and only a few poeple don't want the filters. Ugo Bellavance wrote: > Paul van Brouwershaven wrote: > >> Ugo Bellavance wrote: >> > Then add Filetype Rules = and Filename Rules = to this list. >> >> Ok, you can turn it off when you set all the options to a ruleset and set >> that ruleset to not scan this domain. >> >> But can we do/make this more simple? >> >> Just one option to turn all scanning off? >> > > Probably, but... I'm curious... why make it go through your MailScanner > server if it is to not scan it? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri May 20 14:37:26 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:29:43 2006 Subject: rot13 (was RE: Who is the Proper authorities?) Message-ID: Julian Field <> wrote: > P.S. I think we've exceeded our "in-joke" quota for the day now... It's not fun unless the PFYs are scratching their heads. Or users are somehow suffering. That's fun too. :) --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri May 20 14:46:10 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:43 2006 Subject: CentOS and SELinux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Some stuf doesnt even work with SElinux on at all, eg Bitdefender. > Pete > Pete, It works OK here: cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive bdc --all * BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Results: Folders :5 Files :12 Packed :0 Infected files :0 Suspect files :0 Warnings :0 I/O errors :0 Denis PS: didn't try it with SELINUX=enforcing. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Fri May 20 15:14:05 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:43 2006 Subject: rot13 (was RE: Who is the Proper authorities?) Message-ID: Jason Balicki wrote: > Julian Field <> wrote: >> P.S. I think we've exceeded our "in-joke" quota for the day now... > > It's not fun unless the PFYs are scratching their heads. > > Or users are somehow suffering. That's fun too. > > :) > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! lol Jason... That'll hopefully keep me from taking Stefs ASR advice this weekend (during which I'll of course be repairing Clariions... Sigh. Btw, that quote came from a rather depressing movie, now didn't it?-):-) -- Glenn PS Jules, I'd ratehr see it as the "final twitches of the soon-to-be extinct dinosaurs" than "in-jokes". But you're probably right. DS ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Fri May 20 15:38:57 2005 From: chardlist at CHARD.NET (chardlist) Date: Thu Jan 12 21:29:43 2006 Subject: MyTob.EC? Message-ID: A virus being detected by AVG as Iworm/MyTob.EC is sliding right through clamav. Is anyone else having problems with this one today? You can download a sample of it here: http://www.chard.net/virus_sample/ I submitted it to ClamAV after it was not detected by their online scanner. The message that came with it was: -----Original Message----- From: Info@domain.com Date: Thu, 19 May 2005 18:38:02 To:xxxxxx@domain.com Subject: Notice:***Your email account will be suspended*** We have suspended some of your email services, to resolve the problem you should read the attached document. ------End------- -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri May 20 15:48:41 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:43 2006 Subject: ClamV updates Message-ID: I went to http://crash.fce.vutbr.cz/yum-repository.html and ran through the yum directions, to get clamav updated through yum, and it broke my yum. **Unmatched Entries** WARNING: Your ClamAV installation is OUTDATED!: 1 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 1 Time(s) WARNING: Current functionality level = 4, recommended = 5: 1 Time(s) Here is an example error that I get for yum: [root@WoodenMS ~]# yum list Setting up Repos http://crash.fce.vutbr.cz/crash-hat/4/repodata/repomd.xml: [Errno 4] IOError: HT TP Error 404: Not Found Trying other mirror. Cannot open/read repomd.xml file for repository: crash-hat failure: repodata/repomd.xml from crash-hat: [Errno 256] No more mirrors to try. Any thoughts on getting it back to the way it was (fixed)? How do other people update they clamAV easily? Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri May 20 15:55:34 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:43 2006 Subject: Clamav Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Julian Will you upgrade your install-Clam-SA to Clamav .0.85.1? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 20 16:47:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:43 2006 Subject: Clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's there now.Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old junk that shouldn't have been in there any more, to make the download rather smaller. On 20 May 2005, at 15:55, Roger Jochem wrote: Hello, Julian   Will you upgrade your install-Clam-SA to Clamav .0.85.1? --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri May 20 16:47:41 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:43 2006 Subject: MyTob.EC? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of chardlist > Sent: Friday, May 20, 2005 9:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MyTob.EC? > > > A virus being detected by AVG as Iworm/MyTob.EC is sliding right through > clamav. Is anyone else having problems with this one today? It's also being detected by bitdefender, being missed by clam and f-prot but caught by \.pif$ filename rule. Can't tell about panda as I only have a demo version and the sigs are from something like December 2004 (not much of a demo) Rick > > You can download a sample of it here: > > http://www.chard.net/virus_sample/ > > I submitted it to ClamAV after it was not detected by their > online scanner. > > > The message that came with it was: > > -----Original Message----- > From: Info@domain.com > Date: Thu, 19 May 2005 18:38:02 > To:xxxxxx@domain.com > Subject: Notice:***Your email account will be suspended*** > > We have suspended some of your email services, to resolve the problem you > should read the attached document. > > ------End------- > > > -Brendan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri May 20 16:48:51 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:43 2006 Subject: Clamav Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, May 20, 2005 12:47 PM Subject: Re: Clamav It's there now. Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old junk that shouldn't have been in there any more, to make the download rather smaller. On 20 May 2005, at 15:55, Roger Jochem wrote: Hello, Julian Will you upgrade your install-Clam-SA to Clamav .0.85.1? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri May 20 18:07:14 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:43 2006 Subject: SuSE 9.3 Message-ID: Mike wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Kevin Miller >> >> Anybody installed on 9.3 yet? Any gotchas? I've ordered a copy >> which should be here in a week or so. (I'll be dumping Postfix and >> running Sendmail instead) so any 'heads up' are appreaciated... > > Yes, I got it installed and MS is running perfectly. SuSE 9.3 comes > with spamassassin 3.0.2. I haven't tried to manually install sa > 3.0.3, yet. > > The only problems I ran into are not (really) MS related: > > - MailWatch.pm problem. SuSE 9.3 installs perl-DBD-mysql-2.9004, so > you need the updated MailWatch.pm (see MailWatch mailinglist archive, > or contact me off list); > - milter-sender/libsnert problem. Compiling with the default Berkeley > DB 4.3 failed. After changing some files, compiling worked, but > milter-sender segfaults. Tracked down the problem, with Andrew Howe, > and solved it (see milters mailinglist archive, or contact me off > list). Sorry to intrude on the list for a slightly OT issue. Tried to email Mike directly but get "... Deferred: 451 4.3.2 Please try again later" so thought I'd try here. Been working on getting MS up and running 9.3, and it's gone quite well. I got the new MailWatch.pm without any trouble - thanks for the heads up on that, Mike. But I'm a bit befuddled by one thing in MailWatch. The instructions are geared towards a Redhat apache install, which is different than the SuSE apache2 install. They say to check permissions on /var/www/html/mailscanner/images, and that they should be owned by root:apache. I set them to be owned by root:www since that's the group SuSE uses. They say to do basically the same thing /var/www/html/images/cache but there is no images/cache file or directory under web root (/src/www/htdocs in SuSE's case). Did you create those manually? And is cache a directory? I assume it is, but it isn't clear from the instructions. Obviously WEBROOT/images is a directory since it contains cache. TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Fri May 20 19:35:18 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:43 2006 Subject: SuSE 9.3 Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Kevin Miller > >Sorry to intrude on the list for a slightly OT issue. Tried to email Mike >directly but get "... Deferred: 451 4.3.2 Please >try again later" so thought I'd try here. That's milter-sender "fault" (read: feature!). It does a sender verification, which for some reason fails for your site, hence the TEMPFAIL. >Been working on getting MS up and running 9.3, and it's gone quite well. I >got the new MailWatch.pm without any trouble - thanks for the heads up on >that, Mike. But I'm a bit befuddled by one thing in MailWatch. The >instructions are geared towards a Redhat apache install, which is different >than the SuSE apache2 install. They say to check permissions on >/var/www/html/mailscanner/images, and that they should be owned by >root:apache. I set them to be owned by root:www since that's the group >SuSE uses. I use this: /srv/www/htdocs/mailscanner: drwxr-xr-x 3 root root 280 Feb 10 21:49 images/ >They say to do basically the same thing /var/www/html/images/cache but >there is no images/cache file or directory under web root (/src/www/htdocs >in SuSE's case). Did you create those manually? And is cache a directory? >I assume it is, but it isn't clear from the instructions. Obviously >WEBROOT/images is a directory since it contains cache. Yes, cache is a dir, which will hold all generated images for the reports. I'm not sure if I created it manually, I believe I did. Here's what I use: /srv/www/htdocs/mailscanner/images: drwxrwxr-x 2 root www 608 May 17 21:51 cache/ This way, the apache process (id: wwwrun, group: www) can write in the cache directory. To my experience, the images directory itself does NOT have to have write permissions for the www group. I tested this when rolled out MailWatch and no files within the images dir itself were changed, so I deviated from the instructions. >TIA... > >...Kevin Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at YAHOO.COM Fri May 20 19:34:28 2005 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: Really, nothing is done. MailScanner says nothing when started, even in debug mode after "not forking" It starts with no errors, but no checking/delivery is done. --- Martin Hepworth wrote: > I presume you restarted MailScanner after altering > the MailScanner.conf > > > If things stop working 1st point of call is to > enable both Debug options > in MailScanner.conf. Stop Mailscanner and run > check_MailScanner. This > will dump debug to th screen and you may be able to > spot what's > happening. If you ca't spot anything post the debug > here and someelse > might be able to spot something. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anakin SkyWalker wrote: > > How do I setup MaiLScanner to work with exim's > > splitted spool directory ? > > I have changed "Split Exim Spool" to `yes` in > > MailScanner.conf > > Both exim's queues (in queue out-queue) set to > > split_spool_directory. > > The result is: mailscanner didn't do anything. > > > > Any other thing I'm missing? > > > > --- Anakin SkyWalker > > > wrote: > > > >>RBLs working fine within Exim > >>No SA extras, I had to stop SA scanning to > increase > >>the speed. > >>Yes I have a caching name server running on. > >>Lots of german stuff, yes! > >>Human interference means: flush incoming > >>connections, > >>let mailscanner work all alone with the queue > until > >>its stable again. > >> > >>--- Martin Hepworth > > >>wrote: > >> > >>>Anakin (!) > >>> > >>>check the RBL's are behaving properly, are you > >>>running any extra SA > >>>rules and do you run a local cachine nameserver? > >>> > >>>Could the load increase be all these German spams > >>>from sober.q, or is > >>>the number of emails about the same? > >>> > >>>I guess by human interferance you mean restarting > >> > >>MS > >> > >>>os something???? > >>> > >>>-- > >>>Martin Hepworth > >>>Snr Systems Administrator > >>>Solid State Logic > >>>Tel: +44 (0)1865 842300 > >>> > >>> > >>>Anakin SkyWalker wrote: > >>> > >>>>I'm running MailScanner in my Exim based MX with > >>> > >>>20K+ > >>> > >>>>boxes. Since sunday, my mail queue doesn't get > >>> > >>>lower > >>> > >>>>than 12K without human interference. > >>>>Anyone having same problems lately? > >>>> > >>>>Machine: > >>>>PIV HT 2.8GHz, 1GB RAM > >>>> > >>>>Versions I use: > >>>>Fedora Core 3 > >>>> > >>>>2.6.11-1.14_FC3smp > >>>>Exim 4.50 (compiled) > >>>>Clamav 0.85.1 (compiled) > >>>>perl-5.8.5-12.FC3 > >>>>mailscanner-4.41.3-1 (rpm based) > >>>> > >>>>I have 5 mailscanner children running. > >>>>I upgraded MailScanner monday. Same behaviour. > >>>> > >>>>I appreciate any tips. > >>>>Thanks. > >>>> > >>>> > >>>> > >>> > >>> > > > ********************************************************************** > > > >>>This email and any files transmitted with it are > >>>confidential and > >>>intended solely for the use of the individual or > >>>entity to whom they > >>>are addressed. If you have received this email in > >>>error please notify > >>>the system manager. > >>> > >>>This footnote confirms that this email message > has > >>>been swept > >>>for the presence of computer viruses and is > >> > >>believed > >> > >>>to be clean. > >>> > >>> > >> > > > ********************************************************************** > > > >>>------------------------ MailScanner list > >>>------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk > with > >>>the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki > >>>(http://wiki.mailscanner.info/) and > >>>the archives > >>> > >> > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>>Support MailScanner development - buy the book > off > >>>the website! > >>> > >> > >> > >> > >>__________________________________ > >>Yahoo! Mail Mobile > >>Take Yahoo! Mail with you! Check email on your > >>mobile phone. > >>http://mobile.yahoo.com/learn/mail > >> > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > > ------------------------ MailScanner list > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off > the website! > > ********************************************************************** > > This email and any files transmitted with it are > confidential and > intended solely for the use of the individual or > entity to whom they > are addressed. If you have received this email in > error please notify > the system manager. > > This footnote confirms that this email message has > been swept > for the presence of computer viruses and is believed > to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the === message truncated === Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Fri May 20 19:33:28 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin 3.0.3 on my servers. When I run tests from http://www.webmail.us/testvirus everything is detected, except test #23 "Empty MIME Boundary Vulnerability". On MailScanner site I found info that it was resolved in some earlier version... Is anybody else has this issue? How to resolve it? Vladan Nikolic ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri May 20 20:03:57 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:29:43 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >I went to http://crash.fce.vutbr.cz/yum-repository.html and ran through >the yum directions, to get clamav updated through yum, and it broke my >yum. > >**Unmatched Entries** > WARNING: Your ClamAV installation is OUTDATED!: 1 Time(s) > DON'T PANIC! Read http://www.clamav.net/faq.html: 1 Time(s) > WARNING: Current functionality level = 4, recommended = 5: 1 Time(s) > >Here is an example error that I get for yum: >[root@WoodenMS ~]# yum list >Setting up Repos >http://crash.fce.vutbr.cz/crash-hat/4/repodata/repomd.xml: [Errno 4] >IOError: HT >TP Error 404: Not Found >Trying other mirror. >Cannot open/read repomd.xml file for repository: crash-hat >failure: repodata/repomd.xml from crash-hat: [Errno 256] No more mirrors >to try. > >Any thoughts on getting it back to the way it was (fixed)? > >How do other people update they clamAV easily? > > I update from the Dag yum repository without any problems. Fedora Core 1 in my case. Works with up2date too. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Fri May 20 20:31:03 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:43 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Running FreeBSD 4.9 Sendmail 8.12.11 Just upgraded to MS 4.41.3 (latest stable release in FreeBSD ports tree) This server has been running great for a year. However, i just recently upgraded to MS 4.40.1 then MS 4.41.3. After upgrading, I have seen the following messages appear in /var/log/messages: May 20 12:00:23 mail jwilliams: Process did not exit cleanly, returned 9 with signal 0 May 20 12:01:24 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0 May 20 12:01:58 mail last message repeated 2 times May 20 12:04:10 mail last message repeated 4 times May 20 12:13:45 mail last message repeated 10 times May 20 12:14:59 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0 May 20 12:16:29 mail jwilliams: Process did not exit cleanly, returned 9 with signal 0 May 20 12:16:55 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0 May 20 12:18:40 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0 May 20 12:20:39 mail last message repeated 2 times At this point, im trying to narrow down what it is. The first thing I did was stop mailscanner, and tail the message log, trying to see if it would happen. I shutdown mailscanner for 10 minutes. During that time, there were zero entries in my message logs. (I will duplicate this test later this evening when traffic is lighter). Right now, I think it could either be MS or my MTA (Sendmail.) I'm still trying to find out additional information, but thought i'd ask here, see if anyone had any suggestions? I appreciate help. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 20 20:52:43 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:43 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Running FreeBSD 4.9 > Sendmail 8.12.11 > Just upgraded to MS 4.41.3 (latest stable release in FreeBSD ports tree) > > This server has been running great for a year. However, i just recently > upgraded to MS 4.40.1 then MS 4.41.3. After upgrading, I have seen the > following messages appear in /var/log/messages: > > May 20 12:00:23 mail jwilliams: Process did not exit cleanly, returned 9 > with signal 0 > May 20 12:01:24 mail jwilliams: Process did not exit cleanly, returned > 255 with signal 0 > May 20 12:01:58 mail last message repeated 2 times > May 20 12:04:10 mail last message repeated 4 times > May 20 12:13:45 mail last message repeated 10 times > May 20 12:14:59 mail jwilliams: Process did not exit cleanly, returned > 255 with signal 0 > May 20 12:16:29 mail jwilliams: Process did not exit cleanly, returned 9 > with signal 0 > May 20 12:16:55 mail jwilliams: Process did not exit cleanly, returned > 255 with signal 0 > May 20 12:18:40 mail jwilliams: Process did not exit cleanly, returned > 255 with signal 0 > May 20 12:20:39 mail last message repeated 2 times > > > At this point, im trying to narrow down what it is. > The first thing I did was stop mailscanner, and tail the message log, > trying to see if it would happen. I shutdown mailscanner for 10 minutes. > During that time, there were zero entries in my message logs. (I will > duplicate this test later this evening when traffic is lighter). Have you looked at /var/log/maillog? Is there anything there to give you a clue at around the same time? What was your MTA/ MailScanner doing at those times? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri May 20 21:00:32 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:43 2006 Subject: SuSE 9.3 Message-ID: Mike wrote: > That's milter-sender "fault" (read: feature!). It does a sender > verification, which for some reason fails for your site, hence the > TEMPFAIL. Ah. It's because all my users are on Exchange and I don't have local users on my Linux boxes - they're just gateways. So yeah, no me if it tries to look it up. I hope to implement milter-ahead when I get the Exchange 2003 server built so maybe that'll fix it. Rather circuitously though! >> Been working on getting MS up and running 9.3, and it's gone quite >> well. I got the new MailWatch.pm without any trouble - thanks for >> the heads up on that, Mike. But I'm a bit befuddled by one thing in >> MailWatch. The instructions are geared towards a Redhat apache >> install, which is different than the SuSE apache2 install. They say >> to check permissions on /var/www/html/mailscanner/images, and that >> they should be owned by root:apache. I set them to be owned by >> root:www since that's the group SuSE uses. > > I use this: snip > To my experience, the images directory itself does NOT have to have > write permissions for the www group. I tested this when rolled out > MailWatch and no files within the images dir itself were changed, so > I deviated from the instructions. Thanks - I'll make mine match and see how I get on... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Fri May 20 21:01:46 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:43 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Was just working on that Here is what I found: /var/log/messags: May 20 12:57:32 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0 /var/log/maillog (took exact time copies) May 20 12:57:29 mail MailScanner[79862]: New Batch: Scanning 1 messages, 3732 bytes May 20 12:57:29 mail MailScanner[79862]: Spam Checks: Starting May 20 12:57:31 mail MailScanner[79862]: Virus and Content Scanning: Starting May 20 12:57:32 mail MailScanner[79862]: Uninfected: Delivered 1 messages May 20 12:57:32 mail MailScanner[79876]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 20 12:57:32 mail MailScanner[79876]: Read 108 hostnames from the phishing whitelist May 20 12:57:32 mail MailScanner[79876]: Config: calling custom init function MailWatchLogging May 20 12:57:33 mail sm-mta-in[79877]: j4KJvWfI079877: from=, size=2013, class=-60, nrcpts=1, msgid=<20050520054840.38424.qmail@web51609.mail.yahoo.com>, proto=ESMTP, daemon=MTA, relay=outgoing.securityfocus.com [205.206.231.27] Is it a MS process restarting, but the previous MS process wasn't stopped properly? I'll keep digging. Jason Drew Marshall wrote: Have you looked at /var/log/maillog? Is there anything there to give you a clue at around the same time? What was your MTA/ MailScanner doing at those times? Drew > Jason Williams wrote: > >> Running FreeBSD 4.9 >> Sendmail 8.12.11 >> Just upgraded to MS 4.41.3 (latest stable release in FreeBSD ports tree) >> >> This server has been running great for a year. However, i just recently >> upgraded to MS 4.40.1 then MS 4.41.3. After upgrading, I have seen the >> following messages appear in /var/log/messages: >> >> May 20 12:00:23 mail jwilliams: Process did not exit cleanly, returned 9 >> with signal 0 >> May 20 12:01:24 mail jwilliams: Process did not exit cleanly, returned >> 255 with signal 0 >> May 20 12:01:58 mail last message repeated 2 times >> May 20 12:04:10 mail last message repeated 4 times >> May 20 12:13:45 mail last message repeated 10 times >> May 20 12:14:59 mail jwilliams: Process did not exit cleanly, returned >> 255 with signal 0 >> May 20 12:16:29 mail jwilliams: Process did not exit cleanly, returned 9 >> with signal 0 >> May 20 12:16:55 mail jwilliams: Process did not exit cleanly, returned >> 255 with signal 0 >> May 20 12:18:40 mail jwilliams: Process did not exit cleanly, returned >> 255 with signal 0 >> May 20 12:20:39 mail last message repeated 2 times >> >> >> At this point, im trying to narrow down what it is. >> The first thing I did was stop mailscanner, and tail the message log, >> trying to see if it would happen. I shutdown mailscanner for 10 minutes. >> During that time, there were zero entries in my message logs. (I will >> duplicate this test later this evening when traffic is lighter). > > > > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 20 21:03:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:43 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Was just working on that Here is what I found: > > /var/log/messags: > May 20 12:57:32 mail jwilliams: Process did not exit cleanly, returned > 255 with signal 0 > > /var/log/maillog (took exact time copies) > > May 20 12:57:29 mail MailScanner[79862]: New Batch: Scanning 1 messages, > 3732 bytes > May 20 12:57:29 mail MailScanner[79862]: Spam Checks: Starting > May 20 12:57:31 mail MailScanner[79862]: Virus and Content Scanning: > Starting > May 20 12:57:32 mail MailScanner[79862]: Uninfected: Delivered 1 messages > May 20 12:57:32 mail MailScanner[79876]: MailScanner E-Mail Virus > Scanner version 4.41.3 starting... > May 20 12:57:32 mail MailScanner[79876]: Read 108 hostnames from the > phishing whitelist > May 20 12:57:32 mail MailScanner[79876]: Config: calling custom init > function MailWatchLogging > May 20 12:57:33 mail sm-mta-in[79877]: j4KJvWfI079877: > from=, > > size=2013, class=-60, nrcpts=1, > msgid=<20050520054840.38424.qmail@web51609.mail.yahoo.com>, proto=ESMTP, > daemon=MTA, relay=outgoing.securityfocus.com [205.206.231.27] > > Is it a MS process restarting, but the previous MS process wasn't > stopped properly? Hmm, could be. Have you tried running MailScanner in debug mode and then checking the logs? D -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 20 21:01:38 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:43 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > I went to http://crash.fce.vutbr.cz/yum-repository.html and ran through > the yum directions, to get clamav updated through yum, and it broke my > yum. > > **Unmatched Entries** > WARNING: Your ClamAV installation is OUTDATED!: 1 Time(s) > DON'T PANIC! Read http://www.clamav.net/faq.html: 1 Time(s) > WARNING: Current functionality level = 4, recommended = 5: 1 Time(s) > > Here is an example error that I get for yum: > [root@WoodenMS ~]# yum list > Setting up Repos > http://crash.fce.vutbr.cz/crash-hat/4/repodata/repomd.xml: [Errno 4] > IOError: HT > TP Error 404: Not Found > Trying other mirror. > Cannot open/read repomd.xml file for repository: crash-hat > failure: repodata/repomd.xml from crash-hat: [Errno 256] No more mirrors > to try. > > Any thoughts on getting it back to the way it was (fixed)? > > How do other people update they clamAV easily? Easily? Waiting for someone (crash-hat or dag) to package an RPM. Quickly? Compiling from source. They're natural opposites :). If you have many systems to update, you can learn how to package RPMs and then update all your servers at once. Hth Ugo > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 20 20:58:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anakin SkyWalker wrote: > Really, nothing is done. MailScanner says nothing when > started, even in debug mode after "not forking" > It starts with no errors, but no checking/delivery is > done. Did you have any MTA process running already? Try killing all the MTA processes, then MailScanner procces, then restart MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 20 20:59:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vladan Nikolic wrote: > Hello > > I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin > 3.0.3 on my servers. When I run tests from > http://www.webmail.us/testvirus everything is detected, except test #23 > "Empty MIME Boundary Vulnerability". On MailScanner site I found info > that it was resolved in some earlier version... Is anybody else has this > issue? How to resolve it? Please search the archives for 'testvirus'. You'll find your answer as it's been asked many times. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Fri May 20 21:27:53 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:43 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alright, think I figured this out, or at least have some directions on where to go. I was just about to debug before I sent my last email. Here is the output: Stopping MailScanner... Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock Undefined subroutine &MailScanner::CustomConfig::MailWatchLogging called at /usr/local/lib/MailScanner/MailScanner/Config.pm line 121. I saw the last line and though and the MailWatchLogging caught my eye. I guess i should have mentioned im running Mailwatch before.Oops. My mistake. looking at my mailscanner.conf file, this line... Always Looked Up Last = &MailWatchLogging When I change it from &MailWatchlogging to 'no', those messages in /var/log/messages go away. That seems to have fixed that part,but not I have to figure out what is going on with MailWatch. :) Thanks Drew. I appreciate it. Jason Drew Marshall wrote: > Jason Williams wrote: > >> Was just working on that Here is what I found: >> >> /var/log/messags: >> May 20 12:57:32 mail jwilliams: Process did not exit cleanly, returned >> 255 with signal 0 >> >> /var/log/maillog (took exact time copies) >> >> May 20 12:57:29 mail MailScanner[79862]: New Batch: Scanning 1 messages, >> 3732 bytes >> May 20 12:57:29 mail MailScanner[79862]: Spam Checks: Starting >> May 20 12:57:31 mail MailScanner[79862]: Virus and Content Scanning: >> Starting >> May 20 12:57:32 mail MailScanner[79862]: Uninfected: Delivered 1 >> messages >> May 20 12:57:32 mail MailScanner[79876]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> May 20 12:57:32 mail MailScanner[79876]: Read 108 hostnames from the >> phishing whitelist >> May 20 12:57:32 mail MailScanner[79876]: Config: calling custom init >> function MailWatchLogging >> May 20 12:57:33 mail sm-mta-in[79877]: j4KJvWfI079877: >> from=, >> >> >> size=2013, class=-60, nrcpts=1, >> msgid=<20050520054840.38424.qmail@web51609.mail.yahoo.com>, proto=ESMTP, >> daemon=MTA, relay=outgoing.securityfocus.com [205.206.231.27] >> >> Is it a MS process restarting, but the previous MS process wasn't >> stopped properly? > > > Hmm, could be. Have you tried running MailScanner in debug mode and then > checking the logs? > > D > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Fri May 20 21:28:25 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> Hello >> >> I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin >> 3.0.3 on my servers. When I run tests from >> http://www.webmail.us/testvirus everything is detected, except test #23 >> "Empty MIME Boundary Vulnerability". On MailScanner site I found info >> that it was resolved in some earlier version... Is anybody else has this >> issue? How to resolve it? > >Please search the archives for 'testvirus'. You'll find your answer as >it's been asked many times. Yes, it's been asked, but never answered, if you don't count "search..." as a very informative answer. There was Julian's post that he is working on that, and in MailScanner changelog there is a mention of that particular problem as solved, but I still had that same problem with newest version of MailScanner... So, is it only me doing something wrong, or there is someone else with the same problem or, better yet, with a solution... Thanks, Vladan Nikolic ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 20 22:12:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The short answer is that it is a totally artificial test, being marketed by a company whose product happens to catch this "problem". This has never been exploited in the wild anyway, they made it up. Vladan Nikolic wrote: >>>Hello >>> >>>I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin >>>3.0.3 on my servers. When I run tests from >>>http://www.webmail.us/testvirus everything is detected, except test #23 >>>"Empty MIME Boundary Vulnerability". On MailScanner site I found info >>>that it was resolved in some earlier version... Is anybody else has this >>>issue? How to resolve it? >>> >>> >>Please search the archives for 'testvirus'. You'll find your answer as >>it's been asked many times. >> >> > >Yes, it's been asked, but never answered, if you don't count "search..." as a very informative answer. >There was Julian's post that he is working on that, and in MailScanner changelog there is a mention of that particular problem as solved, but I still had that same problem with newest version of MailScanner... So, is it only me doing something wrong, or there is someone else with the same problem or, better yet, with a solution... > >Thanks, >Vladan Nikolic > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri May 20 22:20:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Please search the archives for 'testvirus'. You'll find your answer as > it's been asked many times. Ugo, AFAIK this is now a real bug in Mailscanner. Flashback to the past: http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus To which Julian replied with: http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus Thus, any implication that the Empty Mime boundary bug is a vendor "made up" issue is bogus and was based on tests using the wrong mail client. Any implication that this issue should be ignored is bogus, it would appear to be a real issue for users of some versions of outlook. I just tested my copy of MailScanner-4.42.1-1 and it found it, but only because bitdefender decoded it. ClamAV, and command AV didn't hit. MailScanner said nothing about it. This would appear to be a real vulnerability, and a real bug in MailScanner since this should have already been fixed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 20 22:18:34 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vladan Nikolic wrote: >>>Hello >>> >>>I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin >>>3.0.3 on my servers. When I run tests from >>>http://www.webmail.us/testvirus everything is detected, except test #23 >>>"Empty MIME Boundary Vulnerability". On MailScanner site I found info >>>that it was resolved in some earlier version... Is anybody else has this >>>issue? How to resolve it? I've re-read all the posts having 'testvirus' in the subject and I got the answer: (quoting Julian) ================ [...]I have added support for the specific things they claim to exploit in 2 of the cases that weren't already handled. The 3rd one relies on repeating the MIME boundary string, so all you can do is match against the beginning of the boundary string that is actually used. Adding support for that case would break compatibility with many versions of Eudora as it uses the same boundary string throughout a message, just tacking things on the end for when it does things like put in HTML+text versions of the message body. I obviously don't want to break Eudora compatibility just to pass a fairly artificial test. Please remember that testvirus.org is owned by Excedent Technologies who sell email security products. http://www.excedent.com/ Don't for a minute think that testvirus.org is independent just because it is a .org domain! ================= >> >>Please search the archives for 'testvirus'. You'll find your answer as >>it's been asked many times. > > > Yes, it's been asked, but never answered, if you don't count "search..." as a very informative answer. > There was Julian's post that he is working on that, and in MailScanner changelog there is a mention of that particular problem as solved, but I still had that same problem with newest version of MailScanner... So, is it only me doing something wrong, or there is someone else with the same problem or, better yet, with a solution... > > Thanks, > Vladan Nikolic > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri May 20 22:36:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Vladan Nikolic wrote: > >>>> Hello >>>> >>>> I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin >>>> 3.0.3 on my servers. When I run tests from >>>> http://www.webmail.us/testvirus everything is detected, except test #23 >>>> "Empty MIME Boundary Vulnerability". On MailScanner site I found info >>>> that it was resolved in some earlier version... Is anybody else has >>>> this >>>> issue? How to resolve it? > > > I've re-read all the posts having 'testvirus' in the subject and I got > the answer: (quoting Julian) > > ================ > [...]I have added support for the specific things they claim to exploit > in 2 of > the cases that weren't already handled. > The 3rd one relies on repeating the MIME boundary string, so all you can do > is match against the beginning of the boundary string that is actually > used. Adding support for that case would break compatibility with many > versions of Eudora as it uses the same boundary string throughout a > message, just tacking things on the end for when it does things like put in > HTML+text versions of the message body. > > I obviously don't want to break Eudora compatibility just to pass a fairly > artificial test. > > Please remember that testvirus.org is owned by Excedent Technologies who > sell email security products. > http://www.excedent.com/ > Don't for a minute think that testvirus.org is independent just because it > is a .org domain! > ================= > Ugo, the test in question doesn't involve repeating the mime boundary. It involves a null boundary. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at yahoo.com Fri May 20 22:42:06 2005 From: basement_mobile2004 at yahoo.com (Anakin SkyWalker) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: I did that already and didn't work ;/ ! I'm setting up a small test box splitted spools. Here's my relevant configurations: MailScanner.conf: Split Exim Spool = yes Incoming Queue Dir = /var/spool/exim.in/input/* Exim queue-in: spool_directory = /var/spool/exim.in split_spool_directory queue_only = true queue_only_override = false Exim queue-out: split_spool_directory After changing "Incoming Queue Dir" to "/var/spool/exim.in/input/*", adding the '*' char, and manually creating directories within /var/spool/exim [0-9a-zA-Z], MailScanner started delivering most messages in the queue-in. But... (things seems to hurt people before work properly.. heh..) some messages doesn't get thru. Running # exim -bpc 24 Then I restart MailScanner: May 20 17:43:54 machine-test MailScanner[27907]: New Batch: Scanning 24 messages, 11667448 bytes It reads the messages stalled before. Then some messages get thru and some messages don't. Any other thing may I be missing? It will really help me if I get this thing working, 120K messages in queue-out in a single directory isn't funny. --- Ugo Bellavance wrote: > Anakin SkyWalker wrote: > > Really, nothing is done. MailScanner says nothing > when > > started, even in debug mode after "not forking" > > It starts with no errors, but no checking/delivery > is > > done. > > Did you have any MTA process running already? Try > killing all the MTA > processes, then MailScanner procces, then restart > MailScanner. > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Fri May 20 22:56:39 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >The short answer is that it is a totally artificial test, being marketed >by a company whose product happens to catch this "problem". This has >never been exploited in the wild anyway, they made it up. I don't know if there is something like that in the wild, but I know that some other mail security software successfully scanned attachment hiden from MailScanner with this mime boundary. And how can we be sure that in future this won't become a problem. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Fri May 20 23:30:46 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:43 2006 Subject: heads up,its coming again probably this monday! Message-ID: http://www.techweb.com/wire/security/163106139 Its coming again, last weekend was pretty bad with that german spam. Looks like its going to get worse again this monday. If the payload is spam again,we need to start colleting the subject lines and body content as someone on this list sees them and make a spamassassin ruleset ASAP and post it to the group PLEASE. Beware! Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Fri May 20 23:36:30 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:43 2006 Subject: heads up,its coming again probably this monday! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nice. Anyone have any recommendations on how to combat this bad boy? Obviously, my AV definitions are up to date (this just makes me want to add a second AV scanner). Maybe suggested spam settings as well? What I thought would be a peaceful weekend... Jason Venkata Achanta wrote: >http://www.techweb.com/wire/security/163106139 > >Its coming again, last weekend was pretty bad with that german spam. Looks >like its going to get worse again this monday. > >If the payload is spam again,we need to start colleting the subject lines >and body content as someone on this list sees them and make a spamassassin >ruleset ASAP and post it to the group PLEASE. > >Beware! > >Thanks much, >Venkata Achanta > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat May 21 03:37:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:43 2006 Subject: Testing with TestVirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Ugo Bellavance wrote: > >>Vladan Nikolic wrote: >> >> >>>>>Hello >>>>> >>>>>I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin >>>>>3.0.3 on my servers. When I run tests from >>>>>http://www.webmail.us/testvirus everything is detected, except test #23 >>>>>"Empty MIME Boundary Vulnerability". On MailScanner site I found info >>>>>that it was resolved in some earlier version... Is anybody else has >>>>>this >>>>>issue? How to resolve it? >> >> >>I've re-read all the posts having 'testvirus' in the subject and I got >>the answer: (quoting Julian) >> >>================ >>[...]I have added support for the specific things they claim to exploit >>in 2 of >>the cases that weren't already handled. >>The 3rd one relies on repeating the MIME boundary string, so all you can do >>is match against the beginning of the boundary string that is actually >>used. Adding support for that case would break compatibility with many >>versions of Eudora as it uses the same boundary string throughout a >>message, just tacking things on the end for when it does things like put in >>HTML+text versions of the message body. >> >>I obviously don't want to break Eudora compatibility just to pass a fairly >>artificial test. >> >>Please remember that testvirus.org is owned by Excedent Technologies who >>sell email security products. >>http://www.excedent.com/ >>Don't for a minute think that testvirus.org is independent just because it >>is a .org domain! >>================= >> > > > Ugo, the test in question doesn't involve repeating the mime boundary. It > involves a null boundary. > Thanks for putting me back on track Matt. Sorry Vladan. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat May 21 03:51:59 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:43 2006 Subject: heads up,its coming again probably this monday! Message-ID: You should have a second AV product anyway...just as a second line of defense. I use ClamAV and Sophos on my boxen. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: Friday, May 20, 2005 5:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: heads up,its coming again probably this monday! Nice. Anyone have any recommendations on how to combat this bad boy? Obviously, my AV definitions are up to date (this just makes me want to add a second AV scanner). Maybe suggested spam settings as well? What I thought would be a peaceful weekend... Jason Venkata Achanta wrote: >http://www.techweb.com/wire/security/163106139 > >Its coming again, last weekend was pretty bad with that german spam. >Looks like its going to get worse again this monday. > >If the payload is spam again,we need to start colleting the subject >lines and body content as someone on this list sees them and make a >spamassassin ruleset ASAP and post it to the group PLEASE. > >Beware! > >Thanks much, >Venkata Achanta > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patrickchan at GOODMARK.COM.CN Sat May 21 09:33:15 2005 From: patrickchan at GOODMARK.COM.CN (Patrick Chan) Date: Thu Jan 12 21:29:43 2006 Subject: perl-MIME-tools Message-ID: [ The following text is in the "big5" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear all guys, I am installing MailScanner-4.41.3 on my redhat 9.0 machine. However, but there is the following error: # install.sh .....(skipped) The important ones are HTML-Parser and MIME-tools. error: Failed dependencies: perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1 Oh good, module Convert::TNEF version 0.17 is already installed. Oh good, module Compress::Zlib version 1.33 is already installed. Oh good, module Archive::Zip version 1.14 is already installed. Installing tnef decoder Preparing... ########################################### [100%] package tnef-1.2.3.1-1 is already installed Now to install MailScanner itself. error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1 How can I solve this? Thanks! From peter at UCGBOOK.COM Sat May 21 09:45:21 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:43 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: > I am now happy to say that this problem has been fixed. The solution > was an updated Perl. 5.6.1 should have been fine but wasn't. 5.8.6 > is. Much relief. Good to hear. I use at least 5.8.0 on my Sun servers (never tried the included Perl with MS) and never had that problem. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sat May 21 13:41:30 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:43 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: I'm running MailScanner 4.41.3 (ClamAV, spamassassin, Razor) on a CentOS4 (RHEL4) server with Postfix. I have three other servers with a similar configuration that all work fine, but with this specific one I have noticed through pfqueue that sometimes mail starts to pile up in the 'hold' queue and doesn't seem to get picked up and processed unless I restart Mailscanner, when everything will work again for a while before the same thing happens. Just now, the jobs I 'released' were showing delays of between 400 and 600. The load on the server (a Xeon 2.8GHz with 768MB RAM) is very light - perhaps 30-50 emails an hour. I haven't seen this behaviour on my other servers so I presume it's not normal and needs checking, so is this a known issue with a known fix, or where can I start checking for a possible solution or doing some tracking/debugging? Maillog gives no hint of an error or failure of anything to start up. If I am not reading the situation correctly and there isn't a problem do let me know! Thanks Nigel Kendrick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat May 21 13:57:02 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:43 2006 Subject: heads up,its coming again probably this monday! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Or can we use rulesdujour to collect raymonds rules ? Pete Venkata Achanta wrote: > http://www.techweb.com/wire/security/163106139 > > Its coming again, last weekend was pretty bad with that german spam. Looks > like its going to get worse again this monday. > > If the payload is spam again,we need to start colleting the subject lines > and body content as someone on this list sees them and make a spamassassin > ruleset ASAP and post it to the group PLEASE. > > Beware! > > Thanks much, > Venkata Achanta > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat May 21 14:13:31 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:43 2006 Subject: Turning all rules off Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Then it doesnt get any simpler than the rulesets? and the SMgateway from Fortress has a gui to control them if required. Pete Paul van Brouwershaven wrote: > Bacause we have thousands of domainnames running ons these servers and > only a few poeple don't want the filters. > > Ugo Bellavance wrote: > >> Paul van Brouwershaven wrote: >> >>> Ugo Bellavance wrote: >>> > Then add Filetype Rules = and Filename Rules = to this list. >>> >>> Ok, you can turn it off when you set all the options to a ruleset and >>> set >>> that ruleset to not scan this domain. >>> >>> But can we do/make this more simple? >>> >>> Just one option to turn all scanning off? >>> >> >> Probably, but... I'm curious... why make it go through your MailScanner >> server if it is to not scan it? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat May 21 14:37:49 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:43 2006 Subject: Performance Issues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you ahve mailwatch installed, do the spamassassin lint test and see what it is that is taking so long. Anakin SkyWalker wrote: > I did that already and didn't work ;/ ! > I'm setting up a small test box splitted spools. > Here's my relevant configurations: > > MailScanner.conf: > > Split Exim Spool = yes > Incoming Queue Dir = /var/spool/exim.in/input/* > > Exim queue-in: > > spool_directory = /var/spool/exim.in > split_spool_directory > queue_only = true > queue_only_override = false > > Exim queue-out: > > split_spool_directory > > > After changing "Incoming Queue Dir" to > "/var/spool/exim.in/input/*", adding the '*' char, and > manually creating directories within /var/spool/exim > [0-9a-zA-Z], MailScanner started delivering most > messages in the queue-in. But... (things seems to hurt > people before work properly.. heh..) some messages > doesn't get thru. > Running > # exim -bpc > 24 > Then I restart MailScanner: > May 20 17:43:54 machine-test MailScanner[27907]: New > Batch: Scanning 24 messages, 11667448 bytes > It reads the messages stalled before. Then some > messages get thru and some messages don't. > > > Any other thing may I be missing? It will really help > me if I get this thing working, 120K messages in > queue-out in a single directory isn't funny. > > > > > > > --- Ugo Bellavance wrote: > >>Anakin SkyWalker wrote: >> >>>Really, nothing is done. MailScanner says nothing >> >>when >> >>>started, even in debug mode after "not forking" >>>It starts with no errors, but no checking/delivery >> >>is >> >>>done. >> >>Did you have any MTA process running already? Try >>killing all the MTA >>processes, then MailScanner procces, then restart >>MailScanner. >> >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat May 21 15:16:52 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:44 2006 Subject: Web front end for SQL &bydomainspam rules. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Does this include the ability for each user to log in using AD > credentials to vbiew mail addressed to them thatr has been quarantined - > allowing users to release if the score is low enough or permanantly > delete if they wish. ? > > There is already a 'luser' interface in the mailwatch distribution which can let users view their own messages, the users are currently created in mysql. Modifying this for ldap / AD support shouldn't be too difficult for experienced developers (i failed miserably when last tried, since i am not even a developer) The interface will also require development for deleting / releasing messages. - dhawal > Dhawal Doshy wrote: > >> Tony Enderby wrote: >> >>> >>> Greetings Folks, >>> >>> I have successully setup Mailscanner with the &ByDomainSpam white and >>> blacklist customconfig functions and currently use the phplistadmin >>> contrib for editing rules via a web interface. >>> >>> I was wondering if anyone knows of a more advanced front end? >>> >>> Something with user authentication based on /etc/passwd would be ideal >>> but anything with some form of authentication would be great. >>> >>> Many thanks in advance. >>> >>> Tony. >> >> >> >> MailWatch 0.6 [http://mailwatch.sourceforge.net], when available will >> feature mysql based per user / domain whitelists & blacklists. >> >> As of now there is no fixed date for the release, though you can speed >> it up by helping Steve with the following: >> >> :: MCP Support >> :: User Management (create users GUI) >> :: Audit logging >> :: XML-RPC web services for running multiple MailScanner/MailWatch boxes >> :: Enhanced reporting of MTA deliveries/rejections >> :: Better query builder for reports >> :: Quarantine Report >> :: Blacklist/Whitelist (this is what you want) >> >> And the following >> :: Testing CVS version for bugs >> :: Writing upgrade instructions >> :: Updating the website with new features/screen-shots of CVS >> >> Search the mailwatch-users archive on sourceforge for Steve's mail on >> this date '4/2/2005' for a better explanation of the features. >> >> me and quite a few others (especially Peter Russell) are eagerly waiting >> for 0.6 and have been pestering Steve for a beta release. >> >> - dhawal >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 21 15:45:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: New German spam sender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It appears the "From:" address on the German spam appears to have changed. If you are using the set of SpamAssassin rules that checks the From header as well as the Subject header, you will need to disable the From raymond at PROLOCATION.NET Sat May 21 15:50:32 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:44 2006 Subject: New German spam sender Message-ID: Hi! > The better solution by far is to switch back to Raymond's original > ruleset at > http://mailscanner.prolocation.net/german.cf > > The "improvement" someone made to it wasn't as good as it might have > looked :( I warned about that a couple of times, we did a run on that other rule but it hits a lot of HAM also.... so indeed, its better to just stick to the very basics. Simple and effective ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 21 18:09:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt, You are absolutely right, this is a bug. It detects the null MIME boundary just fine. However, the latest MIME-tools no longer parses the message correctly (that must have been a bug-fix of mine which never got into the main MIME-tools code, ho hum). It produces a multi-part message with no parts, but with a body containing all the testvirus text. A multipart entity shouldn't have a body, it should just contain a list of parts. This one breaks the rule by having a body and no list of parts. I now check for this situation occurring and force it to be a correct structure. This will be in the next release. Matt Kettler wrote: >Ugo Bellavance wrote: > > Please search the archives for 'testvirus'. You'll find your answer as > > >>it's been asked many times. >> >> > > >Ugo, AFAIK this is now a real bug in Mailscanner. > > >Flashback to the past: >http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus > >To which Julian replied with: >http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus > >Thus, any implication that the Empty Mime boundary bug is a vendor "made up" >issue is bogus and was based on tests using the wrong mail client. > >Any implication that this issue should be ignored is bogus, it would appear to >be a real issue for users of some versions of outlook. > >I just tested my copy of MailScanner-4.42.1-1 and it found it, but only because >bitdefender decoded it. ClamAV, and command AV didn't hit. MailScanner said >nothing about it. > >This would appear to be a real vulnerability, and a real bug in MailScanner >since this should have already been fixed. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 21 18:21:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: perl-MIME-tools Message-ID: [ The following text is in the "Big5" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Install Convert::BinHex first. The install.sh script should have done this for you. You will need to run install.sh again and check the output carefully when it is building and installing Convert::BinHex to see why it failed. If you can't make install.sh install Convert::BinHex successfully, you can always just install it from CPAN with perl -MCPAN -e shell install Convert::BinHex and then run install.sh again to continue the installation. Patrick Chan wrote: >Dear all guys, > >I am installing MailScanner-4.41.3 on my redhat 9.0 machine. >However, but there is the following error: > ># install.sh >.....(skipped) >The important ones are HTML-Parser and MIME-tools. >error: Failed dependencies: > perl(Convert::BinHex) is needed by perl-MIME-tools-5.417-1 >Oh good, module Convert::TNEF version 0.17 is already installed. >Oh good, module Compress::Zlib version 1.33 is already installed. >Oh good, module Archive::Zip version 1.14 is already installed. >Installing tnef decoder >Preparing... ########################################### [100%] > package tnef-1.2.3.1-1 is already installed >Now to install MailScanner itself. >error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1 > > >How can I solve this? Thanks! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 21 18:24:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I put out a beta to for you to test my fix, will someone install it and test it for me? Julian Field wrote: > Matt, > > You are absolutely right, this is a bug. > > It detects the null MIME boundary just fine. However, the latest > MIME-tools no longer parses the message correctly (that must have been a > bug-fix of mine which never got into the main MIME-tools code, ho hum). > It produces a multi-part message with no parts, but with a body > containing all the testvirus text. A multipart entity shouldn't have a > body, it should just contain a list of parts. This one breaks the rule > by having a body and no list of parts. > > I now check for this situation occurring and force it to be a correct > structure. > > This will be in the next release. > > Matt Kettler wrote: > >> Ugo Bellavance wrote: >> > Please search the archives for 'testvirus'. You'll find your >> answer as >> >> >>> it's been asked many times. >>> >>> >> >> >> Ugo, AFAIK this is now a real bug in Mailscanner. >> >> >> Flashback to the past: >> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus >> >> >> To which Julian replied with: >> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus >> >> >> Thus, any implication that the Empty Mime boundary bug is a vendor >> "made up" >> issue is bogus and was based on tests using the wrong mail client. >> >> Any implication that this issue should be ignored is bogus, it would >> appear to >> be a real issue for users of some versions of outlook. >> >> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >> only because >> bitdefender decoded it. ClamAV, and command AV didn't hit. >> MailScanner said >> nothing about it. >> >> This would appear to be a real vulnerability, and a real bug in >> MailScanner >> since this should have already been fixed. >> > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat May 21 20:39:26 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel Kendrick wrote: >I haven't seen this behaviour on my other servers so I presume it's not >normal and needs checking, so is this a known issue with a known fix, or >where can I start checking for a possible solution or doing some >tracking/debugging? Maillog gives no hint of an error or failure of anything >to start up. If I am not reading the situation correctly and there isn't a >problem do let me know! > > I would first off collect some mail and then run MailScanner in debug mode (See MailScanner.conf towards the end). This will output what MailScanner is doing to screen. Check for anything obvious such as delays or errors. That should give you a starter for 10. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Sat May 21 20:02:05 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:44 2006 Subject: OT: Pyzor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Guys: Just completed first production implementation of MailScanner + Postfix + SA(DCC,Razor) + ClamAV + bitdefender. I then included Pyzor in the mix as I saw a mail tagged by both DCC and Razor slip through, in the hope of increasing efficiency. I'm not seeing any hits related to Pyzor and in debug mode I see this: debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 14289: ruid=89 euid=89 debug: Pyzor: got response: Traceback (most recent call last): debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "Traceback (most recent call last):" could someone please shed some light? TIA Terran ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat May 21 21:03:21 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Terran Wright > Sent: Saturday, May 21, 2005 3:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Pyzor > > Guys: > > Just completed first production implementation of MailScanner + Postfix + > SA(DCC,Razor) + ClamAV + bitdefender. > > I then included Pyzor in the mix as I saw a mail tagged by both DCC and > Razor slip through, in the hope of increasing efficiency. > > I'm not seeing any hits related to Pyzor and in debug mode I see this: > > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 14289: ruid=89 euid=89 > debug: Pyzor: got response: Traceback (most recent call last): > debug: leaving helper-app run mode > debug: Pyzor: couldn't grok response "Traceback (most recent call last):" > > could someone please shed some light? > Try populating the Pyzor server list, run: /usr/bin/pyzor discover And then test again. You might want to setup a cron job to run this daily. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sat May 21 21:10:17 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: I have tried running debug and most of the time it runs through fine but occasionally it grinds to a halt. The tail end of the section where it sometimes stops is as follows: debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB LE_MSGID Now, when debug DOES complete, the next bits are: debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 20574 tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks debug: bayes: 20574 tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 32 spam(s) in Bayes DB < 200 debug: bayes: 20574 untie-ing debug: bayes: 20574 untie-ing db_toks debug: bayes: 20574 untie-ing db_seen ...etc... This seems to imply that the MIME PARSER bit is sometimes not starting OR that the subtests prior to this aren't finishing?? Anyone!?? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat May 21 21:17:46 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel Kendrick wrote: >I have tried running debug and most of the time it runs through fine but >occasionally it grinds to a halt. > >The tail end of the section where it sometimes stops is as follows: > >debug: running raw-body-text per-line regexp tests; score so far=-1.053 >debug: running full-text regexp tests; score so far=-1.053 >debug: Running tests for priority: 1000 >debug: running meta tests; score so far=-1.053 >debug: running header regexp tests; score so far=-1.053 >debug: running body-text per-line regexp tests; score so far=-1.053 >debug: running uri tests; score so far=-1.053 >debug: running raw-body-text per-line regexp tests; score so far=-1.053 >debug: running full-text regexp tests; score so far=-1.053 >debug: is spam? score=-1.053 required=5 >debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME >debug: >subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB >LE_MSGID > >Now, when debug DOES complete, the next bits are: > >debug: ---- MIME PARSER START ---- >debug: main message type: text/plain >debug: parsing normal part >debug: added part, type: text/plain >debug: ---- MIME PARSER END ---- >debug: bayes: 20574 tie-ing to DB file R/O >/var/spool/MailScanner/spamassassin/bayes_toks >debug: bayes: 20574 tie-ing to DB file R/O >/var/spool/MailScanner/spamassassin/bayes_seen >debug: bayes: found bayes db version 3 >debug: bayes: Not available for scanning, only 32 spam(s) in Bayes DB < 200 >debug: bayes: 20574 untie-ing >debug: bayes: 20574 untie-ing db_toks >debug: bayes: 20574 untie-ing db_seen >...etc... > >This seems to imply that the MIME PARSER bit is sometimes not starting OR >that the subtests prior to this aren't finishing?? > >Anyone!?? > > Or that SA is struggling with the lock on bayes. As you are running Postfix, have you got the permissions correct? MailScanner will be running as the postfix user so that uid will need permissions to access Bayes and it's directory. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sat May 21 22:37:10 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Nigel Kendrick wrote: > >>I have tried running debug and most of the time it runs through fine but >>occasionally it grinds to a halt. >> >>The tail end of the section where it sometimes stops is as follows: >> >>debug: running raw-body-text per-line regexp tests; score so far=-1.053 >>debug: running full-text regexp tests; score so far=-1.053 >>debug: Running tests for priority: 1000 >>debug: running meta tests; score so far=-1.053 >>debug: running header regexp tests; score so far=-1.053 >>debug: running body-text per-line regexp tests; score so far=-1.053 >>debug: running uri tests; score so far=-1.053 >>debug: running raw-body-text per-line regexp tests; score so far=-1.053 >>debug: running full-text regexp tests; score so far=-1.053 >>debug: is spam? score=-1.053 required=5 >>debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME >>debug: >>subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB >>LE_MSGID >> >>Now, when debug DOES complete, the next bits are: >> >>debug: ---- MIME PARSER START ---- >>debug: main message type: text/plain >>debug: parsing normal part >>debug: added part, type: text/plain >>debug: ---- MIME PARSER END ---- >>debug: bayes: 20574 tie-ing to DB file R/O >>/var/spool/MailScanner/spamassassin/bayes_toks >>debug: bayes: 20574 tie-ing to DB file R/O >>/var/spool/MailScanner/spamassassin/bayes_seen >>debug: bayes: found bayes db version 3 >>debug: bayes: Not available for scanning, only 32 spam(s) in Bayes DB < >> 200 >>debug: bayes: 20574 untie-ing >>debug: bayes: 20574 untie-ing db_toks >>debug: bayes: 20574 untie-ing db_seen >>...etc... >> >>This seems to imply that the MIME PARSER bit is sometimes not starting OR >>that the subtests prior to this aren't finishing?? >> >>Anyone!?? >> >> > Or that SA is struggling with the lock on bayes. As you are running > Postfix, have you got the permissions correct? MailScanner will be > running as the postfix user so that uid will need permissions to access > Bayes and it's directory. > > Drew > Nope, all rw by postfix:postfix NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrian at SENN.CH Sat May 21 22:38:47 2005 From: adrian at SENN.CH (Adrian Senn) Date: Thu Jan 12 21:29:44 2006 Subject: Another set of SA rulesets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all Martin Blapp from Improware in Switzerland is maintaining a set of rulesets. You can find them at [1] The Sober Worm will probably soon download a new set of commands. I think if its so, he will soon upgrade the rulesets. [1] http://antispam.imp.ch/ http://antispam.imp.ch/02-saregeln.html and http://antispam.imp.ch/soberlist Kind regards Adrian Senn -- |p mbox: adrian@senn.ch _ | |g mbox: adrian.senn@usz.ch ASCII ribbon campaign ( )| |www: - against HTML email X | | & vCards / \| ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sat May 21 22:39:07 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] One thing that might be of note - razor has created a razor-agent.log in the hold folder - you you think that some part of the mail scanning process is tripping over this? NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat May 21 22:46:22 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel Kendrick wrote: >One thing that might be of note - razor has created a razor-agent.log in >the hold folder - you you think that some part of the mail scanning >process is tripping over this? > > I shouldn't make the difference but Postfix won't like it. If you add razor_config /var/spool/MailScanner/spamassassin (Or what ever path you fancy) to spam.assassin.prefs.conf and restart MailScanner. Stop Postfix, delete the log file and restart Postfix. D -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Sat May 21 22:53:50 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm running MS on my secondary MX server and was wondering if there is a way for it to (possibly through a map file?) find the valid users for the domains I secondary. I would like to stop the spammers from hitting me with, literally, thousands of dictionary (unknown users) attacks? I'm using all kinds of RBLs and blacklists but still getting a lot slipping through. Oh running Sendmail 8.13.4 on it as well. With delay_checks, greet_pause and all the goodies. I'm not running an LDAP server, but could I suppose for this. TIA, -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sat May 21 22:56:24 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doc Schneider wrote: > I'm running MS on my secondary MX server and was wondering if there is a > way for it to (possibly through a map file?) find the valid users for > the domains I secondary. I would like to stop the spammers from hitting > me with, literally, thousands of dictionary (unknown users) attacks? > > I'm using all kinds of RBLs and blacklists but still getting a lot > slipping through. > > Oh running Sendmail 8.13.4 on it as well. With delay_checks, greet_pause > and all the goodies. > > I'm not running an LDAP server, but could I suppose for this. > You might want to look at milter-ahead Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat May 21 22:56:50 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: Two words: milter-sender http://www.milter.info Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider Sent: Saturday, May 21, 2005 4:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Authenicating users I'm running MS on my secondary MX server and was wondering if there is a way for it to (possibly through a map file?) find the valid users for the domains I secondary. I would like to stop the spammers from hitting me with, literally, thousands of dictionary (unknown users) attacks? I'm using all kinds of RBLs and blacklists but still getting a lot slipping through. Oh running Sendmail 8.13.4 on it as well. With delay_checks, greet_pause and all the goodies. I'm not running an LDAP server, but could I suppose for this. TIA, -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat May 21 22:58:54 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doc Schneider wrote: > I'm running MS on my secondary MX server and was wondering if there is a > way for it to (possibly through a map file?) find the valid users for > the domains I secondary. I would like to stop the spammers from hitting > me with, literally, thousands of dictionary (unknown users) attacks? > > I'm using all kinds of RBLs and blacklists but still getting a lot > slipping through. > > Oh running Sendmail 8.13.4 on it as well. With delay_checks, greet_pause > and all the goodies. > > I'm not running an LDAP server, but could I suppose for this. Or indeed SQL or copy the map files from the primary (Depending on your primary's MTA). I suggest having a look at the wiki, which has got some good examples (The address is in the footer of all the list postings) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Sat May 21 23:15:36 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Doc Schneider wrote: > >> I'm running MS on my secondary MX server and was wondering if there is a >> way for it to (possibly through a map file?) find the valid users for >> the domains I secondary. I would like to stop the spammers from hitting >> me with, literally, thousands of dictionary (unknown users) attacks? >> >> I'm using all kinds of RBLs and blacklists but still getting a lot >> slipping through. >> >> Oh running Sendmail 8.13.4 on it as well. With delay_checks, greet_pause >> and all the goodies. >> >> I'm not running an LDAP server, but could I suppose for this. > > > Or indeed SQL or copy the map files from the primary (Depending on your > primary's MTA). I suggest having a look at the wiki, which has got some > good examples (The address is in the footer of all the list postings) > > Drew Drew, I had looked all over sendmail.org and did a search on the wiki. Nothing jumped out at me. Using the same version of Sendmail on all my servers. Any particular wiki entry you would recommend? I do run SQL servers on all my boxen. And my user base very rarely changes. So you think adding something like: @maddoc.net ERROR:550 no such user here maddoc@maddoc.net maddoc@mail.maddoc.com into like the virtusertable would work? I'm also looking at those milters Michele and Mike suggested. Thanks folks! -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sat May 21 23:19:14 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner occasionally not picking up from the hold queue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Nigel Kendrick wrote: > >>One thing that might be of note - razor has created a razor-agent.log in >>the hold folder - you you think that some part of the mail scanning >>process is tripping over this? >> >> > I shouldn't make the difference but Postfix won't like it. If you add > razor_config /var/spool/MailScanner/spamassassin (Or what ever path you > fancy) to spam.assassin.prefs.conf and restart MailScanner. Stop > Postfix, delete the log file and restart Postfix. > > D > I've sort of done this a different way - I noticed from the logs that razor was calculating that its config files should be in /var/spool/postfix/.razor so I have put a set in there, deleted the log file and a new one has not been created. If this seems to fix things I'll tidy up the setup as you suggest. Many thanks for your quick replies too - much appreciated. Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat May 21 23:45:05 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: You will really like milter-sender. It performs the call-ahead that milter-ahead performs, but it also performs a call back to the sender email address to make sure it is valid and accepting mail. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider Sent: Saturday, May 21, 2005 5:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Authenicating users Drew Marshall wrote: > Doc Schneider wrote: > >> I'm running MS on my secondary MX server and was wondering if there >> is a way for it to (possibly through a map file?) find the valid >> users for the domains I secondary. I would like to stop the spammers >> from hitting me with, literally, thousands of dictionary (unknown users) attacks? >> >> I'm using all kinds of RBLs and blacklists but still getting a lot >> slipping through. >> >> Oh running Sendmail 8.13.4 on it as well. With delay_checks, >> greet_pause and all the goodies. >> >> I'm not running an LDAP server, but could I suppose for this. > > > Or indeed SQL or copy the map files from the primary (Depending on > your primary's MTA). I suggest having a look at the wiki, which has > got some good examples (The address is in the footer of all the list > postings) > > Drew Drew, I had looked all over sendmail.org and did a search on the wiki. Nothing jumped out at me. Using the same version of Sendmail on all my servers. Any particular wiki entry you would recommend? I do run SQL servers on all my boxen. And my user base very rarely changes. So you think adding something like: @maddoc.net ERROR:550 no such user here maddoc@maddoc.net maddoc@mail.maddoc.com into like the virtusertable would work? I'm also looking at those milters Michele and Mike suggested. Thanks folks! -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat May 21 23:56:04 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doc Schneider wrote: > Drew Marshall wrote: > >> Doc Schneider wrote: >> >>> I'm running MS on my secondary MX server and was wondering if there >>> is a >>> way for it to (possibly through a map file?) find the valid users for >>> the domains I secondary. I would like to stop the spammers from >>> hitting >>> me with, literally, thousands of dictionary (unknown users) attacks? >>> >>> I'm using all kinds of RBLs and blacklists but still getting a lot >>> slipping through. >>> >>> Oh running Sendmail 8.13.4 on it as well. With delay_checks, >>> greet_pause >>> and all the goodies. >>> >>> I'm not running an LDAP server, but could I suppose for this. >> >> >> >> Or indeed SQL or copy the map files from the primary (Depending on your >> primary's MTA). I suggest having a look at the wiki, which has got some >> good examples (The address is in the footer of all the list postings) >> >> Drew > > > Drew, > > I had looked all over sendmail.org and did a search on the wiki. Nothing > jumped out at me. Using the same version of Sendmail on all my servers. > > Any particular wiki entry you would recommend? Oops, caught with my trousers down :-( There is a pretty good instruction set for Postfix here http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:postfix:how_to but I hadn't realised that no one has written the instructions for Sendmail! Personally I don't do Sendmail (My preferred MTA is Postfix and I put some of the docs on the wiki for Postfix, hence I knew they were there!) so I am struggling to help much more. Your better bet might to explore the milters suggested by others. > > I do run SQL servers on all my boxen. And my user base very rarely > changes. So you think adding something like: > > @maddoc.net ERROR:550 no such user here > maddoc@maddoc.net maddoc@mail.maddoc.com > > into like the virtusertable would work? > It should do. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Sun May 22 10:43:54 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:44 2006 Subject: Using MCP with multiple rulesets Message-ID: Hi guys, I'm new to this list, so I apologise if I have missed something obvious (I don't think I have) Basically, I would like to use MCP more than once per message. I'll illustrate: I have a SA ruleset that contains racial insults of various forms. I have a separate ruleset that contains pornographic references. I also have a ruleset that represents content that I want to make sure doesn't leave my domain. I would like my clients to be able to opt in and out of the various filtering types. As far as I can tell, MailScanner only calls MCP once, using all the rulesets in the mcp directory. The best solution I have come up with is a set of SA rules as follows (untested) Header CLIENT_MATCH1 to=~/*@myclient.com/ Header CLIENT_MATCH2 to=~/*@myclient.com/ Meta CLIENTS_IN (CLIENT_MATCH1 || CLIENT_MATCH2) Body BAD_CONTENT1 /some bad stuff/ Body BAD_CONTENT2 /some other bad stuff/ Meta BAD_CONTENT (BAD_CONTENT1 || BAD_CONTENT2) Meta OPTED_IN (CLIENTS_IN && BAD_CONTENT) Score OPTED_IN 2 Which will allow clients to opt in and out of specific rules. However, I'm still only going to get back a single score, with no explanation of whether it was pornographic/client_filtered etc. If I could perform any math functions on the result that comes back I could just ensure that each different ruleset used only multiples of a prime number, then I could check for the existence of the prime in the result and work it out that way. Howver, I can't :( Ideally, I would call MCP once for each ruleset I have, but I don't think that's possible. Am I correct? If so, does anyone have any other suggestions? Many thanks. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 22 11:51:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: Quoth the Mailscanner, "Nevermore" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With all credit to Neil White, I present the latest in the range of Open Source Poetry: Once upon a morning dreary, while I watched my mail get weak and weary. From lhaig at HAIGMAIL.COM Sun May 22 14:07:52 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:44 2006 Subject: Suse install on the Wiki Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I have just added my document to the wiki under http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:install:rpm-suse I have not completed the Sendmail and Postfix sections as I do not know enough about how they should be configured. Could someone who knows more about the install of Sendmail and Postfix please have a look and perhaps fill in the blanks. Please also correct any mistakes I have made. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun May 22 14:24:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: Suse install on the Wiki Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi > > I have just added my document to the wiki under > > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:install:rpm-suse > > > I have not completed the Sendmail and Postfix sections as I do not know > enough about how they should be configured. Could someone who knows more > about the install of Sendmail and Postfix please have a look and perhaps > fill in the blanks. Perhaps like this http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:install:rpm-suse#postfix_configuration for the Postfix bit? As for the Sendmail, if someone would like to write some instructions (Under http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:sendmail) and then link to them... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Sun May 22 14:34:03 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: Quoth the Mailscanner, 'Nevermore' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I just want to know how you find the time for all this - I'll have some of whetever you're on!! If you (or anyone else) can squeeze a reply to this in their busy schedule I'd be grateful... We have turned on mail archiving so a copy of every mail sent/received is kept (the server is 'in house' and everyone knows the score by signing our AUP, just in case you're wondering!), but is it/would it be possible to specify whether confirmed inbound spam is actually archived along with everything else or whether it can be just ignored. Even an option to archive spam to another location? Do let me know if I just need to read the notes more! Thanks Nigel Kendrick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sun May 22 14:57:07 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:44 2006 Subject: Suse install on the Wiki Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, SUSE has a different way of configuring sendmail and postfix. I tried to use the standard configuration instructions in the wiki but things are different. That is why I asked for someone else to do that. Thanks for the help though Lance Drew Marshall wrote: > Lance Haig wrote: > >> Hi >> >> I have just added my document to the wiki under >> >> http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:install:rpm-suse >> >> >> >> I have not completed the Sendmail and Postfix sections as I do not know >> enough about how they should be configured. Could someone who knows more >> about the install of Sendmail and Postfix please have a look and perhaps >> fill in the blanks. > > > Perhaps like this > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:install:rpm-suse#postfix_configuration > > for the Postfix bit? > > As for the Sendmail, if someone would like to write some instructions > (Under > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:sendmail) > > and then link to them... > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sun May 22 15:48:29 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:44 2006 Subject: Setting up Postfix on SUSE Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have been trying to see if the install for postfix documents on the wiki work for my SUSE 9.2 install I followed the following http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation But when I try and start MailScanner I get the following error initializing incoming postfixInitializing outgoing postfix..failed Initializing MailScanner what do I need to look for Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun May 22 16:02:14 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:44 2006 Subject: Setting up Postfix on SUSE Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > I have been trying to see if the install for postfix documents on the > wiki work for my SUSE 9.2 install > > I followed the following > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > > But when I try and start MailScanner I get the following error > > initializing incoming postfixInitializing outgoing postfix..failed > Initializing MailScanner > > > what do I need to look for I think you will find you will need to look for nothing as far as getting a functioning mail service is concerned. Those errors are start up script errors and nothing else. You should find that Postfix and MailScanner are working fine. I did run SUSE briefly and fiddled with the start up script to stop it complaining (Can't remember exactly how but it was all about the status flags at the end of each start up command). I would look there first (Checking the mail log to ensure mail is being passed as I would expect it to be. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun May 22 23:16:11 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I run these 3 each day pyzor discover razor-admin -discover /var/dcc/libexec/updatedcc Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Terran Wright >>Sent: Saturday, May 21, 2005 3:02 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: OT: Pyzor >> >>Guys: >> >>Just completed first production implementation of MailScanner + Postfix + >>SA(DCC,Razor) + ClamAV + bitdefender. >> >>I then included Pyzor in the mix as I saw a mail tagged by both DCC and >>Razor slip through, in the hope of increasing efficiency. >> >>I'm not seeing any hits related to Pyzor and in debug mode I see this: >> >>debug: Pyzor is available: /usr/bin/pyzor >>debug: entering helper-app run mode >>debug: setuid: helper proc 14289: ruid=89 euid=89 >>debug: Pyzor: got response: Traceback (most recent call last): >>debug: leaving helper-app run mode >>debug: Pyzor: couldn't grok response "Traceback (most recent call last):" >> >>could someone please shed some light? >> > > > Try populating the Pyzor server list, run: > > /usr/bin/pyzor discover > > And then test again. > > You might want to setup a cron job to run this daily. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Sun May 22 23:29:29 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /var/dcc/libexec/updatedcc becomes update-dccmaps for debian if anyone needs that. Regards, Brent Addis Group Systems Administrator Times Media Group Peter Russell wrote: > I run these 3 each day > > pyzor discover > > razor-admin -discover > > /var/dcc/libexec/updatedcc > > > > > Stephen Swaney wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Terran Wright >>> Sent: Saturday, May 21, 2005 3:02 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: OT: Pyzor >>> >>> Guys: >>> >>> Just completed first production implementation of MailScanner + >>> Postfix + >>> SA(DCC,Razor) + ClamAV + bitdefender. >>> >>> I then included Pyzor in the mix as I saw a mail tagged by both DCC and >>> Razor slip through, in the hope of increasing efficiency. >>> >>> I'm not seeing any hits related to Pyzor and in debug mode I see this: >>> >>> debug: Pyzor is available: /usr/bin/pyzor >>> debug: entering helper-app run mode >>> debug: setuid: helper proc 14289: ruid=89 euid=89 >>> debug: Pyzor: got response: Traceback (most recent call last): >>> debug: leaving helper-app run mode >>> debug: Pyzor: couldn't grok response "Traceback (most recent call >>> last):" >>> >>> could someone please shed some light? >>> >> >> >> Try populating the Pyzor server list, run: >> >> /usr/bin/pyzor discover >> >> And then test again. >> >> You might want to setup a cron job to run this daily. >> >> Steve >> >> Steve Swaney >> President >> Fortress Systems Ltd. >> Phone: 202 338-1670 >> Cell: 202 352-3262 >> www.fsl.com >> steve.swaney@fsl.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve at NETWAYNETWORKS.COM.AU Fri May 20 06:04:44 2005 From: steve at NETWAYNETWORKS.COM.AU (Steven Evans) Date: Thu Jan 12 21:29:44 2006 Subject: German Spam still getting through? Message-ID: (Oops, ctrl+enter sent the email too soon). I've been noticing some getting through too, but in closer inspection its either the AWL rules beating the spam (ie -17 making it under 5 in the end) or that the spoofed address is a whitelist address, like @ato.gov.au. I've also noticed that some are getting through MailScanner unscanned. Beit that I'm running 4.35.9, the headers only have these lines: X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Return-Path: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_007_01C55B69.52DF8080" X-OriginalArrivalTime: 18 May 2005 05:20:38.0304 (UTC) FILETIME+AD0AWw-53A67A00:01C55B69+AF0- content-class: urn:content-classes:message Subject: Volk wird nur zum zahlen gebraucht+ACE- Date: Wed, 18 May 2005 15:19:12 +1000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Volk wird nur zum zahlen gebraucht+ACE- Thread-Index: =?utf-7?B?QWNWYmFWeUE4MFkyVmNFY1QrdTJjbTNoT2I2UThBUFFBOS0=?= From: To: To me this means that the email was rejected because it was a broken TNEF email, and MailScanner let it through unscanned? Cheers, Steve -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff Mills Sent: Friday, 20 May 2005 2:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: German Spam still getting through? As a test I just put the score higher (from 8 to 20). I'm wondering if some of the mails are getting enough of a negative score to push the score under the spam limit. See how things go now... > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Brent Addis > Sent: Friday, 20 May 2005 2:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: German Spam still getting through? > > > This is still happening? > > The last one of these any of our servers received was on > monday (being > friday afternoon now) > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon May 23 02:51:21 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:44 2006 Subject: OT: Grey-listing? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, Whilst not entirely MailScanner related, I do consider most people on this list more sendmail savvy than myself, hence this message. Apologies if it offends. I've started down the road of grey-listing and have configured but not "activated" the sendmail greylist-milter. My questions to the group are both technical and political: 1. those who have used this milter; how effective is it in stemming the tide of spam compared to "just" sendmail + mailscanner + SA + RBL(OutBlaze, Razor etc)?? 2. If anyone is using grey-listing (of any type), what impact is there to the sender and how has this been addressed politically within your organisation? Question 2 needs a little explanation: the company that pays my salary is concerned that senders will recieve a temporary failure message if no mail is sent from their MTA to ours within the "known MTA timeout". The powers that be, are worried some customers may percieve this as a flakey mail server at our end given that many customers may only contact us once or twice a year. Are there any other grey-list solutions? milter-sender looks interesting, but it looks like a pain to configure given our MailScanner box is a gateway for about 10 domains, 3 of which are local to the MailScanner box, the others are forwarded to the internal Exchange server. Or is my perception != reality?? TIA James PS - why does my GPG sig get munged when posting to this list?? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Mon May 23 03:45:40 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No luck there, same output in debug.... any other ideas? ----- Original Message ----- From: "Peter Russell" To: Sent: Sunday, May 22, 2005 6:16 PM Subject: Re: Pyzor > I run these 3 each day > > pyzor discover > > razor-admin -discover > > /var/dcc/libexec/updatedcc > > > > > Stephen Swaney wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Terran Wright > >>Sent: Saturday, May 21, 2005 3:02 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: OT: Pyzor > >> > >>Guys: > >> > >>Just completed first production implementation of MailScanner + Postfix + > >>SA(DCC,Razor) + ClamAV + bitdefender. > >> > >>I then included Pyzor in the mix as I saw a mail tagged by both DCC and > >>Razor slip through, in the hope of increasing efficiency. > >> > >>I'm not seeing any hits related to Pyzor and in debug mode I see this: > >> > >>debug: Pyzor is available: /usr/bin/pyzor > >>debug: entering helper-app run mode > >>debug: setuid: helper proc 14289: ruid=89 euid=89 > >>debug: Pyzor: got response: Traceback (most recent call last): > >>debug: leaving helper-app run mode > >>debug: Pyzor: couldn't grok response "Traceback (most recent call last):" > >> > >>could someone please shed some light? > >> > > > > > > Try populating the Pyzor server list, run: > > > > /usr/bin/pyzor discover > > > > And then test again. > > > > You might want to setup a cron job to run this daily. > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > Phone: 202 338-1670 > > Cell: 202 352-3262 > > www.fsl.com > > steve.swaney@fsl.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 23 04:51:24 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:44 2006 Subject: German Spam still getting through? Message-ID: Hi! > I've been noticing some getting through too, but in closer inspection > its either the AWL rules beating the spam (ie -17 making it under 5 in > the end) or that the spoofed address is a whitelist address, like > @ato.gov.au. > > I've also noticed that some are getting through MailScanner unscanned. > Beit that I'm running 4.35.9, the headers only have these lines: Most people i know have disabled AWL. Might be wise to do the same ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greyhair at GREYHAIR.NET Mon May 23 05:41:06 2005 From: greyhair at GREYHAIR.NET (greyhair) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM won't install on RHEL 4.0 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a dual opteron system running a vanilla installation of RHEL 4.0. I ran the install script for MailScanner-4.41.3-1 and get... "Now to install MailScanner itself. error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.41.3-1.noarch Please buy the MailScanner book from www.mailscanner.info! It is a very useful administration guide and introduction to MailScanner. All the proceeds go directly to making MailScanner a better supported package than it is today." Forcing the install by ignoring the dependency... Running on Linux server 2.6.9-5.0.5.ELsmp #1 SMP Fri Apr 8 14:29:37 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.41.3 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.49 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.30 URI I don't want to have to force the install. I do know that the .packlist files are stored in the /usr/lib64/perl5 area not /usr/lib/perl5 - is this an issue? Will MailScanner work correctly? This is my first ever hiccup with MailScanner in 3 years also this is my first 64bit machine... any advice is appreciated. Also, how do I get RHEL 4.0 to not install GUI? greyhair ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Mon May 23 06:27:04 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dual Opteron 244 Getting the following with install.sh: ---snip--- You appear to be running on a system that does not use the RPM packaging system. If you think you can use RPM, then press Ctrl-C right now, make sure the "rpm" and "rpmbuild" programs can be found and run this script again. I will install MailScanner under /opt, from where you can move it if you want. I will need to build the tnef program for you too. ---snip--- rpm and rpmbuild are there, thought I might get some input on this before I proceed. Thanks, Tracy Greggs -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Mon May 23 07:45:16 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:44 2006 Subject: Grey-listing? Message-ID: Hi James, > 2. If anyone is using grey-listing (of any type), what impact is > there to the sender and how has this been addressed politically > within your organisation? > > Question 2 needs a little explanation: the company that pays my > salary is concerned that senders will recieve a temporary failure > message if no mail is sent from their MTA to ours within the "known > MTA timeout". That depends on how you configure your grey-listing. If you do not accept mail from unknown sites for let's say 60 minutes, most customer MTAs will generate an e-mail to the sender stating that the e-mail has not yet been delivered. A more reasonable time might be 15 minutes but again you will find some customer servers that will generate mail even after 10 minutes etc. This would be a badly configured server most people would say (and I would agree) but it is up to the server administrator and the company policy to determine those thresholds. > The powers that be, are worried some customers may > percieve this as a flakey mail server at our end given that many > customers may only contact us once or twice a year. Agreed. We do not use greylisting ourselves and strongly advise against using it to our customers. Main reason: You simply do not know how the sending server is configured. If their queue-runner tries a resend after 15 minutes (seems to be the default with many MTAs) you might be all-set. However I would like to get e-mails as soon as possible and some of our customers rely on e-mails coming in within seconds/minutes and not hours. If the senders queue-runner is set for 60 minute retry intervals, each new e-mail will probably take at least 60 minutes to reach your inbox. That, from my point of view, would be totally unacceptable. Again: A 60 minute queue-run interval might sound like a bad idea to most of us, but it is up to the server adminitrator to determine that interval. Nothing you can do to guarantee sooner transmission of the mail. > Are there any other grey-list solutions? Sure. Each have the same basic "problem" though. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at MINDMAN.COM.TW Mon May 23 07:46:09 2005 From: james at MINDMAN.COM.TW (James C.H. Chien) Date: Thu Jan 12 21:29:44 2006 Subject: Subject with Base64 encoding was not decoded properly Message-ID: Hi~ MailScaner works fine on my system, but I found some subject(Big5) of emails with base64 encoding were not decoded properly. I have two accounts which receive emails from Microsoft, one does not pass through MailScaner, another does. The below picture is the result of two same emails from Microsoft. http://www.mindman.com.tw/bug.jpg If the email didn't pass through MailScanner, the subject in the header will be: Subject: =?big5?B? W7dMs2646rBUvse26b3StXun1rBUXSCmcKbzp1Glzk1pY3Jvc29mdCBPZmZpY2VQcm9qZWN0IDI wMDMgtmmm5rFNrtel9LDIs1e5urtQsca1e7resbEgLSCnS7ZPvdK1ew==?= After processing by MailScanner, it became: [#L#n###T#######{###T] #p###Q##Microsoft OfficeProject 2003 #i###M#######W###P###{#### - #K#O###{ Was this unproper decoding caused by MailScanner ?? OS: FC1 MailScanner-4.41.3-1 MailScanner-perl-MIME-Base64-3.05-5 Perl-5.8.6-5 spamassassin-3.0.2-1 Thanks in advance. James C.H. Chien ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 23 08:38:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: Did you "su" or "su -". You should always "su -" as it sets up root's environment and path properly. Never use su on its own. On 23 May 2005, at 06:27, Tracy Greggs wrote: > Dual Opteron 244 > > Getting the following with install.sh: > > ---snip--- > You appear to be running on a system that does not use the > RPM packaging system. > If you think you can use RPM, then press Ctrl-C right now, > make sure the "rpm" and "rpmbuild" programs can be found > and run this script again. > I will install MailScanner under /opt, from where you can > move it if you want. > I will need to build the tnef program for you too. > ---snip--- > > > rpm and rpmbuild are there, thought I might get some input on this > before I > proceed. > > > Thanks, > Tracy Greggs > > > > > > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Mon May 23 08:38:13 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tracy Greggs Sent: 23 May 2005 06:27 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Dual Opteron 244 Getting the following with install.sh: ---snip--- You appear to be running on a system that does not use the RPM packaging system. If you think you can use RPM, then press Ctrl-C right now, make sure the "rpm" and "rpmbuild" programs can be found and run this script again. I will install MailScanner under /opt, from where you can move it if you want. I will need to build the tnef program for you too. ---snip--- rpm and rpmbuild are there, thought I might get some input on this before I proceed. Thanks, Tracy Greggs Tracy, Not much help maybe but I have two Centos4 servers running MailScanner, installed using Johnny Hughes' howto with mods to not use two separate instances of Postfix - install threw no major problems like you mentioned. Hope you get it sorted. Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 23 08:55:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:44 2006 Subject: Odd messages appearing in my /var/log/message Message-ID: Jason I find that nowadays you have to put the MailWatch.pm in CustomFunctions rather than the location in the MW install files, and do not ammend the Custom.pm to insert the 'require' line. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Williams wrote: > Alright, think I figured this out, or at least have some directions on > where to go. I was just about to debug before I sent my last email. Here > is the output: > > > Stopping MailScanner... > Starting MailScanner... > In Debugging mode, not forking... > SA bayes lock is /root/.spamassassin/bayes.lock > Bayes lock is at /root/.spamassassin/bayes.lock > Undefined subroutine &MailScanner::CustomConfig::MailWatchLogging called > at /usr/local/lib/MailScanner/MailScanner/Config.pm line 121. > > I saw the last line and though and the MailWatchLogging caught my eye. I > guess i should have mentioned im running Mailwatch before.Oops. My mistake. > > looking at my mailscanner.conf file, this line... > > Always Looked Up Last = &MailWatchLogging > > When I change it from &MailWatchlogging to 'no', those messages in > /var/log/messages go away. > > That seems to have fixed that part,but not I have to figure out what is > going on with MailWatch. :) > > Thanks Drew. I appreciate it. > > Jason > > Drew Marshall wrote: > >> Jason Williams wrote: >> >>> Was just working on that Here is what I found: >>> >>> /var/log/messags: >>> May 20 12:57:32 mail jwilliams: Process did not exit cleanly, returned >>> 255 with signal 0 >>> >>> /var/log/maillog (took exact time copies) >>> >>> May 20 12:57:29 mail MailScanner[79862]: New Batch: Scanning 1 messages, >>> 3732 bytes >>> May 20 12:57:29 mail MailScanner[79862]: Spam Checks: Starting >>> May 20 12:57:31 mail MailScanner[79862]: Virus and Content Scanning: >>> Starting >>> May 20 12:57:32 mail MailScanner[79862]: Uninfected: Delivered 1 >>> messages >>> May 20 12:57:32 mail MailScanner[79876]: MailScanner E-Mail Virus >>> Scanner version 4.41.3 starting... >>> May 20 12:57:32 mail MailScanner[79876]: Read 108 hostnames from the >>> phishing whitelist >>> May 20 12:57:32 mail MailScanner[79876]: Config: calling custom init >>> function MailWatchLogging >>> May 20 12:57:33 mail sm-mta-in[79877]: j4KJvWfI079877: >>> from=, >>> >>> >>> >>> size=2013, class=-60, nrcpts=1, >>> msgid=<20050520054840.38424.qmail@web51609.mail.yahoo.com>, proto=ESMTP, >>> daemon=MTA, relay=outgoing.securityfocus.com [205.206.231.27] >>> >>> Is it a MS process restarting, but the previous MS process wasn't >>> stopped properly? >> >> >> >> Hmm, could be. Have you tried running MailScanner in debug mode and then >> checking the logs? >> >> D >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 23 09:06:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:44 2006 Subject: Quoth the Mailscanner, 'Nevermore' Message-ID: Nigel you can do with something other than the archive option. If you make the "Non Spam Actions" in MailScanner.conf be 'store deliver' it will store the non-spam stuff in the quarantine dir. Then the spam and High Scoring Spam actions also store it will keep the 'spam' in the quarantine//spam dir and the non-spam in /quaratine//non-spam dir. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Nigel Kendrick wrote: > Julian, > > I just want to know how you find the time for all this - I'll have some of > whetever you're on!! > > If you (or anyone else) can squeeze a reply to this in their busy schedule > I'd be grateful... > > We have turned on mail archiving so a copy of every mail sent/received is > kept (the server is 'in house' and everyone knows the score by signing our > AUP, just in case you're wondering!), but is it/would it be possible to > specify whether confirmed inbound spam is actually archived along with > everything else or whether it can be just ignored. Even an option to > archive spam to another location? Do let me know if I just need to read > the notes more! > > Thanks > > Nigel Kendrick > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 23 09:01:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:44 2006 Subject: Quoth the Mailscanner, "Nevermore" Message-ID: Julian I'll send the builders around to widen the doors.....:-) More seriously though, well deserved. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > With all credit to Neil White, I present the latest in the range of Open > Source Poetry: > > Once upon a morning dreary, while I watched my mail get weak and weary. > From many a bad and most evil spammers galore. > While I wept and began to moan suddenly there came a rining on my phone. > As of someone urgently phoninig, phonining me to do a chore > "Tis some boss," I thought, phoning me to do a chore. > Only this and nothing more. > > Ah, fondly I remember, it was a sunny day in September. > And every I.T guy was running around on that floor. > Eagrly I wished that google would do it's works. > To find me a solution to these virus jerks. > It answered my cry and gave me a name. > Julian Field ,and much much more > > And the silken sad clicking of each new web page > Thrilled me, filled with fantastic relief never felt before. > So that now, to stop the ringing in my ears, I stood repeating. > "Tis some boss just calling me on my phone" > "Some annoying boss wanting me to do another chore" > This it is and nothing more. > > Presently my courage got stronger, taking it no longer. > I reached down and picked up that damn phone. > "Sir", said I, what can I do you for? > That fact was, that the boss had been napping > And the clients had started crapping. > Crapping on him like never before. > > Deep into the phone I began listening, wondering, fearing. > Hearing, I must get a solution to this problem before four. > To stop the spam and virus' in its tracks > So the clients would get off our backs. > MailScanner! This I whispered back in the phone. > MailScanner and nothing more. > > Back to the computer turning, all the keys on the keyboard burning. > Soon I began learning, learning Mailscanner and how to install. > "Surely" said I when I finshed, surely this can't be true. > An open source program that does virus scanning, > content filter and SPAM checking too. > I picked on the phone and made the call. > > From the source I did compile, even though it took a while. > But finally in stepped Mailscanner, from a hard days chore. > And all around the I.T. guys gathered to see what was the matter. > The matter, because this had never been done before. > MailScanner sat there saying "Nevermore" > > "Work!" said I, as I started the new Service > And we cowered round the tailed log files of the servers. > As we watched the log files start to grow. > And started to read the lines, row by row. > We saw something new, something we would now adore > Quoth the Mailscanner, "Nevermore" > > And now the Mailscanner, never dying, still working, still working. > On all the mailservers in the data center on the ground floor. > And its eyes having all that it can see of a daemon using clam-AV. > The I.T. guys are not longer running around that floor. > And the phone do not ring anymore. > All because of Mailscanner. > Shall not be lifted - Nevermore! > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Mon May 23 12:28:37 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:29:44 2006 Subject: Suse install on the Wiki Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote on 22-5-2005 15:57: > Hi Drew, > > SUSE has a different way of configuring sendmail and postfix. > > I tried to use the standard configuration instructions in the wiki but > things are different. I will be installing sendmail on a Suse system (when the budget comes free). As a practice I write down all actions. I will see that I upload this once it is ready. Beware, we have a special way of installing sendmail (not running as root and all files are owned by a special user) as to prevent security problems. -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon May 23 12:51:06 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Terran Wright > Sent: Sunday, May 22, 2005 10:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Pyzor > > No luck there, same output in debug.... any other ideas? > 11- What ports are used? I must tell the firewall guy... Have you opened up the firewall ports? From the old MAQ: Incoming/outgoing: regular tcp port 25 (of course) Outgoing Razor2 tcp ports 2703 and 7 >> Pyzor udp port 24441 << DCC udp port 6277 Of course, DNS ports Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > ----- Original Message ----- > From: "Peter Russell" > To: > Sent: Sunday, May 22, 2005 6:16 PM > Subject: Re: Pyzor > > > > I run these 3 each day > > > > pyzor discover > > > > razor-admin -discover > > > > /var/dcc/libexec/updatedcc > > > > > > > > > > Stephen Swaney wrote: > > >>-----Original Message----- > > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > >>Behalf Of Terran Wright > > >>Sent: Saturday, May 21, 2005 3:02 PM > > >>To: MAILSCANNER@JISCMAIL.AC.UK > > >>Subject: OT: Pyzor > > >> > > >>Guys: > > >> > > >>Just completed first production implementation of MailScanner + > Postfix > + > > >>SA(DCC,Razor) + ClamAV + bitdefender. > > >> > > >>I then included Pyzor in the mix as I saw a mail tagged by both DCC > and > > >>Razor slip through, in the hope of increasing efficiency. > > >> > > >>I'm not seeing any hits related to Pyzor and in debug mode I see this: > > >> > > >>debug: Pyzor is available: /usr/bin/pyzor > > >>debug: entering helper-app run mode > > >>debug: setuid: helper proc 14289: ruid=89 euid=89 > > >>debug: Pyzor: got response: Traceback (most recent call last): > > >>debug: leaving helper-app run mode > > >>debug: Pyzor: couldn't grok response "Traceback (most recent call > last):" > > >> > > >>could someone please shed some light? > > >> > > > > > > > > > Try populating the Pyzor server list, run: > > > > > > /usr/bin/pyzor discover > > > > > > And then test again. > > > > > > You might want to setup a cron job to run this daily. > > > > > > Steve > > > > > > Steve Swaney > > > President > > > Fortress Systems Ltd. > > > Phone: 202 338-1670 > > > Cell: 202 352-3262 > > > www.fsl.com > > > steve.swaney@fsl.com > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon May 23 13:04:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:44 2006 Subject: Pyzor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I run these 3 each day > > pyzor discover > > razor-admin -discover > > /var/dcc/libexec/updatedcc > These would be more appropriate imho, /usr/bin/pyzor --homedir /path/to/.pyzor discover /usr/bin/razor-admin -conf=/path/to/.razor/razor-agent.conf -discover Also a line like this in razor-agent.conf helps razorhome = /path/to/.razor And this in spam.assassin.prefs.conf razor_config /path/to/.razor/razor-agent.conf /path/to in my case being /etc/mail/spamassassin - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Mon May 23 14:19:02 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I am seeing this logged in directly as root from the console. If that helps any :) Tracy ----- Original Message ----- From: "Julian Field" To: Sent: Monday, May 23, 2005 2:38 AM Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 > Did you "su" or "su -". You should always "su -" as it sets up root's > environment and path properly. Never use su on its own. > > On 23 May 2005, at 06:27, Tracy Greggs wrote: > >> Dual Opteron 244 >> >> Getting the following with install.sh: >> >> ---snip--- >> You appear to be running on a system that does not use the >> RPM packaging system. >> If you think you can use RPM, then press Ctrl-C right now, >> make sure the "rpm" and "rpmbuild" programs can be found >> and run this script again. >> I will install MailScanner under /opt, from where you can >> move it if you want. >> I will need to build the tnef program for you too. >> ---snip--- >> >> >> rpm and rpmbuild are there, thought I might get some input on this >> before I >> proceed. >> >> >> Thanks, >> Tracy Greggs >> >> >> >> >> >> >> -- >> Oklahoma Network Consulting has scanned this >> message for viruses and dangerous content with >> MailScanner, and commercial virus scanners McAfee >> and F-Prot and is believed to be clean. >> --- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Mon May 23 14:37:14 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BTW.. Kernel is 2.6.9-5.0.5.ELsmp Sendmail 8.13.1 This is a completely fresh install on a new box, up2date has been performed with all current updates installed. [root@office MailScanner-install-4.41.3]# which rpm /bin/rpm [root@office MailScanner-install-4.41.3]# which rpmbuild /usr/bin/rpmbuild Thanks, Tracy ----- Original Message ----- From: "Tracy Greggs" To: Sent: Monday, May 23, 2005 8:19 AM Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 > Julian, I am seeing this logged in directly as root from the console. If > that helps any :) > > Tracy > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Monday, May 23, 2005 2:38 AM > Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 > > >> Did you "su" or "su -". You should always "su -" as it sets up root's >> environment and path properly. Never use su on its own. >> >> On 23 May 2005, at 06:27, Tracy Greggs wrote: >> >>> Dual Opteron 244 >>> >>> Getting the following with install.sh: >>> >>> ---snip--- >>> You appear to be running on a system that does not use the >>> RPM packaging system. >>> If you think you can use RPM, then press Ctrl-C right now, >>> make sure the "rpm" and "rpmbuild" programs can be found >>> and run this script again. >>> I will install MailScanner under /opt, from where you can >>> move it if you want. >>> I will need to build the tnef program for you too. >>> ---snip--- >>> >>> >>> rpm and rpmbuild are there, thought I might get some input on this >>> before I >>> proceed. >>> >>> >>> Thanks, >>> Tracy Greggs >>> >>> >>> >>> >>> >>> >>> -- >>> Oklahoma Network Consulting has scanned this >>> message for viruses and dangerous content with >>> MailScanner, and commercial virus scanners McAfee >>> and F-Prot and is believed to be clean. >>> --- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Oklahoma Network Consulting has scanned this >> message for viruses and dangerous content with >> MailScanner, and commercial virus scanners McAfee >> and F-Prot and is believed to be clean. >> --- > > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 23 14:44:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: What do these produce? which rpm which rpmbuild On 23 May 2005, at 14:19, Tracy Greggs wrote: > Julian, I am seeing this logged in directly as root from the > console. If > that helps any :) > > Tracy > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Monday, May 23, 2005 2:38 AM > Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 > > > >> Did you "su" or "su -". You should always "su -" as it sets up root's >> environment and path properly. Never use su on its own. >> >> On 23 May 2005, at 06:27, Tracy Greggs wrote: >> >> >>> Dual Opteron 244 >>> >>> Getting the following with install.sh: >>> >>> ---snip--- >>> You appear to be running on a system that does not use the >>> RPM packaging system. >>> If you think you can use RPM, then press Ctrl-C right now, >>> make sure the "rpm" and "rpmbuild" programs can be found >>> and run this script again. >>> I will install MailScanner under /opt, from where you can >>> move it if you want. >>> I will need to build the tnef program for you too. >>> ---snip--- >>> >>> >>> rpm and rpmbuild are there, thought I might get some input on this >>> before I >>> proceed. >>> >>> >>> Thanks, >>> Tracy Greggs >>> >>> >>> >>> >>> >>> >>> -- >>> Oklahoma Network Consulting has scanned this >>> message for viruses and dangerous content with >>> MailScanner, and commercial virus scanners McAfee >>> and F-Prot and is believed to be clean. >>> --- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Oklahoma Network Consulting has scanned this >> message for viruses and dangerous content with >> MailScanner, and commercial virus scanners McAfee >> and F-Prot and is believed to be clean. >> --- >> > > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 23 15:29:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:44 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: Are you 100% sure you downloaded the .rpm.tar.gz version, for your RPM-based Linux installation? On 23 May 2005, at 14:37, Tracy Greggs wrote: > BTW.. > > Kernel is 2.6.9-5.0.5.ELsmp > Sendmail 8.13.1 > > This is a completely fresh install on a new box, up2date has been > performed > with all current updates installed. > > [root@office MailScanner-install-4.41.3]# which rpm > /bin/rpm > [root@office MailScanner-install-4.41.3]# which rpmbuild > /usr/bin/rpmbuild > > > Thanks, > Tracy > > ----- Original Message ----- > From: "Tracy Greggs" > To: > Sent: Monday, May 23, 2005 8:19 AM > Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 > > > >> Julian, I am seeing this logged in directly as root from the >> console. If >> that helps any :) >> >> Tracy >> >> ----- Original Message ----- >> From: "Julian Field" >> To: >> Sent: Monday, May 23, 2005 2:38 AM >> Subject: Re: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 >> >> >> >>> Did you "su" or "su -". You should always "su -" as it sets up >>> root's >>> environment and path properly. Never use su on its own. >>> >>> On 23 May 2005, at 06:27, Tracy Greggs wrote: >>> >>> >>>> Dual Opteron 244 >>>> >>>> Getting the following with install.sh: >>>> >>>> ---snip--- >>>> You appear to be running on a system that does not use the >>>> RPM packaging system. >>>> If you think you can use RPM, then press Ctrl-C right now, >>>> make sure the "rpm" and "rpmbuild" programs can be found >>>> and run this script again. >>>> I will install MailScanner under /opt, from where you can >>>> move it if you want. >>>> I will need to build the tnef program for you too. >>>> ---snip--- >>>> >>>> >>>> rpm and rpmbuild are there, thought I might get some input on this >>>> before I >>>> proceed. >>>> >>>> >>>> Thanks, >>>> Tracy Greggs >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Oklahoma Network Consulting has scanned this >>>> message for viruses and dangerous content with >>>> MailScanner, and commercial virus scanners McAfee >>>> and F-Prot and is believed to be clean. >>>> --- >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Oklahoma Network Consulting has scanned this >>> message for viruses and dangerous content with >>> MailScanner, and commercial virus scanners McAfee >>> and F-Prot and is believed to be clean. >>> --- >>> >> >> >> -- >> Oklahoma Network Consulting has scanned this >> message for viruses and dangerous content with >> MailScanner, and commercial virus scanners McAfee >> and F-Prot and is believed to be clean. >> --- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 23 15:49:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:45 2006 Subject: Performance Issues Message-ID: In that case somethings really wrong. Can you post your full MailScanner.conf and configure file(s) for exim. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anakin SkyWalker wrote: > Really, nothing is done. MailScanner says nothing when > started, even in debug mode after "not forking" > It starts with no errors, but no checking/delivery is > done. > > --- Martin Hepworth > wrote: > > >>I presume you restarted MailScanner after altering >>the MailScanner.conf >> >> >>If things stop working 1st point of call is to >>enable both Debug options >>in MailScanner.conf. Stop Mailscanner and run >>check_MailScanner. This >>will dump debug to th screen and you may be able to >>spot what's >>happening. If you ca't spot anything post the debug >>here and someelse >>might be able to spot something. >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Anakin SkyWalker wrote: >> >>>How do I setup MaiLScanner to work with exim's >>>splitted spool directory ? >>>I have changed "Split Exim Spool" to `yes` in >>>MailScanner.conf >>>Both exim's queues (in queue out-queue) set to >>>split_spool_directory. >>>The result is: mailscanner didn't do anything. >>> >>>Any other thing I'm missing? >>> >>>--- Anakin SkyWalker >> >> >> >>>wrote: >>> >>> >>>>RBLs working fine within Exim >>>>No SA extras, I had to stop SA scanning to >> >>increase >> >>>>the speed. >>>>Yes I have a caching name server running on. >>>>Lots of german stuff, yes! >>>>Human interference means: flush incoming >>>>connections, >>>>let mailscanner work all alone with the queue >> >>until >> >>>>its stable again. >>>> >>>>--- Martin Hepworth >> >> >> >>>>wrote: >>>> >>>> >>>>>Anakin (!) >>>>> >>>>>check the RBL's are behaving properly, are you >>>>>running any extra SA >>>>>rules and do you run a local cachine nameserver? >>>>> >>>>>Could the load increase be all these German spams >>>> >>>>>from sober.q, or is >>>> >>>>>the number of emails about the same? >>>>> >>>>>I guess by human interferance you mean restarting >>>> >>>>MS >>>> >>>> >>>>>os something???? >>>>> >>>>>-- >>>>>Martin Hepworth >>>>>Snr Systems Administrator >>>>>Solid State Logic >>>>>Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>Anakin SkyWalker wrote: >>>>> >>>>> >>>>>>I'm running MailScanner in my Exim based MX with >>>>> >>>>>20K+ >>>>> >>>>> >>>>>>boxes. Since sunday, my mail queue doesn't get >>>>> >>>>>lower >>>>> >>>>> >>>>>>than 12K without human interference. >>>>>>Anyone having same problems lately? >>>>>> >>>>>>Machine: >>>>>>PIV HT 2.8GHz, 1GB RAM >>>>>> >>>>>>Versions I use: >>>>>>Fedora Core 3 >>>>>> >>>>>>2.6.11-1.14_FC3smp >>>>>>Exim 4.50 (compiled) >>>>>>Clamav 0.85.1 (compiled) >>>>>>perl-5.8.5-12.FC3 >>>>>>mailscanner-4.41.3-1 (rpm based) >>>>>> >>>>>>I have 5 mailscanner children running. >>>>>>I upgraded MailScanner monday. Same behaviour. >>>>>> >>>>>>I appreciate any tips. >>>>>>Thanks. >>>>>> >>>>>> >>>>>> >>>>> >>>>> > ********************************************************************** > >>>>>This email and any files transmitted with it are >>>>>confidential and >>>>>intended solely for the use of the individual or >>>>>entity to whom they >>>>>are addressed. If you have received this email in >>>>>error please notify >>>>>the system manager. >>>>> >>>>>This footnote confirms that this email message >> >>has >> >>>>>been swept >>>>>for the presence of computer viruses and is >>>> >>>>believed >>>> >>>> >>>>>to be clean. >>>>> >>>>> >>>> > ********************************************************************** > >>>>>------------------------ MailScanner list >>>>>------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk >> >>with >> >>>>>the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the Wiki >>>>>(http://wiki.mailscanner.info/) and >>>>>the archives >>>>> >>>> >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>>>Support MailScanner development - buy the book >> >>off >> >>>>>the website! >>>>> >>>> >>>> >>>> >>>>__________________________________ >>>>Yahoo! Mail Mobile >>>>Take Yahoo! Mail with you! Check email on your >>>>mobile phone. >>>>http://mobile.yahoo.com/learn/mail >>>> >>> >>> >>>__________________________________________________ >>>Do You Yahoo!? >>>Tired of spam? Yahoo! Mail has the best spam >> >>protection around >> >>>http://mail.yahoo.com >>> >>>------------------------ MailScanner list >> >>------------------------ >> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with >> >>the words: >> >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki >> >>(http://wiki.mailscanner.info/) and >> >>>the archives >> >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>>Support MailScanner development - buy the book off >> >>the website! >> >> > > ********************************************************************** > >>This email and any files transmitted with it are >>confidential and >>intended solely for the use of the individual or >>entity to whom they >>are addressed. If you have received this email in >>error please notify >>the system manager. >> >>This footnote confirms that this email message has >>been swept >>for the presence of computer viruses and is believed >>to be clean. >> >> > > ********************************************************************** > >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the > > === message truncated === > > > > > Discover Yahoo! > Get on-the-go sports scores, stock quotes, news and more. Check it out! > http://discover.yahoo.com/mobile.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Mon May 23 16:21:14 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:29:45 2006 Subject: MailScanner-4.41.3-1 RPM install on CentOS 4.0 x86_64 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK.. As if this case of the flu wasn't bad enough, I better get my fire suit on. Working while delirious isn't wise. :) I apparently grabbed the wrong version. Thanks for yanking my head out for me. I'll be going back to bed now :) Tracy -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon May 23 16:30:57 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: Mike Kercher wrote: > You will really like milter-sender. It performs the call-ahead that > milter-ahead performs, but it also performs a call back to the sender > email address to make sure it is valid and accepting mail. > > Mike It should be mentioned that you may lose a bit of legitimate mail this way however. Trying to ping Mike off list, my mail wouldn't go through, since my MS gateways don't know anything about legitimate addresses which are currently in Exchange 5.5 and not accessable from the inet. Although my address is valid, milter-sender rejected it on his end because it couldn't be verified. Once I get to Exchange 2003 and can implement milter ahead here, that problem *should* go away (I hope). Milter-sender is a good tool, but if one implements it, be aware that it may bite you on the kiester in a few cases. That, of course, is true of any of our anti-spam efforts - it's all an odds game... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon May 23 16:18:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I put out a beta to for you to test my fix, will someone install it > and test it for me? I would. > > Julian Field wrote: > >> Matt, >> >> You are absolutely right, this is a bug. >> >> It detects the null MIME boundary just fine. However, the latest >> MIME-tools no longer parses the message correctly (that must have been a >> bug-fix of mine which never got into the main MIME-tools code, ho hum). >> It produces a multi-part message with no parts, but with a body >> containing all the testvirus text. A multipart entity shouldn't have a >> body, it should just contain a list of parts. This one breaks the rule >> by having a body and no list of parts. >> >> I now check for this situation occurring and force it to be a correct >> structure. >> >> This will be in the next release. >> >> Matt Kettler wrote: >> >>> Ugo Bellavance wrote: >>> > Please search the archives for 'testvirus'. You'll find your >>> answer as >>> >>> >>>> it's been asked many times. >>>> >>>> >>> >>> >>> Ugo, AFAIK this is now a real bug in Mailscanner. >>> >>> >>> Flashback to the past: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus >>> >>> >>> >>> To which Julian replied with: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus >>> >>> >>> >>> Thus, any implication that the Empty Mime boundary bug is a vendor >>> "made up" >>> issue is bogus and was based on tests using the wrong mail client. >>> >>> Any implication that this issue should be ignored is bogus, it would >>> appear to >>> be a real issue for users of some versions of outlook. >>> >>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>> only because >>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>> MailScanner said >>> nothing about it. >>> >>> This would appear to be a real vulnerability, and a real bug in >>> MailScanner >>> since this should have already been fixed. >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Mon May 23 16:40:10 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would be glad to try it on some of my secondary servers... >If I put out a beta to for you to test my fix, will someone install it >and test it for me? > >Julian Field wrote: > >> Matt, >> >> You are absolutely right, this is a bug. >> >> It detects the null MIME boundary just fine. However, the latest >> MIME-tools no longer parses the message correctly (that must have been a >> bug-fix of mine which never got into the main MIME-tools code, ho hum). >> It produces a multi-part message with no parts, but with a body >> containing all the testvirus text. A multipart entity shouldn't have a >> body, it should just contain a list of parts. This one breaks the rule >> by having a body and no list of parts. >> >> I now check for this situation occurring and force it to be a correct >> structure. >> >> This will be in the next release. >> >> Matt Kettler wrote: >> >>> Ugo Bellavance wrote: >>> > Please search the archives for 'testvirus'. You'll find your >>> answer as >>> >>> >>>> it's been asked many times. >>>> >>>> >>> >>> >>> Ugo, AFAIK this is now a real bug in Mailscanner. >>> >>> >>> Flashback to the past: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus >>> >>> >>> To which Julian replied with: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus >>> >>> >>> Thus, any implication that the Empty Mime boundary bug is a vendor >>> "made up" >>> issue is bogus and was based on tests using the wrong mail client. >>> >>> Any implication that this issue should be ignored is bogus, it would >>> appear to >>> be a real issue for users of some versions of outlook. >>> >>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>> only because >>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>> MailScanner said >>> nothing about it. >>> >>> This would appear to be a real vulnerability, and a real bug in >>> MailScanner >>> since this should have already been fixed. >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > = = = = = = = = = = = = = = = = = = = = Vladan Nikolic vladan@nikolic.homeip.net 2005-05-23 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon May 23 16:35:06 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: was this included in 4.42.2? On Sat, 21 May 2005, Julian Field wrote: > Date: Sat, 21 May 2005 18:24:05 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Testing with TestVirus -- fixed > > If I put out a beta to for you to test my fix, will someone install it > and test it for me? > > Julian Field wrote: > >> Matt, >> >> You are absolutely right, this is a bug. >> >> It detects the null MIME boundary just fine. However, the latest >> MIME-tools no longer parses the message correctly (that must have been a >> bug-fix of mine which never got into the main MIME-tools code, ho hum). >> It produces a multi-part message with no parts, but with a body >> containing all the testvirus text. A multipart entity shouldn't have a >> body, it should just contain a list of parts. This one breaks the rule >> by having a body and no list of parts. >> >> I now check for this situation occurring and force it to be a correct >> structure. >> >> This will be in the next release. >> >> Matt Kettler wrote: >> >>> Ugo Bellavance wrote: >>> > Please search the archives for 'testvirus'. You'll find your >>> answer as >>> >>> >>>> it's been asked many times. >>>> >>>> >>> >>> >>> Ugo, AFAIK this is now a real bug in Mailscanner. >>> >>> >>> Flashback to the past: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus >>> >>> >>> To which Julian replied with: >>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus >>> >>> >>> Thus, any implication that the Empty Mime boundary bug is a vendor >>> "made up" >>> issue is bogus and was based on tests using the wrong mail client. >>> >>> Any implication that this issue should be ignored is bogus, it would >>> appear to >>> be a real issue for users of some versions of outlook. >>> >>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>> only because >>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>> MailScanner said >>> nothing about it. >>> >>> This would appear to be a real vulnerability, and a real bug in >>> MailScanner >>> since this should have already been fixed. >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 23 17:02:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: Many thanks. I have just put up the 4.42.3 beta release. On 23 May 2005, at 16:18, Ugo Bellavance wrote: > Julian Field wrote: > >> If I put out a beta to for you to test my fix, will someone >> install it >> and test it for me? >> > > I would. > > >> >> Julian Field wrote: >> >> >>> Matt, >>> >>> You are absolutely right, this is a bug. >>> >>> It detects the null MIME boundary just fine. However, the latest >>> MIME-tools no longer parses the message correctly (that must have >>> been a >>> bug-fix of mine which never got into the main MIME-tools code, ho >>> hum). >>> It produces a multi-part message with no parts, but with a body >>> containing all the testvirus text. A multipart entity shouldn't >>> have a >>> body, it should just contain a list of parts. This one breaks the >>> rule >>> by having a body and no list of parts. >>> >>> I now check for this situation occurring and force it to be a >>> correct >>> structure. >>> >>> This will be in the next release. >>> >>> Matt Kettler wrote: >>> >>> >>>> Ugo Bellavance wrote: >>>> > Please search the archives for 'testvirus'. You'll find your >>>> answer as >>>> >>>> >>>> >>>>> it's been asked many times. >>>>> >>>>> >>>>> >>>> >>>> >>>> Ugo, AFAIK this is now a real bug in Mailscanner. >>>> >>>> >>>> Flashback to the past: >>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/ >>>> match=testvirus >>>> >>>> >>>> >>>> To which Julian replied with: >>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/ >>>> match=testvirus >>>> >>>> >>>> >>>> Thus, any implication that the Empty Mime boundary bug is a vendor >>>> "made up" >>>> issue is bogus and was based on tests using the wrong mail client. >>>> >>>> Any implication that this issue should be ignored is bogus, it >>>> would >>>> appear to >>>> be a real issue for users of some versions of outlook. >>>> >>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>>> only because >>>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>>> MailScanner said >>>> nothing about it. >>>> >>>> This would appear to be a real vulnerability, and a real bug in >>>> MailScanner >>>> since this should have already been fixed. >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Mon May 23 16:46:22 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:45 2006 Subject: freshclam logs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm curious as to what logs are supposed to be created by the autoupdate virus scripts for MS. I'm sure I have something wrong, as none of the logs gets updated for ClamAV. Bitdefender gets a nice log in /var/log/, but I see nothing for ClamAV other than an old November log in my /tmp. It had the wrong owner/group, so it may be updated on the next go-round, but all of the log files in /tmp are owned by root, so I kinda figured the wrong owner/group on the ClamAV.update.log file wouldn't matter if root was who was updating. I do get notification in /var/log/maillog that ClamAV is updating. I have set a file in /etc/freshclam.conf to log also in /var/log, and I see the results of MS update scripts in /tmp, including the Busy.lock files. Does freshclam.conf come into play here ever? Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon May 23 17:43:43 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: Drew Marshall wrote: > Kevin Miller said: >> It should be mentioned that you may lose a bit of legitimate mail >> this way however. Trying to ping Mike off list, my mail wouldn't go >> through, since my MS gateways don't know anything about legitimate >> addresses which are currently in Exchange 5.5 and not accessable >> from the inet. Although my address is valid, milter-sender rejected >> it on his end because it couldn't be verified. > > Surly if your MS boxes are just relays, Milter-Ahead should get a 250 > reponse when it tries to send your address a challenge message so I > can't see why it shouldn't work. It would fail if it can't verify the > address (Gets a 550 bounce) or can't route the domain/ host. My understainding is Exchange 5.5 doesn't do the milter-ahead thing. To get a user list out of 5.5, I'd have to export LDAP data, massage it, etc. There's a FAQ or a MAQ on setting it up, but it entails bones, feathers, masks and rattles and I've never felt inclined to tackle it. Exchange 2003 can easily be set up to reply to an address challenge apparently so when we're on it, milter-ahead should respond appropriately. Can't wait... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 23 19:47:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: Surly if your MS boxes are just relays, Milter-Ahead should get a 250 reponse when it tries to send your address a challenge message so I can't see why it shouldn't work. It would fail if it can't verify the address (Gets a 550 bounce) or can't route the domain/ host. My understainding is Exchange 5.5 doesn't do the milter-ahead thing. To get a user list out of 5.5, I'd have to export LDAP data, massage it, etc. There's a FAQ or a MAQ on setting it up, but it entails bones, feathers, masks and rattles and I've never felt inclined to tackle it. Exchange 2003 can easily be set up to reply to an address challenge apparently so when we're on it, milter-ahead should respond appropriately. Can't wait... Agreed but the point is that if you send a message to a machine that is running Milter-Ahead, that machine sends back a probe message to check you (The sender) have a valid return address. It will connect to the MS box on the edge of the original sender's network. If that box only relays and doesn't do any form of recipient checking (As you may have in an Exchange 5.5 set up, if you don't import the users etc) then the probe will be accepted as being addressed to a valid user. Therefore in the situation described there should be no reason why Milter-Ahead should fail (Unless there is something more fundamental wrong with the message sent in the first place). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon May 23 19:56:58 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Drew Marshall > Sent: Monday, May 23, 2005 2:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Authenicating users > > Kevin Miller wrote: > > Surly if your MS boxes are just relays, Milter-Ahead should > get a 250 > > reponse when it tries to send your address a challenge message > so I > can't see why it shouldn't work. It would fail if it can't > verify the > address (Gets a 550 bounce) or can't route the domain/ host. > > > > My understainding is Exchange 5.5 doesn't do the milter-ahead thing. > To get > a user list out of 5.5, I'd have to export LDAP data, massage it, > etc. > There's a FAQ or a MAQ on setting it up, but it entails bones, > feathers, > masks and rattles and I've never felt inclined to tackle it. > Exchange 2003 > can easily be set up to reply to an address challenge apparently so > when > we're on it, milter-ahead should respond appropriately. Can't > wait... > > > Agreed but the point is that if you send a message to a machine that is > running Milter-Ahead, that machine sends back a probe message to check you > (The sender) have a valid return address. It will connect to the MS box on > the edge of the original sender's network. If that box only relays and > doesn't do any form of recipient checking (As you may have in an Exchange > 5.5 set up, if you don't import the users etc) then the probe will be > accepted as being addressed to a valid user. Therefore in the situation > described there should be no reason why Milter-Ahead should fail (Unless > there is something more fundamental wrong with the message sent in the > first place). > > Drew > I can assure you that this is the way it typically works. We have several clients who use milter-ahead to all back end mail hubs and don't bother to differentiate for the Exchange 5.5 or 2000 mailhubs. Everything still works fine. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon May 23 20:00:36 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: > -----Original Message----- > From: Stephen Swaney [mailto:steve.swaney@fsl.com] > Sent: Monday, May 23, 2005 2:57 PM > To: 'MailScanner mailing list' > Subject: RE: Authenicating users > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Drew Marshall > > Sent: Monday, May 23, 2005 2:48 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Authenicating users > > > > Kevin Miller wrote: > > > > Surly if your MS boxes are just relays, Milter-Ahead should > > get a 250 > > > > reponse when it tries to send your address a challenge message > > so I > > can't see why it shouldn't work. It would fail if it can't > > verify the > > address (Gets a 550 bounce) or can't route the domain/ host. > > > > > > > > My understainding is Exchange 5.5 doesn't do the milter-ahead thing. > > To get > > a user list out of 5.5, I'd have to export LDAP data, massage it, > > etc. > > There's a FAQ or a MAQ on setting it up, but it entails bones, > > feathers, > > masks and rattles and I've never felt inclined to tackle it. > > Exchange 2003 > > can easily be set up to reply to an address challenge apparently so > > when > > we're on it, milter-ahead should respond appropriately. Can't > > wait... > > > > > > Agreed but the point is that if you send a message to a machine that is > > running Milter-Ahead, that machine sends back a probe message to check > you > > (The sender) have a valid return address. It will connect to the MS box > on > > the edge of the original sender's network. If that box only relays and > > doesn't do any form of recipient checking (As you may have in an > Exchange > > 5.5 set up, if you don't import the users etc) then the probe will be > > accepted as being addressed to a valid user. Therefore in the situation > > described there should be no reason why Milter-Ahead should fail (Unless > > there is something more fundamental wrong with the message sent in the > > first place). > > > > Drew > > > > I can assure you that this is the way it typically works. We have several > clients who use milter-ahead to all back end mail hubs and don't bother to > differentiate for the Exchange 5.5 or 2000 mailhubs. Everything still > works fine. > > Steve > I rereading I realized that I should have been clearer. Milter-ahead of course sends all email to the Exchange 5.5 or Exchange 2000 servers since all email addresses are valid on those servers. There is some wasted effort since milter-ahead must check each address. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon May 23 20:07:03 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: Oh, I see what you mean. From an earlier thread, I got this: >Sorry to intrude on the list for a slightly OT issue. Tried to email Mike >directly but get "... Deferred: 451 4.3.2 Please >try again later" so thought I'd try here. That's milter-sender "fault" (read: feature!). It does a sender verification, which for some reason fails for your site, hence the TEMPFAIL. Original (>) lines mine, Mike's reply below. So if my premise is wrong, how might I go about troubleshooting this? Running on SuSE 9.3, sendmail 8.13.something... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________________________________________________________ From: Drew Marshall [mailto:drew@THEMARSHALLS.CO.UK] Sent: Monday, May 23, 2005 10:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Authenicating users Kevin Miller wrote: Surly if your MS boxes are just relays, Milter-Ahead should get a 250 reponse when it tries to send your address a challenge message so I can't see why it shouldn't work. It would fail if it can't verify the address (Gets a 550 bounce) or can't route the domain/ host. My understainding is Exchange 5.5 doesn't do the milter-ahead thing. To get a user list out of 5.5, I'd have to export LDAP data, massage it, etc. There's a FAQ or a MAQ on setting it up, but it entails bones, feathers, masks and rattles and I've never felt inclined to tackle it. Exchange 2003 can easily be set up to reply to an address challenge apparently so when we're on it, milter-ahead should respond appropriately. Can't wait... Agreed but the point is that if you send a message to a machine that is running Milter-Ahead, that machine sends back a probe message to check you (The sender) have a valid return address. It will connect to the MS box on the edge of the original sender's network. If that box only relays and doesn't do any form of recipient checking (As you may have in an Exchange 5.5 set up, if you don't import the users etc) then the probe will be accepted as being addressed to a valid user. Therefore in the situation described there should be no reason why Milter-Ahead should fail (Unless there is something more fundamental wrong with the message sent in the first place). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 23 20:07:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: Oh, I see what you mean. From an earlier thread, I got this: >Sorry to intrude on the list for a slightly OT issue. Tried to email Mike >directly but get "... Deferred: 451 4.3.2 Please >try again later" so thought I'd try here. That's milter-sender "fault" (read: feature!). It does a sender verification, which for some reason fails for your site, hence the TEMPFAIL. Original (>) lines mine, Mike's reply below. So if my premise is wrong, how might I go about troubleshooting this? Running on SuSE 9.3, sendmail 8.13.something... I'm guessing it would be in your envelope address, which I can only see if you mail me direct. If you do so I'll have a look. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon May 23 20:43:48 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:45 2006 Subject: 4.42.3 included perl modules Message-ID: Julian, I always take a look at the perl modules you include in your tarfile and compare them to what I'm running on my system. I don't use the install.sh script, I'm a Luddite on that score. In my case (with 4.42.1 in production mode) I am using: Compress-Zlib-1.34 (instead of 1.33) File-Temp-0.14 (instead of 0.12) Extutils-MakeMaker-6.17 (instead of 6.05) My platform: Solaris 9. You may want to roll newer versions into the next release. I'm about to update to 4.42.3. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon May 23 21:30:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: Mike Kercher wrote: > I'd be interested to know the exact failure you got because I can't > find anything in my logs that would indicate you trying to send an > email to me...at least not from the .ak.us address. > > Mike It should have come from 199.58.52.9, May 19, around 10 am Alaska time (either 8 or 9 hours off GMT. I think 9 now that we're on daylight savings)... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon May 23 21:44:33 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:45 2006 Subject: heads up,its coming again probably this monday! Message-ID: Any thoughts on this still? Also on the rules topic; is it a general practice to add and take out rules during different times of spam types? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Pete Russell > Sent: Saturday, May 21, 2005 7:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: heads up,its coming again probably this monday! > > Or can we use rulesdujour to collect raymonds rules ? > Pete > > Venkata Achanta wrote: > > http://www.techweb.com/wire/security/163106139 > > > > Its coming again, last weekend was pretty bad with that german spam. > Looks > > like its going to get worse again this monday. > > > > If the payload is spam again,we need to start colleting the subject > lines > > and body content as someone on this list sees them and make a > spamassassin > > ruleset ASAP and post it to the group PLEASE. > > > > Beware! > > > > Thanks much, > > Venkata Achanta > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From btaber at DIVERSECG.COM Mon May 23 21:35:16 2005 From: btaber at DIVERSECG.COM (Brian Taber) Date: Thu Jan 12 21:29:45 2006 Subject: CustomConfig keeps dropping connection? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a few custom actions that utilize mysql to retrive user prefs, andI had them working on an older server no problem, but I have moved the same scripts to a newer server and they won't maintain the mysql connection. This is what I had before: ------------------------------------------------------------------------ sub InitSACustom_Score { &InitDB; } sub EndSACustom_Score { &CloseDB; } sub SACustom_Score { my($message) = @_; return unless $message; if(!$dbh->ping) { undef $dbh; MailScanner::Log::InfoLog("Database ping failure attempting to re-connect"); InitSACustom_Score(); } if (!defined $dbh){ MailScanner::Log::InfoLog("MailScanner Custom Database Unavailable"); return "8"; } return unless defined $dbh; foreach (@{$message->{to}}) { ($to, $domain)=split("\@", $_); if ($domain ne ''){ $domains{"domain='$domain'"}=1; } } $where=join(" OR ", keys(%domains)); my $sth = $dbh->prepare("SELECT AVG(value) AS score FROM custom_score WHERE opt='score' AND ($where)"); $sth->execute(); my $ref = $sth->fetchrow_hashref(); if ($ref->{'score'} eq "") { $score=8; }else{ $score=$ref->{'score'}; } return $score; } sub InitDB { return if defined $dbh; MailScanner::Log::InfoLog("Initializing database connection"); $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", $db_user, $db_pass, {PrintError => 0}); if (!$dbh) { MailScanner::Log::WarnLog("Unable to initialize database connection: %s", $DBI::errstr); return; } MailScanner::Log::InfoLog("Finished Initializing database connection"); } sub CloseDB { return if defined $dbh; $dbh->disconnect; MailScanner::Log::InfoLog("Disconnected from the database"); } ------------------------------------------------------------------------ Now I had to do this to get MailScanner running temporarily: ------------------------------------------------------------------------ sub InitSACustom_Score { } sub EndSACustom_Score { } sub SACustom_Score { my($dbh); my($sth); my($message) = @_; # Don't bother trying to do an insert if no message is passed-in return unless $message; if (!defined $dbh){ $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", $db_user, $db_pass, {PrintError => 0}); } # Check to make sure DB connection is still valid if(!$dbh->ping) { undef $dbh; MailScanner::Log::InfoLog("Database ping failure"); } # Stop processing here if the connection to the database is down if (!defined $dbh){ MailScanner::Log::InfoLog("MailScanner Custom Database Unavailable"); return "8"; } return unless defined $dbh; foreach (@{$message->{to}}) { ($to, $domain)=split("\@", $_); if ($domain ne ''){ $domains{"domain='$domain'"}=1; } } $where=join(" OR ", keys(%domains)); my $sth = $dbh->prepare("SELECT AVG(value) AS score FROM custom_score WHERE opt='score' AND ($where)"); $sth->execute(); my $ref = $sth->fetchrow_hashref(); if ($ref->{'score'} eq "") { $score=8; }else{ $score=$ref->{'score'}; } return $score; } ------------------------------------------------------------------------ The above works, but I have at least 10 similar functions, and I dont want to have all of them connected to the database... Any suggestions? ------------------------- Brian Taber Manager/IT Specialist Diverse Computer Group Office: 508-758-4402 Cell: 508-496-9221 btaber@diversecg.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Mon May 23 22:41:12 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:45 2006 Subject: OT: Grey-listing? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 24 May 2005 01:35 am, Matt Kettler wrote: > James Gray wrote: > > Hi All, > > > > Whilst not entirely MailScanner related, I do consider most people on > > this list more sendmail savvy than myself, hence this message. Apologies > > if it offends. > > > > I've started down the road of grey-listing and have configured but not > > "activated" the sendmail greylist-milter. My questions to the group are > > both technical and political: > > > > 1. those who have used this milter; how effective is it in stemming the > > tide of spam compared to "just" sendmail + mailscanner + SA + > > RBL(OutBlaze, Razor etc)?? > > > > 2. If anyone is using grey-listing (of any type), what impact is there to > > the sender and how has this been addressed politically within your > > organisation? > > I use milter-greylist, 2.0rc1, and I take a slightly unusual approach to > greylisting that you might find interesting. > > I have set up a "greylist instead of blacklist" style network using > milter-greylist's ACL feature. Using this, I greylist messages from hosts > with no RDNS, a RDNS that looks like a dynamic home user, and IP's in APNIC > and LANIC. Everything else goes through without greylist delay. Hi Matt, Indeed - your approach is interesting. Like you, we can't arbitrarily blacklist hosts either (that's still a manual job), but I'd like to see your milter-greylist config file and hear about any other "tweaks" you've made to sendmail to get it all humming-and-clicking ;) Contact me off list if you like. Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hden at KCBBS.GEN.NZ Tue May 24 01:14:28 2005 From: hden at KCBBS.GEN.NZ (Hendrik den Hartog) Date: Thu Jan 12 21:29:45 2006 Subject: Which Sophos Message-ID: Gidday I'm after confirmation as to whether the libc6 (glibc2.2) version of Sophos is OK to use with sophossavi? (I have the recent update script installed). [reason for asking] I thought I recently read that the glibc version had problems with sophossavi? but for the life of me I can't find that post, so I'm just checking with the group before updating. Cheers! Hendrik ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Tue May 24 07:55:16 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, what could be the reason for this : Report: MailScanner: Could not analyze message Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue May 24 08:04:55 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Kevin Miller > >Original (>) lines mine, Mike's reply below. So if my premise is wrong, >how might I go about troubleshooting this? Running on SuSE 9.3, sendmail >8.13.something... First of all, there seem to be more Mike's on this list. The mail you're referring to was written by me. Mike Kercher also replied to this thread, which makes it kind of confusing which Mike said what... Anyway, the reason why milter-sender fails for your site, has, IMHO, nothing to do with Exchange version whatever. If I look up the MX records for your host, this is what I get: # host -t mx ci.juneau.ak.us ci.juneau.ak.us mail is handled by 10 mxg.ci.juneau.ak.us. ci.juneau.ak.us mail is handled by 15 mail3.ci.juneau.ak.us. ci.juneau.ak.us mail is handled by 20 mxl.ci.juneau.ak.us. When I telnet the SMTP port on the mail server with the highest priority (mxg.ci.juneau.ak.us) something goes wrong: # telnet mxg.ci.juneau.ak.us 25 Trying 199.58.52.9... Connected to mxg.ci.juneau.ak.us. Escape character is '^]'. 220 ************************************************************0*********2******200**22********0*00 However, if I telnet any of the other mail hosts (priority 15 and 20) a normal reply is received: # telnet mail3.ci.juneau.ak.us 25 Trying 24.237.22.213... Connected to mail3.ci.juneau.ak.us. Escape character is '^]'. 220 mail3.ci.juneau.ak.us ESMTP Sendmail 8.12.10/8.12.3/SuSE Linux 0.6; Mon, 23 May 2005 22:56:48 -0800 # telnet mxl.ci.juneau.ak.us 25 Trying 204.238.24.183... Connected to mxl.ci.juneau.ak.us. Escape character is '^]'. 220 mxl.ci.juneau.ak.us ESMTP Sendmail 8.12.3/8.12.3/SuSE Linux 0.6; Mon, 23 May 2005 22:56:04 -0800 My guess is that there's a problem with mxg.ci.juneau.ak.us and if you resolve that problem (or remove that host from the MX records altogether), milter-sender's CallBack will function as expected. Apparently it does not try another MX host when a problem like yours occurs. Note however that this is the first time I've seen this kind of problem with milter-sender though! >...Kevin Mike (Klinkert). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue May 24 08:30:22 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike writes: > Escape character is '^]'. > 220 ************************************************************0*********2******200**22********0*00 > > However, if I telnet any of the other mail hosts (priority 15 and 20) a normal reply is received: This i believe is due to the cisco pix smtp fix up protocol - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From piper at HRZ.UNI-MARBURG.DE Tue May 24 08:41:07 2005 From: piper at HRZ.UNI-MARBURG.DE (Andreas Piper) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, > Report: MailScanner: Could not analyze message I am seeing those too since the last few days. In my case it is always a spam-message with Subject: C$ALIS SOFT + a random word, containing some MIME-Attachments including a JPEG-File. I have quarantined some of them, and could hand over the queue-files (~13KByte size per message) for further analysis if requested. My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10) with Perl 5.8.4 and sendmail 8.13.1 thanks for any hints, Andreas -- ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 09:10:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: 4.42.3 included perl modules Message-ID: I have upgraded to Compress-Zlib 1.34 File-Temp 0.16 Extutils-MakeMaker 6.30 Let me know if there is any reason I should have only upgraded to the versions you mentioned below, and not to the latest CPAN releases (above). On 23 May 2005, at 20:43, Jeff A. Earickson wrote: > Julian, > > I always take a look at the perl modules you include in > your tarfile and compare them to what I'm running on my system. > I don't use the install.sh script, I'm a Luddite on that score. > In my case (with 4.42.1 in production mode) I am using: > > Compress-Zlib-1.34 (instead of 1.33) > File-Temp-0.14 (instead of 0.12) > Extutils-MakeMaker-6.17 (instead of 6.05) > > My platform: Solaris 9. You may want to roll newer versions > into the next release. > > I'm about to update to 4.42.3. > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 09:11:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: Please can you post a couple of them on a website somewhere and give me the URL? There were some changes to fix the null MIME boundary vulnerability which will have changed this behaviour. I need to track down any false positives very very soon. I aim to release at the end of this weekend. On 24 May 2005, at 08:41, Andreas Piper wrote: > Hello all, > > >> Report: MailScanner: Could not analyze message >> > > I am seeing those too since the last few days. In my case it is > always a > spam-message with Subject: C$ALIS SOFT + a random word, > containing some > MIME-Attachments including a JPEG-File. I have quarantined some of > them, and > could hand over the queue-files (~13KByte size per message) for > further > analysis if requested. > > My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10) > with Perl > 5.8.4 and sendmail 8.13.1 > > thanks for any hints, > Andreas > -- > ______________________________________________________________________ > __ > Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg > Hans-Meerwein-Strasse, 35032 Marburg, Germany > Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 09:21:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: On 24 May 2005, at 08:41, Andreas Piper wrote: > Hello all, > > >> Report: MailScanner: Could not analyze message >> > > I am seeing those too since the last few days. In my case it is > always a > spam-message with Subject: C$ALIS SOFT + a random word, > containing some > MIME-Attachments including a JPEG-File. I have quarantined some of > them, and > could hand over the queue-files (~13KByte size per message) for > further > analysis if requested. > > My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10) > with Perl > 5.8.4 and sendmail 8.13.1 Particularly interesting that it is happening with 4.36.4. Sounds like a spammer is pulling a new stunt to try to get around us. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 24 09:32:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: I wonder if this is a split line url that's confusing something ie ht tp:// some where. net/animage.jpg alot of these are caught with SA 3.0.3 and the URI-RBL's but they move around alot and it takes a few hours for the URI-RBL's to catch up. I note 3.0.2 didn't catch any, but 3.0.3 does so the URL handler must have been tweeked for 3.0.3. I also hear that 3.1 will definitely catch these split line URL's.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > On 24 May 2005, at 08:41, Andreas Piper wrote: > >> Hello all, >> >> >>> Report: MailScanner: Could not analyze message >>> >> >> I am seeing those too since the last few days. In my case it is >> always a >> spam-message with Subject: C$ALIS SOFT + a random word, >> containing some >> MIME-Attachments including a JPEG-File. I have quarantined some of >> them, and >> could hand over the queue-files (~13KByte size per message) for >> further >> analysis if requested. >> >> My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10) >> with Perl >> 5.8.4 and sendmail 8.13.1 > > > Particularly interesting that it is happening with 4.36.4. > > Sounds like a spammer is pulling a new stunt to try to get around us. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 24 09:45:25 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:45 2006 Subject: Which Sophos Message-ID: On Tue, 2005-05-24 at 12:14 +1200, Hendrik den Hartog wrote: > Gidday > > I'm after confirmation as to whether the libc6 (glibc2.2) version of > Sophos is OK to use with sophossavi? (I have the recent update script > installed). > > [reason for asking] > I thought I recently read that the glibc version had problems with > sophossavi? but for the life of me I can't find that post, so I'm > just checking with the group before updating. I (and others) got errors when using the glibc2.2 version of sophossavi, errros that went away when switching to the libc6 version. GREG > > Cheers! > Hendrik > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 23 17:02:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: No, I have just released 4.42.3. On 23 May 2005, at 16:35, Jeff A. Earickson wrote: > was this included in 4.42.2? > > On Sat, 21 May 2005, Julian Field wrote: > > >> Date: Sat, 21 May 2005 18:24:05 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Testing with TestVirus -- fixed >> >> If I put out a beta to for you to test my fix, will someone >> install it >> and test it for me? >> >> Julian Field wrote: >> >> >>> Matt, >>> >>> You are absolutely right, this is a bug. >>> >>> It detects the null MIME boundary just fine. However, the latest >>> MIME-tools no longer parses the message correctly (that must have >>> been a >>> bug-fix of mine which never got into the main MIME-tools code, ho >>> hum). >>> It produces a multi-part message with no parts, but with a body >>> containing all the testvirus text. A multipart entity shouldn't >>> have a >>> body, it should just contain a list of parts. This one breaks the >>> rule >>> by having a body and no list of parts. >>> >>> I now check for this situation occurring and force it to be a >>> correct >>> structure. >>> >>> This will be in the next release. >>> >>> Matt Kettler wrote: >>> >>> >>>> Ugo Bellavance wrote: >>>> > Please search the archives for 'testvirus'. You'll find your >>>> answer as >>>> >>>> >>>> >>>>> it's been asked many times. >>>>> >>>>> >>>>> >>>> >>>> >>>> Ugo, AFAIK this is now a real bug in Mailscanner. >>>> >>>> >>>> Flashback to the past: >>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/ >>>> match=testvirus >>>> >>>> >>>> To which Julian replied with: >>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/ >>>> match=testvirus >>>> >>>> >>>> Thus, any implication that the Empty Mime boundary bug is a vendor >>>> "made up" >>>> issue is bogus and was based on tests using the wrong mail client. >>>> >>>> Any implication that this issue should be ignored is bogus, it >>>> would >>>> appear to >>>> be a real issue for users of some versions of outlook. >>>> >>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>>> only because >>>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>>> MailScanner said >>>> nothing about it. >>>> >>>> This would appear to be a real vulnerability, and a real bug in >>>> MailScanner >>>> since this should have already been fixed. >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon May 23 15:45:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:45 2006 Subject: Performance Issues Message-ID: looking at the docs.. If you have split_spool_directory in your Exim configuration the configuration is slightly different: Incoming Queue Dir = /var/spool/exim/input/* Outgoing Queue Dir = /var/spool/exim.out/input Split Exim Spool = yes Normally you wouldn't use a Split queue on the outbound I guess, but in which case I suppose you'll need. Outgoing Queue Dir = /var/spool/exim.out/input/* Assumming that works? As to why MS keeps stalling, the only time I've it do that where is when one of the virus scanners get snarfed, esp sophos if I mess up an update. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anakin SkyWalker wrote: > I did that already and didn't work ;/ ! > I'm setting up a small test box splitted spools. > Here's my relevant configurations: > > MailScanner.conf: > > Split Exim Spool = yes > Incoming Queue Dir = /var/spool/exim.in/input/* > > Exim queue-in: > > spool_directory = /var/spool/exim.in > split_spool_directory > queue_only = true > queue_only_override = false > > Exim queue-out: > > split_spool_directory > > > After changing "Incoming Queue Dir" to > "/var/spool/exim.in/input/*", adding the '*' char, and > manually creating directories within /var/spool/exim > [0-9a-zA-Z], MailScanner started delivering most > messages in the queue-in. But... (things seems to hurt > people before work properly.. heh..) some messages > doesn't get thru. > Running > # exim -bpc > 24 > Then I restart MailScanner: > May 20 17:43:54 machine-test MailScanner[27907]: New > Batch: Scanning 24 messages, 11667448 bytes > It reads the messages stalled before. Then some > messages get thru and some messages don't. > > > Any other thing may I be missing? It will really help > me if I get this thing working, 120K messages in > queue-out in a single directory isn't funny. > > > > > > > --- Ugo Bellavance wrote: > >>Anakin SkyWalker wrote: >> >>>Really, nothing is done. MailScanner says nothing >> >>when >> >>>started, even in debug mode after "not forking" >>>It starts with no errors, but no checking/delivery >> >>is >> >>>done. >> >>Did you have any MTA process running already? Try >>killing all the MTA >>processes, then MailScanner procces, then restart >>MailScanner. >> >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon May 23 21:15:32 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: I'd be interested to know the exact failure you got because I can't find anything in my logs that would indicate you trying to send an email to me...at least not from the .ak.us address. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller Sent: Monday, May 23, 2005 10:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Authenicating users Mike Kercher wrote: > You will really like milter-sender. It performs the call-ahead that > milter-ahead performs, but it also performs a call back to the sender > email address to make sure it is valid and accepting mail. > > Mike It should be mentioned that you may lose a bit of legitimate mail this way however. Trying to ping Mike off list, my mail wouldn't go through, since my MS gateways don't know anything about legitimate addresses which are currently in Exchange 5.5 and not accessable from the inet. Although my address is valid, milter-sender rejected it on his end because it couldn't be verified. Once I get to Exchange 2003 and can implement milter ahead here, that problem *should* go away (I hope). Milter-sender is a good tool, but if one implements it, be aware that it may bite you on the kiester in a few cases. That, of course, is true of any of our anti-spam efforts - it's all an odds game... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 24 10:42:33 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: slightly off-topic I know, I'm getting an error in mailwatch: Error executing query: Can't open file: 'maillog.MYD'. (errno: 144) I've located the file and it is almost 2GB in size. It is bigger on my other relays so presumably it is not the size causing the problem. Is my DB stuffed? Is there a way to correct it or should I start again with an empty DB? if so how? might this have been caused by me manually stripping qf and df queue files out of mqueue.in whilst mailscanner was still running? GREG the SQL that barfed: SELECT COUNT(*) AS processed, SUM(CASE WHEN virusinfected>0 THEN 1 ELSE 0 END) AS viruses, ROUND((SUM(CASE WHEN virusinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS viruspercent, SUM(CASE WHEN nameinfected>0 THEN 1 ELSE 0 END) AS blockedfiles, ROUND((SUM(CASE WHEN nameinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS blockedfilespercent, SUM(CASE WHEN otherinfected>0 THEN 1 ELSE 0 END) AS otherinfected, ROUND((SUM(CASE WHEN otherinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS otherinfectedpercent, SUM(CASE WHEN isspam>0 THEN 1 ELSE 0 END) AS spam, ROUND((SUM(CASE WHEN isspam>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS spampercent, SUM(CASE WHEN ishighspam>0 THEN 1 ELSE 0 END) AS highspam, ROUND((SUM(CASE WHEN ishighspam>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS highspampercent, SUM(size) AS size FROM maillog WHERE 1=1 AND date = CURRENT_DATE() -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon May 23 18:36:30 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: --On May 23, 2005 5:02:05 PM +0100 Julian Field wrote: > Many thanks. I have just put up the 4.42.3 beta release. Was this fixed in MailScanner or in the MIME Tools package ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Tue May 24 10:50:16 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Please can you post a couple of them on a website somewhere and give > me the URL? How can i store this messages ? Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Mon May 23 18:25:42 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just have instaled 4.42.3 (only mailscanner rpm), but test#23 (empty MIME boundary) isn't detected... Should I update perl-Mime-tools packages also (it is same version as in earlier release)? >No, I have just released 4.42.3. > >On 23 May 2005, at 16:35, Jeff A. Earickson wrote: > >> was this included in 4.42.2? >> >> On Sat, 21 May 2005, Julian Field wrote: >> >> >>> Date: Sat, 21 May 2005 18:24:05 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Testing with TestVirus -- fixed >>> >>> If I put out a beta to for you to test my fix, will someone >>> install it >>> and test it for me? >>> >>> Julian Field wrote: >>> >>> >>>> Matt, >>>> >>>> You are absolutely right, this is a bug. >>>> >>>> It detects the null MIME boundary just fine. However, the latest >>>> MIME-tools no longer parses the message correctly (that must have >>>> been a >>>> bug-fix of mine which never got into the main MIME-tools code, ho >>>> hum). >>>> It produces a multi-part message with no parts, but with a body >>>> containing all the testvirus text. A multipart entity shouldn't >>>> have a >>>> body, it should just contain a list of parts. This one breaks the >>>> rule >>>> by having a body and no list of parts. >>>> >>>> I now check for this situation occurring and force it to be a >>>> correct >>>> structure. >>>> >>>> This will be in the next release. >>>> >>>> Matt Kettler wrote: >>>> >>>> >>>>> Ugo Bellavance wrote: >>>>> > Please search the archives for 'testvirus'. You'll find your >>>>> answer as >>>>> >>>>> >>>>> >>>>>> it's been asked many times. >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> Ugo, AFAIK this is now a real bug in Mailscanner. >>>>> >>>>> >>>>> Flashback to the past: >>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/ >>>>> match=testvirus >>>>> >>>>> >>>>> To which Julian replied with: >>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/ >>>>> match=testvirus >>>>> >>>>> >>>>> Thus, any implication that the Empty Mime boundary bug is a vendor >>>>> "made up" >>>>> issue is bogus and was based on tests using the wrong mail client. >>>>> >>>>> Any implication that this issue should be ignored is bogus, it >>>>> would >>>>> appear to >>>>> be a real issue for users of some versions of outlook. >>>>> >>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but >>>>> only because >>>>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>>>> MailScanner said >>>>> nothing about it. >>>>> >>>>> This would appear to be a real vulnerability, and a real bug in >>>>> MailScanner >>>>> since this should have already been fixed. >>>>> >>>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > = = = = = = = = = = = = = = = = = = = = Vladan Nikolic vladan@nikolic.homeip.net 2005-05-23 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 24 11:05:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: Greg Looks like the table is fubar-ed. Have you tried a myisamchk on the table? There's some stuff in the mysql help pages about this. It could also be related to the 2GB file size - maybe you mysql/file-system can't handle more than 2GB per file??? Do you managed the amount of data in the maillog file (ie move or delete it to keep only the last few weeks data in the table)? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Greg Matthews wrote: > slightly off-topic I know, I'm getting an error in mailwatch: > > Error executing query: > > Can't open file: 'maillog.MYD'. (errno: 144) > > I've located the file and it is almost 2GB in size. It is bigger on my > other relays so presumably it is not the size causing the problem. Is my > DB stuffed? Is there a way to correct it or should I start again with an > empty DB? if so how? > > might this have been caused by me manually stripping qf and df queue > files out of mqueue.in whilst mailscanner was still running? > > GREG > > the SQL that barfed: > SELECT > COUNT(*) AS processed, > SUM(CASE WHEN virusinfected>0 THEN 1 ELSE 0 END) AS viruses, > ROUND((SUM(CASE WHEN virusinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS viruspercent, > SUM(CASE WHEN nameinfected>0 THEN 1 ELSE 0 END) AS blockedfiles, > ROUND((SUM(CASE WHEN nameinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS blockedfilespercent, > SUM(CASE WHEN otherinfected>0 THEN 1 ELSE 0 END) AS otherinfected, > ROUND((SUM(CASE WHEN otherinfected>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS otherinfectedpercent, > SUM(CASE WHEN isspam>0 THEN 1 ELSE 0 END) AS spam, > ROUND((SUM(CASE WHEN isspam>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS spampercent, > SUM(CASE WHEN ishighspam>0 THEN 1 ELSE 0 END) AS highspam, > ROUND((SUM(CASE WHEN ishighspam>0 THEN 1 ELSE 0 END)/COUNT(*))*100,1) AS highspampercent, > SUM(size) AS size > FROM > maillog > WHERE > 1=1 > AND > date = CURRENT_DATE() > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon May 23 17:25:12 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller said: > It should be mentioned that you may lose a bit of legitimate mail this way > however. Trying to ping Mike off list, my mail wouldn't go through, since > my MS gateways don't know anything about legitimate addresses which are > currently in Exchange 5.5 and not accessable from the inet. Although my > address is valid, milter-sender rejected it on his end because it couldn't > be verified. Surly if your MS boxes are just relays, Milter-Ahead should get a 250 reponse when it tries to send your address a challenge message so I can't see why it shouldn't work. It would fail if it can't verify the address (Gets a 550 bounce) or can't route the domain/ host. This is how the Postfix equivilent works. I have had failures from forums and automated messages when the sender has been a daemon user account on a host without DNS e.g. apache@host.system.main.tld when the user e-mail address format is just user@main.tld. Their host addresses are not handled at their gateway and the host's port 25 is blocked at the network boundry. Have I missed something? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 24 11:27:28 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: On Tue, 2005-05-24 at 11:05 +0100, Martin Hepworth wrote: > Greg > > Looks like the table is fubar-ed. > > Have you tried a myisamchk on the table? > > There's some stuff in the mysql help pages about this. ok thanks > It could also be related to the 2GB file size - maybe you > mysql/file-system can't handle more than 2GB per file??? Do you managed > the amount of data in the maillog file (ie move or delete it to keep > only the last few weeks data in the table)? ermmm... I dont think so... I've only recently taken over responsibility for these relays so I'm on a steep learning curve! G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue May 24 11:28:15 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Greg > > Looks like the table is fubar-ed. > > Have you tried a myisamchk on the table? > > There's some stuff in the mysql help pages about this. > > It could also be related to the 2GB file size - maybe you > mysql/file-system can't handle more than 2GB per file??? Do you managed > the amount of data in the maillog file (ie move or delete it to keep > only the last few weeks data in the table)? > > Greg Matthews wrote: > >> slightly off-topic I know, I'm getting an error in mailwatch: >> >> Error executing query: >> >> Can't open file: 'maillog.MYD'. (errno: 144) >> >> I've located the file and it is almost 2GB in size. It is bigger on my >> other relays so presumably it is not the size causing the problem. Is my >> DB stuffed? Is there a way to correct it or should I start again with an >> empty DB? if so how? >> I posted this to the mailwatch list sometime back, my maillog_archive table (where i archive my maillog table) stopped growing beyond 4GB. This behavior was explained here: http://dev.mysql.com/doc/mysql/en/full-table.html For large database support you'll need to do the following: a. Specify MAX_ROWS=value during table creation. OR b. ALTER TABLE maillog MAX_ROWS=1000000000(replace with required value); one more reference: http://dev.mysql.com/doc/mysql/en/create-table.html Also like Martin mentioned, an myisamchk -r (-o) ought to be the first thing to try. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon May 23 16:35:58 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:45 2006 Subject: OT: Grey-listing? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > Hi All, > > Whilst not entirely MailScanner related, I do consider most people on this > list more sendmail savvy than myself, hence this message. Apologies if it > offends. > > I've started down the road of grey-listing and have configured but not > "activated" the sendmail greylist-milter. My questions to the group are > both technical and political: > > 1. those who have used this milter; how effective is it in stemming the tide > of spam compared to "just" sendmail + mailscanner + SA + RBL(OutBlaze, > Razor etc)?? > > 2. If anyone is using grey-listing (of any type), what impact is there to > the sender and how has this been addressed politically within your > organisation? I use milter-greylist, 2.0rc1, and I take a slightly unusual approach to greylisting that you might find interesting. I have set up a "greylist instead of blacklist" style network using milter-greylist's ACL feature. Using this, I greylist messages from hosts with no RDNS, a RDNS that looks like a dynamic home user, and IP's in APNIC and LANIC. Everything else goes through without greylist delay. Here I can't afford to blacklist these hosts, even though many will outright blacklist them. However, with a greylist the impact of a FP is minimal, the message gets delayed, instead of rejected. Even using this minimalistic approach I've had my inbound spam cut back by almost 50%. I used to have about 2400 spams picked up by SA per day with peaks just over 3000/day. Last week the peak was 1291 in a day, according to mailscanner-mrtg. Since enabling the greylist I have not broken 1600 in a day. Virus rates also appear lower, but those are harder to measure since virus rates are erratic and heavily biased by breakout timing and the efficiency of the virus itself. Drawing an eyball average it looks like I went from just over 30/day to about 10/day. My FP rate is pretty low too. Since Sunday I have accepted 3780 messages with no delay and greylisted 2726 messages (not counting retries) for a total of 6506 messages. During this same time 168 messages were delivered after greylisting, and 139 of those were tagged as spam by SA. Of the 29, 25 appear to be SA FNs from "brilliantmarketinginc" (ROKSO listed). That leaves approximately 4 messages that might be legitimate nonspam that got delayed. That's a 0.15% FP rate on hits, and 0.06% FP rate vs overall mail volume. This kind of "soft" approach to greylisting mitigates most of the negative impacts of a greylist, while reaping many of the benefits. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Tue May 24 11:55:28 2005 From: darren at TORSION.CO.UK (Darren Walker-Torsion) Date: Thu Jan 12 21:29:45 2006 Subject: Raq 4 Problem Message-ID: Hi, I had a problem last year when I was installing a Raq4 with MailScanner and F-Prot. I have had the same problem, in that the perl files wont autoinstall, so Julian sent me a MCPAN command to install them manually. I installed the latest version MailScanner, after manually installing CIDR via MCPAN using the command perl -MCPAN -e 'install Net::CIDR' but now I get this error message -----SNIP----- Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate bytes.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. -----SNIP----- One of the problems with the Raq is that it has an old copy of perl installed and I cant replace it, because the GUI breaks, I have run the installer with the 'ignore-perl' option but I am still having the same problem. Any thoughts please? Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 12:02:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: On 23 May 2005, at 18:36, Michael H. Martel wrote: > --On May 23, 2005 5:02:05 PM +0100 Julian Field > wrote: > > >> Many thanks. I have just put up the 4.42.3 beta release. >> > > Was this fixed in MailScanner or in the MIME Tools package ? MailScanner. The upgrade of MIME-tools several months ago changed its behaviour with this input, so I have just changed MailScanner's response to it to handle the new output MIME-tools generates. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue May 24 11:55:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:45 2006 Subject: 4.42.3 included perl modules Message-ID: Julian, search.cpan.org was having problems yesterday, so I couldn't check for newer versions. I will upgrade my modules today. I've been running 4.42.3 since yesterday with no problems. Jeff Earickson On Tue, 24 May 2005, Julian Field wrote: > Date: Tue, 24 May 2005 09:10:04 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.42.3 included perl modules > > I have upgraded to > Compress-Zlib 1.34 > File-Temp 0.16 > Extutils-MakeMaker 6.30 > > Let me know if there is any reason I should have only upgraded to the > versions you mentioned below, and not to the latest CPAN releases > (above). > > On 23 May 2005, at 20:43, Jeff A. Earickson wrote: > >> Julian, >> >> I always take a look at the perl modules you include in >> your tarfile and compare them to what I'm running on my system. >> I don't use the install.sh script, I'm a Luddite on that score. >> In my case (with 4.42.1 in production mode) I am using: >> >> Compress-Zlib-1.34 (instead of 1.33) >> File-Temp-0.14 (instead of 0.12) >> Extutils-MakeMaker-6.17 (instead of 6.05) >> >> My platform: Solaris 9. You may want to roll newer versions >> into the next release. >> >> I'm about to update to 4.42.3. >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Tue May 24 12:22:39 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: Hi On Tue, 24 May 2005, Mike wrote: > When I telnet the SMTP port on the mail server with the highest priority (mxg.ci.juneau.ak.us) something goes wrong: > > # telnet mxg.ci.juneau.ak.us 25 > Trying 199.58.52.9... > Connected to mxg.ci.juneau.ak.us. > Escape character is '^]'. > 220 ************************************************************0*********2******200**22********0*00 This is a commonly seen but very uninformative response that is quite valid. There is nothing wrong with the server. The 220 means "Service ready" and can be followed by almost anything you want after that. I suspect that this response comes from older Sun servers running Solaris. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue May 24 13:14:53 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Jim Holland > >This is a commonly seen but very uninformative response that is quite >valid. There is nothing wrong with the server. The 220 means "Service >ready" and can be followed by almost anything you want after that. I >suspect that this response comes from older Sun servers running Solaris. The 220 IMHO cannot be followed by anything. Quoting RFC 821: *************************************** 4.2.1. REPLY CODES BY FUNCTION GROUPS [cut] 220 Service ready *************************************** And: *************************************** Note: all the greeting type replies have the official name of the server host as the first word following the reply code. *************************************** I'm not sure if milter-sender is very strict about it, I will have to check the source code (which I will do later). >Regards > >Jim Holland Thanks, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Tue May 24 13:43:34 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:29:45 2006 Subject: Authenicating users Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jim Holland >> # telnet mxg.ci.juneau.ak.us 25 >> Trying 199.58.52.9... >> Connected to mxg.ci.juneau.ak.us. >> Escape character is '^]'. >> 220 >> ************************************************************0********* >> 2******200**22********0*00 >This is a commonly seen but very uninformative response that is quite valid. There is >nothing wrong with the server. The 220 means "Service ready" and can be followed by >almost anything you want after that. I suspect that this response comes from older Sun >servers running Solaris. I think you'll find that its actually the result of the smtp transaction passing through a Cisco PIX firewall using 'fixup smtp' (which is on by default). The PIX restricts the smtp transaction to only the bare minimum of commands needed to transfer mail and also hides any information leakage in the banner. From MailScanner at ecs.soton.ac.uk Tue May 24 12:15:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Raq 4 Problem Message-ID: You can probably do quite happily without the "use bytes" or "require bytes.pm" lines. cd /usr/lib/MailScanner/MailScanner grep 'use bytes' *pm Comment out the line in Log.pm and both of the lines in Message.pm. Then stop and restart MailScanner. On 24 May 2005, at 11:55, Darren Walker-Torsion wrote: > Hi, > > I had a problem last year when I was installing a Raq4 with > MailScanner > and F-Prot. > I have had the same problem, in that the perl files wont autoinstall, > so Julian sent me a MCPAN command to install them manually. > > I installed the latest version MailScanner, after manually installing > CIDR via MCPAN using the command > > perl -MCPAN -e 'install Net::CIDR' > > > but now I get this error message > -----SNIP----- > Starting MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate bytes.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux > /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux > /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScanner/Log.pm line 139. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Log.pm line 139. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > -----SNIP----- > > One of the problems with the Raq is that it has an old copy of perl > installed and I cant replace it, because the GUI breaks, I have run > the > installer with the 'ignore-perl' option but I am still having the same > problem. > > Any thoughts please? > > Thanks > > Darren > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 12:11:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: I have just double-checked this on my system using MailScanner 4.42.3 and MIME-tools 5.417 and it worked fine. Hmmm :( On 23 May 2005, at 18:25, Vladan Nikolic wrote: > I just have instaled 4.42.3 (only mailscanner rpm), but test#23 > (empty MIME boundary) isn't detected... Should I update perl-Mime- > tools packages also (it is same version as in earlier release)? > > >> No, I have just released 4.42.3. >> >> On 23 May 2005, at 16:35, Jeff A. Earickson wrote: >> >> >>> was this included in 4.42.2? >>> >>> On Sat, 21 May 2005, Julian Field wrote: >>> >>> >>> >>>> Date: Sat, 21 May 2005 18:24:05 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Testing with TestVirus -- fixed >>>> >>>> If I put out a beta to for you to test my fix, will someone >>>> install it >>>> and test it for me? >>>> >>>> Julian Field wrote: >>>> >>>> >>>> >>>>> Matt, >>>>> >>>>> You are absolutely right, this is a bug. >>>>> >>>>> It detects the null MIME boundary just fine. However, the latest >>>>> MIME-tools no longer parses the message correctly (that must have >>>>> been a >>>>> bug-fix of mine which never got into the main MIME-tools code, ho >>>>> hum). >>>>> It produces a multi-part message with no parts, but with a body >>>>> containing all the testvirus text. A multipart entity shouldn't >>>>> have a >>>>> body, it should just contain a list of parts. This one breaks the >>>>> rule >>>>> by having a body and no list of parts. >>>>> >>>>> I now check for this situation occurring and force it to be a >>>>> correct >>>>> structure. >>>>> >>>>> This will be in the next release. >>>>> >>>>> Matt Kettler wrote: >>>>> >>>>> >>>>> >>>>>> Ugo Bellavance wrote: >>>>>> >>>>>>> Please search the archives for 'testvirus'. You'll find your >>>>>>> >>>>>> answer as >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> it's been asked many times. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> Ugo, AFAIK this is now a real bug in Mailscanner. >>>>>> >>>>>> >>>>>> Flashback to the past: >>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/ >>>>>> match=testvirus >>>>>> >>>>>> >>>>>> To which Julian replied with: >>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/ >>>>>> match=testvirus >>>>>> >>>>>> >>>>>> Thus, any implication that the Empty Mime boundary bug is a >>>>>> vendor >>>>>> "made up" >>>>>> issue is bogus and was based on tests using the wrong mail >>>>>> client. >>>>>> >>>>>> Any implication that this issue should be ignored is bogus, it >>>>>> would >>>>>> appear to >>>>>> be a real issue for users of some versions of outlook. >>>>>> >>>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, >>>>>> but >>>>>> only because >>>>>> bitdefender decoded it. ClamAV, and command AV didn't hit. >>>>>> MailScanner said >>>>>> nothing about it. >>>>>> >>>>>> This would appear to be a real vulnerability, and a real bug in >>>>>> MailScanner >>>>>> since this should have already been fixed. >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > = = = = = = = = = = = = = = = = = = = = > > Vladan Nikolic > vladan@nikolic.homeip.net > 2005-05-23 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue May 24 14:23:17 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:45 2006 Subject: Which Sophos Message-ID: I checked with Sophos US support yesterday on my open incident, and they didn't have anything new to report. Anyone else hear back from them about the glibc 2.2 version? -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Greg Matthews wrote: > On Tue, 2005-05-24 at 12:14 +1200, Hendrik den Hartog wrote: >> Gidday >> >> I'm after confirmation as to whether the libc6 (glibc2.2) version of >> Sophos is OK to use with sophossavi? (I have the recent update >> script installed). >> >> [reason for asking] >> I thought I recently read that the glibc version had problems with >> sophossavi? but for the life of me I can't find that post, so I'm >> just checking with the group before updating. > > I (and others) got errors when using the glibc2.2 version of > sophossavi, errros that went away when switching to the libc6 version. > > GREG > >> >> Cheers! >> Hendrik >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue May 24 11:57:50 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: The table may have reached its size limit .. Try the following suggestion from the mailwatch list archives. -------------------- Connect to the mysql daemon using the mysql command-line tool as a user with rights to your mailscanner database, switch to the mailscanner database if needed ("use mailscanner"), and run the following sql code: delete low_priority quick from maillog where timestamp < (now() - interval 14 day); optimize table maillog; However, YMMV and if it breaks something, you keep both pieces. This fails if you don"t have plenty of free space on the filesystem holding the database (typically found under /var/lib/mysql), and I can"t offer you any good guidelines on figuring out what constitutes "plenty of free space". If it blows up on me, I just nuke the database and create an empty one. :-) Dhawal Doshy Sent by: MailScanner mailing list 05/24/2005 08:28 PM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: mailwatch error Martin Hepworth wrote: > Greg > > Looks like the table is fubar-ed. > > Have you tried a myisamchk on the table? > > There's some stuff in the mysql help pages about this. > > It could also be related to the 2GB file size - maybe you > mysql/file-system can't handle more than 2GB per file??? Do you managed > the amount of data in the maillog file (ie move or delete it to keep > only the last few weeks data in the table)? > > Greg Matthews wrote: > >> slightly off-topic I know, I'm getting an error in mailwatch: >> >> Error executing query: >> >> Can't open file: 'maillog.MYD'. (errno: 144) >> >> I've located the file and it is almost 2GB in size. It is bigger on my >> other relays so presumably it is not the size causing the problem. Is my >> DB stuffed? Is there a way to correct it or should I start again with an >> empty DB? if so how? >> I posted this to the mailwatch list sometime back, my maillog_archive table (where i archive my maillog table) stopped growing beyond 4GB. This behavior was explained here: http://dev.mysql.com/doc/mysql/en/full-table.html For large database support you'll need to do the following: a. Specify MAX_ROWS=value during table creation. OR b. ALTER TABLE maillog MAX_ROWS=1000000000(replace with required value); one more reference: http://dev.mysql.com/doc/mysql/en/create-table.html Also like Martin mentioned, an myisamchk -r (-o) ought to be the first thing to try. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 11:59:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:45 2006 Subject: Report :Could not analyze message ? Message-ID: They are using the null MIME-boundary vulnerability to try to bypass spam and virus detection systems. The MIME headers show this: Content-Type: multipart/related; boundary="" This should and will generate a "can't analyse message" error. If you aren't getting this error from these messages, then you need to upgrade to the latest version. The fix disappeared from quite a few releases of MailScanner, as the MIME-tools were improved a few months ago, and this breaks the MIME-tools parser. The latest beta has a separate fix for this situation. If you are getting the "Can't analyse message" error then your version is working fine and should be left alone until the next stable release at the start of June. If you are *not* getting this error, then you should strongly consider upgrading. On 24 May 2005, at 08:41, Andreas Piper wrote: > Hello all, > > >> Report: MailScanner: Could not analyze message >> > > I am seeing those too since the last few days. In my case it is > always a > spam-message with Subject: C$ALIS SOFT + a random word, > containing some > MIME-Attachments including a JPEG-File. I have quarantined some of > them, and > could hand over the queue-files (~13KByte size per message) for > further > analysis if requested. > > My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10) > with Perl > 5.8.4 and sendmail 8.13.1 > > thanks for any hints, > Andreas > -- > ______________________________________________________________________ > __ > Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg > Hans-Meerwein-Strasse, 35032 Marburg, Germany > Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue May 24 10:09:21 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:45 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ugo, > Julian Field wrote: >> If I put out a beta to for you to test my fix, will someone install >> it and test it for me? > > I would. It takes 92 quoted lines just to say "I would"???? Astonished, Jan-Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Tue May 24 13:32:42 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:45 2006 Subject: mailwatch error Message-ID: Thanks for all the replies, it was a corrupt MySQL table and "myisamchk -r" worked its magic. Now I know how to repair mysql tables... G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue May 24 16:38:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:46 2006 Subject: Authenicating users Message-ID: Mike wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Kevin Miller >> >> Original (>) lines mine, Mike's reply below. So if my premise is >> wrong, how might I go about troubleshooting this? Running on SuSE >> 9.3, sendmail >> 8.13.something... > > First of all, there seem to be more Mike's on this list. The mail > you're referring to was written by me. Mike Kercher also replied to > this thread, which makes it kind of confusing which Mike said what... Yeah, Mike Kercher and I figured that out off line pretty fast. That's what I love about this group - everybody's so willing to help! > Anyway, the reason why milter-sender fails for your site, has, IMHO, > nothing to do with Exchange version whatever. If I look up the MX > records for your host, this is what I get: I agree - I was confused by that but Drew Marshall, et. al. cleared that up for me. > # host -t mx ci.juneau.ak.us > ci.juneau.ak.us mail is handled by 10 mxg.ci.juneau.ak.us. > ci.juneau.ak.us mail is handled by 15 mail3.ci.juneau.ak.us. > ci.juneau.ak.us mail is handled by 20 mxl.ci.juneau.ak.us. Which is reality. > When I telnet the SMTP port on the mail server with the highest > priority (mxg.ci.juneau.ak.us) something goes wrong: > > # telnet mxg.ci.juneau.ak.us 25 > Trying 199.58.52.9... > Connected to mxg.ci.juneau.ak.us. > Escape character is '^]'. > 220 > ************************************************************0*********2***** *200**22********0*00 Yes. We can thank Cisco for that. That's what a PIX does to obfuscate the mail server. I guess the assumption is that it's harder to exploit a particular version of software if you don't know what version/brand it is. On the inside I get normal headers. It's never cause a problem (that I'm aware of anyway) before. > However, if I telnet any of the other mail hosts (priority 15 and 20) > a normal reply is received: > > # telnet mail3.ci.juneau.ak.us 25 > Trying 24.237.22.213... > Connected to mail3.ci.juneau.ak.us. > Escape character is '^]'. > 220 mail3.ci.juneau.ak.us ESMTP Sendmail 8.12.10/8.12.3/SuSE Linux > 0.6; Mon, 23 May 2005 22:56:48 -0800 > > # telnet mxl.ci.juneau.ak.us 25 > Trying 204.238.24.183... > Connected to mxl.ci.juneau.ak.us. > Escape character is '^]'. > 220 mxl.ci.juneau.ak.us ESMTP Sendmail 8.12.3/8.12.3/SuSE Linux 0.6; > Mon, 23 May 2005 22:56:04 -0800 Those access the internet via different routes so don't get hosed. > My guess is that there's a problem with mxg.ci.juneau.ak.us and if > you resolve that problem (or remove that host from the MX records > altogether), milter-sender's CallBack will function as expected. > Apparently it does not try another MX host when a problem like yours > occurs. Note however that this is the first time I've seen this kind > of problem with milter-sender though! Well, the problem's not with mxg, but with what the PIX does. I suspect you'll see similar issues at other PIX secured sites. It's a fairly common firewall. I'll have to Google for the pros/cons/howto to think about turning it off here. It may or may not be a problem at your end to lose mail due to hitting a PIX. This is the first time I've gotten a 451 back but if more and more folks start using milter-sender it may be an issue for me. Depending on the user here, I may or may not hear about it. They're so funny. They'll get a problem and suffer in silence so as not to 'bug' us. We tell 'em to bug us or we never know something's broken but you never know if they will or not. LOL. Do the failures turn up in the logs at your side? Can you tell if a failure is a false positive? I'm interested in looking into milter-sender, but don't want to increase my FP rate in the process of getting rid of a bit more spam... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue May 24 17:15:12 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:46 2006 Subject: ClamAVOutput and password protected file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, is this new or already known: 2005-05-24T18:13:04+0200 dns mail.info MailScanner MailScanner[77600]: /var/spool/MailScanner/incoming/77600/./1Dac1U-000KBe-DJ/2005_05_01.PDF.exe: Empty file 2005-05-24T18:13:04+0200 dns mail.warning MailScanner MailScanner[77600]: ProcessClamAVOutput: unrecognised line \"/var/spool/MailScanner/incoming/77600/./1Dac1U-000KBe-DJ/2005_05_01.PDF.exe: Empty file\". Please contact the authors! This happens with an outgoing password protected ZIP, clamav 0.85 and MailScanner 4.40.11. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 24 18:54:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:46 2006 Subject: Clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It's there now. > Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old > junk that shouldn't have been in there any more, to make the download > rather smaller. > Did you happen to take a look at why the install script doesn't pick up the installed version of SpamAssassin? The script always comes back that the version in your package is installed, regardless of the actual installed version. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 24 19:02:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:46 2006 Subject: heads up,its coming again probably this monday! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: > You should have a second AV product anyway...just as a second line of > defense. > I use ClamAV and Sophos on my boxen. > Three here! Clam, Bitdefender, and McAfee. And there have been days where only one of the three catches something. But Bitdefender is not usually the leader, but once or twice... -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From subscribe at KRINGSTAD.NET Tue May 24 19:36:58 2005 From: subscribe at KRINGSTAD.NET (subscribe) Date: Thu Jan 12 21:29:46 2006 Subject: Header_check and hiding internal IP Message-ID: Hi list, I've installed MailScanner as described in the [1]documentation. I want to hide my internal IPs when sending outbound mail, but I also wants MailScanner to scan outbound mails. If I put this in my header_check file: /192.168.10.50/ IGNORE <-- internal exchange server. /192.168.10.1/ IGNORE <-- internal interface on MailScanner. /^Received:/ HOLD the result are no scanning on outbound mails, but incoming mails are getting scanned. Is there any solution to this problem? Or do I have to have a second postfix MTA session somewhere to hide all of the internal IPs? [1] http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml --- Trond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 19:50:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: ClamAVOutput and password protected file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This one is already known about and fixed. Jan-Peter Koopmann wrote: >Hi, > >is this new or already known: > >2005-05-24T18:13:04+0200 dns mail.info MailScanner MailScanner[77600]: /var/spool/MailScanner/incoming/77600/./1Dac1U-000KBe-DJ/2005_05_01.PDF.exe: Empty file >2005-05-24T18:13:04+0200 dns mail.warning MailScanner MailScanner[77600]: ProcessClamAVOutput: unrecognised line \"/var/spool/MailScanner/incoming/77600/./1Dac1U-000KBe-DJ/2005_05_01.PDF.exe: Empty file\". Please contact the authors! > >This happens with an outgoing password protected ZIP, clamav 0.85 and MailScanner 4.40.11. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 24 19:52:00 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:46 2006 Subject: heads up,its coming again probably this monday! Message-ID: I have Symantec at my workplace but I do not know if the there is a version would that works on Linux. Does anyone know of a Symantec product that would work? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: Tuesday, May 24, 2005 1:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: heads up,its coming again probably this monday! > > Mike Kercher wrote: > > You should have a second AV product anyway...just as a second line of > > defense. > > I use ClamAV and Sophos on my boxen. > > > Three here! Clam, Bitdefender, and McAfee. And there have been days > where only one of the three catches something. > But Bitdefender is not usually the leader, but once or twice... > > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue May 24 19:52:26 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:46 2006 Subject: Authenicating users Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Kevin Miller > >That's what I love about this group - everybody's so willing to help! Altruism rules! ;-) >Yes. We can thank Cisco for that. That's what a PIX does to obfuscate the >mail server. I guess the assumption is that it's harder to exploit a >particular version of software if you don't know what version/brand it is. >On the inside I get normal headers. It's never cause a problem (that I'm >aware of anyway) before. Well, if the PIX only obscures the hostname and/or the "Server ready" (or whatever) prompt, there wouldn't be a problem I think. At the moment it seems that it's not RFC compliant. There is NO hostname prompt whatsoever after the 220, which conflicts with RFC 821. If the reply was: "220 ************************************************************0*********2******200***0****2***0*00", It would be compliant with RFC 821 at least. However, I think that RFC is partly obsolete, because I believe the string has to be as follows: 220 <(E)SMTP> (no idea which RFC this is defined in) Maybe you can experiment with "no fixup smtp" on the PIX. Current SMTP implementations have plenty of checks themselves, so I don't think there's a need for the PIX to mess with the SMTP protocol. >Do the failures turn up in the logs at your side? Can you tell if a >failure is a false positive? I'm interested in looking into milter-sender, >but don't want to increase my FP rate in the process of getting rid of a >bit more spam... This is what syslog show: May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter (milter-sender): timeout before data read May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter (milter-sender): to error state May 24 19:57:43 mx1 sendmail-in[19944]: j4OHvR8q019944: Milter: from=, reject=451 4.3.2 Please try aga in later May 24 19:57:44 mx1 sendmail-in[19944]: j4OHvR8q019944: from=, size=3177, class=0, nrcpts=0, proto=ESM TP, daemon=MTA-Inet, relay=mxg.ci.juneau.ak.us [199.58.52.9] In other words, it doesn't show WHY (besides timeout) it fails, just THAT it fails. As for the getting rid of a bit more spam, the CallBack drops spam significantly, only a fraction makes it to MS/SA. CallAhead is of course also a must. >...Kevin Regards, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue May 24 19:56:10 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:46 2006 Subject: Quoth the Mailscanner, "Nevermore" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > With all credit to Neil White, I present the latest in the range of Open > Source Poetry: > > Julian, Wow, great go at the poem. Besides being an "uber" programmer, and a poet, dare we ask your other incredible talents? Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue May 24 20:05:01 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:46 2006 Subject: Secret agent spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey anti-spam warriors, We're starting to see a bunch of spam somehow getting by the assassins, past the razor wire, around the blackholes, and so forth. Our only clue is the following message: not spam, SpamAssassin (score=0, required 5, autolearn=not spam) This was clearly one of the spammiest (is that a word?) emails I've seen in ages. In fact, I might even order the product they're offering if it's half as amazing as they say it is. I would have new career options in the *ahem* entertainment industry for sure. :-) Any thoughts? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spike_cacti at YAHOO.COM Tue May 24 20:14:45 2005 From: spike_cacti at YAHOO.COM (Spike Cacti) Date: Thu Jan 12 21:29:46 2006 Subject: A case of case sensitivity, and , maybe MS non-RFC compliance ? Message-ID: Hi, I have a problem where I have to send mails to a special mailing list that uses the "To" to authenticate. The problem is that they use things like aSffDef3454F@address.com as their e-mail address and MailScanner changes all headers to lower case. I took a look at the code and I found , in postfix.pm (I use postfix, I guess it's the same in other modules) : # Change for V4: returns lower-case $from and @to sub ReadQf which does the lc{} job. I removed the lc to test and it worked. I was wondering why everything was changed to lower case ? RFC 821 states : This also applies to any symbols representing parameter values, such as "TO" or "to" for the forward-path. Command codes and the argument fields are separated by one or more spaces. However, within the reverse-path and forward-path arguments case is important. In particular, in some hosts the user "smith" is different from the user "Smith". Thanks for your help Spike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue May 24 20:16:52 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:46 2006 Subject: Secret agent spam Message-ID: Care to post the culprit, maybe with some email headers, so the rest of us can order the product too? On Tue, 24 May 2005, Fractal IT Dept. wrote: > Date: Tue, 24 May 2005 12:05:01 -0700 > From: Fractal IT Dept. > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Secret agent spam > > Hey anti-spam warriors, > > We're starting to see a bunch of spam somehow getting by the assassins, > past the razor wire, around the blackholes, and so forth. > > Our only clue is the following message: > > not spam, SpamAssassin (score=0, required 5, > autolearn=not spam) > > This was clearly one of the spammiest (is that a word?) emails I've seen > in ages. In fact, I might even order the product they're offering if > it's half as amazing as they say it is. I would have new career options > in the *ahem* entertainment industry for sure. :-) > > Any thoughts? > > Chris > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 20:22:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: Clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Julian Field wrote: > > >>It's there now. >>Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old >>junk that shouldn't have been in there any more, to make the download >>rather smaller. >> >> >> >Did you happen to take a look at why the install script doesn't pick up >the installed version of SpamAssassin? >The script always comes back that the version in your package is >installed, regardless of the actual installed version. > > Thanks for mentioning that. Found and fixed. New version is already for download. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 20:25:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: heads up,its coming again probably this monday! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From MailScanner.conf: # css from www.symantec.com, # symscanengine from www.symantec.com (Symantec Scan Engine, not CSS), Hopefully you can find a sales droid at Symantec who knows something about CSS at least. Try searching the mailing list archive for CSS, you should find something about where to find more details of it. Billy A. Pumphrey wrote: >I have Symantec at my workplace but I do not know if the there is a >version would that works on Linux. Does anyone know of a Symantec >product that would work? > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Scott Silva >>Sent: Tuesday, May 24, 2005 1:03 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: heads up,its coming again probably this monday! >> >>Mike Kercher wrote: >> >> >>>You should have a second AV product anyway...just as a second line >>> >>> >of > > >>>defense. >>>I use ClamAV and Sophos on my boxen. >>> >>> >>> >>Three here! Clam, Bitdefender, and McAfee. And there have been days >>where only one of the three catches something. >>But Bitdefender is not usually the leader, but once or twice... >> >> >>-- >> ,---.____________ _ ============ . >> /' \ | \ I_ O _I_,==.: >>| A beer doesn't get >--|===`-----'I `---' I | |: >>| upset if you come / _ \ I I | |:' >>| home with another / ( `-,----============:__;: >>| beer! / (_ O __) \_ : >>| ,,---.__________/ (______) (_) >>:/ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 20:26:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: Quoth the Mailscanner, "Nevermore" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I didn't write it! Hence the "credit to Neil White" at the beginning. Fractal IT Dept. wrote: > Julian Field wrote: > >> With all credit to Neil White, I present the latest in the range of Open >> Source Poetry: >> >> > > > Julian, > > Wow, great go at the poem. Besides being an "uber" programmer, and a > poet, dare we ask your other incredible talents? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 20:28:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: A case of case sensitivity, and , maybe MS non-RFC compliance ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, I know about this one, but haven't done anything about it yet. I need to go through the code and check every single use of the sender and recipient addresses to check that MailScanner ignores but preserves the case. It's a very arduous job :-( Spike Cacti wrote: >Hi, > I have a problem where I have to send mails to a special mailing >list that uses the "To" to authenticate. The problem is that they use >things like aSffDef3454F@address.com as their e-mail address and >MailScanner changes all headers to lower case. > >I took a look at the code and I found , in postfix.pm (I use postfix, I >guess it's the same in other modules) : > > # Change for V4: returns lower-case $from and @to > sub ReadQf > >which does the lc{} job. I removed the lc to test and it worked. > >I was wondering why everything was changed to lower case ? > >RFC 821 states : > >This also applies to any symbols representing parameter values, >such as "TO" or "to" for the forward-path. Command codes and >the argument fields are separated by one or more spaces. >However, within the reverse-path and forward-path arguments >case is important. In particular, in some hosts the user >"smith" is different from the user "Smith". > >Thanks for your help > >Spike > > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 24 20:33:05 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:46 2006 Subject: heads up,its coming again probably this monday! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > I have Symantec at my workplace but I do not know if the there is a > version would that works on Linux. Does anyone know of a Symantec > product that would work? > The Symantec AntiVirus Scan Engine is a Linux command line scanner. The MailScanner.conf file says it is supported. You just need to check if it is included in your Symantec licensing. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue May 24 20:55:38 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:46 2006 Subject: heads up,its coming again probably this monday! Message-ID: Thanks for your answers. I didn't look close enough, obviously. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: Tuesday, May 24, 2005 2:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: heads up,its coming again probably this monday! > > Billy A. Pumphrey wrote: > > I have Symantec at my workplace but I do not know if the there is a > > version would that works on Linux. Does anyone know of a Symantec > > product that would work? > > > > The Symantec AntiVirus Scan Engine is a Linux command line scanner. The > MailScanner.conf file says it is supported. You just need to check if it > is included in your Symantec licensing. > > > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 24 21:12:21 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:46 2006 Subject: Clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> Julian Field wrote: >> >> >>> It's there now. >>> Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old >>> junk that shouldn't have been in there any more, to make the download >>> rather smaller. >>> >>> >>> >> Did you happen to take a look at why the install script doesn't pick up >> the installed version of SpamAssassin? >> The script always comes back that the version in your package is >> installed, regardless of the actual installed version. >> >> > Thanks for mentioning that. Found and fixed. New version is already for > download. > I won't be able to test it until the next Spamassassin upgrade. Maybe I will throw together a test machine this week just because you went to the trouble. If I install the older version of Spamassassin on a testbed that is already upgraded, will it be a fair test? -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue May 24 21:25:03 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:46 2006 Subject: Header_check and hiding internal IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] (You could pick a better mailer name as the Listserv doesn't like this)>>subscribe wrote: >Hi list, >I've installed MailScanner as described in the [1]documentation. >I want to hide my internal IPs when sending outbound mail, but >I also wants MailScanner to scan outbound mails. > >If I put this in my header_check file: > >/192.168.10.50/ IGNORE <-- internal exchange server. >/192.168.10.1/ IGNORE <-- internal interface on MailScanner. >/^Received:/ HOLD > >the result are no scanning on outbound mails, but incoming mails >are getting scanned. > >Is there any solution to this problem? Or do I have to have >a second postfix MTA session somewhere to hide all of the >internal IPs? > >[1] http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml > > You don't want to play with header checks. The above is correct for MailScanner not to scan your mail (As Postfix won't direct the first 2 IP addresses to the hold queue for scanning, first rule matches). The easiest way to do this is in MailScanner. Just go to Remove These Headers = and point it to a ruleset. In the ruleset have something like: From: 192.168.10.50 Received: From: 192.168.10.1 Received: FromOrTo: Default Obviously add any other headers you want removed and restart MailScanner. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 24 21:29:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: Clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Julian Field wrote: > > >>Scott Silva wrote: >> >> >> >>>Julian Field wrote: >>> >>> >>> >>> >>>>It's there now. >>>>Also updated Mail::ClamAV to 0.17 while I was at it, and removed the old >>>>junk that shouldn't have been in there any more, to make the download >>>>rather smaller. >>>> >>>> >>>> >>>> >>>> >>>Did you happen to take a look at why the install script doesn't pick up >>>the installed version of SpamAssassin? >>>The script always comes back that the version in your package is >>>installed, regardless of the actual installed version. >>> >>> >>> >>> >>Thanks for mentioning that. Found and fixed. New version is already for >>download. >> >> >> > >I won't be able to test it until the next Spamassassin upgrade. > >Maybe I will throw together a test machine this week just because you >went to the trouble. >If I install the older version of Spamassassin on a testbed that is >already upgraded, will it be a fair test? > > Should be. So long as this says the old version, it should upgrade it correctly: perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION . "\n";' -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Tue May 24 22:08:48 2005 From: darren at TORSION.CO.UK (Darren Walker) Date: Thu Jan 12 21:29:46 2006 Subject: Raq 4 Problem Message-ID: Hi Julian, I commented out those lines, and then tried again, but then I got messages to say that other perl modules werent installed or couldn't be found. I found a manual on cpan, and installed all the modules supplied with mailscanner that I could find manually. After which I reinstalled MailScanner but now I get the following error ---SNIP----- Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. ---SNIP--- I have checked that the file and directory are present and I can read the file. I have updated the MIME/Parser.pm via cpan. I have removed mailscanner 'rpm -e mailscanner' and then reinstalled it but all to no avail. Im stuck, I was going to try an older copy of MailScanner, but would rather use a later version if possible. Cheers Darren -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 24 May 2005 12:16 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Raq 4 Problem You can probably do quite happily without the "use bytes" or "require bytes.pm" lines. cd /usr/lib/MailScanner/MailScanner grep 'use bytes' *pm Comment out the line in Log.pm and both of the lines in Message.pm. Then stop and restart MailScanner. On 24 May 2005, at 11:55, Darren Walker-Torsion wrote: > Hi, > > I had a problem last year when I was installing a Raq4 with > MailScanner and F-Prot. > I have had the same problem, in that the perl files wont autoinstall, > so Julian sent me a MCPAN command to install them manually. > > I installed the latest version MailScanner, after manually installing > CIDR via MCPAN using the command > > perl -MCPAN -e 'install Net::CIDR' > > > but now I get this error message > -----SNIP----- > Starting MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate bytes.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux > /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux > /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN > failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm > line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner > line 67. > -----SNIP----- > > One of the problems with the Raq is that it has an old copy of perl > installed and I cant replace it, because the GUI breaks, I have run > the installer with the 'ignore-perl' option but I am still having the > same problem. > > Any thoughts please? > > Thanks > > Darren > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet MailScanner, and is believed to > be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vnarayan at HAVERFORD.EDU Tue May 24 22:30:26 2005 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS Message-ID: Hi, I want to block emails from servers which do not have a valid reverse DNS lookup. I would like to be able to do this without using a DNSBL server, but merely using dns. Can you tell me: 1. How this can be done using Sendmail? 2. How can this be done using MailScanner? Thanks. Vasantha ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Tue May 24 22:44:25 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vasantha Narayanan wrote: > Hi, > > I want to block emails from servers which do not have a valid reverse DNS > lookup. I would like to be able to do this without using a DNSBL server, > but merely using dns. Can you tell me: > 1. How this can be done using Sendmail? > 2. How can this be done using MailScanner? > > Thanks. > > Vasantha You can use this: HTH, -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] divert(-1) dnl ## NOTE: This M4 file is suitable for sendmail dnl ## 8.12.x . To use it with 8.10.x or 8.11.x, a one line dnl ## change is required. Comments indicate which lines dnl ## to change (to comment or uncomment) dnl ################################################################ dnl ## dnl ## This is a HACK to reject mail from connecting clients dnl ## without proper rDNS (reverse DNS), functional dnl ## gethostbyaddr() resolution. dnl ## dnl ## Use as: dnl ## dnl ## HACK(require_rdns) dnl ## dnl ## An optional second argument is available, and must be dnl ## either `OK' or `REJECT'. With the second argument, dnl ## the decision to reject depends on the recipient, and dnl ## is based on access table entries for that recipient. dnl ## The second argument gives the default assumed for dnl ## recipients without access table entries. Currently, dnl ## only the first letter of the second argument is dnl ## checked. dnl ## dnl ## Note that the second argument makes no sense unless dnl ## FEATURE(`delay_checks') is also in effect. It is dnl ## best for the `delay_check' line to come first. This dnl ## is not strictly required, but will avoid a warning dnl ## message. dnl ## dnl ## The basis policy is to reject message with a 5xx dnl ## error if the IP address fails to resolve. However, dnl ## if this is a temporary failure, a 4xx temporary dnl ## failure is returned. If the look succeeds, but dnl ## returns an apparently forged value, this is treated dnl ## as a temporary failure with a 4xx error code. dnl ## dnl ## EXCEPTIONS: dnl ## dnl ## Exceptions based on access entries are discussed dnl ## below. Any IP address matched using $=R (the dnl ## "relay-domains" file) is excepted from the rules. dnl ## Since we have explicitely allowed relaying for this dnl ## host, based on IP address, we ignore the rDNS dnl ## failure. dnl ## dnl ## The philosophical assumption here is that most users dnl ## do not control their rDNS. They should be able to dnl ## send mail through their ISP, whether or not they have dnl ## valid rDNS. The class $=R, roughly speaking, dnl ## contains those IP addresses and address ranges for dnl ## which we are the ISP, or are acting as if the ISP. dnl ## dnl ## If `delay_checks' is in effect (recommended), then dnl ## any sender who has authenticated is also excepted dnl ## from the restrictions. This happens because the dnl ## rules produced by this HACK() will not be applied to dnl ## authenticated senders (assuming `delay_checks'). dnl ## dnl ## ACCESS MAP ENTRIES: dnl ## dnl ## Per-user entries: dnl ## dnl ## The per-user entries are of the form dnl ## rdns:user OK dnl ## where the RHS should be `OK' or `REJECT'. If `OK' is dnl ## used, mail addressed to this user is not blocked on dnl ## rDNS problems. If the value is `REJECT', it is dnl ## checked. The second argument to the HACK() enables dnl ## this feature, and provides the default for users with dnl ## no entry. dnl ## dnl ## Note that the user in "rdns:user" is the user part in dnl ## the mailer triple after address parsing. For a dnl ## virtual address, this will be the user after dnl ## virtusertable processing. If the mail is addressed dnl ## to "user+detail" the "+detail" is stripped before dnl ## this checking. dnl ## dnl ## If the recipient is on another host, then the key dnl ## actually looked up is "rdns:@host." with the "host" dnl ## being the destination to which we will send it. In dnl ## some cases, this might come from a mailertable dnl ## entry. It is not possible to individuate the dnl ## decision for remote recipients. Note that the "." dnl ## might be needed after the hostname. It is best to dnl ## use the output of dnl ## echo "/parse address" | sendmail -bt dnl ## to decide what goes in the access map. dnl ## dnl ## IP address entries: dnl ## dnl ## Entries such as dnl ## rdns:1.2.3 OK dnl ## 1.2.3.4 OK dnl ## 1.2 RELAY dnl ## will whitelist IP address 1.2.3.4, so that the rDNS dnl ## blocking does apply to that IP address dnl ## dnl ## Entries such as dnl ## rdns:1.2.3 REJECT dnl ## 1.2.3.4 REJECT dnl ## will have the effect of forcing a temporary failure dnl ## for that address to be treated as a permanent dnl ## failure. dnl ## dnl ################################################################ divert(0)dnl VERSIONID(`$Id: require_rdns.m4,v 1.7 2003/06/13 03:59:16 rickert Exp $') divert(-1) define(`_REQUIRE_RDNS_', ifelse(defn(`_ARG_'), `', `', lower(substr(_ARG_,0,1)), `o', `OK', lower(substr(_ARG_,0,1)), `r', `REJECT', `errprint(`*** Bad argument _ARG_ for require_rdns')')) ifelse(_REQUIRE_RDNS_,`',`', ifdef(`_DELAY_CHECKS_',`', ``errprint(`*** Warning: Optional argument to require_rdns needs delay_checks ')'' )) PUSHDIVERT(9)dnl SLocal_check_relay ifelse(_REQUIRE_RDNS_,`',dnl R$* $| $* $:$2 <$&{client_resolve}> ,dnl R$* $| $* $:$2 <$&{client_resolve}> $&{rcpt_addr} )dnl R$*$* $@OK Resolves. R$=R $* <$*>$* $@RELAY We relay for these ifelse(_REQUIRE_RDNS_,`',`',dnl R$*<$*>$+@$+ $:$1<$2>@$&{rcpt_host} use @host for remote R$*<$*>$+ + $* $:$1<$2>$3 remove +detail R$*<$*>$+ `$:$1<$2>$(access rdns:$3 $:' _REQUIRE_RDNS_ `$)' Check rcpt )dnl ifelse(_REQUIRE_RDNS_, `REJECT',dnl `R$*<$*>$={Accept} $@ $3 Bypass for this recipient ', _REQUIRE_RDNS_, `OK',dnl `R$*<$*>REJECT $:$1<$2> mark rejections R$*<$*>$+ $@OK bypass for others ',`')dnl dnl ### The next line is sendmail version dependent dnl ### Use this (with LookUpAddress)for sendmail-8.10 and 8.11 dnl`'R$+<$*>$* $:$1 $>LookUpAddress <$1> <$2> <+ rdns> dnl ### but use to following, instead, for 8.12 R$+<$*>$* $:$1 $>A <$1> <+ rdns> <$2> dnl ### end of version dependent text R$*<$={Accept}><$+> $@ $2 OK or RELAY - whitelisted R$*<$*> $: $1 REJECT - treat tempfail as fail R$* $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1, or use your ISP server R$* $#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve R$* $#error $@ 4.1.8 $: 451 Possibly forged hostname for $1 POPDIVERT undefine(`_REQUIRE_RDNS_')dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue May 24 23:01:55 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vasantha Narayanan wrote: > Hi, > > I want to block emails from servers which do not have a valid reverse DNS > lookup. I would like to be able to do this without using a DNSBL server, > but merely using dns. Can you tell me: > 1. How this can be done using Sendmail? Word of warning. Strangely, there's a reasonable number of small companies, and some not so small that get hit by this. There are fewer and fewer now that AOL blocks such things, but be aware of it. I've found that techonline.com, pparadise.com, and legitimate newsletter remailers savvis and navisite all suffer from this. Most of what seems to get caught by it is legit product newsletters, which are no major loss, but be aware of them. Here, I wind up greylisting them using milter-greylist ACLs. You're welcome to use this trick: # note: requires extendedregex option # supported by milter-greylist 2.0b3 or higher. # greylist unresolvable hosts acl greylist domain /\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Wed May 25 01:36:32 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:46 2006 Subject: Secret agent spam Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 25 May 2005 05:05 am, Fractal IT Dept. wrote: > Hey anti-spam warriors, > > We're starting to see a bunch of spam somehow getting by the assassins, > past the razor wire, around the blackholes, and so forth. > > Our only clue is the following message: > > not spam, SpamAssassin (score=0, required 5, > autolearn=not spam) > > This was clearly one of the spammiest (is that a word?) emails I've seen > in ages. In fact, I might even order the product they're offering if > it's half as amazing as they say it is. I would have new career options > in the *ahem* entertainment industry for sure. :-) > > Any thoughts? In these sorts of cases I normally feed them back into the bayes engine and tell it to learn them as spam. You might have to unlearn them first seeing as they have been auto-learnt as ham. Other than that; save a copy and forward it here with full headers etc, (or put it on a website somewhere) so we can have a look and see if there is some sort of counter-attack (with a Howitzer[1]) we can lauch ;) Cheers, James [1] http://en.wikipedia.org/wiki/Howitzer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Wed May 25 01:49:50 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:46 2006 Subject: Secret agent spam Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > On Wed, 25 May 2005 05:05 am, Fractal IT Dept. wrote: > >>Hey anti-spam warriors, >> >>We're starting to see a bunch of spam somehow getting by the assassins, >>past the razor wire, around the blackholes, and so forth. >> >>Our only clue is the following message: >> >> not spam, SpamAssassin (score=0, required 5, >> autolearn=not spam) >> >>This was clearly one of the spammiest (is that a word?) emails I've seen >>in ages. In fact, I might even order the product they're offering if >>it's half as amazing as they say it is. I would have new career options >>in the *ahem* entertainment industry for sure. :-) >> >>Any thoughts? > > > In these sorts of cases I normally feed them back into the bayes engine and > tell it to learn them as spam. You might have to unlearn them first seeing > as they have been auto-learnt as ham. > > Other than that; save a copy and forward it here with full headers etc, (or > put it on a website somewhere) so we can have a look and see if there is some > sort of counter-attack (with a Howitzer[1]) we can lauch ;) > > > Cheers, > > James > [1] http://en.wikipedia.org/wiki/Howitzer Or I can turn the SARE Ninjas loose on it! Just let us know and we can send out the LARTS! -Doc (SA/SARE/URIBL/SURBL - Ninja) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Wed May 25 07:17:25 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS {Virus Scanned} Message-ID: I believe the MailScanner list footer to the file that was attached must be removed before you can use the file. Christo -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider Sent: 24 May 2005 11:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: block emails with no valid reverse DNS {Virus Scanned} Vasantha Narayanan wrote: > Hi, > > I want to block emails from servers which do not have a valid reverse > DNS lookup. I would like to be able to do this without using a DNSBL server, > but merely using dns. Can you tell me: > 1. How this can be done using Sendmail? > 2. How can this be done using MailScanner? > > Thanks. > > Vasantha You can use this: HTH, -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 25 08:50:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: Raq 4 Problem Message-ID: Can you give me remote root ssh access to it? It will only take me a few minutes to fix, will be far faster than playing 20 questions with you. On 24 May 2005, at 22:08, Darren Walker wrote: > Hi Julian, > > I commented out those lines, and then tried again, but then I got > messages > to say that other perl modules werent installed or couldn't be > found. I > found a manual on cpan, and installed all the modules supplied with > mailscanner that I could find manually. > > After which I reinstalled MailScanner but now I get the following > error > ---SNIP----- > Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/ > MailScanner > /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 > /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/ > 5.005 . > /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/ > MCPMessage.pm line > 40. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > > > ---SNIP--- > > I have checked that the file and directory are present and I can > read the > file. I have updated the MIME/Parser.pm via cpan. > > I have removed mailscanner 'rpm -e mailscanner' and then > reinstalled it but > all to no avail. > > Im stuck, I was going to try an older copy of MailScanner, but > would rather > use a later version if possible. > > Cheers > > Darren > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Julian Field > Sent: 24 May 2005 12:16 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Raq 4 Problem > > > You can probably do quite happily without the "use bytes" or "require > bytes.pm" lines. > > cd /usr/lib/MailScanner/MailScanner > grep 'use bytes' *pm > > Comment out the line in Log.pm and both of the lines in Message.pm. > > Then stop and restart MailScanner. > > On 24 May 2005, at 11:55, Darren Walker-Torsion wrote: > > >> Hi, >> >> I had a problem last year when I was installing a Raq4 with >> MailScanner and F-Prot. >> I have had the same problem, in that the perl files wont autoinstall, >> so Julian sent me a MCPAN command to install them manually. >> >> I installed the latest version MailScanner, after manually installing >> CIDR via MCPAN using the command >> >> perl -MCPAN -e 'install Net::CIDR' >> >> >> but now I get this error message >> -----SNIP----- >> Starting MailScanner daemons: >> incoming sendmail: ok >> outgoing sendmail: ok >> MailScanner: Can't locate bytes.pm in @INC (@INC >> contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >> /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >> /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >> /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN >> failed--compilation aborted at /usr/lib/MailScanner/MailScanner/ >> Log.pm >> line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner >> line 67. >> -----SNIP----- >> >> One of the problems with the Raq is that it has an old copy of perl >> installed and I cant replace it, because the GUI breaks, I have run >> the installer with the 'ignore-perl' option but I am still having the >> same problem. >> >> Any thoughts please? >> >> Thanks >> >> Darren >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by Torsion Internet MailScanner, and is believed to >> be clean. >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Wed May 25 09:40:46 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:29:46 2006 Subject: OT: access to SMGateway Message-ID: Hi I'm not sure if this is off topic - I'm trying to download SMGateway, but I never recived download information and trying to contact Fortress System Ltd. seams to be a no-go. Does the company even exist? Does anyone know how to get to the download area? I'm looking for at "fullservice" system spam and virus system with a webinterface for my custormers to whitelist/blacklist and check blocked e-mails. MailScanner is sort of the core but without the interface - and SMGateway is the full system, scanning and webinterface? Regards Jan Agermose ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Wed May 25 10:14:30 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:46 2006 Subject: OT: Grey-listing? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 23 May 2005 11:51 am, James Gray wrote: > I've started down the road of grey-listing and have configured but not > "activated" the sendmail greylist-milter. My questions to the group are > both technical and political: > > 1. those who have used this milter; how effective is it in stemming the > tide of spam compared to "just" sendmail + mailscanner + SA + > RBL(OutBlaze, Razor etc)?? For those who are interested, in the first 24 hours of operation our spam is down by almost 40% and server load down by about the same.  Those numbers are %-age of what was happening prior to implementing milter-greylist. Pre-greylist: Average spam: 55% of our total mail volume Post-greylist Spam: 32% of our total mail volume. 100 - (32/52)*100 = 39% reduction in spam :):) Or about 20% reduction in total mail flow.  Very nice on a machine that handles around 50,000 messages a day. We're very happy and the users, both internal and external, are none the wiser.  All is well with the world and we are slowly making ground on the spammers (until they build smarter spambots then we're back to square 1). Cheers, James -- Bower's Law:  Talent goes where the action is. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 10:14:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: OT: access to SMGateway Message-ID: Jan yes do exist. Julian (MailScanner author) is the CTO. Don't know how long you've waited for a response but remember they are on the East Coast USA so it manybe another 3-4 hours from now before they get in. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan Agermose wrote: > Hi > > I'm not sure if this is off topic - I'm trying to download SMGateway, > but I never recived download information and trying to contact Fortress > System Ltd. seams to be a no-go. Does the company even exist? Does > anyone know how to get to the download area? > > I'm looking for at "fullservice" system spam and virus system with a > webinterface for my custormers to whitelist/blacklist and check blocked > e-mails. MailScanner is sort of the core but without the interface - and > SMGateway is the full system, scanning and webinterface? > > Regards > Jan Agermose > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 10:19:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: OT: access to SMGateway Message-ID: Just tried it. registered, got the email and am currently downloading from the link in the email. maybe you should try registering again? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan Agermose wrote: > Hi > > I'm not sure if this is off topic - I'm trying to download SMGateway, > but I never recived download information and trying to contact Fortress > System Ltd. seams to be a no-go. Does the company even exist? Does > anyone know how to get to the download area? > > I'm looking for at "fullservice" system spam and virus system with a > webinterface for my custormers to whitelist/blacklist and check blocked > e-mails. MailScanner is sort of the core but without the interface - and > SMGateway is the full system, scanning and webinterface? > > Regards > Jan Agermose > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Wed May 25 10:21:12 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:46 2006 Subject: Whitelisting dial-up users Message-ID: We have a few users 'on the road' who send mail via a dial-up connection. It looks as if the ISP's dial-up IP block has been listed on a couple of blacklists and so the users' mail is now being deleted by Mailscanner. Is it possible to automatically whitelist users who have authenticated to our mail server via a dial-up connection - I've had a look through the docs and am none the wiser. Thanks NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Wed May 25 10:22:41 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:29:46 2006 Subject: SV: OT: access to SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I will try to register again - its been more than a week :-) Best regards Jan -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Martin Hepworth Sendt: 25. maj 2005 11:15 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: OT: access to SMGateway Jan yes do exist. Julian (MailScanner author) is the CTO. Don't know how long you've waited for a response but remember they are on the East Coast USA so it manybe another 3-4 hours from now before they get in. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan Agermose wrote: > Hi > > I'm not sure if this is off topic - I'm trying to download SMGateway, > but I never recived download information and trying to contact Fortress > System Ltd. seams to be a no-go. Does the company even exist? Does > anyone know how to get to the download area? > > I'm looking for at "fullservice" system spam and virus system with a > webinterface for my custormers to whitelist/blacklist and check blocked > e-mails. MailScanner is sort of the core but without the interface - and > SMGateway is the full system, scanning and webinterface? > > Regards > Jan Agermose > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 25 10:42:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:46 2006 Subject: SV: OT: access to SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As I believe Martin has said, you should get a response automatically very quickly. If you don't get any response from the company in 24 hours, chase it up then, please don't wait a week. Jules (with his Fort Systems hat on) On 25 May 2005, at 10:22, Jan Agermose wrote: > Hi > > I will try to register again - its been more than a week :-) > > Best regards > Jan > > > > > > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > På vegne af Martin Hepworth > Sendt: 25. maj 2005 11:15 > Til: MAILSCANNER@JISCMAIL.AC.UK > Emne: Re: OT: access to SMGateway > > Jan > > yes do exist. Julian (MailScanner author) is the CTO. > > Don't know how long you've waited for a response but remember they are > on the East Coast USA so it manybe another 3-4 hours from now before > they get in. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jan Agermose wrote: > >> Hi >> >> I'm not sure if this is off topic - I'm trying to download SMGateway, >> but I never recived download information and trying to contact >> Fortress >> System Ltd. seams to be a no-go. Does the company even exist? Does >> anyone know how to get to the download area? >> >> I'm looking for at "fullservice" system spam and virus system with a >> webinterface for my custormers to whitelist/blacklist and check >> blocked >> e-mails. MailScanner is sort of the core but without the interface >> - and >> SMGateway is the full system, scanning and webinterface? >> >> Regards >> Jan Agermose >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 10:55:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: Whitelisting dial-up users Message-ID: Nigel in the Is Definitely not Spam setting make sure that points at spam.whitelist.rules and edit that file so it lists the users. Also I turn off those dial-up rules by making the score zero in local.cf as I find there's too many FP's from them. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Nigel Kendrick wrote: > We have a few users 'on the road' who send mail via a dial-up connection. It > looks as if the ISP's dial-up IP block has been listed on a couple of > blacklists and so the users' mail is now being deleted by Mailscanner. > > Is it possible to automatically whitelist users who have authenticated to > our mail server via a dial-up connection - I've had a look through the docs > and am none the wiser. > > Thanks > > NK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 11:00:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: Moscow Power outage....kapersky updates.. Message-ID: FYI There's a massive power outgate in Southern Moscow. Seems to be affecting at least one of the Kapersky Russian update sites, not to mention alot of the ISP's. http://www.mosnews.com/news/2005/05/25/blackout.shtml -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kenneth.kalmer at gmail.com Wed May 25 11:50:12 2005 From: kenneth.kalmer at gmail.com (Kenneth Kalmer) Date: Thu Jan 12 21:29:46 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Guys Before the flames begin, I did search the wiki, FAQ, MAQ and Google. My situation is a tad different and I can't figure out how to deal with it. My MailScanner.conf had this entry in... Quarantine Whole Messages As Queue Files = no ...and I just changed it to... Quarantine Whole Messages As Queue Files = yes ...to prevent this situation from happening again. Now, my situation. In my quarantine I've got a quarantined message as a 'message' file. This is the human readible file I presume. How can I release this file? Below is some output that might help. [root@one A8EAC2357B.694EC]# ls -al total 8428 drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message [root@one A8EAC2357B.694EC]# postdrop < message queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 Thanks in advance! -- Kenneth Kalmer kenneth.kalmer@gmail.com http://opensourcery.blogspot.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 12:19:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: Release a quarantined file (postfix) Message-ID: Kenneth Assuming Postfix still pretends to be sendmail try sendmail -ti < message -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Kenneth Kalmer wrote: > Guys > > Before the flames begin, I did search the wiki, FAQ, MAQ and Google. > My situation is a tad different and I can't figure out how to deal > with it. > > My MailScanner.conf had this entry in... > > Quarantine Whole Messages As Queue Files = no > > ...and I just changed it to... > > Quarantine Whole Messages As Queue Files = yes > > ...to prevent this situation from happening again. > > Now, my situation. In my quarantine I've got a quarantined message as > a 'message' file. This is the human readible file I presume. How can I > release this file? Below is some output that might help. > > [root@one A8EAC2357B.694EC]# ls -al > total 8428 > drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . > drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. > -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message > > [root@one A8EAC2357B.694EC]# postdrop < message > queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 > > Thanks in advance! > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed May 25 12:26:36 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider > Sent: Tuesday, May 24, 2005 11:44 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: block emails with no valid reverse DNS > > Vasantha Narayanan wrote: > > Hi, > > > > I want to block emails from servers which do not have a > valid reverse > > DNS lookup. I would like to be able to do this without > using a DNSBL server, > > but merely using dns. Can you tell me: > > 1. How this can be done using Sendmail? > > 2. How can this be done using MailScanner? > > > > Thanks. > > > > Vasantha > > You can use this: States that onlu work up to 8.12, what about 8.13.x? /Anders > > HTH, > > -Doc > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed May 25 12:26:30 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:46 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is this what you need? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail - dhawal Kenneth Kalmer wrote: > Guys > > Before the flames begin, I did search the wiki, FAQ, MAQ and Google. > My situation is a tad different and I can't figure out how to deal > with it. > > My MailScanner.conf had this entry in... > > Quarantine Whole Messages As Queue Files = no > > ...and I just changed it to... > > Quarantine Whole Messages As Queue Files = yes > > ...to prevent this situation from happening again. > > Now, my situation. In my quarantine I've got a quarantined message as > a 'message' file. This is the human readible file I presume. How can I > release this file? Below is some output that might help. > > [root@one A8EAC2357B.694EC]# ls -al > total 8428 > drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . > drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. > -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message > > [root@one A8EAC2357B.694EC]# postdrop < message > queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 > > Thanks in advance! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hunter at userfriendly.net Wed May 25 12:38:53 2005 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:29:46 2006 Subject: block emails with no valid reverse DNS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Andersson, IT wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider >>Sent: Tuesday, May 24, 2005 11:44 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: block emails with no valid reverse DNS >> >>Vasantha Narayanan wrote: >> >>>Hi, >>> >>>I want to block emails from servers which do not have a >> >>valid reverse >> >>>DNS lookup. I would like to be able to do this without >> >>using a DNSBL server, >> >>>but merely using dns. Can you tell me: >>>1. How this can be done using Sendmail? >>>2. How can this be done using MailScanner? >>> >>>Thanks. >>> >>>Vasantha >> >>You can use this: > > > > States that onlu work up to 8.12, what about 8.13.x? > Check out regex-milter, it can reject emails based on name resolution. It can be found here http://www.benzedrine.cx/milter-regex.html HTH Michael Weiner - -- Darwin Kernel Version 8.1.0: root:xnu-792.1.5.obj~4/RELEASE_PPC Load Averages: 5.38 5.02 4.89 CPU Usage: 25.0% user 75.0% sys 0.0% idle Memory Usage: 123M wired 488M active 354M inactive 965M used 58.1M free - -=- This AutoSig was generated on 05/25/2005 at 07:36. -=- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFClGPMSi7P5a7gZLQRAuIKAJ4lZNbYTdehyaXBGzTKScyo16zgfQCfYCEQ nHDAiTz/utjL/Y9YCTfkDjw= =9+1U -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.3KB. ] [ Unable to print this part. ] From support-lists at petdoctors.co.uk Wed May 25 13:34:18 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:46 2006 Subject: Understanding blacklisting Message-ID: I see incoming mail from various places where the origin is found in just one blacklist (usually SORBS-DNSBL) and so MailScanner deletes it, but reading the wiki articles implies you can set a threshold so that the sender has to appear in 'n' blacklists before being given the chop - the closest setting I can see for this is "Spam Lists To Reach High Score", which I currently have set to 5 (it was 3) but this doesn't seem to have any effect and reading further, the description of the setting implies that it just defines whether messages go straight to 'high scoring spam'. Can I just confirm whether I am missing the point here or whether I have not configured something as well as I could. Do I just drop using SORBS-DNSBL?? Thanks Nigel Kendrick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed May 25 13:44:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:46 2006 Subject: Understanding blacklisting Message-ID: Hi Nigel best place to to this is (I find) Spamassassin. enable the RBL's in SA and they will merely add to the SA score, rather than acting as a complete blacklist when used in MailScanner.conf Looking at the docs the setting SHOULD do as you summize, but given recent traffic on this list I'd suggest 'somethings amiss' Julian - can you have a look at this setting and confirm/deny it works and if it does work how it should work. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Nigel Kendrick wrote: > I see incoming mail from various places where the origin is found in just > one blacklist (usually SORBS-DNSBL) and so MailScanner deletes it, but > reading the wiki articles implies you can set a threshold so that the sender > has to appear in 'n' blacklists before being given the chop - the closest > setting I can see for this is "Spam Lists To Reach High Score", which I > currently have set to 5 (it was 3) but this doesn't seem to have any effect > and reading further, the description of the setting implies that it just > defines whether messages go straight to 'high scoring spam'. > > Can I just confirm whether I am missing the point here or whether I have not > configured something as well as I could. Do I just drop using SORBS-DNSBL?? > > Thanks > > Nigel Kendrick > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 25 14:07:55 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:47 2006 Subject: Header_check and hiding internal IP Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Those addresses are meaningless (due to them being private addresses) outside of your organization(s) network, so why bother "hiding" them? -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of subscribe Sent: ti 2005-05-24 20:36 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Header_check and hiding internal IP Hi list, I've installed MailScanner as described in the [1]documentation. I want to hide my internal IPs when sending outbound mail, but I also wants MailScanner to scan outbound mails. If I put this in my header_check file: /192.168.10.50/ IGNORE <-- internal exchange server. /192.168.10.1/ IGNORE <-- internal interface on MailScanner. /^Received:/ HOLD the result are no scanning on outbound mails, but incoming mails are getting scanned. Is there any solution to this problem? Or do I have to have a second postfix MTA session somewhere to hide all of the internal IPs? [1] http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml --- Trond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Wed May 25 14:03:40 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:47 2006 Subject: Understanding blacklisting Message-ID: > >Hi Nigel > >Best place to to this is (I find) Spamassassin. I was coming to the same conclusion from what I read. It certainly would be useful though if MailScanner had a config option something like "Spam Lists To Reach Low Score". Thanks for the quick reply. Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Wed May 25 14:19:28 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel Kendrick) Date: Thu Jan 12 21:29:47 2006 Subject: Understanding blacklisting Message-ID: >-----Original Message----- >From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] >Sent: 25 May 2005 13:44 >To: support-lists@petdoctors.co.uk >Subject: Re: Understanding blacklisting > > >You can set the "Spam Lists to reach high score" option, and then use >a "high scoring spam actions" to delete the message, rather than your >normal "spam actions" which might just deliver the message. > >Also, when posting on the list, it would be helpful if you either set >your Reply-To: address to the mailing list, or just didn't set the >"Reply-To" address at all. Thanks. > > >Julian, Thanks for the reply. I understand what you are saying (and that is how I have things set up now) - but if the mail appears in *one* blacklist MailScanner deletes it - I was looking for a 'consensus' option so that, say, 2 or 3 listings took it to 'spam' and left "Spam Lists To Reach High Score" to make it hit the roof if appropriate. It looks like the only other option is to use SA scoring with the blacklists rather than MailScanner? Nigel PS: Reply-to is now blank. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pascal.maes at ELEC.UCL.AC.BE Wed May 25 14:30:39 2005 From: pascal.maes at ELEC.UCL.AC.BE (Pascal Maes) Date: Thu Jan 12 21:29:47 2006 Subject: Spamassassin timed out Message-ID: Helo Is there a way to have more informations about the reasons of the following failures ? MailScanner[5875]: SpamAssassin timed out and was killed, failure 7 of 20 MailScanner[5794]: SpamAssassin timed out and was killed, failure 6 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 8 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 9 of 20 MailScanner[5794]: SpamAssassin timed out and was killed, failure 3 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 8 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 10 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 11 of 20 MailScanner[5875]: SpamAssassin timed out and was killed, failure 12 of 20 MailScanner[10021]: SpamAssassin timed out and was killed, failure 0 of 20 MailScanner[21184]: SpamAssassin timed out and was killed, failure 1 of 20 MailScanner[21569]: SpamAssassin timed out and was killed, failure 1 of 20 MailScanner[21569]: SpamAssassin timed out and was killed, failure 2 of 20 MailScanner[21569]: SpamAssassin timed out and was killed, failure 3 of 20 MailScanner[21569]: SpamAssassin timed out and was killed, failure 4 of 20 MailScanner[21569]: SpamAssassin timed out and was killed, failure 5 of 20 -- -- Pascal -- -- -- ---------------------[ Ciphire Signature ]---------------------- From: pascal.maes@elec.ucl.ac.be signed email body (1107 characters) Date: on 25 May 2005 at 13:30:45 UTC To: mailscanner@jiscmail.ac.uk ---------------------------------------------------------------- : Ciphire has secured this email against identity theft. : Free download at www.ciphire.com. The garbled lines : below are the sender's verifiable digital signature. ---------------------------------------------------------------- 00fAAAAAEAAAAFfpRCUwQAAC0CAAIAAgACACAQimlcC6VRprqzoKiyAG4Dh7IIQS PfBddta5biTpvl0QEAmG+N/lXPTUgfRuNkkMkve2/cnGDpebovXMbeXy0Ud6Sqg3 AqCU6U2j2vc/U4ZclFm4IXIsc8WKnwGsIt5gs1qA== ------------------[ End Ciphire Signed Message ]---------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed May 25 14:49:10 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:47 2006 Subject: Spamassassin timed out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pascal Maes wrote: > Helo ehlo > > Is there a way to have more informations about the reasons of the > following failures ? > > MailScanner[5875]: SpamAssassin timed out and was killed, failure 7 of 20 .. > MailScanner[5875]: SpamAssassin timed out and was killed, failure 12 of 20 > -- > -- Pascal -- > -- spamassassin -x -D -p /path/to/spam.assassin.prefs.conf --lint will show you the reason for the timeout.. probably a dns timeout or something with your bayes - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 25 14:52:03 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:47 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have updated that page with info that is actually relevant (namely a slight variation of Martins reply:-). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Dhawal Doshy Sent: on 2005-05-25 13:26 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Release a quarantined file (postfix) Is this what you need? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail - dhawal Kenneth Kalmer wrote: > Guys > > Before the flames begin, I did search the wiki, FAQ, MAQ and Google. > My situation is a tad different and I can't figure out how to deal > with it. > > My MailScanner.conf had this entry in... > > Quarantine Whole Messages As Queue Files = no > > ...and I just changed it to... > > Quarantine Whole Messages As Queue Files = yes > > ...to prevent this situation from happening again. > > Now, my situation. In my quarantine I've got a quarantined message as > a 'message' file. This is the human readible file I presume. How can I > release this file? Below is some output that might help. > > [root@one A8EAC2357B.694EC]# ls -al > total 8428 > drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . > drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. > -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message > > [root@one A8EAC2357B.694EC]# postdrop < message > queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 > > Thanks in advance! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kenneth.kalmer at gmail.com Wed May 25 14:53:12 2005 From: kenneth.kalmer at gmail.com (Kenneth Kalmer) Date: Thu Jan 12 21:29:47 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Martin, this one did help, I'll add it to the wiki just now. On 5/25/05, Martin Hepworth wrote: > Kenneth > > Assuming Postfix still pretends to be sendmail try > > sendmail -ti < message > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kenneth Kalmer wrote: > > Guys > > > > Before the flames begin, I did search the wiki, FAQ, MAQ and Google. > > My situation is a tad different and I can't figure out how to deal > > with it. > > > > My MailScanner.conf had this entry in... > > > > Quarantine Whole Messages As Queue Files = no > > > > ...and I just changed it to... > > > > Quarantine Whole Messages As Queue Files = yes > > > > ...to prevent this situation from happening again. > > > > Now, my situation. In my quarantine I've got a quarantined message as > > a 'message' file. This is the human readible file I presume. How can I > > release this file? Below is some output that might help. > > > > [root@one A8EAC2357B.694EC]# ls -al > > total 8428 > > drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . > > drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. > > -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message > > > > [root@one A8EAC2357B.694EC]# postdrop < message > > queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 > > > > Thanks in advance! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Kenneth Kalmer kenneth.kalmer@gmail.com http://opensourcery.blogspot.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed May 25 14:55:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:47 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Beay you to it:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Kenneth Kalmer Sent: on 2005-05-25 15:53 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Release a quarantined file (postfix) Thanks Martin, this one did help, I'll add it to the wiki just now. On 5/25/05, Martin Hepworth wrote: > Kenneth > > Assuming Postfix still pretends to be sendmail try > > sendmail -ti < message > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kenneth Kalmer wrote: > > Guys > > > > Before the flames begin, I did search the wiki, FAQ, MAQ and Google. > > My situation is a tad different and I can't figure out how to deal > > with it. > > > > My MailScanner.conf had this entry in... > > > > Quarantine Whole Messages As Queue Files = no > > > > ...and I just changed it to... > > > > Quarantine Whole Messages As Queue Files = yes > > > > ...to prevent this situation from happening again. > > > > Now, my situation. In my quarantine I've got a quarantined message as > > a 'message' file. This is the human readible file I presume. How can I > > release this file? Below is some output that might help. > > > > [root@one A8EAC2357B.694EC]# ls -al > > total 8428 > > drwxrwx--- 2 postfix postdrop 4096 May 25 12:38 . > > drwxrwx--- 5 postfix postdrop 4096 May 22 07:38 .. > > -rwx--x--x 1 postfix postdrop 8603998 May 22 07:23 message > > > > [root@one A8EAC2357B.694EC]# postdrop < message > > queue_id952A523574postdrop: fatal: uid=0: unexpected record type: 111 > > > > Thanks in advance! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Kenneth Kalmer kenneth.kalmer@gmail.com http://opensourcery.blogspot.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 25 15:02:25 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:47 2006 Subject: access to SMGateway Message-ID: Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jan Agermose > Sent: Wednesday, May 25, 2005 4:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: access to SMGateway > > Hi > > I'm not sure if this is off topic - I'm trying to download SMGateway, > but I never recived download information and trying to contact Fortress > System Ltd. seams to be a no-go. Does the company even exist? Does > anyone know how to get to the download area? > > I'm looking for at "fullservice" system spam and virus system with a > webinterface for my custormers to whitelist/blacklist and check blocked > e-mails. MailScanner is sort of the core but without the interface - and > SMGateway is the full system, scanning and webinterface? > > Regards > Jan Agermose Jan, As Julian and Martin so kindly pointed out, we're still in business :) I've forwarded your email to support and they will try and resolve the problem. Please email me off list if you are still having a problem. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbergman at WTXS.NET Wed May 25 16:04:40 2005 From: lbergman at WTXS.NET (Lewis Bergman) Date: Thu Jan 12 21:29:47 2006 Subject: access to SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney said: > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Jan Agermose >> Sent: Wednesday, May 25, 2005 4:41 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: OT: access to SMGateway >> >> Hi >> >> I'm not sure if this is off topic - I'm trying to download SMGateway, >> but I never recived download information and trying to contact Fortress >> System Ltd. seams to be a no-go. Does the company even exist? Does >> anyone know how to get to the download area? >> >> I'm looking for at "fullservice" system spam and virus system with a >> webinterface for my custormers to whitelist/blacklist and check blocked >> e-mails. MailScanner is sort of the core but without the interface - and >> SMGateway is the full system, scanning and webinterface? >> >> Regards >> Jan Agermose > Jan, I have used Mailscanner for years. I recently contracted fsl to implement their gateway/cluster system for some of the same reasons you mention. I'll vouch for their existence, competence, and ability to meet deadlines. -- Lewis Bergman Texas Communications 4309 Maple ST. Abilene, TX 79602 325-691-3301 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed May 25 16:27:05 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:47 2006 Subject: ClamV updates Message-ID: Thank you for the replies. I am still a little lost on how I should/can do the updates. Looking at the clamv site (http://www.clamav.net/binary.html) I do not know which package to use for CentOS. Also, do you know how that I can update using the Dag yum? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Friday, May 20, 2005 3:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamV updates > > Billy A. Pumphrey wrote: > > I went to http://crash.fce.vutbr.cz/yum-repository.html and ran through > > the yum directions, to get clamav updated through yum, and it broke my > > yum. > > > > **Unmatched Entries** > > WARNING: Your ClamAV installation is OUTDATED!: 1 Time(s) > > DON'T PANIC! Read http://www.clamav.net/faq.html: 1 Time(s) > > WARNING: Current functionality level = 4, recommended = 5: 1 Time(s) > > > > Here is an example error that I get for yum: > > [root@WoodenMS ~]# yum list > > Setting up Repos > > http://crash.fce.vutbr.cz/crash-hat/4/repodata/repomd.xml: [Errno 4] > > IOError: HT > > TP Error 404: Not Found > > Trying other mirror. > > Cannot open/read repomd.xml file for repository: crash-hat > > failure: repodata/repomd.xml from crash-hat: [Errno 256] No more mirrors > > to try. > > > > Any thoughts on getting it back to the way it was (fixed)? > > > > How do other people update they clamAV easily? > > Easily? Waiting for someone (crash-hat or dag) to package an RPM. > Quickly? Compiling from source. > > They're natural opposites :). > > If you have many systems to update, you can learn how to package RPMs > and then update all your servers at once. > > Hth > > Ugo > > > > > Billy Pumphrey > > IT Manager > > Wooden & McLaughlin > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From d.santos at barcelohotels.com.do Wed May 25 16:32:27 2005 From: d.santos at barcelohotels.com.do (Dywer Santos -- Barcelo Hotels) Date: Thu Jan 12 21:29:47 2006 Subject: problem qube3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi. I try to install MailScanner-4.41.3-1on a Cobalt Qube3 with the following error. Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate bytes.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. The version 4.37.7-1 was installed without problems. Thanks for any help you may provide. dywer santos ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Wed May 25 16:32:10 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:47 2006 Subject: block emails with no valid reverse DNS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Doc Schneider >>Sent: Tuesday, May 24, 2005 11:44 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: block emails with no valid reverse DNS >> >>Vasantha Narayanan wrote: >> >>>Hi, >>> >>>I want to block emails from servers which do not have a >> >>valid reverse >> >>>DNS lookup. I would like to be able to do this without >> >>using a DNSBL server, >> >>>but merely using dns. Can you tell me: >>>1. How this can be done using Sendmail? >>>2. How can this be done using MailScanner? >>> >>>Thanks. >>> >>>Vasantha >> >>You can use this: > > > > States that onlu work up to 8.12, what about 8.13.x? > > /Anders Works fine with 8.13.x. Guess the author of it should state that eh? -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed May 25 16:32:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:47 2006 Subject: Spamassassin timed out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Pascal Maes wrote: > >> Helo > > ehlo > >> >> Is there a way to have more informations about the reasons of the >> following failures ? >> >> MailScanner[5875]: SpamAssassin timed out and was killed, failure 7 of 20 > > .. > >> MailScanner[5875]: SpamAssassin timed out and was killed, failure 12 >> of 20 >> -- >> -- Pascal -- >> -- > > > spamassassin -x -D -p /path/to/spam.assassin.prefs.conf --lint > > will show you the reason for the timeout.. probably a dns timeout or > something with your bayes > Usually this is just bayes auto-expiry running during a message scan. Look where your bayes DB is stored, if you have a bunch of "expire" files laying around this is what's happening. Suggestions: 1) disable bayes_auto_expire in your /etc/mail/spamassassin/local.cf and set up a cronjob to run sa-learn --force-expire once a day. - and/or - 2) Extend your SA timeout in MailScanner.conf to about 10 minutes. I've been using SA since 2.31 and I've NEVER had it hang up on me. Every time mailscanner has killed my SA it did so in error. Maybe old versions (2.2, etc) had problems enforcing RBL timeouts, or on some odd platforms the problem exists, but I've not seen it. Early on kills were common because MS had the same timeout as SA RBL checks, so any time an RBL was down the total SA run time exceeded the MS timeout (oops). That Julian fixed, a long time ago. More recently kills have occurred largely because SA has a lot of long-running database maintenance chores for bayes (and the AWL if you use it). This Julian has somewhat addressed by increasing the default timeout, but if you've upgraded from an old version of MS, you probably still have the old short timeout. Currently I run with 1) and I've extended the timeout to 4 minutes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Wed May 25 16:52:24 2005 From: darren at TORSION.CO.UK (Darren Walker-Torsion) Date: Thu Jan 12 21:29:47 2006 Subject: Raq 4 Problem Message-ID: Hi Julian, I can give you SSH, but could I mail you off list, Id rather not give out the details here, just in case. I have tried to remove it and re-install it again today and gone over the various perl modules again, but to no avail. Thanks Darren On 25 May 2005, at 08:50, Julian Field wrote: > Can you give me remote root ssh access to it? It will only take me a > few minutes to fix, will be far faster than playing 20 questions with > you. > > On 24 May 2005, at 22:08, Darren Walker wrote: > >> Hi Julian, >> >> I commented out those lines, and then tried again, but then I got >> messages >> to say that other perl modules werent installed or couldn't be >> found. I >> found a manual on cpan, and installed all the modules supplied with >> mailscanner that I could find manually. >> >> After which I reinstalled MailScanner but now I get the following >> error >> ---SNIP----- >> Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/ >> MailScanner >> /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 >> /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/ >> 5.005 . >> /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/ >> MCPMessage.pm line >> 40. >> BEGIN failed--compilation aborted at >> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >> >> >> ---SNIP--- >> >> I have checked that the file and directory are present and I can >> read the >> file. I have updated the MIME/Parser.pm via cpan. >> >> I have removed mailscanner 'rpm -e mailscanner' and then >> reinstalled it but >> all to no avail. >> >> Im stuck, I was going to try an older copy of MailScanner, but >> would rather >> use a later version if possible. >> >> Cheers >> >> Darren >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf >> Of Julian Field >> Sent: 24 May 2005 12:16 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Raq 4 Problem >> >> >> You can probably do quite happily without the "use bytes" or "require >> bytes.pm" lines. >> >> cd /usr/lib/MailScanner/MailScanner >> grep 'use bytes' *pm >> >> Comment out the line in Log.pm and both of the lines in Message.pm. >> >> Then stop and restart MailScanner. >> >> On 24 May 2005, at 11:55, Darren Walker-Torsion wrote: >> >> >>> Hi, >>> >>> I had a problem last year when I was installing a Raq4 with >>> MailScanner and F-Prot. >>> I have had the same problem, in that the perl files wont autoinstall, >>> so Julian sent me a MCPAN command to install them manually. >>> >>> I installed the latest version MailScanner, after manually installing >>> CIDR via MCPAN using the command >>> >>> perl -MCPAN -e 'install Net::CIDR' >>> >>> >>> but now I get this error message >>> -----SNIP----- >>> Starting MailScanner daemons: >>> incoming sendmail: ok >>> outgoing sendmail: ok >>> MailScanner: Can't locate bytes.pm in @INC (@INC >>> contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >>> /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >>> /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >>> /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN >>> failed--compilation aborted at /usr/lib/MailScanner/MailScanner/ >>> Log.pm >>> line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner >>> line 67. >>> -----SNIP----- >>> >>> One of the problems with the Raq is that it has an old copy of perl >>> installed and I cant replace it, because the GUI breaks, I have run >>> the installer with the 'ignore-perl' option but I am still having the >>> same problem. >>> >>> Any thoughts please? >>> >>> Thanks >>> >>> Darren >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by Torsion Internet MailScanner, and is believed to >>> be clean. >>> >>> ------------------------ MailScanner list ------------------------ To >>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by Torsion Internet MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 25 17:01:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:47 2006 Subject: Raq 4 Problem Message-ID: Yes, I wouldn't advise putting root passwords on a mailing list :-) Mail me at mailscanner@ecs.soton.ac.uk. On 25 May 2005, at 16:52, Darren Walker-Torsion wrote: > Hi Julian, > > I can give you SSH, but could I mail you off list, Id rather not give > out the details here, just in case. I have tried to remove it and > re-install it again today and gone over the various perl modules > again, > but to no avail. > > Thanks > > Darren > On 25 May 2005, at 08:50, Julian Field wrote: > > >> Can you give me remote root ssh access to it? It will only take me a >> few minutes to fix, will be far faster than playing 20 questions with >> you. >> >> On 24 May 2005, at 22:08, Darren Walker wrote: >> >> >>> Hi Julian, >>> >>> I commented out those lines, and then tried again, but then I got >>> messages >>> to say that other perl modules werent installed or couldn't be >>> found. I >>> found a manual on cpan, and installed all the modules supplied with >>> mailscanner that I could find manually. >>> >>> After which I reinstalled MailScanner but now I get the following >>> error >>> ---SNIP----- >>> Can't locate MIME/Parser.pm in @INC (@INC contains: /usr/lib/ >>> MailScanner >>> /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 >>> /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/ >>> 5.005 . >>> /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/ >>> MCPMessage.pm line >>> 40. >>> BEGIN failed--compilation aborted at >>> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>> >>> >>> ---SNIP--- >>> >>> I have checked that the file and directory are present and I can >>> read the >>> file. I have updated the MIME/Parser.pm via cpan. >>> >>> I have removed mailscanner 'rpm -e mailscanner' and then >>> reinstalled it but >>> all to no avail. >>> >>> Im stuck, I was going to try an older copy of MailScanner, but >>> would rather >>> use a later version if possible. >>> >>> Cheers >>> >>> Darren >>> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>> On Behalf >>> Of Julian Field >>> Sent: 24 May 2005 12:16 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Raq 4 Problem >>> >>> >>> You can probably do quite happily without the "use bytes" or >>> "require >>> bytes.pm" lines. >>> >>> cd /usr/lib/MailScanner/MailScanner >>> grep 'use bytes' *pm >>> >>> Comment out the line in Log.pm and both of the lines in Message.pm. >>> >>> Then stop and restart MailScanner. >>> >>> On 24 May 2005, at 11:55, Darren Walker-Torsion wrote: >>> >>> >>> >>>> Hi, >>>> >>>> I had a problem last year when I was installing a Raq4 with >>>> MailScanner and F-Prot. >>>> I have had the same problem, in that the perl files wont >>>> autoinstall, >>>> so Julian sent me a MCPAN command to install them manually. >>>> >>>> I installed the latest version MailScanner, after manually >>>> installing >>>> CIDR via MCPAN using the command >>>> >>>> perl -MCPAN -e 'install Net::CIDR' >>>> >>>> >>>> but now I get this error message >>>> -----SNIP----- >>>> Starting MailScanner daemons: >>>> incoming sendmail: ok >>>> outgoing sendmail: ok >>>> MailScanner: Can't locate bytes.pm in @INC (@INC >>>> contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >>>> /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >>>> /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >>>> /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN >>>> failed--compilation aborted at /usr/lib/MailScanner/MailScanner/ >>>> Log.pm >>>> line 139. BEGIN failed--compilation aborted at /usr/sbin/ >>>> MailScanner >>>> line 67. >>>> -----SNIP----- >>>> >>>> One of the problems with the Raq is that it has an old copy of perl >>>> installed and I cant replace it, because the GUI breaks, I have run >>>> the installer with the 'ignore-perl' option but I am still >>>> having the >>>> same problem. >>>> >>>> Any thoughts please? >>>> >>>> Thanks >>>> >>>> Darren >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by Torsion Internet MailScanner, and is >>>> believed to >>>> be clean. >>>> >>>> ------------------------ MailScanner list >>>> ------------------------ To >>>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>> mailscanner' in the body of the email. Before posting, read the >>>> Wiki >>>> (http://wiki.mailscanner.info/) and the archives >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list >>> ------------------------ To >>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > This message has been scanned for viruses and > dangerous content by Torsion Internet MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 17:01:06 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I run these 3 each day > > pyzor discover > > razor-admin -discover > > /var/dcc/libexec/updatedcc I only run updatedcc once a week, with a random sleep before, because this command downloads the whole package everytime. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 17:45:53 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: OT: Grey-listing? Message-ID: James Gray wrote: > For those who are interested, in the first 24 hours of operation our > spam is down by almost 40% and server load down by about the same. > Those numbers are > %-age of what was happening prior to implementing milter-greylist. Cool. Sorry for being dense, but in 25 words or less can someone explain greylisting? Blacklist and whitelist are obvious, but I'm not quite sure what happens with a greylist. Similarly, I enabled greet-pause and the amount of spam in my quarantine mailbox is down from around 350-500/day to about 150 or so. It's actually kind of scary! Hope I'm not vaporizing a large body of legitimate mail! But so far nobody is complaining so I presume it's copasetic... Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed May 25 17:51:48 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:47 2006 Subject: OT: Grey-listing? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > James Gray wrote: > >>For those who are interested, in the first 24 hours of operation our >>spam is down by almost 40% and server load down by about the same. >>Those numbers are >>%-age of what was happening prior to implementing milter-greylist. > > > > Cool. Sorry for being dense, but in 25 words or less can someone explain > greylisting? Blacklist and whitelist are obvious, but I'm not quite sure > what happens with a greylist. When mail arrives from a new server, generate a 4xx series temp fail. Continue to 4xx mail from said server until a greylist period X has expired. If they come back and retry after the greylist period, accept the mail. The basic gist is to verify that a server is actually a real mailserver that properly retries messages and not a "one shot spamrun" tool. Exact implementations vary greatly and greylist periods vary from 1 minute to a few hours depending on the person running the greylist. Most greylists will also auto-whitelist mail from a server for a few days once it passes this test. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 25 19:07:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone else seeing Pyzor problems at the moment? I have just got enough horsepower to use Pyzor on my production systems, having never used it before. It built and installed just fine, and "pyzor discover" worked. But I get # /usr/local/bin/pyzor ping 66.250.40.33:24441 TimeoutError: and SpamAssassin just hangs when trying to get a response to the pyzor request. Is there anything I'm likely to be missing? Or is it really down now? If it is down, does anyone know the owner and could ask him to take a look at his server? Thanks folks. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed May 25 19:10:41 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm having these timeouts here too... Was working fine last time I checked... ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, May 25, 2005 3:07 PM Subject: Pyzor problems? > Anyone else seeing Pyzor problems at the moment? > I have just got enough horsepower to use Pyzor on my production systems, > having never used it before. It built and installed just fine, and > "pyzor discover" worked. > > But I get > # /usr/local/bin/pyzor ping > 66.250.40.33:24441 TimeoutError: > and SpamAssassin just hangs when trying to get a response to the pyzor > request. > > Is there anything I'm likely to be missing? Or is it really down now? > If it is down, does anyone know the owner and could ask him to take a > look at his server? > > Thanks folks. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 25 19:14:32 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, May 25, 2005 2:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Pyzor problems? > > Anyone else seeing Pyzor problems at the moment? > I have just got enough horsepower to use Pyzor on my production systems, > having never used it before. It built and installed just fine, and > "pyzor discover" worked. > > But I get > # /usr/local/bin/pyzor ping > 66.250.40.33:24441 TimeoutError: > and SpamAssassin just hangs when trying to get a response to the pyzor > request. > > Is there anything I'm likely to be missing? Or is it really down now? > If it is down, does anyone know the owner and could ask him to take a > look at his server? > > Thanks folks. > > -- > Julian Field Me too on every system I check. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed May 25 19:16:32 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Anyone else seeing Pyzor problems at the moment? > I have just got enough horsepower to use Pyzor on my production systems, > having never used it before. It built and installed just fine, and > "pyzor discover" worked. > > But I get > # /usr/local/bin/pyzor ping > 66.250.40.33:24441 TimeoutError: > and SpamAssassin just hangs when trying to get a response to the pyzor > request. > Julian, Same thing here. But no SA timeout (at least no email pile up). Last Pyzor hit at 11:08 this morning (about 3 hours ago). Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From vachanta at GMAIL.COM Wed May 25 19:18:16 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: Yes our MS boxes are coming to a crawl from yesterday and we are seeing this debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "66.250.40.33:24441 TimeoutError: " I disabled pyzor and its crancking........but still miss it. Good to know that i m not alone.....so whats going on with Pyzor ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed May 25 19:19:37 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:47 2006 Subject: OT: Grey-listing? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Kevin Miller > Sent: Wednesday, May 25, 2005 12:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Grey-listing? > > James Gray wrote: > > For those who are interested, in the first 24 hours of operation our > > spam is down by almost 40% and server load down by about the same. > > Those numbers are > > %-age of what was happening prior to implementing milter-greylist. > > > Cool. Sorry for being dense, but in 25 words or less can someone explain > greylisting? Blacklist and whitelist are obvious, but I'm not quite sure > what happens with a greylist. > > Similarly, I enabled greet-pause and the amount of spam in my quarantine > mailbox is down from around 350-500/day to about 150 or so. It's actually > kind of scary! Hope I'm not vaporizing a large body of legitimate mail! > But so far nobody is complaining so I presume it's copasetic... > > > Thanks... > > ...Kevin Kevin, What are you using for your GreetPause delay? Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 19:53:37 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: OT: Grey-listing? Message-ID: Stephen Swaney wrote: > > Kevin, > > What are you using for your GreetPause delay? 10 seconds. Default was 15, but I didn't want to be too aggressive initially. See a lot of dsl/cable hits and a lot of addresses w/o any reverse resolution. Also saw a couple that surprised me like some yahoo.com box. Haven't whitelisted anything yet, but probably should go through it with a fine toothed comb shortly... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 20:15:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Anyone else seeing Pyzor problems at the moment? > I have just got enough horsepower to use Pyzor on my production systems, > having never used it before. It built and installed just fine, and > "pyzor discover" worked. > > But I get > # /usr/local/bin/pyzor ping > 66.250.40.33:24441 TimeoutError: > and SpamAssassin just hangs when trying to get a response to the pyzor > request. > > Is there anything I'm likely to be missing? Or is it really down now? > If it is down, does anyone know the owner and could ask him to take a > look at his server? Go those errors too. I wrote the pyzor-users list. We'll see what happens. I found the author's e-mail address. ftobin |at| neverending |dot| org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 20:24:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > Thank you for the replies. I am still a little lost on how I should/can > do the updates. > > Looking at the clamv site (http://www.clamav.net/binary.html) I do not > know which package to use for CentOS. There is no rpm compiled specifically for CentOS (RHEL). Maybe another would, maybe not. I can't tell. > > Also, do you know how that I can update using the Dag yum? 2 choices: 1- manually download & install http://dag.wieers.com/packages/clamav/ 2- Use dag's repository using apt, yum or up2date(beware of the implications). http://dag.wieers.com/home-made/apt/FAQ.php#B. Be careful, this may update other packages when you do system updates. > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 20:43:55 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: spam actions Message-ID: I've always forwarded my spam to an account on my exchange server (alphonse_spamdog) so I can forward false positives, and such. But now I've installed MailWatch, so have the quarantine dir on my linux box which was previously unused. I delete anything older than 2 weeks on Exchange but have to do that manually. On the linux gateway is it safe to just run a cronjob to get rid of old messages? What will that do to MailWatch/mysql? Will it care? Hope this isn't too off topic... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 20:26:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: Testing with TestVirus -- fixed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Many thanks. I have just put up the 4.42.3 beta release. It is currently installing on my home server. If everything goes fine, I'll install it at work tomorrow. I'll let you know. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Wed May 25 20:58:23 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:47 2006 Subject: OT: GreetPause delay Message-ID: Kevin: Does the GreetPause delay feature automatically build (or respect) a whitelist, or have you introduced a delay for any server that connects to yours? I can imagine that heavily loaded sendmail servers might have issues if this becomes standard practice. If your mail server gets 1 outbound message every second, and if each delivery attempt results in a 10 second delay (at one prompt) then you'll have a mimnimum of 10 idle sendmail processes always occupying memory just for outbound mail. -Bill Kevin Miller wrote: >Stephen Swaney wrote: > > >>Kevin, >> >>What are you using for your GreetPause delay? >> >> > >10 seconds. Default was 15, but I didn't want to be too aggressive >initially. See a lot of dsl/cable hits and a lot of addresses w/o any >reverse resolution. Also saw a couple that surprised me like some yahoo.com >box. Haven't whitelisted anything yet, but probably should go through it >with a fine toothed comb shortly... > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 21:10:40 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: OT: GreetPause delay Message-ID: William Burns wrote: > Kevin: > > Does the GreetPause delay feature automatically build (or respect) a > whitelist, or have you introduced a delay for any server that connects > to yours? > > I can imagine that heavily loaded sendmail servers might have issues > if this becomes standard practice. If your mail server gets 1 outbound > message every second, and if each delivery attempt results in a 10 > second delay (at one prompt) then you'll have a mimnimum of 10 idle > sendmail processes always occupying memory just for outbound mail. The whitelist can be added to the access file. It doesn't do a pause on outbound mail however - it does it when a remote mail server attempts to send to us. Basically says "cbj mail server, can I put you on hold" and then makes the remote end spin it's wheels for 10 seconds. Real mail servers are built to handle that sort of thing, as a rule. Spambots just want to shotgun out as many messages in as little time as possible so blow right past your domain. At least that's my understanding... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 21:05:22 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: spam actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > I've always forwarded my spam to an account on my exchange server > (alphonse_spamdog) so I can forward false positives, and such. But now I've > installed MailWatch, so have the quarantine dir on my linux box which was > previously unused. I delete anything older than 2 weeks on Exchange but > have to do that manually. On the linux gateway is it safe to just run a > cronjob to get rid of old messages? see /etc/cron.daily/clean.quarantine > What will that do to MailWatch/mysql? > Will it care? MailWatch will not be aware so you might end up trying to release a message that has been deleted by your cronjob. You can also use a script to do the same thing to mysql. Search the archives for clean_mailwatch. > > Hope this isn't too off topic... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed May 25 21:20:42 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:47 2006 Subject: spam actions Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller writes: > I've always forwarded my spam to an account on my exchange server > (alphonse_spamdog) so I can forward false positives, and such. But now I've > installed MailWatch, so have the quarantine dir on my linux box which was > previously unused. I delete anything older than 2 weeks on Exchange but > have to do that manually. On the linux gateway is it safe to just run a > cronjob to get rid of old messages? What will that do to MailWatch/mysql? > Will it care? > > Hope this isn't too off topic... > > ...Kevin Its quite safe to run a cron for clean up, mailscanner includes it own cron script to do that. As for mailwatch, you won't be able to view the message content of quarantined mails that don't exist anymore (though the rest being in the mysql db will work as usual). You'll need the following 2 actions. 1. MailScanner has it's own cron for quarantine deletion, change $days_to_keep to 14. Check /etc/cron.daily/clean.quarantine OR /opt/Mailscanner/bin/cron/clean.quarantine.cron 2. Run another script to trim the mailwatch database minute hour * * * /path/to/mysql -u mailwatch_user --password=mailwatch_password < /path/to/mailwatch_mysql_mailtenance.sql Content of /path/to/mailwatch_mysql_mailtenance.sql: delete from maillog where timestamp < date_sub(curdate(), interval 14 day); optimize table maillog; Hope that helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 21:06:44 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Julian Field wrote: > >> Anyone else seeing Pyzor problems at the moment? >> I have just got enough horsepower to use Pyzor on my production systems, >> having never used it before. It built and installed just fine, and >> "pyzor discover" worked. >> >> But I get >> # /usr/local/bin/pyzor ping >> 66.250.40.33:24441 TimeoutError: >> and SpamAssassin just hangs when trying to get a response to the pyzor >> request. >> >> Is there anything I'm likely to be missing? Or is it really down now? >> If it is down, does anyone know the owner and could ask him to take a >> look at his server? > > > Go those errors too. I wrote the pyzor-users list. We'll see what > happens. I found the author's e-mail address. ftobin |at| neverending > |dot| org. > Someone responded: Appears the server is down: $ pyzor ping 66.250.40.33:24441 TimeoutError: That makes me wonder... is there only one server? Maybe some of us could run a pyzor server to spread the load and avoid this kind of situation? I'll let you know about my findings. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Wed May 25 21:28:31 2005 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:29:47 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] William Burns wrote: > Kevin: > > Does the GreetPause delay feature automatically build (or respect) a > whitelist, or have you introduced a delay for any server that connects > to yours? > > I can imagine that heavily loaded sendmail servers might have issues if > this becomes standard practice. If your mail server gets 1 outbound > message every second, and if each delivery attempt results in a 10 > second delay (at one prompt) then you'll have a mimnimum of 10 idle > sendmail processes always occupying memory just for outbound mail. > > -Bill > > Kevin Miller wrote: > >> Stephen Swaney wrote: >> >> >>> Kevin, >>> >>> What are you using for your GreetPause delay? >>> >>> >> >> 10 seconds. Default was 15, but I didn't want to be too aggressive >> initially. See a lot of dsl/cable hits and a lot of addresses w/o any >> reverse resolution. Also saw a couple that surprised me like some >> yahoo.com >> box. Haven't whitelisted anything yet, but probably should go through it >> with a fine toothed comb shortly... >> I think this is wat you're asking. This goes into your /etc/mail/access file GreetPause:127.0.0.1 0 GreetPause:192.168.1 0 You can vary the times for servers as you see fit. -Doc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 21:35:00 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: spam actions Message-ID: Dhawal Doshy wrote: > Its quite safe to run a cron for clean up, mailscanner includes it > own cron script to do that. As for mailwatch, you won't be able to > view the message content of quarantined mails that don't exist > anymore (though the rest being in the mysql db will work as usual). Thanks Dhawal & Ugo! That rocks! Not worried about viewing messages that are gone - if users haven't missed them by that time, they probably never will... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed May 25 21:35:45 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance writes: > Ugo Bellavance wrote: >> Julian Field wrote: >> >>> Anyone else seeing Pyzor problems at the moment? >>> I have just got enough horsepower to use Pyzor on my production systems, >>> having never used it before. It built and installed just fine, and >>> "pyzor discover" worked. >>> >>> But I get >>> # /usr/local/bin/pyzor ping >>> 66.250.40.33:24441 TimeoutError: >>> and SpamAssassin just hangs when trying to get a response to the pyzor >>> request. >>> >>> Is there anything I'm likely to be missing? Or is it really down now? >>> If it is down, does anyone know the owner and could ask him to take a >>> look at his server? >> >> >> Go those errors too. I wrote the pyzor-users list. We'll see what >> happens. I found the author's e-mail address. ftobin |at| neverending >> |dot| org. >> > > Someone responded: > > Appears the server is down: > > $ pyzor ping > 66.250.40.33:24441 TimeoutError: > > That makes me wonder... is there only one server? Maybe some of us > could run a pyzor server to spread the load and avoid this kind of > situation? > > I'll let you know about my findings. > > Ugo > The server did respond to both ping / traceroute, though a nagios-plugin check failed. [root@mx1 ~]# ./check_udp -H 66.250.40.33 -p 24441 Receive failed No response from host on port 24441 Also as per this 'https://sourceforge.net/mailarchive/forum.php?thread_id=6989953&forum_id=87 11', pyzord lacks syncing features, hence i assume there is only one server. (though why he didn't think of ssh + rsync to do the syncing effectively outside of pyzor is beyond me.) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed May 25 21:50:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:47 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Ugo Bellavance writes: > >> Ugo Bellavance wrote: >> >>> Julian Field wrote: >>> >>>> Anyone else seeing Pyzor problems at the moment? >>>> I have just got enough horsepower to use Pyzor on my production >>>> systems, >>>> having never used it before. It built and installed just fine, and >>>> "pyzor discover" worked. >>>> >>>> But I get >>>> # /usr/local/bin/pyzor ping >>>> 66.250.40.33:24441 TimeoutError: >>>> and SpamAssassin just hangs when trying to get a response to the pyzor >>>> request. >>>> >>>> Is there anything I'm likely to be missing? Or is it really down now? >>>> If it is down, does anyone know the owner and could ask him to take a >>>> look at his server? >>> >>> >>> >>> Go those errors too. I wrote the pyzor-users list. We'll see what >>> happens. I found the author's e-mail address. ftobin |at| neverending >>> |dot| org. >>> >> >> Someone responded: >> >> Appears the server is down: >> >> $ pyzor ping >> 66.250.40.33:24441 TimeoutError: >> >> That makes me wonder... is there only one server? Maybe some of us >> could run a pyzor server to spread the load and avoid this kind of >> situation? >> >> I'll let you know about my findings. >> >> Ugo >> > > The server did respond to both ping / traceroute, though a nagios-plugin > check failed. > [root@mx1 ~]# ./check_udp -H 66.250.40.33 -p 24441 > Receive failed > No response from host on port 24441 > > Also as per this > 'https://sourceforge.net/mailarchive/forum.php?thread_id=6989953&forum_id=87 > > 11', pyzord lacks syncing features, hence i assume there is only one > server. > (though why he didn't think of ssh + rsync to do the syncing effectively > outside of pyzor is beyond me.) I don't honestly think I can make a production service dependent upon a global service that is provided by 1 system! I'm slightly surprised that anyone uses it as a serious resource. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed May 25 22:13:34 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:47 2006 Subject: OT: GreetPause delay Message-ID: William Burns wrote: > Kevin: > > I get what you're saying about this only affecting your-own inbound > mail, but it's useful to extrapolate. > If every mail server on the planet behaves like yours, then all of > *my* servers outbound mail is delayed for 10 seconds. Yeah, but by that time the spammers will have caught on, and we decommission this and use some other trick. Which will last for about 2 months, and the cycle repeats. Sigh... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vnarayan at HAVERFORD.EDU Wed May 25 22:40:25 2005 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:29:47 2006 Subject: block emails with no valid reverse DNS Message-ID: Thank you to all those who responded. I'm going to first give "require_rdns" hack a try since this will inform the sender that their mail was blocked. That way if there is a legitimate email that gets blocked, they will be notified and they can get in touch with us if they want. If that does not work for us, I'll give milter a try. Thanks. Vasantha At 04:44 PM 5/24/2005 -0500, you wrote: >Vasantha Narayanan wrote: >>Hi, >> >>I want to block emails from servers which do not have a valid reverse DNS >>lookup. I would like to be able to do this without using a DNSBL server, >>but merely using dns. Can you tell me: >>1. How this can be done using Sendmail? >>2. How can this be done using MailScanner? >> >>Thanks. >> >>Vasantha > >You can use this: > >HTH, > >-Doc > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > >divert(-1) > >dnl ## NOTE: This M4 file is suitable for sendmail >dnl ## 8.12.x . To use it with 8.10.x or 8.11.x, a one line >dnl ## change is required. Comments indicate which lines >dnl ## to change (to comment or uncomment) > >dnl ################################################################ >dnl ## >dnl ## This is a HACK to reject mail from connecting clients >dnl ## without proper rDNS (reverse DNS), functional >dnl ## gethostbyaddr() resolution. >dnl ## >dnl ## Use as: >dnl ## >dnl ## HACK(require_rdns) >dnl ## >dnl ## An optional second argument is available, and must be >dnl ## either `OK' or `REJECT'. With the second argument, >dnl ## the decision to reject depends on the recipient, and >dnl ## is based on access table entries for that recipient. >dnl ## The second argument gives the default assumed for >dnl ## recipients without access table entries. Currently, >dnl ## only the first letter of the second argument is >dnl ## checked. >dnl ## >dnl ## Note that the second argument makes no sense unless >dnl ## FEATURE(`delay_checks') is also in effect. It is >dnl ## best for the `delay_check' line to come first. This >dnl ## is not strictly required, but will avoid a warning >dnl ## message. >dnl ## >dnl ## The basis policy is to reject message with a 5xx >dnl ## error if the IP address fails to resolve. However, >dnl ## if this is a temporary failure, a 4xx temporary >dnl ## failure is returned. If the look succeeds, but >dnl ## returns an apparently forged value, this is treated >dnl ## as a temporary failure with a 4xx error code. >dnl ## >dnl ## EXCEPTIONS: >dnl ## >dnl ## Exceptions based on access entries are discussed >dnl ## below. Any IP address matched using $=R (the >dnl ## "relay-domains" file) is excepted from the rules. >dnl ## Since we have explicitely allowed relaying for this >dnl ## host, based on IP address, we ignore the rDNS >dnl ## failure. >dnl ## >dnl ## The philosophical assumption here is that most users >dnl ## do not control their rDNS. They should be able to >dnl ## send mail through their ISP, whether or not they have >dnl ## valid rDNS. The class $=R, roughly speaking, >dnl ## contains those IP addresses and address ranges for >dnl ## which we are the ISP, or are acting as if the ISP. >dnl ## >dnl ## If `delay_checks' is in effect (recommended), then >dnl ## any sender who has authenticated is also excepted >dnl ## from the restrictions. This happens because the >dnl ## rules produced by this HACK() will not be applied to >dnl ## authenticated senders (assuming `delay_checks'). >dnl ## >dnl ## ACCESS MAP ENTRIES: >dnl ## >dnl ## Per-user entries: >dnl ## >dnl ## The per-user entries are of the form >dnl ## rdns:user OK >dnl ## where the RHS should be `OK' or `REJECT'. If `OK' is >dnl ## used, mail addressed to this user is not blocked on >dnl ## rDNS problems. If the value is `REJECT', it is >dnl ## checked. The second argument to the HACK() enables >dnl ## this feature, and provides the default for users with >dnl ## no entry. >dnl ## >dnl ## Note that the user in "rdns:user" is the user part in >dnl ## the mailer triple after address parsing. For a >dnl ## virtual address, this will be the user after >dnl ## virtusertable processing. If the mail is addressed >dnl ## to "user+detail" the "+detail" is stripped before >dnl ## this checking. >dnl ## >dnl ## If the recipient is on another host, then the key > >dnl ## actually looked up is "rdns:@host." with the "host" >dnl ## being the destination to which we will send it. In >dnl ## some cases, this might come from a mailertable >dnl ## entry. It is not possible to individuate the >dnl ## decision for remote recipients. Note that the "." >dnl ## might be needed after the hostname. It is best to >dnl ## use the output of >dnl ## echo "/parse address" | sendmail -bt >dnl ## to decide what goes in the access map. >dnl ## >dnl ## IP address entries: >dnl ## >dnl ## Entries such as >dnl ## rdns:1.2.3 OK >dnl ## 1.2.3.4 OK >dnl ## 1.2 RELAY >dnl ## will whitelist IP address 1.2.3.4, so that the rDNS >dnl ## blocking does apply to that IP address >dnl ## >dnl ## Entries such as >dnl ## rdns:1.2.3 REJECT >dnl ## 1.2.3.4 REJECT >dnl ## will have the effect of forcing a temporary failure >dnl ## for that address to be treated as a permanent >dnl ## failure. >dnl ## >dnl ################################################################ > >divert(0)dnl >VERSIONID(`$Id: require_rdns.m4,v 1.7 2003/06/13 03:59:16 rickert Exp $') >divert(-1) > >define(`_REQUIRE_RDNS_', >ifelse(defn(`_ARG_'), `', `', > lower(substr(_ARG_,0,1)), `o', `OK', > lower(substr(_ARG_,0,1)), `r', `REJECT', > `errprint(`*** Bad argument _ARG_ for require_rdns')')) > >ifelse(_REQUIRE_RDNS_,`',`', >ifdef(`_DELAY_CHECKS_',`', >``errprint(`*** Warning: Optional argument to require_rdns needs delay_checks >')'' >)) > >PUSHDIVERT(9)dnl >SLocal_check_relay >ifelse(_REQUIRE_RDNS_,`',dnl >R$* $| $* $:$2 <$&{client_resolve}> >,dnl >R$* $| $* $:$2 <$&{client_resolve}> $&{rcpt_addr} >)dnl >R$*$* $@OK Resolves. >R$=R $* <$*>$* $@RELAY We relay for these >ifelse(_REQUIRE_RDNS_,`',`',dnl >R$*<$*>$+@$+ $:$1<$2>@$&{rcpt_host} use @host for remote >R$*<$*>$+ + $* $:$1<$2>$3 remove +detail >R$*<$*>$+ `$:$1<$2>$(access rdns:$3 $:' _REQUIRE_RDNS_ >`$)' Check rcpt >)dnl >ifelse(_REQUIRE_RDNS_, `REJECT',dnl >`R$*<$*>$={Accept} $@ $3 Bypass for this recipient >', _REQUIRE_RDNS_, `OK',dnl >`R$*<$*>REJECT $:$1<$2> mark rejections >R$*<$*>$+ $@OK bypass for others >',`')dnl >dnl ### The next line is sendmail version dependent >dnl ### Use this (with LookUpAddress)for sendmail-8.10 and 8.11 >dnl`'R$+<$*>$* $:$1 $>LookUpAddress <$1> <$2> <+ rdns> >dnl ### but use to following, instead, for 8.12 >R$+<$*>$* $:$1 $>A <$1> <+ rdns> <$2> >dnl ### end of version dependent text >R$*<$={Accept}><$+> $@ $2 OK or RELAY - whitelisted >R$*<$*> $: $1 REJECT - treat tempfail as >fail >R$* $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1, or >use your ISP server >R$* $#error $@ 4.1.8 $: 451 Client IP address $1 does >not resolve >R$* $#error $@ 4.1.8 $: 451 Possibly forged hostname >for $1 >POPDIVERT >undefine(`_REQUIRE_RDNS_')dnl > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent at ELECTRICEMBERS.NET Wed May 25 22:26:22 2005 From: brent at ELECTRICEMBERS.NET (Brent Emerson) Date: Thu Jan 12 21:29:47 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: I'm seeing the same behavior that was reported by Nigel Kennedy in the thread "MailScanner occasionally not picking up from the hold queue" and which is detailed in Debian bug #305239 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305239): An MS child dies of old age, another child is spawned, and the new process never picks up any messages from the hold queue. Eventually, all my MS children are in state "sleeping" and all incoming mail accumulates in the hold queue. A stop/start restores things to normal. The problem almost always seems to occur exactly 4 hours after my automated 23:10 MS restart (3:10am), when system load is low. My system: FreeBSD 4.9, Postfix 2.2.2, MailScanner 4.41.3, SpamAssassin 3.0.3, ClamAV 0.85. Most or all of my relevant perl modules are the latest versions, which in some cases may be later than what Julian recommends. Has there been a resolution/diagnosis of this yet? Any clues? Any debug work I can do? Brent Emerson ----Electric Embers: Powering the fires of change-------------------- NPOGroups | NPOMail | NPOShield | web/database/email hosting ----http://electricembers.net--------A member of N-TEN and NoBAWC---- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From acschmitt at BPA.GOV Wed May 25 22:49:15 2005 From: acschmitt at BPA.GOV (Schmitt, Andy C - JHSS) Date: Thu Jan 12 21:29:47 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I suspect that spammers may encounter some difficulty "catching on" to this one. Right now they're sending mail like lightning in most places, but still we have their throwaway websites blocked by a URIBL usually within a day. How much quicker if their sending ability was slowed down on most of their connections? If a majority used greet_pause and spammers adapted to conform to RFC, the spam would still be sent -- but the _amount_ of spam someone was able to send before an alert user or admin caught the latest URL and URIBLed it would be reduced. Whether spam flow would be slowed enough to make it unprofitable to send in the first place, of course, is another matter altogether. I've used greet_pause on my home server for about a year with a pause of 31 seconds (some may consider this high), and it's blocked almost every zombie PC connection attempt with only one or two false positives. It's been a year since this feature came out, but either spammers don't consider it a widespread threat yet (most likely), or they don't want to sacrifice volume just to cope with artificially slow mail servers. Andy On Wednesday 25 May 2005 02:13 pm, Kevin Miller wrote: > Yeah, but by that time the spammers will have caught on, and we > decommission this and use some other trick. Which will last for about 2 > months, and the cycle repeats. Sigh... > > > ...Kevin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 25 23:12:39 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:48 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > I don't honestly think I can make a production service dependent upon a > global service that is provided by 1 system! > > I'm slightly surprised that anyone uses it as a serious resource. > > -- I am thinking iof ditching razor2 and DCC as well - i notice that every single spam that is stopped and detected by these ALWAYS has such a high spam score that DCC and razor2 would have made no difference anyway. Do these tools belong to a time when SA and its rulesets and MS wasnt as good at its job as it is now? > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed May 25 23:14:26 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:48 2006 Subject: spam actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We keep all the spam and quarrantine for 3 months. Absolutely cant wait until mailwatch type product that uses the AD credentials so the users can log in and see thier own spam and deal with it themselves. Kevin Miller wrote: > Dhawal Doshy wrote: > > >>Its quite safe to run a cron for clean up, mailscanner includes it >>own cron script to do that. As for mailwatch, you won't be able to >>view the message content of quarantined mails that don't exist >>anymore (though the rest being in the mysql db will work as usual). > > > Thanks Dhawal & Ugo! That rocks! > > Not worried about viewing messages that are gone - if users haven't missed > them by that time, they probably never will... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed May 25 23:25:11 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:48 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> >> I don't honestly think I can make a production service dependent upon a >> global service that is provided by 1 system! >> >> I'm slightly surprised that anyone uses it as a serious resource. >> >> -- > > > I am thinking iof ditching razor2 and DCC as well - i notice that every > single spam that is stopped and detected by these ALWAYS has such a high > spam score that DCC and razor2 would have made no difference anyway. > > Do these tools belong to a time when SA and its rulesets and MS wasnt as > good at its job as it is now? > I noticed that they could have made a difference in the recent german spam recently, for someone who didn't have Raymond's rules. After a few days, those plugins have started scoring enough to get tagged. BTW thanks Raymond :). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Thu May 26 02:05:29 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: Kevin Miller wrote: >William Burns wrote: > > >>Kevin: >> >>I get what you're saying about this only affecting your-own inbound >>mail, but it's useful to extrapolate. >>If every mail server on the planet behaves like yours, then all of >>*my* servers outbound mail is delayed for 10 seconds. >> >> > >Yeah, but by that time the spammers will have caught on, and we decommission >this and use some other trick. Which will last for about 2 months, and the >cycle repeats. Sigh... > > W/ the straight GreetPause strategy, you're right. On the other hand, a greylist strategy gives you similar advantages to GreetPause, but could make permanent inroads against SPAM. -Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 26 02:47:30 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: On May 25, 2005, at 1:54 PM, William Burns wrote: > For example, a mail server hosting very active mailing list(s) might > easily have to send 10 pieces of mail per second. If each copy of the > MTA got hung-up for 10 seconds for each piece of mail, then aside from > copies of the MTA actually doing work, there'd be another 100 instances > of the MTA in memory waiting for prompts. > > I'm glad that this feature will respect a whitelist in access.db. > That leaves open the possibility that someone could at least add on a > feature that culls mail logs for good IP addresses, and drops a > whitelist in the access.db file. > Without that, it seems like it'd cause a scalability issue for the > mail-carrying internet. Or wait for the heavy MTA that is trying to send you mail to notice "hmm, looks like they're using greet_delay", and they send you an email saying "can you give us an exception?" I would personally prefer to have such a postmaster _ask_ me for an exception, instead of trying to guess which heavy mail volumes I get are legit and which are not. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 26 02:55:51 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: On May 25, 2005, at 2:49 PM, Schmitt, Andy C - JHSS wrote: > > I've used greet_pause on my home server for about a year with a pause > of 31 > seconds (some may consider this high), and it's blocked almost every > zombie > PC connection attempt with only one or two false positives. I use 30 seconds, and I have had 2 false positives (.mac and one other). In the case of .mac, Apple's sysadmins decided to become RFC compliant. In the other case, which is run by a friend of a friend, they're still discussing it. Though, in that case, they got rejected the first time, and then the 2nd time they came through ... from a different IP address. I suspect they have their main server, handling high volume, set up to be impatient, and if that fails, they send the message out through a secondary server which is more patient. The only external exception I have made, "just in case" it ever comes up, is verizon. I have them set for 10 seconds. I heard their call-back interface times out at 18 seconds, so I thought I'd give a little bit of a window there for weirdness. Otherwise, I have been VERY happy with our success rate. (at work, we're a little more conservative, but it does produce noticeable results) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pascal.maes at ELEC.UCL.AC.BE Thu May 26 07:44:45 2005 From: pascal.maes at ELEC.UCL.AC.BE (Pascal Maes) Date: Thu Jan 12 21:29:48 2006 Subject: Spamassassin timed out - Results Message-ID: > >Date: Wed, 25 May 2005 19:19:10 +0530 >From: Dhawal Doshy >Subject: Re: Spamassassin timed out > >Pascal Maes wrote: >> Helo >ehlo >> >> Is there a way to have more informations about the reasons of the >> following failures ? >> >> MailScanner[5875]: SpamAssassin timed out and was killed, failure 7 of 20 >.. >> MailScanner[5875]: SpamAssassin timed out and was killed, failure 12 of 20 >> -- >> -- Pascal -- >> -- > >spamassassin -x -D -p /path/to/spam.assassin.prefs.conf --lint > >will show you the reason for the timeout.. probably a dns timeout or >something with your bayes > >- dhawal > > >Date: Wed, 25 May 2005 11:32:39 -0400 >From: Matt Kettler >Subject: Re: Spamassassin timed out > > >Usually this is just bayes auto-expiry running during a message scan. Look >where >your bayes DB is stored, if you have a bunch of "expire" files laying around >this is what's happening. > >Suggestions: >1) disable bayes_auto_expire in your /etc/mail/spamassassin/local.cf and >set up >a cronjob to run sa-learn --force-expire once a day. > >- and/or - > >2) Extend your SA timeout in MailScanner.conf to about 10 minutes. I've been >using SA since 2.31 and I've NEVER had it hang up on me. Every time >mailscanner >has killed my SA it did so in error. Maybe old versions (2.2, etc) had >problems >enforcing RBL timeouts, or on some odd platforms the problem exists, but I've >not seen it. > >Early on kills were common because MS had the same timeout as SA RBL >checks, so >any time an RBL was down the total SA run time exceeded the MS timeout (oops). >That Julian fixed, a long time ago. > >More recently kills have occurred largely because SA has a lot of long-running >database maintenance chores for bayes (and the AWL if you use it). This Julian >has somewhat addressed by increasing the default timeout, but if you've >upgraded >from an old version of MS, you probably still have the old short timeout. > > >Currently I run with 1) and I've extended the timeout to 4 minutes. > Thank for the suggeestions The --lint option shows me that it was a problem with the auto-expiry It is resolved by doing a sa-learn --force-expire -- -- Pascal -- -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 08:38:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: spam actions Message-ID: SMGateway is the answer to this, I believe. It will authenticate against AD, imap and pop for starters. On 25 May 2005, at 23:14, Peter Russell wrote: > We keep all the spam and quarrantine for 3 months. Absolutely cant > wait > until mailwatch type product that uses the AD credentials so the users > can log in and see thier own spam and deal with it themselves. > > Kevin Miller wrote: > >> Dhawal Doshy wrote: >> >> >> >>> Its quite safe to run a cron for clean up, mailscanner includes it >>> own cron script to do that. As for mailwatch, you won't be able to >>> view the message content of quarantined mails that don't exist >>> anymore (though the rest being in the mysql db will work as usual). >>> >> >> >> Thanks Dhawal & Ugo! That rocks! >> >> Not worried about viewing messages that are gone - if users >> haven't missed >> them by that time, they probably never will... >> >> ...Kevin >> -- >> Kevin Miller Registered Linux User No: 307357 >> CBJ MIS Dept. Network Systems Admin., Mail Admin. >> 155 South Seward Street ph: (907) 586-0242 >> Juneau, Alaska 99801 fax: (907 586-4500 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 09:02:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: I have just released beta version 4.42.4. The major new features are: - Fixed testvirus.org test #23 (empty MIME boundary test). - "Disarmed Modify Subject" and "Disarmed Subject Text" options added so you can tag the Subject: line if there are any HTML tags in the message that were disarmed. - "Spam Lists To Be Spam" threshold added so you can adjust the number of "Spam Lists" that include the message to cause the message to be marked as being spam. Previous versions had this parameter fixed at 1. - Completely new Panda support. - "Incoming Work Directory" is checked for the presence of links in its path. Download as usual from www.mailscanner.info. The full Change Log is here: 26/5/2005 New in Version 4.42.4 =============================== * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/ bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now provide the ability to alter the Subject: line if any HTML tags in the body of the message were disarmed (by having their "Allow .... Tags" set to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how many Spam Lists a message must appear in before it is considered to be spam. The default is 1 as that mimics the previous behaviour. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 09:11:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: block emails with no valid reverse DNS Message-ID: Hi just been digging around the 20_dnsbl_tests.cf for the SA setup and can across this RBL.. NO_DNS_FOR_FROM Envelope sender has no MX or A DNS records No idea if this is useful or not but it might do what you are are looking for. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Vasantha Narayanan wrote: > Thank you to all those who responded. I'm going to first give > "require_rdns" hack a try since this will inform the sender that their mail > was blocked. That way if there is a legitimate email that gets blocked, > they will be notified and they can get in touch with us if they want. If > that does not work for us, I'll give milter a try. > > Thanks. > > Vasantha > > > At 04:44 PM 5/24/2005 -0500, you wrote: > >> Vasantha Narayanan wrote: >> >>> Hi, >>> >>> I want to block emails from servers which do not have a valid reverse >>> DNS >>> lookup. I would like to be able to do this without using a DNSBL >>> server, >>> but merely using dns. Can you tell me: >>> 1. How this can be done using Sendmail? >>> 2. How can this be done using MailScanner? >>> >>> Thanks. >>> >>> Vasantha >> >> >> You can use this: >> >> HTH, >> >> -Doc >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> divert(-1) >> >> dnl ## NOTE: This M4 file is suitable for sendmail >> dnl ## 8.12.x . To use it with 8.10.x or 8.11.x, a one line >> dnl ## change is required. Comments indicate which lines >> dnl ## to change (to comment or uncomment) >> >> dnl ################################################################ >> dnl ## >> dnl ## This is a HACK to reject mail from connecting clients >> dnl ## without proper rDNS (reverse DNS), functional >> dnl ## gethostbyaddr() resolution. >> dnl ## >> dnl ## Use as: >> dnl ## >> dnl ## HACK(require_rdns) >> dnl ## >> dnl ## An optional second argument is available, and must be >> dnl ## either `OK' or `REJECT'. With the second argument, >> dnl ## the decision to reject depends on the recipient, and >> dnl ## is based on access table entries for that recipient. >> dnl ## The second argument gives the default assumed for >> dnl ## recipients without access table entries. Currently, >> dnl ## only the first letter of the second argument is >> dnl ## checked. >> dnl ## >> dnl ## Note that the second argument makes no sense unless >> dnl ## FEATURE(`delay_checks') is also in effect. It is >> dnl ## best for the `delay_check' line to come first. This >> dnl ## is not strictly required, but will avoid a warning >> dnl ## message. >> dnl ## >> dnl ## The basis policy is to reject message with a 5xx >> dnl ## error if the IP address fails to resolve. However, >> dnl ## if this is a temporary failure, a 4xx temporary >> dnl ## failure is returned. If the look succeeds, but >> dnl ## returns an apparently forged value, this is treated >> dnl ## as a temporary failure with a 4xx error code. >> dnl ## >> dnl ## EXCEPTIONS: >> dnl ## >> dnl ## Exceptions based on access entries are discussed >> dnl ## below. Any IP address matched using $=R (the >> dnl ## "relay-domains" file) is excepted from the rules. >> dnl ## Since we have explicitely allowed relaying for this >> dnl ## host, based on IP address, we ignore the rDNS >> dnl ## failure. >> dnl ## >> dnl ## The philosophical assumption here is that most users >> dnl ## do not control their rDNS. They should be able to >> dnl ## send mail through their ISP, whether or not they have >> dnl ## valid rDNS. The class $=R, roughly speaking, >> dnl ## contains those IP addresses and address ranges for >> dnl ## which we are the ISP, or are acting as if the ISP. >> dnl ## >> dnl ## If `delay_checks' is in effect (recommended), then >> dnl ## any sender who has authenticated is also excepted >> dnl ## from the restrictions. This happens because the >> dnl ## rules produced by this HACK() will not be applied to >> dnl ## authenticated senders (assuming `delay_checks'). >> dnl ## >> dnl ## ACCESS MAP ENTRIES: >> dnl ## >> dnl ## Per-user entries: >> dnl ## >> dnl ## The per-user entries are of the form >> dnl ## rdns:user OK >> dnl ## where the RHS should be `OK' or `REJECT'. If `OK' is >> dnl ## used, mail addressed to this user is not blocked on >> dnl ## rDNS problems. If the value is `REJECT', it is >> dnl ## checked. The second argument to the HACK() enables >> dnl ## this feature, and provides the default for users with >> dnl ## no entry. >> dnl ## >> dnl ## Note that the user in "rdns:user" is the user part in >> dnl ## the mailer triple after address parsing. For a >> dnl ## virtual address, this will be the user after >> dnl ## virtusertable processing. If the mail is addressed >> dnl ## to "user+detail" the "+detail" is stripped before >> dnl ## this checking. >> dnl ## >> dnl ## If the recipient is on another host, then the key >> >> dnl ## actually looked up is "rdns:@host." with the "host" >> dnl ## being the destination to which we will send it. In >> dnl ## some cases, this might come from a mailertable >> dnl ## entry. It is not possible to individuate the >> dnl ## decision for remote recipients. Note that the "." >> dnl ## might be needed after the hostname. It is best to >> dnl ## use the output of >> dnl ## echo "/parse address" | sendmail -bt >> dnl ## to decide what goes in the access map. >> dnl ## >> dnl ## IP address entries: >> dnl ## >> dnl ## Entries such as >> dnl ## rdns:1.2.3 OK >> dnl ## 1.2.3.4 OK >> dnl ## 1.2 RELAY >> dnl ## will whitelist IP address 1.2.3.4, so that the rDNS >> dnl ## blocking does apply to that IP address >> dnl ## >> dnl ## Entries such as >> dnl ## rdns:1.2.3 REJECT >> dnl ## 1.2.3.4 REJECT >> dnl ## will have the effect of forcing a temporary failure >> dnl ## for that address to be treated as a permanent >> dnl ## failure. >> dnl ## >> dnl ################################################################ >> >> divert(0)dnl >> VERSIONID(`$Id: require_rdns.m4,v 1.7 2003/06/13 03:59:16 rickert Exp $') >> divert(-1) >> >> define(`_REQUIRE_RDNS_', >> ifelse(defn(`_ARG_'), `', `', >> lower(substr(_ARG_,0,1)), `o', `OK', >> lower(substr(_ARG_,0,1)), `r', `REJECT', >> `errprint(`*** Bad argument _ARG_ for require_rdns')')) >> >> ifelse(_REQUIRE_RDNS_,`',`', >> ifdef(`_DELAY_CHECKS_',`', >> ``errprint(`*** Warning: Optional argument to require_rdns needs >> delay_checks >> ')'' >> )) >> >> PUSHDIVERT(9)dnl >> SLocal_check_relay >> ifelse(_REQUIRE_RDNS_,`',dnl >> R$* $| $* $:$2 <$&{client_resolve}> >> ,dnl >> R$* $| $* $:$2 <$&{client_resolve}> $&{rcpt_addr} >> )dnl >> R$*$* $@OK Resolves. >> R$=R $* <$*>$* $@RELAY We relay for these >> ifelse(_REQUIRE_RDNS_,`',`',dnl >> R$*<$*>$+@$+ $:$1<$2>@$&{rcpt_host} use @host for >> remote >> R$*<$*>$+ + $* $:$1<$2>$3 remove +detail >> R$*<$*>$+ `$:$1<$2>$(access rdns:$3 $:' _REQUIRE_RDNS_ >> `$)' Check rcpt >> )dnl >> ifelse(_REQUIRE_RDNS_, `REJECT',dnl >> `R$*<$*>$={Accept} $@ $3 Bypass for this recipient >> ', _REQUIRE_RDNS_, `OK',dnl >> `R$*<$*>REJECT $:$1<$2> mark rejections >> R$*<$*>$+ $@OK bypass for others >> ',`')dnl >> dnl ### The next line is sendmail version dependent >> dnl ### Use this (with LookUpAddress)for sendmail-8.10 and 8.11 >> dnl`'R$+<$*>$* $:$1 $>LookUpAddress <$1> <$2> <+ >> rdns> >> dnl ### but use to following, instead, for 8.12 >> R$+<$*>$* $:$1 $>A <$1> <+ rdns> <$2> >> dnl ### end of version dependent text >> R$*<$={Accept}><$+> $@ $2 OK or RELAY - whitelisted >> R$*<$*> $: $1 REJECT - treat >> tempfail as >> fail >> R$* $#error $@ 5.7.1 $: 550 Fix reverse DNS for >> $1, or >> use your ISP server >> R$* $#error $@ 4.1.8 $: 451 Client IP address $1 does >> not resolve >> R$* $#error $@ 4.1.8 $: 451 Possibly forged hostname >> for $1 >> POPDIVERT >> undefine(`_REQUIRE_RDNS_')dnl >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV > Vasantha Narayanan > Networking and Systems email: vnarayan@haverford.edu > Haverford College, PA Phone: > 610-896-1110 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Thu May 26 09:27:58 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:29:48 2006 Subject: latest sophos broken? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, just tested sophos 3.94 (linux/intel_libc6_glib2_2) with sophossavi and the same message occurs : SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538): The sophos-wrapper/autoupdate works fine here. Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 09:30:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: Julian problem .. May 26 09:27:35 towers MailScanner[76870]: Syntax error(s) in configuration file: May 26 09:27:35 towers MailScanner[76870]: Unrecognised keyword "disarmedsubjecttext" at line 1142 checked that line and it's.. Disarmed Subject Text = {Disarmed} which is what is should be I guess.. I've rolled back tp 4.42-2 in the mean time... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just released beta version 4.42.4. > > The major new features are: > > - Fixed testvirus.org test #23 (empty MIME boundary test). > - "Disarmed Modify Subject" and "Disarmed Subject Text" options added > so you can tag the Subject: line if there are any HTML tags in the > message that were disarmed. > - "Spam Lists To Be Spam" threshold added so you can adjust the > number of "Spam Lists" that include the message to cause the message > to be marked as being spam. Previous versions had this parameter > fixed at 1. > - Completely new Panda support. > - "Incoming Work Directory" is checked for the presence of links in > its path. > > Download as usual from www.mailscanner.info. > > The full Change Log is here: > > 26/5/2005 New in Version 4.42.4 > =============================== > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate > from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ > bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in > the > body of the message were disarmed (by having their "Allow .... > Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered > to be > spam. The default is 1 as that mimics the previous behaviour. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 09:36:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: spam actions Message-ID: Kevin basically yes yes it's OT yes you can run the clean_quarantine script and the DB won't care yes you need to manage the data in the mysql DB as well.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Kevin Miller wrote: > I've always forwarded my spam to an account on my exchange server > (alphonse_spamdog) so I can forward false positives, and such. But now I've > installed MailWatch, so have the quarantine dir on my linux box which was > previously unused. I delete anything older than 2 weeks on Exchange but > have to do that manually. On the linux gateway is it safe to just run a > cronjob to get rid of old messages? What will that do to MailWatch/mysql? > Will it care? > > Hope this isn't too off topic... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 10:14:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: Please can you check you /usr/lib/MailScanner/MailScanner/ ConfigDefs.pl file. grep -i disarm should produce disarmprependsubject = disarmedmodifysubject disarmsubjecttext = disarmedsubjecttext DisarmPrependSubject 1 no 0 yes 1 DisarmSubectText {Disarmed} AllowIFrameTags 0 no 0 yes 1 disarm convert AllowFormTags 0 no 0 yes 1 disarm convert AllowObjectTags 0 no 0 yes 1 disarm convert AllowScriptTags 0 no 0 yes 1 disarm convert AllowWebBugTags 1 yes 1 disarm convert The important lines are the first 4. What does yours say? On 26 May 2005, at 09:30, Martin Hepworth wrote: > Julian > > problem .. > > May 26 09:27:35 towers MailScanner[76870]: Syntax error(s) in > configuration file: > May 26 09:27:35 towers MailScanner[76870]: Unrecognised keyword > "disarmedsubjecttext" at line 1142 > > checked that line and it's.. > > Disarmed Subject Text = {Disarmed} > > which is what is should be I guess.. > > I've rolled back tp 4.42-2 in the mean time... > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> I have just released beta version 4.42.4. >> >> The major new features are: >> >> - Fixed testvirus.org test #23 (empty MIME boundary test). >> - "Disarmed Modify Subject" and "Disarmed Subject Text" options added >> so you can tag the Subject: line if there are any HTML tags in the >> message that were disarmed. >> - "Spam Lists To Be Spam" threshold added so you can adjust the >> number of "Spam Lists" that include the message to cause the message >> to be marked as being spam. Previous versions had this parameter >> fixed at 1. >> - Completely new Panda support. >> - "Incoming Work Directory" is checked for the presence of links in >> its path. >> >> Download as usual from www.mailscanner.info. >> >> The full Change Log is here: >> >> 26/5/2005 New in Version 4.42.4 >> =============================== >> * New Features and Improvements * >> - Now automatically detects and warns if the "Incoming Work >> Directory" >> setting contains any links. It also corrects the path (but not >> in the >> MailScanner.conf file) and continues to work properly. >> - Added support for Sophos 3.93.2. You must use the sophos-autoupdate >> from >> this version if you want Sophos to work (both the sophos and >> sophossavi >> scanner settings). >> - Tar and RPM distribution installation scripts now look for gtar >> if GNU >> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >> bin/perl >> point to the same place. >> - SophosSAVI errors are detected as if they were viruses, and are not >> ignored. >> - Panda support completely reimplemented a lot better by Rick Cooper. >> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >> latest >> releases. >> - New options "Disarmed Modify Subject" and "Disarmed Subject >> Text" now >> provide the ability to alter the Subject: line if any HTML tags in >> the >> body of the message were disarmed (by having their "Allow .... >> Tags" set >> to "disarm". This is switched on by default. >> - New option "Spam Lists To Be Spam" now provides the ability to >> set how >> many Spam Lists a message must appear in before it is considered >> to be >> spam. The default is 1 as that mimics the previous behaviour. >> >> * Fixes* >> - Fixed problem that could cause harmless header files to be left >> in the >> temporary working directories when using Postfix. >> - Fixed problem where attachment size checks were made on the >> contents of >> zip files and not just the zip files themselves. >> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >> occasionally. >> - No longer import missing whine method from MIME-tools. >> - Fixed problems with incomplete reporting of viruses in zip files. >> - Fixed problem with "Delete" MCP action not being logged in syslog. >> - Fixed problem with the "null MIME boundary" vulnerability test. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 10:22:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: Julian Mine's in /opt/MailScanner/lib/MailScanner as I'm on FreeBSD running the tar.gz generic version.... disarmprependsubject = disarmedmodifysubject disarmsubjecttext = disarmedsubjecttext DisarmPrependSubject 1 no 0 yes 1 DisarmSubectText {Disarmed} AllowIFrameTags 0 no 0 yes 1 disarm convert AllowFormTags 0 no 0 yes 1 disarm convert AllowObjectTags 0 no 0 yes 1 disarm convert AllowScriptTags 0 no 0 yes 1 disarm convert AllowWebBugTags 1 yes 1 disarm convert Can't spot anything different.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Please can you check you /usr/lib/MailScanner/MailScanner/ > ConfigDefs.pl file. > > grep -i disarm > > should produce > > disarmprependsubject = disarmedmodifysubject > disarmsubjecttext = disarmedsubjecttext > DisarmPrependSubject 1 no 0 yes 1 > DisarmSubectText {Disarmed} > AllowIFrameTags 0 no 0 yes 1 > disarm convert > AllowFormTags 0 no 0 yes 1 > disarm convert > AllowObjectTags 0 no 0 yes 1 > disarm convert > AllowScriptTags 0 no 0 yes 1 > disarm convert > AllowWebBugTags 1 yes 1 disarm convert > > The important lines are the first 4. What does yours say? > > On 26 May 2005, at 09:30, Martin Hepworth wrote: > >> Julian >> >> problem .. >> >> May 26 09:27:35 towers MailScanner[76870]: Syntax error(s) in >> configuration file: >> May 26 09:27:35 towers MailScanner[76870]: Unrecognised keyword >> "disarmedsubjecttext" at line 1142 >> >> checked that line and it's.. >> >> Disarmed Subject Text = {Disarmed} >> >> which is what is should be I guess.. >> >> I've rolled back tp 4.42-2 in the mean time... >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> I have just released beta version 4.42.4. >>> >>> The major new features are: >>> >>> - Fixed testvirus.org test #23 (empty MIME boundary test). >>> - "Disarmed Modify Subject" and "Disarmed Subject Text" options added >>> so you can tag the Subject: line if there are any HTML tags in the >>> message that were disarmed. >>> - "Spam Lists To Be Spam" threshold added so you can adjust the >>> number of "Spam Lists" that include the message to cause the message >>> to be marked as being spam. Previous versions had this parameter >>> fixed at 1. >>> - Completely new Panda support. >>> - "Incoming Work Directory" is checked for the presence of links in >>> its path. >>> >>> Download as usual from www.mailscanner.info. >>> >>> The full Change Log is here: >>> >>> 26/5/2005 New in Version 4.42.4 >>> =============================== >>> * New Features and Improvements * >>> - Now automatically detects and warns if the "Incoming Work >>> Directory" >>> setting contains any links. It also corrects the path (but not >>> in the >>> MailScanner.conf file) and continues to work properly. >>> - Added support for Sophos 3.93.2. You must use the sophos-autoupdate >>> from >>> this version if you want Sophos to work (both the sophos and >>> sophossavi >>> scanner settings). >>> - Tar and RPM distribution installation scripts now look for gtar >>> if GNU >>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >>> bin/perl >>> point to the same place. >>> - SophosSAVI errors are detected as if they were viruses, and are not >>> ignored. >>> - Panda support completely reimplemented a lot better by Rick Cooper. >>> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >>> latest >>> releases. >>> - New options "Disarmed Modify Subject" and "Disarmed Subject >>> Text" now >>> provide the ability to alter the Subject: line if any HTML tags in >>> the >>> body of the message were disarmed (by having their "Allow .... >>> Tags" set >>> to "disarm". This is switched on by default. >>> - New option "Spam Lists To Be Spam" now provides the ability to >>> set how >>> many Spam Lists a message must appear in before it is considered >>> to be >>> spam. The default is 1 as that mimics the previous behaviour. >>> >>> * Fixes* >>> - Fixed problem that could cause harmless header files to be left >>> in the >>> temporary working directories when using Postfix. >>> - Fixed problem where attachment size checks were made on the >>> contents of >>> zip files and not just the zip files themselves. >>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>> occasionally. >>> - No longer import missing whine method from MIME-tools. >>> - Fixed problems with incomplete reporting of viruses in zip files. >>> - Fixed problem with "Delete" MCP action not being logged in syslog. >>> - Fixed problem with the "null MIME boundary" vulnerability test. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 11:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: Is 4.42.4 working for anyone else? On 26 May 2005, at 10:22, Martin Hepworth wrote: > Julian > > Mine's in /opt/MailScanner/lib/MailScanner as I'm on FreeBSD > running the > tar.gz generic version.... > > disarmprependsubject = disarmedmodifysubject > disarmsubjecttext = disarmedsubjecttext > DisarmPrependSubject 1 no 0 yes 1 > DisarmSubectText {Disarmed} > AllowIFrameTags 0 no 0 yes 1 disarm > convert > AllowFormTags 0 no 0 yes 1 disarm > convert > AllowObjectTags 0 no 0 yes 1 disarm > convert > AllowScriptTags 0 no 0 yes 1 disarm > convert > AllowWebBugTags 1 yes 1 disarm convert > > Can't spot anything different.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Please can you check you /usr/lib/MailScanner/MailScanner/ >> ConfigDefs.pl file. >> >> grep -i disarm >> >> should produce >> >> disarmprependsubject = disarmedmodifysubject >> disarmsubjecttext = disarmedsubjecttext >> DisarmPrependSubject 1 no 0 yes 1 >> DisarmSubectText {Disarmed} >> AllowIFrameTags 0 no 0 yes 1 >> disarm convert >> AllowFormTags 0 no 0 yes 1 >> disarm convert >> AllowObjectTags 0 no 0 yes 1 >> disarm convert >> AllowScriptTags 0 no 0 yes 1 >> disarm convert >> AllowWebBugTags 1 yes 1 disarm convert >> >> The important lines are the first 4. What does yours say? >> >> On 26 May 2005, at 09:30, Martin Hepworth wrote: >> >> >>> Julian >>> >>> problem .. >>> >>> May 26 09:27:35 towers MailScanner[76870]: Syntax error(s) in >>> configuration file: >>> May 26 09:27:35 towers MailScanner[76870]: Unrecognised keyword >>> "disarmedsubjecttext" at line 1142 >>> >>> checked that line and it's.. >>> >>> Disarmed Subject Text = {Disarmed} >>> >>> which is what is should be I guess.. >>> >>> I've rolled back tp 4.42-2 in the mean time... >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Julian Field wrote: >>> >>> >>>> I have just released beta version 4.42.4. >>>> >>>> The major new features are: >>>> >>>> - Fixed testvirus.org test #23 (empty MIME boundary test). >>>> - "Disarmed Modify Subject" and "Disarmed Subject Text" options >>>> added >>>> so you can tag the Subject: line if there are any HTML tags in the >>>> message that were disarmed. >>>> - "Spam Lists To Be Spam" threshold added so you can adjust the >>>> number of "Spam Lists" that include the message to cause the >>>> message >>>> to be marked as being spam. Previous versions had this parameter >>>> fixed at 1. >>>> - Completely new Panda support. >>>> - "Incoming Work Directory" is checked for the presence of links in >>>> its path. >>>> >>>> Download as usual from www.mailscanner.info. >>>> >>>> The full Change Log is here: >>>> >>>> 26/5/2005 New in Version 4.42.4 >>>> =============================== >>>> * New Features and Improvements * >>>> - Now automatically detects and warns if the "Incoming Work >>>> Directory" >>>> setting contains any links. It also corrects the path (but not >>>> in the >>>> MailScanner.conf file) and continues to work properly. >>>> - Added support for Sophos 3.93.2. You must use the sophos- >>>> autoupdate >>>> from >>>> this version if you want Sophos to work (both the sophos and >>>> sophossavi >>>> scanner settings). >>>> - Tar and RPM distribution installation scripts now look for gtar >>>> if GNU >>>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ >>>> bin/perl >>>> point to the same place. >>>> - SophosSAVI errors are detected as if they were viruses, and >>>> are not >>>> ignored. >>>> - Panda support completely reimplemented a lot better by Rick >>>> Cooper. >>>> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >>>> latest >>>> releases. >>>> - New options "Disarmed Modify Subject" and "Disarmed Subject >>>> Text" now >>>> provide the ability to alter the Subject: line if any HTML >>>> tags in >>>> the >>>> body of the message were disarmed (by having their "Allow .... >>>> Tags" set >>>> to "disarm". This is switched on by default. >>>> - New option "Spam Lists To Be Spam" now provides the ability to >>>> set how >>>> many Spam Lists a message must appear in before it is considered >>>> to be >>>> spam. The default is 1 as that mimics the previous behaviour. >>>> >>>> * Fixes* >>>> - Fixed problem that could cause harmless header files to be left >>>> in the >>>> temporary working directories when using Postfix. >>>> - Fixed problem where attachment size checks were made on the >>>> contents of >>>> zip files and not just the zip files themselves. >>>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>>> occasionally. >>>> - No longer import missing whine method from MIME-tools. >>>> - Fixed problems with incomplete reporting of viruses in zip files. >>>> - Fixed problem with "Delete" MCP action not being logged in >>>> syslog. >>>> - Fixed problem with the "null MIME boundary" vulnerability test. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu May 26 12:11:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:48 2006 Subject: spam actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] YEah i know - but it doesnt display the quarrantine or spam that is stored for that user. This is IMO the largest feature that SM or MS (or mailwatch) dont current have. Julian Field wrote: > SMGateway is the answer to this, I believe. It will authenticate > against AD, imap and pop for starters. > > On 25 May 2005, at 23:14, Peter Russell wrote: > >> We keep all the spam and quarrantine for 3 months. Absolutely cant >> wait >> until mailwatch type product that uses the AD credentials so the users >> can log in and see thier own spam and deal with it themselves. >> >> Kevin Miller wrote: >> >>> Dhawal Doshy wrote: >>> >>> >>> >>>> Its quite safe to run a cron for clean up, mailscanner includes it >>>> own cron script to do that. As for mailwatch, you won't be able to >>>> view the message content of quarantined mails that don't exist >>>> anymore (though the rest being in the mysql db will work as usual). >>>> >>> >>> >>> Thanks Dhawal & Ugo! That rocks! >>> >>> Not worried about viewing messages that are gone - if users >>> haven't missed >>> them by that time, they probably never will... >>> >>> ...Kevin >>> -- >>> Kevin Miller Registered Linux User No: 307357 >>> CBJ MIS Dept. Network Systems Admin., Mail Admin. >>> 155 South Seward Street ph: (907) 586-0242 >>> Juneau, Alaska 99801 fax: (907 586-4500 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Thu May 26 12:13:04 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel Kendrick) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: I now have a 'standby' server I can put it on within the hour if that helps...? Nigel On Thu, 2005-05-26 at 11:54 +0100, Julian Field wrote: > Is 4.42.4 working for anyone else? > > On 26 May 2005, at 10:22, Martin Hepworth wrote: > > > Julian > > > > Mine's in /opt/MailScanner/lib/MailScanner as I'm on FreeBSD > > running the > > tar.gz generic version.... > > > > disarmprependsubject = disarmedmodifysubject > > disarmsubjecttext = disarmedsubjecttext > > DisarmPrependSubject 1 no 0 yes 1 > > DisarmSubectText {Disarmed} > > AllowIFrameTags 0 no 0 yes 1 disarm > > convert > > AllowFormTags 0 no 0 yes 1 disarm > > convert > > AllowObjectTags 0 no 0 yes 1 disarm > > convert > > AllowScriptTags 0 no 0 yes 1 disarm > > convert > > AllowWebBugTags 1 yes 1 disarm convert > > > > Can't spot anything different.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Julian Field wrote: > > > >> Please can you check you /usr/lib/MailScanner/MailScanner/ > >> ConfigDefs.pl file. > >> > >> grep -i disarm > >> > >> should produce > >> > >> disarmprependsubject = disarmedmodifysubject > >> disarmsubjecttext = disarmedsubjecttext > >> DisarmPrependSubject 1 no 0 yes 1 > >> DisarmSubectText {Disarmed} > >> AllowIFrameTags 0 no 0 yes 1 > >> disarm convert > >> AllowFormTags 0 no 0 yes 1 > >> disarm convert > >> AllowObjectTags 0 no 0 yes 1 > >> disarm convert > >> AllowScriptTags 0 no 0 yes 1 > >> disarm convert > >> AllowWebBugTags 1 yes 1 disarm convert > >> > >> The important lines are the first 4. What does yours say? > >> > >> On 26 May 2005, at 09:30, Martin Hepworth wrote: > >> > >> > >>> Julian > >>> > >>> problem .. > >>> > >>> May 26 09:27:35 towers MailScanner[76870]: Syntax error(s) in > >>> configuration file: > >>> May 26 09:27:35 towers MailScanner[76870]: Unrecognised keyword > >>> "disarmedsubjecttext" at line 1142 > >>> > >>> checked that line and it's.. > >>> > >>> Disarmed Subject Text = {Disarmed} > >>> > >>> which is what is should be I guess.. > >>> > >>> I've rolled back tp 4.42-2 in the mean time... > >>> > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>> > >>> Julian Field wrote: > >>> > >>> > >>>> I have just released beta version 4.42.4. > >>>> > >>>> The major new features are: > >>>> > >>>> - Fixed testvirus.org test #23 (empty MIME boundary test). > >>>> - "Disarmed Modify Subject" and "Disarmed Subject Text" options > >>>> added > >>>> so you can tag the Subject: line if there are any HTML tags in the > >>>> message that were disarmed. > >>>> - "Spam Lists To Be Spam" threshold added so you can adjust the > >>>> number of "Spam Lists" that include the message to cause the > >>>> message > >>>> to be marked as being spam. Previous versions had this parameter > >>>> fixed at 1. > >>>> - Completely new Panda support. > >>>> - "Incoming Work Directory" is checked for the presence of links in > >>>> its path. > >>>> > >>>> Download as usual from www.mailscanner.info. > >>>> > >>>> The full Change Log is here: > >>>> > >>>> 26/5/2005 New in Version 4.42.4 > >>>> =============================== > >>>> * New Features and Improvements * > >>>> - Now automatically detects and warns if the "Incoming Work > >>>> Directory" > >>>> setting contains any links. It also corrects the path (but not > >>>> in the > >>>> MailScanner.conf file) and continues to work properly. > >>>> - Added support for Sophos 3.93.2. You must use the sophos- > >>>> autoupdate > >>>> from > >>>> this version if you want Sophos to work (both the sophos and > >>>> sophossavi > >>>> scanner settings). > >>>> - Tar and RPM distribution installation scripts now look for gtar > >>>> if GNU > >>>> tar was not found, and is happy if /usr/local/bin/perl and /usr/ > >>>> bin/perl > >>>> point to the same place. > >>>> - SophosSAVI errors are detected as if they were viruses, and > >>>> are not > >>>> ignored. > >>>> - Panda support completely reimplemented a lot better by Rick > >>>> Cooper. > >>>> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to > >>>> latest > >>>> releases. > >>>> - New options "Disarmed Modify Subject" and "Disarmed Subject > >>>> Text" now > >>>> provide the ability to alter the Subject: line if any HTML > >>>> tags in > >>>> the > >>>> body of the message were disarmed (by having their "Allow .... > >>>> Tags" set > >>>> to "disarm". This is switched on by default. > >>>> - New option "Spam Lists To Be Spam" now provides the ability to > >>>> set how > >>>> many Spam Lists a message must appear in before it is considered > >>>> to be > >>>> spam. The default is 1 as that mimics the previous behaviour. > >>>> > >>>> * Fixes* > >>>> - Fixed problem that could cause harmless header files to be left > >>>> in the > >>>> temporary working directories when using Postfix. > >>>> - Fixed problem where attachment size checks were made on the > >>>> contents of > >>>> zip files and not just the zip files themselves. > >>>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P > >>>> occasionally. > >>>> - No longer import missing whine method from MIME-tools. > >>>> - Fixed problems with incomplete reporting of viruses in zip files. > >>>> - Fixed problem with "Delete" MCP action not being logged in > >>>> syslog. > >>>> - Fixed problem with the "null MIME boundary" vulnerability test. > >>>> > >>>> -- > >>>> Julian Field > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>> > >>> ******************************************************************** > >>> ** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity to whom they > >>> are addressed. If you have received this email in error please > >>> notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> ******************************************************************** > >>> ** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Thu May 26 12:39:09 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel Kendrick) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: Julian, I've just installed the beta on a Dual PIII-450 running CentOS4 - I get exactly the same error as Martin. Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Thu May 26 12:30:35 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:48 2006 Subject: Performance Issues Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > On Behalf Of Martin Hepworth > Sent: 23 May 2005 15:46 > > Outgoing Queue Dir = /var/spool/exim.out/input/* > > Assumming that works? That was the problem I hit last week, as the outgoing directory definition didn't allow for multiple outgoing queues. Not too sure whether this works for exim too, but what I ended up doing in custom function for this was as follows: package MailScanner::CustomConfig; # SS_select_outqueue - custom function to select an outqueue for MailScanner # based on when there might be several subdirectories to choose from, notably # for sendmail using split queues. # # Usage: # Outgoing Queue Directory = &SS_select_outqueue( [, verbose output] ) # # Example: # Outgoing Queue Directory = &SS_select_outqueue('/var/spool/mqueue/q.*') # Outgoing Queue Directory = &SS_select_outqueue('/var/spool/mqueue/q.*', 'v') # # Accepts the same format as the "Incoming Queue Directory" configuration. # NOTE: we cannot handle directories which use xf, tf, qf - that would # have to be done in the main MailScanner code ... use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s use vars qw($VERSION); use FileHandle; ### The package version, both in 1.23 style *and* usable by MakeMaker: $VERSION = substr q$Revision: 1.3 $, 10; my $SS_directory_default = '/var/spool/mqueue'; my @SS_queue_directory; my $SS_queue_directory_verbose = 0; my $SS_queue_directory_total = 0; my $SS_queue_directory_current = 0; # Initialisation, based on Config::ReadInQueueDir to handle same parameters sub InitSS_select_outqueue { my $tainted = $_[0]; # PercentVars/$ENV were done before function call! $SS_queue_directory_verbose = $_[1]; $tainted =~ /(.*)/; my $path = $1; if ($path eq '') { push @SS_queue_directory, $SS_directory_default; } elsif ($path =~ /[\?\*]/) { my @list = glob($path); push @SS_queue_directory, @list; } elsif (-d $path) { push @SS_queue_directory, $path; } elsif (-f $path) { my $listh = new FileHandle; $listh->open("<$path"); while (<$listh>) { chomp; s/^#.*$//; s/^\s*//; s/\s*$//; /^(.*)$/; next if $1 eq ""; my $dir = $1; $dir = MailScanner::Config::DoPercentVars($dir); $dir =~ s/\$\{?(\w+)\}?/$ENV{$1}/g; if ($dir =~ /[\?\*]/) { my @list = glob($dir); push @SS_queue_directory, @list; next; } unless (-d $dir) { next; } push @SS_queue_directory, $dir; } $listh->close(); } unless ($SS_queue_directory_total = scalar(@SS_queue_directory)) { MailScanner::Log::DieLog("No outgoing queue directories identified for '%s'", $path); } MailScanner::Log::WarnLog("Outgoing queues ready, %s in total: %s", $SS_queue_directory_total, join(',',@SS_queue_directory)) if $SS_queue_directory_verbose; } sub EndSS_select_outqueue { } sub SS_select_outqueue { my ($m) = @_; $SS_queue_directory_current = 0 if $SS_queue_directory_current == $SS_queue_directory_total; MailScanner::Log::WarnLog("Outgoing queue selected: %s for %s", $SS_queue_directory[$SS_queue_directory_current], ($m->{id}?$m->{id}:'(none)')) if $SS_queue_directory_verbose; return $SS_queue_directory[$SS_queue_directory_current++]; } 1; This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for all known viruses and dangerous content by StreamShield Protector, and has been found to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 12:55:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: Nigel oh good, its not me doing something stupid with the install/upgrade then. (This is something I normally attribute to a problem between the chair and keyboard :-) But bad for Jules as he now as to scratch his head.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Nigel Kendrick wrote: > Julian, > > I've just installed the beta on a Dual PIII-450 running CentOS4 - I get > exactly the same error as Martin. > > Nigel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu May 26 12:55:56 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Please can you check you /usr/lib/MailScanner/MailScanner/ > ConfigDefs.pl file. > > grep -i disarm > should produce > > disarmprependsubject = disarmedmodifysubject > disarmsubjecttext = disarmedsubjecttext > DisarmPrependSubject 1 no 0 yes 1 > DisarmSubectText {Disarmed} > There's a "j" missing in the last line - DisarmSub*j*ectText It works perfectly after that... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Thu May 26 12:57:23 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel Kendrick) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: Make that CentOS 3.3 for this server. Nigel On Thu, 2005-05-26 at 12:39 +0100, Nigel Kendrick wrote: > Julian, > > I've just installed the beta on a Dual PIII-450 running CentOS4 - I get > exactly the same error as Martin. > > Nigel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 13:00:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: John well spotted - confirmed this is the issue and fix. I'll go and clean my glasses now :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 John Wilcock wrote: > Julian Field wrote: > >> Please can you check you /usr/lib/MailScanner/MailScanner/ >> ConfigDefs.pl file. >> >> grep -i disarm >> should produce >> >> disarmprependsubject = disarmedmodifysubject >> disarmsubjecttext = disarmedsubjecttext >> DisarmPrependSubject 1 no 0 yes 1 >> DisarmSubectText {Disarmed} >> > > There's a "j" missing in the last line - DisarmSub*j*ectText > It works perfectly after that... > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 26 13:11:12 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:48 2006 Subject: OT: Milter-Sender and Gmail Message-ID: I think I've seen some other MailScanner users mention they are also using milter-sender. If so, has anyone seen any recent problems with gmail.com? In the debug, it looks to me like gmail.com is responding ok when asked about the sender but milter-sender seems to be expecting something else and just times out waiting. I think maybe it's expecting the email address being asked about to be in the 250 Ok response which I see with other systems but not gmail.com. I emailed the milter sender list but haven't gotten a response yet but I'm just curious if anyone else is seeing this. If you grep for "lost input channel from zproxy.gmail.com" in your logs then that would be it. We used to be getting gmail.com mail but because of this issue, it's stopped and I only keep logs for 14 days and it was only yesterday that a user mentioned it. Thanks Bobby Rose MSIS Network Operations Wayne State University School of Medicine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu May 26 13:17:02 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:48 2006 Subject: Milter-Sender and Gmail Message-ID: Yes...I had to make an /etc/mail/access entry for gmail to be able to come in. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Thursday, May 26, 2005 7:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Milter-Sender and Gmail I think I've seen some other MailScanner users mention they are also using milter-sender. If so, has anyone seen any recent problems with gmail.com? In the debug, it looks to me like gmail.com is responding ok when asked about the sender but milter-sender seems to be expecting something else and just times out waiting. I think maybe it's expecting the email address being asked about to be in the 250 Ok response which I see with other systems but not gmail.com. I emailed the milter sender list but haven't gotten a response yet but I'm just curious if anyone else is seeing this. If you grep for "lost input channel from zproxy.gmail.com" in your logs then that would be it. We used to be getting gmail.com mail but because of this issue, it's stopped and I only keep logs for 14 days and it was only yesterday that a user mentioned it. Thanks Bobby Rose MSIS Network Operations Wayne State University School of Medicine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu May 26 13:18:20 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:48 2006 Subject: Milter-Sender and Gmail Message-ID: Oops :) In /etc/mail/access: GreetPause:google.com 0 GreetPause:gmail.com 0 Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Thursday, May 26, 2005 7:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Milter-Sender and Gmail I think I've seen some other MailScanner users mention they are also using milter-sender. If so, has anyone seen any recent problems with gmail.com? In the debug, it looks to me like gmail.com is responding ok when asked about the sender but milter-sender seems to be expecting something else and just times out waiting. I think maybe it's expecting the email address being asked about to be in the 250 Ok response which I see with other systems but not gmail.com. I emailed the milter sender list but haven't gotten a response yet but I'm just curious if anyone else is seeing this. If you grep for "lost input channel from zproxy.gmail.com" in your logs then that would be it. We used to be getting gmail.com mail but because of this issue, it's stopped and I only keep logs for 14 days and it was only yesterday that a user mentioned it. Thanks Bobby Rose MSIS Network Operations Wayne State University School of Medicine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Thu May 26 13:40:37 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel Kendrick) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: On Thu, 2005-05-26 at 13:00 +0100, Martin Hepworth wrote: > John > > well spotted - confirmed this is the issue and fix. > I'm a 'me too' NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Thu May 26 13:45:24 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: Hi Folks, Is it possible in a scenario where the mailscanner box is acting as a relay to use the (what to do with spam) "notify" option with an alternative email address in preference to the recipients address that the message was originally sent to? So if I am relaying for example_domain.com and a spam message arrives for reception@example_domain.com can I specify an entry in my spam.actions.rules like this .. To: example_domain.com store notify spam_admin@example_domain.com Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 13:48:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: Tony You can do but not quite as you suggest.. from the rules/EXAMPLES file 6. Send system administrator notices to several people Set "Notices To = /etc/MailScanner/rules/notices.to.rules". To: @abc.com postmaster@me.com george@abc.com To: @def.com postmaster@me.com bill@def.com FromOrTo: default postmaster@me.com -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Tony Enderby wrote: > > Hi Folks, > > Is it possible in a scenario where the mailscanner box is acting as a > relay to use the (what to do with spam) "notify" option with an alternative > email address in preference to the recipients address that the message > was originally sent to? > > So if I am relaying for example_domain.com and a spam message arrives > for reception@example_domain.com can > I specify an entry in my spam.actions.rules like this .. > > To: example_domain.com store notify > spam_admin@example_domain.com > > Many thanks in advance. > > Tony. ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Thu May 26 14:06:43 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: Many thanks Martin, I had seen these listings in the EXAMPLES file but am wondering if the notify option in the what to do with spam ruleset is classed as a system administrator notice?. If it is not, is there a way to configure the entries for notices.to.rules to mail an admin at the remote site I relay for when a user at that domain receives a spam message? I want to avoid sending the user the message but simply alert the sysadmin at the site that a message was blocked and stored. Again, many thanks for your response. Tony. Martin Hepworth Sent by: MailScanner mailing list 05/26/2005 10:48 PM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Spam actions rules (notify flag) Tony You can do but not quite as you suggest.. from the rules/EXAMPLES file 6. Send system administrator notices to several people Set "Notices To = /etc/MailScanner/rules/notices.to.rules". To: @abc.com postmaster@me.com george@abc.com To: @def.com postmaster@me.com bill@def.com FromOrTo: default postmaster@me.com -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Tony Enderby wrote: > > Hi Folks, > > Is it possible in a scenario where the mailscanner box is acting as a > relay to use the (what to do with spam) "notify" option with an alternative > email address in preference to the recipients address that the message > was originally sent to? > > So if I am relaying for example_domain.com and a spam message arrives > for reception@example_domain.com can > I specify an entry in my spam.actions.rules like this .. > > To: example_domain.com store notify > spam_admin@example_domain.com > > Many thanks in advance. > > Tony. ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu May 26 14:01:32 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>> John Wilcock 5/26/2005 6:55:56 AM >>> Julian Field wrote: > Please can you check you /usr/lib/MailScanner/MailScanner/ > ConfigDefs.pl file. > > grep -i disarm > should produce > > disarmprependsubject = disarmedmodifysubject > disarmsubjecttext = disarmedsubjecttext > DisarmPrependSubject 1 no 0 yes 1 > DisarmSubectText {Disarmed} > > >There's a "j" missing in the last line - DisarmSub*j*ectText > It works perfectly after that... > >John. Used the tarball install and made the change noted above. v4.42.4 is up and running. Well Spotted John. thanks Brad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 14:11:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: Tony make the (high) spam action to notify Then you can overide who gets the notices by using the rule from the EXAMPLES file. I think - unless someone would like to correct me.. I guess I'd better test that... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Tony Enderby wrote: > > Many thanks Martin, > > I had seen these listings in the EXAMPLES file but am wondering if the > notify option in the what to do with spam ruleset is classed as a system > administrator notice?. > > If it is not, is there a way to configure the entries for > notices.to.rules to mail an admin at the remote site I relay for when a > user at that domain receives a spam message? > > I want to avoid sending the user the message but simply alert the > sysadmin at the site that a message was blocked and stored. > > Again, many thanks for your response. > > Tony. > > > > *Martin Hepworth * > Sent by: MailScanner mailing list > > 05/26/2005 10:48 PM > Please respond to > MailScanner mailing list > > > > To > MAILSCANNER@JISCMAIL.AC.UK > cc > > Subject > Re: Spam actions rules (notify flag) > > > > > > > > > Tony > > You can do but not quite as you suggest.. > > from the rules/EXAMPLES file > > 6. Send system administrator notices to several people > > Set "Notices To = /etc/MailScanner/rules/notices.to.rules". > To: @abc.com postmaster@me.com george@abc.com > To: @def.com postmaster@me.com bill@def.com > FromOrTo: default postmaster@me.com > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Tony Enderby wrote: > > > > Hi Folks, > > > > Is it possible in a scenario where the mailscanner box is acting as a > > relay to use the (what to do with spam) "notify" option with an > alternative > > email address in preference to the recipients address that the message > > was originally sent to? > > > > So if I am relaying for example_domain.com and a spam message arrives > > for reception@example_domain.com can > > I specify an entry in my spam.actions.rules like this .. > > > > To: example_domain.com store notify > > spam_admin@example_domain.com > > > > Many thanks in advance. > > > > Tony. ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Thu May 26 14:18:52 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: Thanks Martin, I'll try this although after looking through the mailscanner.conf file, the entry in the EXAMPLES file seems to tie in with the "system notices" section which reports viral infections but seems to not cater for spam messages .. I can certainly see how the system notices option can be rules based to alert an admin based on domain for infections but I'm not sure it's going to work with spam message notification .. I'll dig around a bit more. Tony. Martin Hepworth Sent by: MailScanner mailing list 05/26/2005 11:11 PM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Spam actions rules (notify flag) Tony make the (high) spam action to notify Then you can overide who gets the notices by using the rule from the EXAMPLES file. I think - unless someone would like to correct me.. I guess I'd better test that... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Tony Enderby wrote: > > Many thanks Martin, > > I had seen these listings in the EXAMPLES file but am wondering if the > notify option in the what to do with spam ruleset is classed as a system > administrator notice?. > > If it is not, is there a way to configure the entries for > notices.to.rules to mail an admin at the remote site I relay for when a > user at that domain receives a spam message? > > I want to avoid sending the user the message but simply alert the > sysadmin at the site that a message was blocked and stored. > > Again, many thanks for your response. > > Tony. > > > > *Martin Hepworth * > Sent by: MailScanner mailing list > > 05/26/2005 10:48 PM > Please respond to > MailScanner mailing list > > > > To > MAILSCANNER@JISCMAIL.AC.UK > cc > > Subject > Re: Spam actions rules (notify flag) > > > > > > > > > Tony > > You can do but not quite as you suggest.. > > from the rules/EXAMPLES file > > 6. Send system administrator notices to several people > > Set "Notices To = /etc/MailScanner/rules/notices.to.rules". > To: @abc.com postmaster@me.com george@abc.com > To: @def.com postmaster@me.com bill@def.com > FromOrTo: default postmaster@me.com > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Tony Enderby wrote: > > > > Hi Folks, > > > > Is it possible in a scenario where the mailscanner box is acting as a > > relay to use the (what to do with spam) "notify" option with an > alternative > > email address in preference to the recipients address that the message > > was originally sent to? > > > > So if I am relaying for example_domain.com and a spam message arrives > > for reception@example_domain.com can > > I specify an entry in my spam.actions.rules like this .. > > > > To: example_domain.com store notify > > spam_admin@example_domain.com > > > > Many thanks in advance. > > > > Tony. ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 14:20:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:48 2006 Subject: Spam actions rules (notify flag) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tony Enderby wrote: > > Many thanks Martin, > > I had seen these listings in the EXAMPLES file but am wondering if the > notify option in the what to do with spam ruleset is classed as a system > administrator notice?. > > If it is not, is there a way to configure the entries for > notices.to.rules to mail an admin at the remote site I relay for when a > user at that domain receives a spam message? You can use the 'forward' action with a ruleset, but not the 'notice' action to send to different people, but the result will be different in their inboxes. The 'notice' action has been created with the recipient in mind. > > I want to avoid sending the user the message but simply alert the > sysadmin at the site that a message was blocked and stored. I use 'forward'. If you need something with the format of 'notice' for another person than the recipient, I guess this would need a feature request. > > Again, many thanks for your response. > > Tony. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu May 26 14:46:23 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:48 2006 Subject: latest sophos broken? Message-ID: It's been broken since 3.93 in the glibc 2.2 version. Install linux intel libc6 version instead. I'd also call Sophos and open an incident. The more of us that do that might get them to fix it. I haven't been able to get much out of them since I reported that switching versions took care of the errors I was seeing. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Uwe wrote: > Hello, > > just tested sophos 3.94 (linux/intel_libc6_glib2_2) with sophossavi > and the same message occurs : > > SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted > (538): > > The sophos-wrapper/autoupdate works fine here. > > Uwe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 14:48:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: Take a look at /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. In there you will find "Subect". Please replace with "Subject". :-( I will put out a new release shortly. On 26 May 2005, at 12:57, Nigel Kendrick wrote: > Make that CentOS 3.3 for this server. > > Nigel > > On Thu, 2005-05-26 at 12:39 +0100, Nigel Kendrick wrote: > >> Julian, >> >> I've just installed the beta on a Dual PIII-450 running CentOS4 - >> I get >> exactly the same error as Martin. >> >> Nigel >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 15:01:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: Beta 4.42.4 released Message-ID: I have just released 4.42.5 to correct this typo. John and I spotted it at about the same time! On 26 May 2005, at 14:01, Brad Beckenhauer wrote: >>>> John Wilcock 5/26/2005 6:55:56 AM >>> >>>> > Julian Field wrote: > >> Please can you check you /usr/lib/MailScanner/MailScanner/ >> ConfigDefs.pl file. >> >> grep -i disarm >> should produce >> >> disarmprependsubject = disarmedmodifysubject >> disarmsubjecttext = disarmedsubjecttext >> DisarmPrependSubject 1 no 0 yes 1 >> DisarmSubectText {Disarmed} >> >> >> There's a "j" missing in the last line - DisarmSub*j*ectText >> It works perfectly after that... >> >> John. >> > > > Used the tarball install and made the change noted above. v4.42.4 > is up and running. > > Well Spotted John. > > thanks > Brad > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 15:09:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For info, I have just suspended his membership. On 26 May 2005, at 15:03, William Kwan wrote: I will be out of the office starting 13/05/2005 and will not return until 30/05/2005. I will respond to your message when I return. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spiv007 at gmail.com Thu May 26 15:07:32 2005 From: spiv007 at gmail.com (spiv007) Date: Thu Jan 12 21:29:48 2006 Subject: dont want to block Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] how can i not block certain email address from content filtering? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jim at jameswest.com Thu May 26 15:07:48 2005 From: Jim at jameswest.com (Jim West) Date: Thu Jan 12 21:29:48 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mr Kwan is going to be out of the office for 18 days. This is going to become annoying. - Jim > > > > > I will be out of the office starting 13/05/2005 and will not return until > 30/05/2005. > > I will respond to your message when I return. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 15:17:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: dont want to block Message-ID: Read about rulesets in the documentation: MAQ, FAQ, Wiki, /etc/ MailScanner/rules/*, the Book and a few other places I forget right now :-) On 26 May 2005, at 15:07, spiv007 wrote: > how can i not block certain email address from content filtering? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 15:19:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: dont want to block Message-ID: Which bit of content filtering? it's merely a question of adding a rule to the option and making that address not be used for the rule. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 spiv007 wrote: > how can i not block certain email address from content filtering? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 15:07:34 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Take a look at /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. > In there you will find "Subect". Please replace with "Subject". This fix works and the test #23 doesn't go through anymore. Thanks Julian ! Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu May 26 15:21:47 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:48 2006 Subject: dont want to block Message-ID: You forgot the archives :) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, May 26, 2005 9:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: dont want to block Read about rulesets in the documentation: MAQ, FAQ, Wiki, /etc/ MailScanner/rules/*, the Book and a few other places I forget right now :-) On 26 May 2005, at 15:07, spiv007 wrote: > how can i not block certain email address from content filtering? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu May 26 15:23:25 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:48 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ugo Bellavance wrote: > >> Julian Field wrote: >> >>> Anyone else seeing Pyzor problems at the moment? >>> I have just got enough horsepower to use Pyzor on my production systems, >>> having never used it before. It built and installed just fine, and >>> "pyzor discover" worked. >>> >>> But I get >>> # /usr/local/bin/pyzor ping >>> 66.250.40.33:24441 TimeoutError: >>> and SpamAssassin just hangs when trying to get a response to the pyzor >>> request. >>> >>> Is there anything I'm likely to be missing? Or is it really down now? >>> If it is down, does anyone know the owner and could ask him to take a >>> look at his server? > > I'll let you know about my findings. > > Ugo > Ugo, Running a pyzor server. Reference: https://sourceforge.net/docman/?group_id=50000 /usr/bin/pyzord --homedir /var/pyzor /var/pyzor contains config (optional) pyzord.access (optional) /var/pyzor/config contains [server] Port = 24441 ListenAddress = 0.0.0.0 LogFile = pyzord.log PidFile = pyzord.pid DigestDB = pyzord.db AccessFile = pyzord.access /var/pyzor/pyzord.access contains check report ping info : anonymous : allow For your pyzor client change the 'servers' file in the .pyzor directory to something like this. your.server.ip.address:24441 There are also some options to use pyzor/pyzord with a username/password combination. Now only if I could populate it with some relevant information :-( - dhawal PS: the pyzor server is back to normal # pyzor ping 66.250.40.33:24441 (200, 'OK') ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slwatts at WINCKWORTHS.CO.UK Thu May 26 15:23:22 2005 From: slwatts at WINCKWORTHS.CO.UK ([utf-8] Samuel Luxford-Watts) Date: Thu Jan 12 21:29:48 2006 Subject: [utf-8] Mailscanner: Cannot insert row: ..... S[utf-8] QL syntax error.... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I am not too sure which list this should be posted to so forgive me if I got the wrong one! I have been running Mailscanner V 4.31 and MailWatch for some time now with no problems (thankyou people!) and upgraded MailScanner V4.41.3-1.suse .and SpamAssassin 3.03 last night. Since then I have been getting the following error displayed every so often in /var/log/mail: ---- May 26 14:49:02 mailscanner MailScanner[9293]: Cannot insert row: You have an error in your SQL syntax near '829 logged in,'192.168.16.5','',0,0,0,NULL,0,0,-1.039,'not spam, SpamAssassin (s' at line 1 -- Everything is working fine, I upgraded MailWatch with the latest current CVS and dropped the mailscanner database and re-created it to ensure that everything was up to date, but still I get the same error. The curious thing is its not happening for all emails and most are being logged successfully to the MySQL database. It is running SuSE linux 8.1 and MySQL V3.23.52 tho which is ancient I know but I donâ^À^Ùt really want to have to upgrade just yet. If anyone has any ideas then please let me know? Thanks in advance, Sam Winckworth Sherwood Solicitors and Parliamentary Agents DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR Telephone 020 7593 5000 Fax 020 7593 5099 Confidentiality This email message and any attachments are confidential; they may be subject to legal professional privilege and are intended for the named recipient only. If you are not the named recipient, please return the message and enclosures immediately and delete them from your system. Caution Before advice received only by email (whether by attachment or otherwise) may be relied on, the authenticity of the communication must be verified by means independent of email. Regulation The firm is regulated by the Law Society. Partners A list of partners is available for inspection at each office of the firm and on the firm's website at www.winckworths.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu May 26 15:29:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:48 2006 Subject: Mailscanner: Cannot insert row: ..... SQL syntax error.... Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Samuel you're forgiven (I've cross posted this to the correct list so I'll need forgiveness from the internet police too :-) Given the latest CVS version is mid upgrade to 0.6 for Mailwatch I'd suggest you are running pre-production code at the least. SteveF's the best person to answer this, assuming he's around at the moment. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Samuel Luxford-Watts wrote: > Hi All, > > > > I am not too sure which list this should be posted to so forgive me if I > got the wrong one! > > > > I have been running Mailscanner V 4.31 and MailWatch for some time now > with no problems (thankyou people!) and upgraded MailScanner > V4.41.3-1.suse .and SpamAssassin 3.03 last night. Since then I have been > getting the following error displayed every so often in /var/log/mail: > > > > ---- > > May 26 14:49:02 mailscanner MailScanner[9293]: Cannot insert row: You > have an error in your SQL syntax near '829 logged > in,'192.168.16.5','',0,0,0,NULL,0,0,-1.039,'not spam, SpamAssassin (s' > at line 1 > > -- > > > > Everything is working fine, I upgraded MailWatch with the latest current > CVS and dropped the mailscanner database and re-created it to ensure > that everything was up to date, but still I get the same error. > > > > The curious thing is its not happening for all emails and most are being > logged successfully to the MySQL database. It is running SuSE linux 8.1 > and MySQL V3.23.52 tho which is ancient I know but I donâ^À^Ùt really want > to have to upgrade just yet. > > > > If anyone has any ideas then please let me know? > > > > > > Thanks in advance, > > > > Sam > > * * > > *Winckworth Sherwood* Solicitors and Parliamentary Agents > DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR > Telephone 020 7593 5000 Fax 020 7593 5099 > > *Confidentiality* > This email message and any attachments are confidential; they may be > subject to legal professional privilege and are intended for the named > recipient only. If you are not the named recipient, please return the > message and enclosures immediately and delete them from your system. > > * * > > *Caution* > Before advice received only by email (whether by attachment or > otherwise) may be relied on, the authenticity of the communication must > be verified by means independent of email. * * > > *Regulation* > The firm is regulated by the Law Society. > > *Partners* > A list of partners is available for inspection at each office of the > firm and on the firm's website at www.winckworths.co.uk > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 26 15:36:52 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:48 2006 Subject: Mailscanner: Cannot insert row: ..... SQL syntax error.... Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 26, 2005 10:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner: Cannot insert row: ..... SQL syntax error.... > > Samuel > > you're forgiven (I've cross posted this to the correct list so I'll need > forgiveness from the internet police too :-) > > Given the latest CVS version is mid upgrade to 0.6 for Mailwatch I'd > suggest you are running pre-production code at the least. > > SteveF's the best person to answer this, assuming he's around at the > moment. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Unfortunately Steve's on a well earned vacation. I believe he's back early next week. Hopefully someone else on the MailWatch list will pick this up. The error doesn't look fatal. You'll just be missing some records in the database until it's fixed. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slwatts at WINCKWORTHS.CO.UK Thu May 26 15:41:26 2005 From: slwatts at WINCKWORTHS.CO.UK ([utf-8] Samuel Luxford-Watts) Date: Thu Jan 12 21:29:48 2006 Subject: [utf-8] RE: Mailscanner: Cannot insert row: ...[utf-8] .. SQL syntax error.... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok - no worries. As you say - its not critical but I would like to keep the logs clear of warnings and errors! Thanks guys, Sam -----Original Message----- From: Stephen Swaney [mailto:steve.swaney@FSL.COM] Sent: Thursday, May 26, 2005 3:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner: Cannot insert row: ..... SQL syntax error.... > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Thursday, May 26, 2005 10:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner: Cannot insert row: ..... SQL syntax error.... > > Samuel > > you're forgiven (I've cross posted this to the correct list so I'll need > forgiveness from the internet police too :-) > > Given the latest CVS version is mid upgrade to 0.6 for Mailwatch I'd > suggest you are running pre-production code at the least. > > SteveF's the best person to answer this, assuming he's around at the > moment. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Unfortunately Steve's on a well earned vacation. I believe he's back early next week. Hopefully someone else on the MailWatch list will pick this up. The error doesn't look fatal. You'll just be missing some records in the database until it's fixed. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -------------- John Kennedy and Co. DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR Telephone 020 7593 5033 Fax 020 7593 5199 -Confidentiality- This email message and any attachments are confidential; they may be subject to legal professional privilege and are intended for the named recipient only. If you are not the named recipient, please return the message and enclosures immediately and delete them from your system. -Caution- Before advice received only by email (whether by attachment or otherwise) may be relied on, the authenticity of the communication must be verified by means independent of email. -Regulation- The firm is regulated by the Law Society. -Partners- A list of partners is available for inspection at each office of the firm and on the firm's website at http://www.winckworths.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 16:04:51 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:48 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Running a pyzor server. > Reference: https://sourceforge.net/docman/?group_id=50000 > > > Now only if I could populate it with some relevant information :-( > Yup, that is the problem. No way to sync with other servers. > - dhawal > > PS: the pyzor server is back to normal > # pyzor ping > 66.250.40.33:24441 (200, 'OK') > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu May 26 16:32:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:48 2006 Subject: spam actions Message-ID: Martin Hepworth wrote: > Kevin > > basically yes Great. Couple others clued me in that I could yesterday so I slept well. Until 2:30 am when a friend called from the hospital to report they had a baby girl anyway. > yes it's OT Ah, but I said *too* off-topic. But to atone I subscribed to the MailWatch list yesterday too. ;-) > yes you can run the clean_quarantine script and the DB won't care > yes you need to manage the data in the mysql DB as well.. Yup. Guess I'm not the first to ask as there were already some scripts in place to do run the quarantine purge. Still having a couple issues, but I'll take them over to the other list... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joelc at CTCHOUSTON.COM Thu May 26 16:33:09 2005 From: joelc at CTCHOUSTON.COM (Joel Colvin) Date: Thu Jan 12 21:29:48 2006 Subject: Pyzor problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just went through my logs for the last thirty days looking for effectiveness of Pyzor. Pyzor tagged 1,042,812 emails Pyzor raises the score by 4.5. Since we mark as spam anything at 5 points, anything below 9.5 was raised high enough by pyzor to become known as spam. Only 14,208 met this condition. Is it worth it? Joel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Thu May 26 16:36:37 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:48 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Julian Field a écrit: > For info, I have just suspended his membership. Maybe it would have been funnier to suspend him to the nearest tree. By the neck. -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vasiliy at lohankin.com Thu May 26 16:45:22 2005 From: vasiliy at lohankin.com (Vasiliy Boulytchev) Date: Thu Jan 12 21:29:48 2006 Subject: LibClamAV Error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tomasz Kojm wrote: On Wed, 25 May 2005 14:12:14 -0600 Vasiliy Boulytchev wrote: Gents, I am getting this error from MailScanner: LibClamAV Error: cl_free: root == NULL LibClamAV Error: cl_free: root == NULL However, I can clamscan any dire/file. Please report that to MailScanner folks. The software fails to properly handle database initializaton problem and passes NULL pointer to libclamav functions (via Mail::ClamAV, I think). ________________________________________________________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html Great! Julian, here you go. Guys, when I start MailScanner in debug, I get these errors. It seems that I get those per every message that gets passed to clam. THANKS!!!!!!!!!!!!!!!!! PS Im on IRC all day, hit me up! -- Vasiliy Boulytchev Colorado Information Technologies www.coinfotech.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu May 26 16:52:07 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:48 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I tried this and the email was just quarantined again for the same reason. So this doesn't release the email from quarantine. I'll try the save message as a Queue Files option and see if the other option works to bypass MailScanner. Martin Hepworth wrote: > Kenneth > > Assuming Postfix still pretends to be sendmail try > > sendmail -ti < message > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kenneth Kalmer wrote: > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu May 26 16:59:24 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:48 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce said: > I tried this and the email was just quarantined again for the same > reason. So this doesn't release the email from quarantine. I'll try the > save message as a Queue Files option and see if the other option works > to bypass MailScanner. You will need to make a ruleset to white list/ not scan (Depending on the reason for quarantine) 127.0.0.1 and that will work fine. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Thu May 26 17:01:55 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I can't tell if these responses indicate that some people don't GET this problem, or that some people don't care about this problem. I'll try explaining the issue one more time and then I'm gonna shut up. It's all about the negative impacts of shifting-costs-to-the-sending MTA. Let's assume that the "heavy MTA" is running on JISCMAIL.AC.UK. Let's also assume that the heavy MTA has got more to do than just send mail to users of the mailscanner mailing list. (it could handle many mailing lists) If the subscribers to all these mailing lists have mail admins who turn on the GreetPause delay, then the performance of JISCMAIL.AC.UK is going to go to pot. Now, one particular subscriber of the mailscanner list might not care that poor list performance causes delays in sending mail on the list, but the decrease in throughput on the list server may cause an otherwise altruistic list-serve admin to decide that it's no longer worth their time to provide free or low-cost list servers to a developer/user community. If the typical mail admin starts using a GreetPause, and takes the "they can contact me" approach, then a list-serve admin will be faced w/ the prospect of contacting the mail admin of every person who ever subscribes to one of their lists to make sure that the GreetPause does not effect machines hosting mailing lists. This is not going to happen. Obviously, there are times when paying customers come first, and if cutting-loose low revenue lists helps, then that will happen instead. So... Feel free to use the GreetPause feature on your mail server, but keep in mind that this is not a scalable solution, and you are consuming more resources on other people's mail servers than is sustainable if everyone follows suit. Again, I'd like to mention that greylist solutions provide similar benefits without this particular liability. -Bill John Rudd wrote: > On May 25, 2005, at 1:54 PM, William Burns wrote: > >> For example, a mail server hosting very active mailing list(s) might >> easily have to send 10 pieces of mail per second. If each copy of the >> MTA got hung-up for 10 seconds for each piece of mail, then aside from >> copies of the MTA actually doing work, there'd be another 100 instances >> of the MTA in memory waiting for prompts. >> >> I'm glad that this feature will respect a whitelist in access.db. >> That leaves open the possibility that someone could at least add on a >> feature that culls mail logs for good IP addresses, and drops a >> whitelist in the access.db file. >> Without that, it seems like it'd cause a scalability issue for the >> mail-carrying internet. > > > Or wait for the heavy MTA that is trying to send you mail to notice > "hmm, looks like they're using greet_delay", and they send you an email > saying "can you give us an exception?" > > I would personally prefer to have such a postmaster _ask_ me for an > exception, instead of trying to guess which heavy mail volumes I get > are legit and which are not. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu May 26 17:13:24 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: So wouldn't this be the same argument against grey-listing? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of William Burns Sent: Thursday, May 26, 2005 12:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT: GreetPause delay I can't tell if these responses indicate that some people don't GET this problem, or that some people don't care about this problem. I'll try explaining the issue one more time and then I'm gonna shut up. It's all about the negative impacts of shifting-costs-to-the-sending MTA. Let's assume that the "heavy MTA" is running on JISCMAIL.AC.UK. Let's also assume that the heavy MTA has got more to do than just send mail to users of the mailscanner mailing list. (it could handle many mailing lists) If the subscribers to all these mailing lists have mail admins who turn on the GreetPause delay, then the performance of JISCMAIL.AC.UK is going to go to pot. Now, one particular subscriber of the mailscanner list might not care that poor list performance causes delays in sending mail on the list, but the decrease in throughput on the list server may cause an otherwise altruistic list-serve admin to decide that it's no longer worth their time to provide free or low-cost list servers to a developer/user community. If the typical mail admin starts using a GreetPause, and takes the "they can contact me" approach, then a list-serve admin will be faced w/ the prospect of contacting the mail admin of every person who ever subscribes to one of their lists to make sure that the GreetPause does not effect machines hosting mailing lists. This is not going to happen. Obviously, there are times when paying customers come first, and if cutting-loose low revenue lists helps, then that will happen instead. So... Feel free to use the GreetPause feature on your mail server, but keep in mind that this is not a scalable solution, and you are consuming more resources on other people's mail servers than is sustainable if everyone follows suit. Again, I'd like to mention that greylist solutions provide similar benefits without this particular liability. -Bill John Rudd wrote: > On May 25, 2005, at 1:54 PM, William Burns wrote: > >> For example, a mail server hosting very active mailing list(s) might >> easily have to send 10 pieces of mail per second. If each copy of >> the MTA got hung-up for 10 seconds for each piece of mail, then aside >> from copies of the MTA actually doing work, there'd be another 100 >> instances of the MTA in memory waiting for prompts. >> >> I'm glad that this feature will respect a whitelist in access.db. >> That leaves open the possibility that someone could at least add on a >> feature that culls mail logs for good IP addresses, and drops a >> whitelist in the access.db file. >> Without that, it seems like it'd cause a scalability issue for the >> mail-carrying internet. > > > Or wait for the heavy MTA that is trying to send you mail to notice > "hmm, looks like they're using greet_delay", and they send you an > email saying "can you give us an exception?" > > I would personally prefer to have such a postmaster _ask_ me for an > exception, instead of trying to guess which heavy mail volumes I get > are legit and which are not. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu May 26 17:14:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:48 2006 Subject: LibClamAV Error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 26 May 2005, at 16:45, Vasiliy Boulytchev wrote: Tomasz Kojm wrote: On Wed, 25 May 2005 14:12:14 -0600 Vasiliy Boulytchev wrote: Gents, I am getting this error from MailScanner: LibClamAV Error: cl_free: root == NULL LibClamAV Error: cl_free: root == NULL However, I can clamscan any dire/file. Please report that to MailScanner folks. The software fails to properly handle database initializaton problem and passes NULL pointer to libclamav functions (via Mail::ClamAV, I think). ________________________________________________________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html Great!  Julian, here you go. Guys, when I start MailScanner in debug, I get these errors.  It seems that I get those per every message that gets passed to clam. Looks like you are using Virus Scanners = clamavmodule and something is wrong with the version of libclamav that it is finding. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 26 17:50:51 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: On May 26, 2005, at 9:01 AM, William Burns wrote: > > I can't tell if these responses indicate that some people don't GET > this > problem, or that some people don't care about this problem. What makes you think that because people don't agree with your conclusion that we either don't get it, or don't care about it? There's more than a little arrogance in that point of view. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 26 17:56:19 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:48 2006 Subject: rhsbl.ahbl.org timeouts Message-ID: Anyone having trouble with time-outs from this RBL? header DNS_FROM_AHBL_RHSBL eval:check_rbl_from_host('ahbl', 'rhsbl.ahbl.org.') Were seeing SA timeouts from rhsbl.ahbl.org at a site in the UK and one in the states. Other sites seem OK Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu May 26 17:53:41 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:29:48 2006 Subject: OT: GreetPause delay Message-ID: No, because with grey-listing the refusal happens quickly. The problem he's discussing comes specifically from the amount of time it takes for the SMTP session to get through its process (because during that time, the MTA will be sitting idle in memory, instead of freeing up those resources to other processes). I personally don't think the end result is as catastrophic as he does, but he is right that grey-listing doesn't have this "problem". On May 26, 2005, at 9:13 AM, Rose, Bobby wrote: > So wouldn't this be the same argument against grey-listing? > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of William Burns > Sent: Thursday, May 26, 2005 12:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: GreetPause delay > > > I can't tell if these responses indicate that some people don't GET > this > problem, or that some people don't care about this problem. > I'll try explaining the issue one more time and then I'm gonna shut up. > It's all about the negative impacts of shifting-costs-to-the-sending > MTA. > > Let's assume that the "heavy MTA" is running on JISCMAIL.AC.UK. > Let's also assume that the heavy MTA has got more to do than just send > mail to users of the mailscanner mailing list. (it could handle many > mailing lists) > > If the subscribers to all these mailing lists have mail admins who turn > on the GreetPause delay, then the performance of JISCMAIL.AC.UK is > going > to go to pot. > Now, one particular subscriber of the mailscanner list might not care > that poor list performance causes delays in sending mail on the list, > but the decrease in throughput on the list server may cause an > otherwise > altruistic list-serve admin to decide that it's no longer worth their > time to provide free or low-cost list servers to a developer/user > community. > > If the typical mail admin starts using a GreetPause, and takes the > "they > can contact me" approach, then a list-serve admin will be faced w/ the > prospect of contacting the mail admin of every person who ever > subscribes to one of their lists to make sure that the GreetPause does > not effect machines hosting mailing lists. > This is not going to happen. > Obviously, there are times when paying customers come first, and if > cutting-loose low revenue lists helps, then that will happen instead. > > So... Feel free to use the GreetPause feature on your mail server, but > keep in mind that this is not a scalable solution, and you are > consuming > more resources on other people's mail servers than is sustainable if > everyone follows suit. > > Again, I'd like to mention that greylist solutions provide similar > benefits without this particular liability. > > -Bill > > > John Rudd wrote: > >> On May 25, 2005, at 1:54 PM, William Burns wrote: >> >>> For example, a mail server hosting very active mailing list(s) might >>> easily have to send 10 pieces of mail per second. If each copy of >>> the MTA got hung-up for 10 seconds for each piece of mail, then aside > >>> from copies of the MTA actually doing work, there'd be another 100 >>> instances of the MTA in memory waiting for prompts. >>> >>> I'm glad that this feature will respect a whitelist in access.db. >>> That leaves open the possibility that someone could at least add on a > >>> feature that culls mail logs for good IP addresses, and drops a >>> whitelist in the access.db file. >>> Without that, it seems like it'd cause a scalability issue for the >>> mail-carrying internet. >> >> >> Or wait for the heavy MTA that is trying to send you mail to notice >> "hmm, looks like they're using greet_delay", and they send you an >> email saying "can you give us an exception?" >> >> I would personally prefer to have such a postmaster _ask_ me for an >> exception, instead of trying to guess which heavy mail volumes I get >> are legit and which are not. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu May 26 19:08:12 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:48 2006 Subject: Working for others? Re: Beta 4.42.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Take a look at /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. > In there you will find "Subect". Please replace with "Subject". > > :-( > > I will put out a new release shortly. > Why are computers smart enough to tell you when you do something wrong, but not smart enough to just fix it? Just like x-wives! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu May 26 20:19:08 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:48 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm thinking about catching up and implementing SPF. I find that I must use SRS also. Although it doesn't look that difficult to put in place, other than deciding what my TXT records should say, I'm wondering about one aspect of this all. Does the SPF facility in SA mimic what sendmail would perform using spfmilter on the receipt end of things? Can anyone offer an idea of what might be a good solution to all of this and what they might be using with a sendmail 8.12 box? There seems to be a very limited set of tools to use for all of this. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Thu May 26 20:42:59 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:48 2006 Subject: Release a quarantined file (postfix) Message-ID: Hi Ed, I also had issues with releasing mail, here is what I did and posted to the group: Regards Rabie PS This should release anything. ----snip---- Thanx too all, it works, herewith all the changes that where required for MailScanner 4.39. Also to make this more foolproof, one could add a 'AND From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the email address is of the sender of the quarantine proccess and should do this if you have users on the local box who send mail. Changes to MailScanner.conf: Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning = %rules-dir%/dangerous.content.scan.rules Filename Rules = %rules-dir%/filename.rules Filetype Rules = %rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules Files: virus.scan.rules: From: 127.0.0.1 no FromOrTo: default yes dangerous.content.scan.rules: From: 127.0.0.1 no FromOrTo: default yes spam.check.rules From: 127.0.0.1 no FromOrTo: default yes filename.rules From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf filetype.rules: From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf filename.rules.allowall.conf: allow .* - - filetype.rules.allowall.conf: allow .* - - Regards Rabie ----snip---- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ed Bruce Sent: 26 May 2005 17:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Release a quarantined file (postfix) I tried this and the email was just quarantined again for the same reason. So this doesn't release the email from quarantine. I'll try the save message as a Queue Files option and see if the other option works to bypass MailScanner. Martin Hepworth wrote: > Kenneth > > Assuming Postfix still pretends to be sendmail try > > sendmail -ti < message > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kenneth Kalmer wrote: > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From williamkwan at ELEGANCE-GROUP.COM Thu May 26 21:00:50 2005 From: williamkwan at ELEGANCE-GROUP.COM (William Kwan) Date: Thu Jan 12 21:29:49 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: I will be out of the office starting 13/05/2005 and will not return until 30/05/2005. I will respond to your message when I return. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 20:48:38 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Campbell wrote: > I'm thinking about catching up and implementing SPF. I find that I must use > SRS also. Although it doesn't look that difficult to put in place, other > than deciding what my TXT records should say, I'm wondering about one aspect > of this all. Setting SPF DNS records is definitely worth the effort. The more people will have SPF records, the better the results will be on our spam filters. > > Does the SPF facility in SA mimic what sendmail would perform using > spfmilter on the receipt end of things? Can anyone offer an idea of what > might be a good solution to all of this and what they might be using with a > sendmail 8.12 box? There seems to be a very limited set of tools to use for > all of this. I felt that SA's SPF rules are not very convincing, and I didn't feel like playing with the scores, so I implemented spfmilter. I decided to block any message that would have a 'fail' result. I have written a doc for implementing the milter on FC1, please let me know if you want to see it. I have a low-volume server, but about 3% of incoming mail are blocked at the MTA level by this milter. Regards, Ugo > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu May 26 21:09:23 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Steve Campbell wrote: >> I'm thinking about catching up and implementing SPF. I find that I >> must use SRS also. Although it doesn't look that difficult to put in >> place, other than deciding what my TXT records should say, I'm >> wondering about one aspect of this all. > > Setting SPF DNS records is definitely worth the effort. The more > people will have SPF records, the better the results will be on our > spam filters. > >> >> Does the SPF facility in SA mimic what sendmail would perform using >> spfmilter on the receipt end of things? Can anyone offer an idea of >> what might be a good solution to all of this and what they might be >> using with a sendmail 8.12 box? There seems to be a very limited set >> of tools to use for all of this. > > I felt that SA's SPF rules are not very convincing, and I didn't feel > like playing with the scores, so I implemented spfmilter. I decided > to block any message that would have a 'fail' result. > > I have written a doc for implementing the milter on FC1, please let me > know if you want to see it. Ugo, Yes, please let me know how to receive the document. Did you also use some form of SRS also? I understand this is required for forwarding to a server that checks SPF and hard fails them. > > I have a low-volume server, but about 3% of incoming mail are blocked > at the MTA level by this milter. I couldn't find much else to use but this particular milter and a few Perl things. If SPF is starting to take off, I guess I'd better get on the ball. Thanks loads, Steve > > Regards, > > Ugo > >> >> Thanks >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pp at UNI-FFM.DE Thu May 26 21:00:49 2005 From: pp at UNI-FFM.DE (Arnold [iso-8859-1] Jäger) Date: Thu Jan 12 21:29:49 2006 Subject: URIBL won't work Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm trying to get URI-Checking working with SA 3.0.3. spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint shows: debug: SpamAssassin version 3.0.3 debug: Score set 0 chosen. debug: running in taint mode? yes ...... debug: diag: module not installed: URI ('require' failed) debug: ignore: using a test message to lint rules debug: using "/etc/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir ........ debug: using "/opt/MailScanner/etc/spam.assassin.prefs.conf" for user prefs file debug: config: read file /opt/MailScanner/etc/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d138d0) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) implements 'parse_config' ....... debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements 'parsed_metadata' ............. debug: URIDNSBL: domains to query: .............. debug: running uri tests; score so far=0.619 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec)) ............. debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements 'check_post_dnsbl' debug: running meta tests; score so far=4.006 debug: running header regexp tests; score so far=5.232 debug: running body-text per-line regexp tests; score so far=5.232 debug: running uri tests; score so far=5.232 debug: running raw-body-text per-line regexp tests; score so far=5.232 debug: running full-text regexp tests; score so far=5.232 debug: Running tests for priority: 1000 debug: running meta tests; score so far=5.232 debug: running header regexp tests; score so far=5.232 debug: running body-text per-line regexp tests; score so far=5.232 debug: running uri tests; score so far=5.232 ................ but I can't see any URIBL_... in the log. If I try spamassassin -D [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This apparently has come up a few times in the past. I may be asking this in the wrong place, so if I need to post this question on the spamassassin list please let me know. I even found a piece of information on the Faq-O-matic... here is an excerpt. "..... problem is that SpamAssassin, according to what I've read at the following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, will only use the DB for getting the user preferences if it's running in client/server mode, i.e., as spamc and spamd. So this means that if I want to let end users manage their own whitelists, I would have to get SpamAssassin running the old slow way. Thoughts or suggestions? " After searching, I have not found a solution to this. I am already using a mysql bayes for my lvs mail cluster system.. I need a way to store SA user preferences globally.. and i would rather not go back to using spamc/spamd. thanks. Jonathan Higgins IT R&D Project Manager Kennesaw State University jhiggins@kennesaw.edu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu May 26 21:26:46 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:49 2006 Subject: URIBL won't work Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Arnold [iso-8859-1] J�ger writes: > Hi, > > I'm trying to get URI-Checking working with SA 3.0.3. > > spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint > shows: > > debug: SpamAssassin version 3.0.3 > debug: Score set 0 chosen. > debug: running in taint mode? yes > ...... > debug: diag: module not installed: URI ('require' failed) > debug: ignore: using a test message to lint rules > debug: using "/etc/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > ........ > debug: using "/opt/MailScanner/etc/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /opt/MailScanner/etc/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d138d0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements > 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) implements > 'parse_config' > ....... > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements > 'parsed_metadata' > ............. > debug: URIDNSBL: domains to query: > .............. > debug: running uri tests; score so far=0.619 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec)) > ............. > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) implements > 'check_post_dnsbl' > debug: running meta tests; score so far=4.006 > debug: running header regexp tests; score so far=5.232 > debug: running body-text per-line regexp tests; score so far=5.232 > debug: running uri tests; score so far=5.232 > debug: running raw-body-text per-line regexp tests; score so far=5.232 > debug: running full-text regexp tests; score so far=5.232 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=5.232 > debug: running header regexp tests; score so far=5.232 > debug: running body-text per-line regexp tests; score so far=5.232 > debug: running uri tests; score so far=5.232 > ................ > > but I can't see any URIBL_... in the log. > > If I try spamassassin -D with an appropriate message, I get for example: > Content analysis details: (10.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 0.0 RCVD_BY_IP Received by mail server with no name > 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO > 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist > [URIs: fgbasvbk.com] > 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > [URIs: fgbasvbk.com] > 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: fgbasvbk.com] > 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > [URIs: fgbasvbk.com] > 0.0 DRUGS_ERECTILE Refers to an erectile drug > 0.0 DRUGS_ANXIETY Refers to an anxiety control drug > 0.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug > > > but not a single URIBL in the log. > > seems that test and real checking use different config, but why? > > regards > Arnold > Find a file called init.pre (usually /etc/mail/spamassassin) and softlink it to /usr/share/spamassassin or /usr/local/spamassassin, where your regular spamassassin related *.cf exist.. but this is a workaround not the actual fix, the actual fix involves correcting one the following in MailScanner.conf SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = The values listed here (including the blanks) work fine for me. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 26 21:35:12 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:49 2006 Subject: URIBL won't work Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dhawal Doshy > Sent: Thursday, May 26, 2005 4:27 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: URIBL won't work > > Arnold [iso-8859-1] J?ger writes: > > > Hi, > > > > I'm trying to get URI-Checking working with SA 3.0.3. > > > > spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf -- > lint > > shows: > > > > debug: SpamAssassin version 3.0.3 > > debug: Score set 0 chosen. > > debug: running in taint mode? yes > > ...... > > debug: diag: module not installed: URI ('require' failed) > > debug: ignore: using a test message to lint rules > > debug: using "/etc/spamassassin/init.pre" for site rules init.pre > > debug: config: read file /etc/spamassassin/init.pre > > debug: using "/usr/share/spamassassin" for default rules dir > > ........ > > debug: using "/opt/MailScanner/etc/spam.assassin.prefs.conf" for user > prefs file > > debug: config: read file /opt/MailScanner/etc/spam.assassin.prefs.conf > > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) > > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) > > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > > debug: plugin: registered > Mail::SpamAssassin::Plugin::SPF=HASH(0x8d138d0) > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) > implements > > 'parse_config' > > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8cbdd9c) > implements > > 'parse_config' > > ....... > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) > implements > > 'parsed_metadata' > > ............. > > debug: URIDNSBL: domains to query: > > .............. > > debug: running uri tests; score so far=0.619 > > debug: registering glue method for check_uridnsbl > > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec)) > > ............. > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cd36ec) > implements > > 'check_post_dnsbl' > > debug: running meta tests; score so far=4.006 > > debug: running header regexp tests; score so far=5.232 > > debug: running body-text per-line regexp tests; score so far=5.232 > > debug: running uri tests; score so far=5.232 > > debug: running raw-body-text per-line regexp tests; score so far=5.232 > > debug: running full-text regexp tests; score so far=5.232 > > debug: Running tests for priority: 1000 > > debug: running meta tests; score so far=5.232 > > debug: running header regexp tests; score so far=5.232 > > debug: running body-text per-line regexp tests; score so far=5.232 > > debug: running uri tests; score so far=5.232 > > ................ > > > > but I can't see any URIBL_... in the log. > > > > If I try spamassassin -D > with an appropriate message, I get for example: > > Content analysis details: (10.1 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- -------------------------------------------- > ------ > > 0.0 RCVD_BY_IP Received by mail server with no name > > 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for > HELO > > 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist > > [URIs: fgbasvbk.com] > > 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist > > [URIs: fgbasvbk.com] > > 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > > [URIs: fgbasvbk.com] > > 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > blocklist > > [URIs: fgbasvbk.com] > > 0.0 DRUGS_ERECTILE Refers to an erectile drug > > 0.0 DRUGS_ANXIETY Refers to an anxiety control drug > > 0.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety > drug > > > > > > but not a single URIBL in the log. > > > > seems that test and real checking use different config, but why? > > > > regards > > Arnold > > > > Find a file called init.pre (usually /etc/mail/spamassassin) and softlink > it > to /usr/share/spamassassin or /usr/local/spamassassin, where your regular > spamassassin related *.cf exist.. > > but this is a workaround not the actual fix, the actual fix involves > correcting one the following in MailScanner.conf > > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > The values listed here (including the blanks) work fine for me. > > - dhawal I think you may need to install the URI perl Module. Running: MailScanner -V Will show if it's installed or missing. If it's missing install via CPAN. Steve Steve Swaney President Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 21:22:54 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> >>I felt that SA's SPF rules are not very convincing, and I didn't feel >>like playing with the scores, so I implemented spfmilter. I decided >>to block any message that would have a 'fail' result. >> >>I have written a doc for implementing the milter on FC1, please let me >>know if you want to see it. It'll be on the wiki soon. > > > Ugo, > > Yes, please let me know how to receive the document. Did you also use some > form of SRS also? I understand this is required for forwarding to a server > that checks SPF and hard fails them. I don't think I need SRS since I'm not relaying for anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Thu May 26 21:48:29 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use the SPF facility in SA and find it works pretty well. I simply made its score 100 on a hard fail in the local.cf file and all is good, Actually I'm not a big believer in soft fails so they have a pretty big score as well. I have found one thing (I monitor my SPF catches fairly closely) and that is that you shouldn't block based on the HELO and SPF. Many of these are FP. IBM and a number of other places I have seen hard fail the HELO SPF, but not the FROM SPF. Steve Campbell wrote: Ugo Bellavance wrote: Steve Campbell wrote: I'm thinking about catching up and implementing SPF. I find that I must use SRS also. Although it doesn't look that difficult to put in place, other than deciding what my TXT records should say, I'm wondering about one aspect of this all. Setting SPF DNS records is definitely worth the effort. The more people will have SPF records, the better the results will be on our spam filters. Does the SPF facility in SA mimic what sendmail would perform using spfmilter on the receipt end of things? Can anyone offer an idea of what might be a good solution to all of this and what they might be using with a sendmail 8.12 box? There seems to be a very limited set of tools to use for all of this. I felt that SA's SPF rules are not very convincing, and I didn't feel like playing with the scores, so I implemented spfmilter. I decided to block any message that would have a 'fail' result. I have written a doc for implementing the milter on FC1, please let me know if you want to see it. Ugo, Yes, please let me know how to receive the document. Did you also use some form of SRS also? I understand this is required for forwarding to a server that checks SPF and hard fails them. I have a low-volume server, but about 3% of incoming mail are blocked at the MTA level by this milter. I couldn't find much else to use but this particular milter and a few Perl things. If SPF is starting to take off, I guess I'd better get on the ball. Thanks loads, Steve Regards, Ugo Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Thu May 26 21:50:38 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:49 2006 Subject: URIBL won't work Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Arnold Jäger wrote: > Hi, > > I'm trying to get URI-Checking working with SA 3.0.3. > > spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint > shows: > ................ > > but I can't see any URIBL_... in the log. That's because --lint uses a test message which has no URIs in it. No uris means no calls to the uribl tests, and no hits. --lint is NOT intended to be at test spamassassin's features. It is intended to verify SA can read your config files, NOTHING more. The fact that SA uses a short test message when linting is purely a byproduct of how they chose to force a test of the config parser. It was just easier to dump a fake test message in than to work around it so the config parser could run without a message. Don't ever expect any hits at all from a --lint, those which do appear are entirely accidental. > > If I try spamassassin -D with an appropriate message, I get for example: > but not a single URIBL in the log. Erm, what do your mean "log".. you mean the debug output? or a logfile in /var/log? invoking the spamassassin command line won't log anything in /var/log. > > seems that test and real checking use different config, but why? They don't, you're just thinking lint does something it does not. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu May 26 21:54:06 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Thursday, May 26, 2005 4:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT (again): SA-SPF opinion > > >> > >>I felt that SA's SPF rules are not very convincing, and I didn't feel > >>like playing with the scores, so I implemented spfmilter. I decided > >>to block any message that would have a 'fail' result. > >> > >>I have written a doc for implementing the milter on FC1, please let me > >>know if you want to see it. > > It'll be on the wiki soon. > > > > > > > Ugo, > > > > Yes, please let me know how to receive the document. Did you also use > some > > form of SRS also? I understand this is required for forwarding to a > server > > that checks SPF and hard fails them. > > I don't think I need SRS since I'm not relaying for anyone. > I believe that SRS, Sender Rewriting Scheme, is only required if you are relaying form you SPF hub. A typical example would be an ISP who is relaying email from a home pc or a business hub that sends their outbound email through the ISP's "smart relay". The ISP in this case has to rewrite the header to make it look like the mail was sent From the smart relay. Sounds simple and it is (hopefully ;) for AOL and the larger ISPs but there are many many small ISPs and small mailhubs that relay for friends and neighbors that will be a long time implementing SRS :( Steve Steve Swaney President Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 26 21:53:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: SV: Release a quarantined file (postfix) Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Whitelist anything from the loopback address (127.0.0.1) and you avoid that stumbling block. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Ed Bruce Skickat: to 2005-05-26 17:52 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Release a quarantined file (postfix) I tried this and the email was just quarantined again for the same reason. So this doesn't release the email from quarantine. I'll try the save message as a Queue Files option and see if the other option works to bypass MailScanner. Martin Hepworth wrote: > Kenneth > > Assuming Postfix still pretends to be sendmail try > > sendmail -ti < message > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Kenneth Kalmer wrote: > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu May 26 21:45:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spf:install:sendmail:spfmilter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu May 26 22:25:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: SV: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Would it be undoable to make an "automatic removal from list" thing for people who think it OK to forward OoO messages outside their own organization.... And even send them to mailinglists....? With summer holidays around the corner, the rate and extent of irritants like this is liable to go ... up. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom William Kwan Skickat: to 2005-05-26 22:00 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: William Kwan/Elegance is out of the office. I will be out of the office starting 13/05/2005 and will not return until 30/05/2005. I will respond to your message when I return. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Thu May 26 22:50:14 2005 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 12 21:29:49 2006 Subject: languages.conf becomes zero bytes Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've just run an rpm upgrade to MailScanner on a couple of CentOS-based servers (one running 3.3 and one running 4) using MailScanner-4.42.5-1 and the net effect seems to be that languages.conf goes to zero bytes. Does the following line presume there's an .rpmnew file in the 'en' folder because the install hasn't created one and the .new that's created is 0 bytes - so if this is mv'd into place as per the instructions all hell breaks loose in maillog! Here's the line: upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Thu May 26 23:09:20 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:29:49 2006 Subject: Commercial virus checker failed with real error Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Group, Running; Mandrake 10.0 MS 4.40.6-1 ClamAV[module] 0.84 Bitdefender (installed from BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm) as an MX gateway that relays to an internal MX. About once a week am seeing a bunch of these (on one line) May 22 14:04:12 nract1 MailScanner[19848]: Commercial virus checker failed with real error: Can't fork at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 872 and the MX stalls. Reboot and all is well. Appreciate any help - including a link if discussed/solved before. Regards, Jon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri May 27 00:02:47 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:49 2006 Subject: languages.conf becomes zero bytes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel Kendrick wrote: > I've just run an rpm upgrade to MailScanner on a couple of CentOS-based > servers (one running 3.3 and one running 4) using MailScanner-4.42.5-1 and > the net effect seems to be that languages.conf goes to zero bytes. > > Does the following line presume there's an .rpmnew file in the 'en' folder > because the install hasn't created one and the .new that's created is 0 > bytes - so if this is mv'd into place as per the instructions all hell > breaks loose in maillog! > > Here's the line: > > upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new > > Nigel > I was bit by this long ago, and haven't ran upgrade_languages_conf since. I suppose if I ever see the rpmnew file I'll try it again. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From btaber at DIVERSECG.COM Fri May 27 00:39:32 2005 From: btaber at DIVERSECG.COM (Brian Taber) Date: Thu Jan 12 21:29:49 2006 Subject: SA userprefs stored in SQL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am using the CustomConfig to do that, I had it working great on an old server until a little hitch with MailScanner maintaining mysql connections on the new one... haven't had time to figure out the issue, but look at CustomConfig.pm, I am using it to obtain if the domain should want mail scanned, the score, actions, etc... ------------------------- Brian Taber Manager/IT Specialist Diverse Computer Group Office: 508-758-4402 Cell: 508-496-9221 btaber@diversecg.com > This apparently has come up a few times in the past. I may be asking > this in the wrong place, so if I need to post this question on the > spamassassin list please let me know. > > I even found a piece of information on the Faq-O-matic... here is an > excerpt. > > "..... problem is that SpamAssassin, according to what I've read at the > following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, > will only use the DB for getting the user preferences if it's running in > client/server mode, i.e., as spamc and spamd. So this means that if I > want to let end users manage their own whitelists, I would have to get > SpamAssassin running the old slow way. Thoughts or suggestions? " > > After searching, I have not found a solution to this. I am already > using a mysql bayes for my lvs mail cluster system.. I need a way to > store SA user preferences globally.. and i would rather not go back to > using spamc/spamd. > > thanks. > > > > Jonathan Higgins > IT R&D Project Manager > Kennesaw State University > jhiggins@kennesaw.edu > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 27 08:08:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: SV: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, jiscmail.ac.uk is a list server for the entire UK academic community, I don't run it or have any control over it. I'm just a lowly mortal user, however much that hurts. On 26 May 2005, at 22:25, Steen, Glenn wrote: > Julian, > > Would it be undoable to make an "automatic removal from list" thing > for people who think it OK to forward OoO messages outside their > own organization.... And even send them to mailinglists....? > > With summer holidays around the corner, the rate and extent of > irritants like this is liable to go ... up. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom William Kwan > Skickat: to 2005-05-26 22:00 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: William Kwan/Elegance is out of the office. > > > > > I will be out of the office starting 13/05/2005 and will not > return until > 30/05/2005. > > I will respond to your message when I return. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 27 08:10:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: languages.conf becomes zero bytes Message-ID: I need to do an existence check on .rpmnew. If it doesn't exist then just output the contents of languages.conf instead. Thanks for pointing that out! On 27 May 2005, at 00:02, Scott Silva wrote: > Nigel Kendrick wrote: > >> I've just run an rpm upgrade to MailScanner on a couple of CentOS- >> based >> servers (one running 3.3 and one running 4) using >> MailScanner-4.42.5-1 and >> the net effect seems to be that languages.conf goes to zero bytes. >> >> Does the following line presume there's an .rpmnew file in the >> 'en' folder >> because the install hasn't created one and the .new that's created >> is 0 >> bytes - so if this is mv'd into place as per the instructions all >> hell >> breaks loose in maillog! >> >> Here's the line: >> >> upgrade_languages_conf languages.conf languages.conf.rpmnew > >> languages.new >> >> Nigel >> >> > I was bit by this long ago, and haven't ran upgrade_languages_conf > since. I suppose if I ever see the rpmnew file I'll try it again. > > -- > ,---.____________ _ ============ . > /' \ | \ I_ O _I_,==.: > | A beer doesn't get >--|===`-----'I `---' I | |: > | upset if you come / _ \ I I | |:' > | home with another / ( `-,----============:__;: > | beer! / (_ O __) \_ : > | ,,---.__________/ (______) (_) > :/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 27 08:11:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Commercial virus checker failed with real error Message-ID: If it can't fork then something on your system is leaking. When that happens, what does /proc/meminfo contain, and how big is the output from "ps ax". Are you running out of process ids or something like that? On 26 May 2005, at 23:09, Jon Leeman wrote: > Group, > > Running; > > Mandrake 10.0 > MS 4.40.6-1 > ClamAV[module] 0.84 > Bitdefender (installed from > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm) > > as an MX gateway that relays to an internal MX. > > About once a week am seeing a bunch of these (on one line) > > May 22 14:04:12 nract1 MailScanner[19848]: Commercial virus checker > failed with real error: Can't fork at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 872 > > and the MX stalls. Reboot and all is well. > > Appreciate any help - including a link if discussed/solved before. > > Regards, > > Jon > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 27 08:20:56 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:49 2006 Subject: OT: SV: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn said: > Julian, > > Would it be undoable to make an "automatic removal from list" thing for > people who think it OK to forward OoO messages outside their own > organization.... And even send them to mailinglists....? > > With summer holidays around the corner, the rate and extent of irritants > like this is liable to go ... up. I was thinking that as I am looking at taking some holiday soon too, if people would perhaps prefer just a reminder say hourly sent from cron or should I implement an auto responder... :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri May 27 08:52:45 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday, May 26, 2005 6:54 PM John Rudd wrote: > I personally don't think the end result is as catastrophic as he > does, but he is right that grey-listing doesn't have this "problem". It does not have this particular problem but it does cost resources on the sending MTA. Mail has to be queued and one to several retransmissions have to take plase. Therefore yes: Greylisting does have the same kind of problem and many mail administrators therefore strongly object to the whole greylisting idea. Whether or not this has this catastrophic result we cannot judge. It depends on the mailservers envolved etc. Personally I use greet-pause etc. only, if the mail looks suspicious (wrong reverse DNS, wrong HELO, DialUp-IPs, in SpamHouse etc.). Otherwise our MTA accepts mail as fast as possible. I think that such a setup is a good compromise between fighting spam and not doing this on the cost of others. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Fri May 27 09:45:32 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi We are using the following config RedHat Linux [512MB RAM, dual processor] MailScanner 4.41.3 SA 3.0.3 ClamAV 0.85.1 Our load average is always above 1 :-( Usually 3-6 :-( When I do 'top' I see MailScanner using anwywhere from 10-99% of CPU. We get about 10k emails per day. How do I detect what could be going wrong? -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 27 09:54:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: Hi have you been through the MAQ/Wiki on tuning? what extra rules in SA have you got (eg any from www.rulesemporium.com)? Are you using any RBL'S / URI-RBLs and if so are you running a caching name server on the host? load average means not a lot really, just means its doing stuff. Not that it's overloaded or anything. What more important is how quickly you system is scanning emails, mine's normally around 2-3 seconds per email and I've got lots of extra SA rules, URI-RBLs, bayes, and Mailwatch and the associated DB all on the same P4 2.8ghz machine, with around 8k messages per day of around 26k average size. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 BG Mahesh wrote: > hi > > We are using the following config > > RedHat Linux [512MB RAM, dual processor] > MailScanner 4.41.3 > SA 3.0.3 > ClamAV 0.85.1 > > Our load average is always above 1 :-( Usually 3-6 :-( When I do 'top' I see MailScanner using anwywhere from 10-99% of CPU. > > We get about 10k emails per day. > > How do I detect what could be going wrong? > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Fri May 27 09:55:35 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:29:49 2006 Subject: Archive Messages - Revisted Message-ID: I've just had my first need to retrieve an archived message and push it back into the mail queues for resending. I used the following line from within the date-coded archive directory: sendmail -toi [munged@munged.co.uk] < 99E0120026B.32121 This has stuffed the message back in the queue and delivered it to the right person, but not in the right format - the entire message just gets delivered an ascii text file with the entire contents (headers, message, attachments) as the body of the email. I have tried with postdrop too and this gives an error about the file format. What gives!? Thanks Nigel Kendrick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri May 27 10:31:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:49 2006 Subject: Archive Messages - Revisted Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel kendrick said: > I've just had my first need to retrieve an archived message and push it > back > into the mail queues for resending. I used the following line from within > the date-coded archive directory: sendmail -toi [munged@munged.co.uk] < > 99E0120026B.32121 Try the method dexcribed in the wiki http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail That should do the job... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Fri May 27 10:53:41 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: "Martin Hepworth" > > Hi > > have you been through the MAQ/Wiki on tuning? > Yup, I have implemented them. I referred http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips To quickly summarize, 1. In /etc/fstab I have none /var/spool/MailScanner/incoming tmpfs defaults 0 0 2. Installed DCC and followed instructions from http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html > what extra rules in SA have you got (eg any from www.rulesemporium.com)? > I rarely add anything of my own. I just go with what comes with the package. But there were few rules that were added by me about 6 months ago, nothing big. Not sure if there is a tool to detect if there are duplicate urls on the system > Are you using any RBL'S / URI-RBLs and if so are you running a caching > name server on the host? > /etc/MailScanner/spam.assassin.prefs.conf has the following content, urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 /etc/mail/spamassassin/uridnsbl.cf has many rules of the above type. Let me list just the hostnames urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT uridnsbl URIBL_NJA_DNSBL combined.njabl.org. TXT uridnsbl URIBL_SBL_XBL sbl-xbl.spamhaus.org. TXT uridnsbl URIBL_SORBS_DNSBL dnsbl.sorbs.net. TXT urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A The mailserver has named running. It is a name server. > load average means not a lot really, just means its doing stuff. Not > that it's overloaded or anything. > > What more important is how quickly you system is scanning emails, mine's > normally around 2-3 seconds per email and I've got lots of extra SA > rules, URI-RBLs, bayes, and Mailwatch and the associated DB all on the > same P4 2.8ghz machine, with around 8k messages per day of around 26k > average size. > I should say that in reasonable amount of time the email is delivered. When I send an email from the same box to a user on that box it takes about 5-9 seconds easily to be delivered -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 27 11:36:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: Don't worry about the load average. As Martin says, it just means it is doing something, not that it is overloaded. With an application like MailScanner running (hard on CPU, memory, disk and net) an average of 10 to 15 is quite common and not a problem. As long as the MailScanner batch sizes are pretty small, and your queue is not constantly growing, then it's doing fine. On 27 May 2005, at 09:45, BG Mahesh wrote: > hi > > We are using the following config > > RedHat Linux [512MB RAM, dual processor] > MailScanner 4.41.3 > SA 3.0.3 > ClamAV 0.85.1 > > Our load average is always above 1 :-( Usually 3-6 :-( When I do > 'top' I see MailScanner using anwywhere from 10-99% of CPU. > > We get about 10k emails per day. > > How do I detect what could be going wrong? > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > > -- > ______________________________________________ > IndiaInfo Mail - the free e-mail service with a difference! > www.indiainfo.com > Check out our value-added Premium features, such as an extra 20MB > for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! > > Powered by Outblaze > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 27 11:41:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >> > > > I should say that in reasonable amount of time the email is delivered. When I send an email from the same box to a user on that box it takes about 5-9 seconds easily to be delivered All that looks fine to me. It is normal that MailScaner eats 100% of the cpu. a load of 3-4 is far from being critical. Some servers can run above 10 for a while without problem (just a bit more delays). Regards, Ugo > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 27 12:08:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: BG Mahesh wrote: >>From: "Martin Hepworth" >> >>Hi >> >>have you been through the MAQ/Wiki on tuning? >> > Yup, I have implemented them. I referred http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > To quickly summarize, > > 1. In /etc/fstab I have > > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > > 2. Installed DCC and followed instructions from http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html > >>what extra rules in SA have you got (eg any from www.rulesemporium.com)? >> > I rarely add anything of my own. I just go with what comes with the package. But there were few rules that were added by me about 6 months ago, nothing big. Not sure if there is a tool to detect if there are duplicate urls on the system > >>Are you using any RBL'S / URI-RBLs and if so are you running a caching >>name server on the host? >> > /etc/MailScanner/spam.assassin.prefs.conf has the following content, > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > score URIBL_JP_SURBL 4.0 > > /etc/mail/spamassassin/uridnsbl.cf has many rules of the above type. > Let me list just the hostnames > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > uridnsbl URIBL_AH_DNSBL dnsbl.ahbl.org. TXT > uridnsbl URIBL_NJA_DNSBL combined.njabl.org. TXT > uridnsbl URIBL_SBL_XBL sbl-xbl.spamhaus.org. TXT > uridnsbl URIBL_SORBS_DNSBL dnsbl.sorbs.net. TXT > urirhsbl URIBL_AH_RHSBL rhsbl.ahbl.org. A > urirhsbl URIBL_MP_RHSBL block.rhs.mailpolice.com. A > urirhsbl URIBL_SS_RHSBL blackhole.securitysage.com. A > > The mailserver has named running. It is a name server. > >>load average means not a lot really, just means its doing stuff. Not >>that it's overloaded or anything. >> >>What more important is how quickly you system is scanning emails, mine's >>normally around 2-3 seconds per email and I've got lots of extra SA >>rules, URI-RBLs, bayes, and Mailwatch and the associated DB all on the >>same P4 2.8ghz machine, with around 8k messages per day of around 26k >>average size. >> > I should say that in reasonable amount of time the email is delivered. When I send an email from the same box to a user on that box it takes about 5-9 seconds easily to be delivered > > -- > B.G. Mahesh Hmm thats a little long...but still acceptable I guess.. have you gone through vmstat/sa type info to see if you can find anything there that would help -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Fri May 27 13:58:25 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:49 2006 Subject: Header added to outgoing messages Message-ID: Hello, I just noticed that using MS 4.41.3-1, my outgoing mails get an added header "X-MailScanner: Found to be clean" even though they are excluded via ruleset. The outgoing emails are not supposed to be scanned (and are not, eg. I can send an Eicar file happily through). I don't think a header was added in previous MS versions. This is independent of the "Mark Unscanned Messages" parameter, eg., no matter if I set it to "yes" or "no", that header is not added. I'm willing to give the latest beta a try, but right now, I'm somewhat unsure... Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri May 27 14:06:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Header added to outgoing messages Message-ID: I think the latest beta has that fixed. The messages are still scanned anyway (you have to do a whole batch at a time, that's the point of having batches) but it doesn't include the reports in the outgoing message. So as far as the recipient is concerned it hasn't been scanned. On 27 May 2005, at 13:58, Steffan Henke wrote: > Hello, > > I just noticed that using MS 4.41.3-1, my outgoing mails > get an added header "X-MailScanner: Found to be clean" > even though they are excluded via ruleset. > The outgoing emails are not supposed to be scanned (and are not, > eg. I can > send an Eicar file happily through). > I don't think a header was added in previous MS versions. > This is independent of the "Mark Unscanned Messages" parameter, > eg., no matter if I set it to "yes" or "no", that header is not added. > I'm willing to give the latest beta a try, but right now, I'm somewhat > unsure... > > Regards, > > Steffan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri May 27 14:06:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:49 2006 Subject: [Fwd: My OECD paper on spam] Message-ID: -------- Original Message -------- Subject: My OECD paper on spam Date: Fri, 27 May 2005 18:21:00 +0530 From: Suresh Ramasubramanian To: nanog@nanog.org Downloadable from http://www.oecd.org/dataoecd/5/47/34935342.pdf This is linked from the OECD antispam toolkit page, as part of section 8 of the antispam toolkit (Outreach) http://www.oecd.org/sti/spam/toolkit/ > Element 8 - Outreach > > Due to the international nature of spam, it is critical that the Toolkit have > a global reach. The OECD is working in collaboration with ITU, APEC and > APECTel, and with many OECD non-member economies. Further contributions and > comments from all stakeholders are called for and appreciated. Comments and suggestions appreciated Operational - mentions a whole lot of things that are of concern to operators worldwide .. starting from whois and rDNS to sending people to attend NOG meetings, getting help from PCH / NSRC etc. regards -srs -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Fri May 27 14:10:07 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Ugo Bellavance >> Sent: Thursday, May 26, 2005 4:23 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT (again): SA-SPF opinion >> >>>> >>>> I felt that SA's SPF rules are not very convincing, and I didn't >>>> feel like playing with the scores, so I implemented spfmilter. I >>>> decided to block any message that would have a 'fail' result. >>>> >>>> I have written a doc for implementing the milter on FC1, please >>>> let me know if you want to see it. >> >> It'll be on the wiki soon. >> >>> >>> >>> Ugo, >>> >>> Yes, please let me know how to receive the document. Did you also >>> use some form of SRS also? I understand this is required for >>> forwarding to a server that checks SPF and hard fails them. >> >> I don't think I need SRS since I'm not relaying for anyone. >> > > I believe that SRS, Sender Rewriting Scheme, is only required if you > are relaying form you SPF hub. A typical example would be an ISP who > is relaying email from a home pc or a business hub that sends their > outbound email through the ISP's "smart relay". The ISP in this case > has to rewrite the header to make it look like the mail was sent From > the smart relay. Steve, Thanks for the reply. I am guessing you mean that I should have a separate server running the SPF checks in front of my mail hub, much like an SPF gateway. Unfortunately, I cannot convince anyone here that I need to not only run SPF in front of the mail hub, but also need a gateway for MS/SA in front of the hub. At the current time, my mailboxes are on the same box that MS/SA and, in the future, SPF, is running. My confusion is about running multiple domains on the same box, and I guess that sort of threw me. I have 3 mailservers. All three run MS/SA. One is inbound/outbound for one domain. Another server is inbound for a second domain and inbound/outbound for a third domain. Another server is outbound for the second domain and outbound for all three domain's Webmail. All of the servers are DNSed on a fourth domain, and , to make matters worse, any http mail comes out of this domain. I firstly am fighting how my TXT records should look and secondly how SRS may need to be used due to the 4-domain scheme. I don't suppose installing SRS would hurt anything, though. Thanks for all the info! Steve > > Sounds simple and it is (hopefully ;) for AOL and the larger ISPs but > there are many many small ISPs and small mailhubs that relay for > friends and neighbors that will be a long time implementing SRS :( > > > Steve > > Steve Swaney > President > Fort Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri May 27 14:59:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: SV: SV: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Really? You could have fooled me:-). Anyway, it should be in their interrest too.... Oh well.... Killfiles/rule(sets) it is then:-) -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Julian Field Skickat: fr 2005-05-27 09:08 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: William Kwan/Elegance is out of the office. Sorry, jiscmail.ac.uk is a list server for the entire UK academic community, I don't run it or have any control over it. I'm just a lowly mortal user, however much that hurts. On 26 May 2005, at 22:25, Steen, Glenn wrote: > Julian, > > Would it be undoable to make an "automatic removal from list" thing > for people who think it OK to forward OoO messages outside their > own organization.... And even send them to mailinglists....? > > With summer holidays around the corner, the rate and extent of > irritants like this is liable to go ... up. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom William Kwan > Skickat: to 2005-05-26 22:00 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: William Kwan/Elegance is out of the office. > > > > > I will be out of the office starting 13/05/2005 and will not > return until > 30/05/2005. > > I will respond to your message when I return. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri May 27 14:45:44 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: OT (again): SA-SPF opinion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>I believe that SRS, Sender Rewriting Scheme, is only required if you >>are relaying form you SPF hub. A typical example would be an ISP who >>is relaying email from a home pc or a business hub that sends their >>outbound email through the ISP's "smart relay". The ISP in this case >>has to rewrite the header to make it look like the mail was sent From >>the smart relay. > > > Steve, > > Thanks for the reply. > > I am guessing you mean that I should have a separate server running the SPF > checks in front of my mail hub, much like an SPF gateway. Unfortunately, I > cannot convince anyone here that I need to not only run SPF in front of the > mail hub, but also need a gateway for MS/SA in front of the hub. At the > current time, my mailboxes are on the same box that MS/SA and, in the > future, SPF, is running. No, there is no need for a separate SPF server. > > My confusion is about running multiple domains on the same box, and I guess > that sort of threw me. I have 3 mailservers. All three run MS/SA. One is > inbound/outbound for one domain. Another server is inbound for a second > domain and inbound/outbound for a third domain. Another server is outbound > for the second domain and outbound for all three domain's Webmail. All of > the servers are DNSed on a fourth domain, and , to make matters worse, any > http mail comes out of this domain. I firstly am fighting how my TXT records > should look and secondly how SRS may need to be used due to the 4-domain > scheme. From what I can understand SRS is only need in this kind of setup: bigfoot.com used to have a service of e-mail aliases. For example, ugob@bigfoot.com would be redirected to my current e-mail address by bigfoot's servers. The problem is that when my mail server receives it, it checks the spf records and the last relay it went through. It doesn't match, so bigfoot would have to do a rewrite on the message to make sure that the last relay is not theirs, but the one before. If no rewrite is done, there'll be many false positives. > > I don't suppose installing SRS would hurt anything, though. Maybe, but I think you could do something else instead :). > > Thanks for all the info! > :) Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Fri May 27 15:13:44 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:49 2006 Subject: Header added to outgoing messages Message-ID: On Fri, 27 May 2005, Julian Field wrote: > I think the latest beta has that fixed. The messages are still > scanned anyway (you have to do a whole batch at a time, that's the > point of having batches) but it doesn't include the reports in the > outgoing message. So as far as the recipient is concerned it hasn't > been scanned. I gave the latest beta a try, but still get the header X-MailScanner: Found to be clean . I also noticed that, no matter what rulesets I use, email to every domain on my server is scanned. Let's say "domains.to.scan.rules" looks like this: To: a.com yes To: b.com yes To: default no Strangely enough, mail to "c.com" on the server is scanned now ?! Has the default behaviour of parsing the rulesets changed in any of the latest releases ? Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at OMNICOMP.ORG Fri May 27 16:01:32 2005 From: MailScanner at OMNICOMP.ORG (Alan Dobkin) Date: Thu Jan 12 21:29:49 2006 Subject: SV: William Kwan/Elegance is out of the office. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since JISCMAIL is running LISTSERV, and you are one of the list owners, you could set up a content filter for this list to block these messages. Refer to the "Tech Tip" in the newsletter at: http://www.lsoft.com/news/winter2002-us.asp Also see section 7.18. "Content filtering" in the Site Manager's Operations Manual: http://www.lsoft.com/manuals/1.8e/sitemgr/sitemgr.html#_Toc90173275 Alan On 5/27/2005 3:08 AM, Julian Field wrote: > Sorry, jiscmail.ac.uk is a list server for the entire UK academic > community, I don't run it or have any control over it. I'm just a > lowly mortal user, however much that hurts. > > On 26 May 2005, at 22:25, Steen, Glenn wrote: > >> Julian, >> >> Would it be undoable to make an "automatic removal from list" thing >> for people who think it OK to forward OoO messages outside their own >> organization.... And even send them to mailinglists....? >> >> With summer holidays around the corner, the rate and extent of >> irritants like this is liable to go ... up. >> >> -- Glenn > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri May 27 18:47:35 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan-Peter Koopmann wrote: >depends on the mailservers envolved etc. Personally I use greet-pause etc. only, if the mail looks suspicious (wrong reverse DNS, wrong HELO, DialUp-IPs, in SpamHouse etc.). Otherwise our MTA accepts mail as fast as possible. I think that such a setup is a good compromise between fighting spam and not doing this on the cost of others. > > Do you use sendmail? If so, how do you implement GreetPause only on said conditions? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Fri May 27 19:16:26 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do you use GreetPause delay on a wrong HELO?? The greeting as already occured at that point. Alex Neuman wrote: Jan-Peter Koopmann wrote: depends on the mailservers envolved etc. Personally I use greet-pause etc. only, if the mail looks suspicious (wrong reverse DNS, wrong HELO, DialUp-IPs, in SpamHouse etc.). Otherwise our MTA accepts mail as fast as possible. I think that such a setup is a good compromise between fighting spam and not doing this on the cost of others. Do you use sendmail? If so, how do you implement GreetPause only on said conditions? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From alex at NKPANAMA.COM Fri May 27 19:21:36 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perhaps he means delaying it further *after* the HELO between MAIL FROM: and RCPT TO: and DATA. I think Exim can do that. Dennis Willson wrote: > How do you use GreetPause delay on a wrong HELO?? The greeting as > already occured at that point. > > Alex Neuman wrote: > >> Jan-Peter Koopmann wrote: >> >>> depends on the mailservers envolved etc. Personally I use >>> greet-pause etc. only, if the mail looks suspicious (wrong reverse >>> DNS, wrong HELO, DialUp-IPs, in SpamHouse etc.). Otherwise our MTA >>> accepts mail as fast as possible. I think that such a setup is a >>> good compromise between fighting spam and not doing this on the cost >>> of others. >>> >>> >> Do you use sendmail? If so, how do you implement GreetPause only on said >> conditions? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > -- > ------------------------------------------------------------------------ > */Dennis Willson/* > taz@taz-mania.com > taz@scubatech.org > > www.taz-mania.com > > Ham: KA6LSW > GMRS: WPSJ953 > SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, > Equip, Altitude > > Life should not be a journey to the grave with the intention of > arriving safely in a nice looking and well preserved body, but rather > to skid in broadside, thoroughly used up, totally worn out, and loudly > proclaiming, "WOW! WHAT A RIDE!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri May 27 20:27:07 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:49 2006 Subject: OT: replacement for sendmail FEATURE(`redirect') Message-ID: Gang, If any of you use sendmail's REDIRECT feature to bounce "User has moved" messages back for closed accounts, then you probably know that the feature is lame beyond words. It returns a message that is inscrutable to everybody but mail gurus. While I've used the feature at my site for a while, most people hate it because of the returned messages. I wrote a program mailer "redirect.pl" in perl (attached) and a little converter program for your aliases file (attached) to convert the old style REDIRECTs to my program mailer. I have redirect.pl in production at my site now and people are much happier. The perl script also offers a "-f" option to forward the message on to the new address, as well as return a redirect message back to the sender. While the forward option works, it is hit-or-miss with attachments. If you want to see how it works in real life, please send email to trobbins@colby.edu. This address will not forward messages. I offer this tool to my fellow MailScanner users in the hope you find it useful. Fixes, suggestions, info on use with other mailers (eg Postfix) would be appreciated. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "redirect.pl") 131 lines. ] [ Unable to print this part. ] [ Part 3, "" Text/PLAIN (Name: "convert.redirect.pl") 10 lines. ] [ Unable to print this part. ] From prismas at gmail.com Fri May 27 21:16:57 2005 From: prismas at gmail.com (Angel Sullca) Date: Thu Jan 12 21:29:49 2006 Subject: Mailscanner on Suse 9.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I tried to compile MailScanner-4.41.3-1.suse.tar.gz on suse 9.1, and got the following error cc -c -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -march=i586 -mcpu=i686 -fmessage-length=0 -Wall -Wall -pipe -DVERSION=\"3.45\" -DXS_VERSION=\"3.45\" -fPIC "-I/usr/lib/perl5/5.8.3/i586-linux-thread-multi/CORE" -DMARKED_SECTION Parser.c cc: installation problem, cannot exec `cc1': No existe el fichero o el directorio make: *** [Parser.o] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.67034 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.67034 (%build) Any clue? -- Angel Sullca - Jabber: angelsh@jabber.org No al TLC que quiere imponer las patentes de software http://angelsh.blogspot.com/2005/05/patentes-de-software.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vasiliy at lohankin.com Fri May 27 22:06:17 2005 From: vasiliy at lohankin.com (Vasiliy Boulytchev) Date: Thu Jan 12 21:29:49 2006 Subject: [Fwd: FW: ASk mailscanner people] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } What do you guys think? -------- Original Message -------- Subject: FW: ASk mailscanner people Date: Fri, 27 May 2005 15:05:50 -0600 From: Vasiliy Boulytchev To: @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } Vasiliy Boulytchev Colorado Information Technologies, Inc. http://www.coinfotech.com ________________________________________________________________________________ From: Eric Lindsey Sent: Friday, May 27, 2005 2:02 PM To: Vasiliy Boulytchev Subject: ASk mailscanner people Here is the question I want you to ask the mailscanner people: I am trying to write a perl script to go in CustomFunctions that logs various details about messages that run through MailScanner. I’m wondering what value of the message object I should use to find out whether or not a message has been scanned for spam? For example, I use the test: if ($message->{isspam}) to find out if the message is spam, etc. But, before I can test that I need to find out if it is even set to be scanned for spam. Thanks, Eric Lindsey Colorado Information Technologies Inc. http://www.coinfotech.com -- Vasiliy Boulytchev Colorado Information Technologies www.coinfotech.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri May 27 22:26:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: > hi > > We are using the following config > > RedHat Linux [512MB RAM, dual processor] > MailScanner 4.41.3 > SA 3.0.3 > ClamAV 0.85.1 > > Our load average is always above 1 :-( Usually 3-6 :-( When I do 'top' I see MailScanner using anwywhere from 10-99% of CPU. > > We get about 10k emails per day. > > How do I detect what could be going wrong? Could you try some more ram? If you are using tmpfs, half of your ram can get busy very easy, and cause the system to swap. Especially if you are running 5 children per processor like the config file suggests. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Fri May 27 23:20:22 2005 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:29:49 2006 Subject: OT: replacement for sendmail FEATURE(`redirect') Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there something here to prevent mail loops? If not, you might want to add something to do that. Nothing like 2 poorly configured autoresponders! Ken A Pacific.Net Jeff A. Earickson wrote: > Gang, > > If any of you use sendmail's REDIRECT feature to bounce "User has moved" > messages back for closed accounts, then you probably know that the feature > is lame beyond words. It returns a message that is inscrutable to > everybody > but mail gurus. While I've used the feature at my site for a while, most > people hate it because of the returned messages. > > I wrote a program mailer "redirect.pl" in perl (attached) and a little > converter program for your aliases file (attached) to convert the old > style REDIRECTs to my program mailer. > > I have redirect.pl in production at my site now and people are much > happier. The perl script also offers a "-f" option to forward the > message on to the new address, as well as return a redirect message > back to the sender. While the forward option works, it is hit-or-miss > with attachments. > > If you want to see how it works in real life, please send email to > trobbins@colby.edu. This address will not forward messages. > > I offer this tool to my fellow MailScanner users in the hope you find it > useful. Fixes, suggestions, info on use with other mailers (eg Postfix) > would be appreciated. > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > #!/usr/bin/perl > # > #---returns a nice looking customized redirect message > #---instead of the ugly "Subject: Returned mail" that sendmail returns > # > #---Usage: > # > # For a user, put the following in your aliases file: > # > # joeblow:"| redirect.pl [-df] joeblow new_address@somewhere.com" > # > # where "joeblow" is the old account at your site, "new_address@somewhere.com" > # is their address to advertise at their new site, and redirect.pl is this > # script. If you use smrsh with sendmail, you will have to modify the contents > # of your /var/adm/sm.bin directory. "man smrsh" for details. > # > # The optional flags are: > # -d for debug mode (write debug output to a file in /tmp), > # -f for forward the email to the new address as well as send the > # redirect message back to the sender (forward+redirect) > # > # Note: does not write to stdout, just has different exit codes > # forwarding attachments is also dicey. > # > # Written by Jeff Earickson, Colby College (jaearick@colby.edu) 5/27/05 > > #---see search.cpan.org for these modules > use Getopt::Std; # for command line parsing > use Mail::MboxParser; # parses the mailbox > use Mail::Sender; # SMTP connectivity to resend email > > #---parse the command line > getopts('df') or exit 251; > > ########################################################### > #---stuff you will need to customize for your site > #---also see the msgbody here-is document below > ########################################################### > > #---your domain name > $mydomain = "colby.edu"; > > #---your SMTP server > $mysmtp = "colby.edu"; > > #---who the redirect message should come from, eg postmaster > $postmaster = "postmaster\@$mydomain"; > > #---Subject: line for the redirect message > $redirect_subject = "Colby user $ARGV[0]\@$mydomain has moved"; > > ########################################################### > > #---open a debug file if needed > if($opt_d) > { > open(DEBUG,"> /tmp/redirect.debug") or exit 252; > print DEBUG "DEBUG=== redirect.pl: @ARGV\n"; > if($opt_f) > { > print DEBUG "DEBUG=== forwarding flag turned on\n"; > } > print DEBUG "\nDEBUG=== The email message is:\n"; > } > > #---open a temporary file to store the message in > #---and stuff the email message coming from stdin into the file > open(MBOX,"> /tmp/redirect.mbox.$$") or exit 253; > while() > { > if($opt_d) > { > print DEBUG $_; > } > print MBOX $_; > } > close(MBOX); > > #---options set for Mail::MboxParser > #---caching not used > my $parseropts = { > enable_cache => 0, > enable_grep => 1, > }; > > #---parse the temporary file > my $mb = Mail::MboxParser->new("/tmp/redirect.mbox.$$", > decode => 'NEVER', > parseropts => $parseropts); > > #---process every msg in the mailbox, should be one msg > $count=0; > for my $msg ($mb->get_messages) > { > $count++; > $orig_subject = $msg->header->{subject}; > $orig_from = $msg->header->{from}; > $orig_to = $msg->header->{to}; > $orig_body = $msg->body; > > #---debug mode: tell will would happen > if($opt_d) > { > print DEBUG "\nDEBUG=== Parsing the Message...\n"; > print DEBUG "From: ",$orig_from,"\n"; > print DEBUG "To: ", $orig_to,"\n"; > print DEBUG "Subject: ",$orig_subject,"\n"; > print DEBUG "\nDEBUG=== The Message Body\n"; > print DEBUG $orig_body; > } > } > > if($opt_d) > { > print DEBUG "\nProcessed $count messages in mailbox\n"; > } > > ########################################################### > #---this is the body of the message that gets sent back > > $redirect_msg = << "EOF"; > Hi, > The person using the e-mail address \"$ARGV[0]\@colby.edu\" has > left the College for good. Before leaving, $ARGV[0] wanted you > to know that his/her new e-mail address is: > > $ARGV[1] > > If you are writing to $ARGV[0] about Colby business-related issues, > then please consult Colby's online personnel directory at: > > http://www.colby.edu/directory_cs/index.cfm > > to find the correct department or person to write to. > > EOF > > #----tack on a "we also delivered it" if forward option set > if($opt_f) > { > $redirect_msg .= << "EOF2" > Please note the new address above. Colby's mail server has also > forwarded you message to $ARGV[1] as a courtesy. > ==> However, do NOT count on this happening in the future. <== > If your message had attachments, they may or may not be useable > by the recipient. You should retransmit directly to the address > above. Good luck. > > Thank You, > Colby Postmaster > EOF2 > } > #---otherwise tell the sender that msg was not deleivered. > else > { > $redirect_msg .= << "EOF3" > Please note the new address above, and then resend your message > (if appropriate) with the subject: > > $orig_subject > > to the new e-mail address. YOUR MESSAGE WAS NOT DELIVERED. > > Thank You, > Colby Postmaster > EOF3 > } > > ########################################################### > > #---compose the redirect message and send it > if(ref((new Mail::Sender)->MailMsg( { > to => $orig_from, > from => $postmaster, > subject => $redirect_subject, > smtp => $mysmtp, > msg => $redirect_msg } ) ) ) > { > $retcode = 0; > } > else > { > $retcode = 254; > } > > #---if we are going to forward the message too, then do it > if($opt_f) > { > $forward_subject = $orig_subject . " (forwarded)"; > > if($opt_d) > { > print DEBUG "\nDEBUG=== What the forward will look like...\n"; > print DEBUG "From: ",$orig_from,"\n"; > print DEBUG "To: ",$ARGV[1],"\n"; > print DEBUG "Subject: ",$forward_subject,"\n"; > print DEBUG $orig_body; > print DEBUG "===\n"; > } > > if(ref((new Mail::Sender)->MailMsg( { > to => $ARGV[1], > from => $orig_from, > subject => $forward_subject, > smtp => $mysmtp, > msg => $orig_body } ) ) ) > { > $retcode = 0; > } > else > { > $retcode = 255; > } > } > > if($opt_d) > { > close(DEBUG); > } > unlink("/tmp/redirect.mbox.$$"); > exit $retcode; > > > ------------------------------------------------------------------------ > > #!/usr/bin/perl > # > #---convert an alias file with old .REDIRECT style stuff > #---to my redirect.pl format > # > > open(IN,"< $ARGV[0]") or die "cannot open $ARGV[0]: $!"; > open(OUT,"> $ARGV[1]") or die "cannot open $ARGV[1]: $!"; > > while() > { > chomp; > > if( $_ =~ /^(\S+):(\S+).REDIRECT$/) > { > print OUT "$1:\"| redirect.pl $1 $2\"\n"; > } > else > { > print OUT "$_\n"; > } > } > close(IN); > close(OUT); ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 28 15:38:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: [Fwd: FW: ASk mailscanner people] Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The top of Message.pm has a list of all the properties of a message. For the spam flag, you are looking for $message->{isspam}. Vasiliy Boulytchev wrote: > What do you guys think? > > -------- Original Message -------- > Subject: FW: ASk mailscanner people > Date: Fri, 27 May 2005 15:05:50 -0600 > From: Vasiliy Boulytchev > To: > > > > Vasiliy Boulytchev > Colorado Information Technologies, Inc. > http://www.coinfotech.com > > ------------------------------------------------------------------------ > *From:* Eric Lindsey > *Sent:* Friday, May 27, 2005 2:02 PM > *To:* Vasiliy Boulytchev > *Subject:* ASk mailscanner people > > Here is the question I want you to ask the mailscanner people: > > I am trying to write a perl script to go in CustomFunctions that logs > various details about messages that run through MailScanner. I^Òm > wondering what value of the message object I should use to find out > whether or not a message has been scanned for spam? For example, I use > the test: if ($message->{isspam}) to find out if the message is spam, > etc. But, before I can test that I need to find out if it is even set > to be scanned for spam. > > Thanks, > > Eric Lindsey > > Colorado Information Technologies Inc. > > http://www.coinfotech.com > > >-- >Vasiliy Boulytchev >Colorado Information Technologies >www.coinfotech.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 28 15:37:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Mailscanner on Suse 9.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think you do not have the development tools installed. Use Yast to install the development tools (in particular the C and C++ compilers) and you should get further. Angel Sullca wrote: >Hi > >I tried to compile MailScanner-4.41.3-1.suse.tar.gz on suse 9.1, and >got the following error > >cc -c -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS >-fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 >-march=i586 -mcpu=i686 -fmessage-length=0 -Wall -Wall -pipe >-DVERSION=\"3.45\" -DXS_VERSION=\"3.45\" -fPIC >"-I/usr/lib/perl5/5.8.3/i586-linux-thread-multi/CORE" >-DMARKED_SECTION Parser.c >cc: installation problem, cannot exec `cc1': No existe el fichero o el >directorio >make: *** [Parser.o] Error 1 >error: Bad exit status from /var/tmp/rpm-tmp.67034 (%build) > >RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.67034 (%build) > >Any clue? > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat May 28 15:57:03 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: Commercial virus checker failed with real error Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also check that you have sane values for things like nproc etc (basically "ulimit -Ha" and looking through /etc/security/limits). But as Julian says, first look at memory consumption... Usually it:) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Julian Field Sent: fr 2005-05-27 09:11 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Commercial virus checker failed with real error If it can't fork then something on your system is leaking. When that happens, what does /proc/meminfo contain, and how big is the output from "ps ax". Are you running out of process ids or something like that? On 26 May 2005, at 23:09, Jon Leeman wrote: > Group, > > Running; > > Mandrake 10.0 > MS 4.40.6-1 > ClamAV[module] 0.84 > Bitdefender (installed from > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm) > > as an MX gateway that relays to an internal MX. > > About once a week am seeing a bunch of these (on one line) > > May 22 14:04:12 nract1 MailScanner[19848]: Commercial virus checker > failed with real error: Can't fork at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 872 > > and the MX stalls. Reboot and all is well. > > Appreciate any help - including a link if discussed/solved before. > > Regards, > > Jon > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat May 28 16:11:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: [Fwd: FW: ASk mailscanner people] Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oardon me, but isn't he asking how to read the config to determine whether it's set to run SA on that particular $message at all? -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Julian Field Sent: lö 2005-05-28 16:38 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: [Fwd: FW: ASk mailscanner people] The top of Message.pm has a list of all the properties of a message. For the spam flag, you are looking for $message->{isspam}. Vasiliy Boulytchev wrote: > What do you guys think? > > -------- Original Message -------- > Subject: FW: ASk mailscanner people > Date: Fri, 27 May 2005 15:05:50 -0600 > From: Vasiliy Boulytchev > To: > > > > Vasiliy Boulytchev > Colorado Information Technologies, Inc. > http://www.coinfotech.com > > ------------------------------------------------------------------------ > *From:* Eric Lindsey > *Sent:* Friday, May 27, 2005 2:02 PM > *To:* Vasiliy Boulytchev > *Subject:* ASk mailscanner people > > Here is the question I want you to ask the mailscanner people: > > I am trying to write a perl script to go in CustomFunctions that logs > various details about messages that run through MailScanner. I^Òm > wondering what value of the message object I should use to find out > whether or not a message has been scanned for spam? For example, I use > the test: if ($message->{isspam}) to find out if the message is spam, > etc. But, before I can test that I need to find out if it is even set > to be scanned for spam. > > Thanks, > > Eric Lindsey > > Colorado Information Technologies Inc. > > http://www.coinfotech.com > > >-- >Vasiliy Boulytchev >Colorado Information Technologies >www.coinfotech.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 28 17:19:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: [Fwd: FW: ASk mailscanner people] Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ah, sorry, misread it. MailScanner::Config::Value('spamchecks',$message) will return a 0 or a non-zero. Steen, Glenn wrote: >Oardon me, but isn't he asking how to read the config to determine whether it's set to run SA on that particular $message at all? > >-- Glenn > > >-----Original Message----- >From: MailScanner mailing list on behalf of Julian Field >Sent: lö 2005-05-28 16:38 >To: MAILSCANNER@JISCMAIL.AC.UK >Cc: >Subject: Re: [Fwd: FW: ASk mailscanner people] >The top of Message.pm has a list of all the properties of a message. >For the spam flag, you are looking for $message->{isspam}. > >Vasiliy Boulytchev wrote: > > > >>What do you guys think? >> >>-------- Original Message -------- >>Subject: FW: ASk mailscanner people >>Date: Fri, 27 May 2005 15:05:50 -0600 >>From: Vasiliy Boulytchev >>To: >> >> >> >>Vasiliy Boulytchev >>Colorado Information Technologies, Inc. >>http://www.coinfotech.com >> >>------------------------------------------------------------------------ >>*From:* Eric Lindsey >>*Sent:* Friday, May 27, 2005 2:02 PM >>*To:* Vasiliy Boulytchev >>*Subject:* ASk mailscanner people >> >>Here is the question I want you to ask the mailscanner people: >> >>I am trying to write a perl script to go in CustomFunctions that logs >>various details about messages that run through MailScanner. I^Òm >>wondering what value of the message object I should use to find out >>whether or not a message has been scanned for spam? For example, I use >>the test: if ($message->{isspam}) to find out if the message is spam, >>etc. But, before I can test that I need to find out if it is even set >>to be scanned for spam. >> >>Thanks, >> >>Eric Lindsey >> >>Colorado Information Technologies Inc. >> >>http://www.coinfotech.com >> >> >>-- >>Vasiliy Boulytchev >>Colorado Information Technologies >>www.coinfotech.com >> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* >> >> > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Sat May 28 17:28:28 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:49 2006 Subject: SA-Learn from raw files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does this work? I placed a matching qf and df file in a directory and then ran: sa-learn ^Öspam /path/to/directory It said it examined 2 messages and learned from 2 messages even though there was only 1 email (but two files qf, df).   Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrews at STUSOFT.COM Sat May 28 20:53:01 2005 From: andrews at STUSOFT.COM (andrews) Date: Thu Jan 12 21:29:49 2006 Subject: Blacklisted but still delivered ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just had a funny occur. Email came in, was on a black list and the log says it was blacklisted, but it was still delivered ? May 28 20:35:04 newmail MailScanner[28141]: Message j4SJYXsP030795 from 84.100.105.113 (tdxomxihnxogf@foncina.com) to stusoft.com is spam (blacklisted) May 28 20:35:04 newmail MailScanner[28141]: Spam Actions: message j4SJYXsP030795 actions are store May 28 20:35:07 newmail MailScanner[28141]: Virus and Content Scanning: Starting May 28 20:35:08 newmail MailScanner[28141]: New Batch: Scanning 1 messages, 5923 bytes May 28 20:35:08 newmail MailScanner[28141]: Spam Checks: Starting May 28 20:35:11 newmail MailScanner[28141]: Virus and Content Scanning: Starting May 28 20:35:12 newmail MailScanner[28141]: Uninfected: Delivered 1 messages May 28 20:35:12 newmail sendmail[30841]: j4SJYXsQ030795: to=, delay=00:00:23, xdelay=00:00:00, mailer=local, pri=155427, dsn=2.0.0, stat=Sent Apologies if I have missed a previous discussion about this. MailScanner: This is MailScanner version 4.41.3 Spamassassin:SpamAssassin version 3.0.3 Ideas anyone ? Andrew ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrews at STUSOFT.COM Sat May 28 20:57:31 2005 From: andrews at STUSOFT.COM (andrews) Date: Thu Jan 12 21:29:49 2006 Subject: Blacklisted but still delivered ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Silly me - its was part of a mutiple recipient spam where only the one recipient was blacklisted, they managed to guess a correct address. Andrew andrews wrote: > Just had a funny occur. > > Email came in, was on a black list and the log says it was blacklisted, > but it was still delivered ? > > May 28 20:35:04 newmail MailScanner[28141]: Message j4SJYXsP030795 from > 84.100.105.113 (tdxomxihnxogf@foncina.com) to stusoft.com is spam > (blacklisted) > May 28 20:35:04 newmail MailScanner[28141]: Spam Actions: message > j4SJYXsP030795 actions are store > May 28 20:35:07 newmail MailScanner[28141]: Virus and Content Scanning: > Starting > May 28 20:35:08 newmail MailScanner[28141]: New Batch: Scanning 1 > messages, 5923 bytes > May 28 20:35:08 newmail MailScanner[28141]: Spam Checks: Starting > May 28 20:35:11 newmail MailScanner[28141]: Virus and Content Scanning: > Starting > May 28 20:35:12 newmail MailScanner[28141]: Uninfected: Delivered 1 > messages > May 28 20:35:12 newmail sendmail[30841]: j4SJYXsQ030795: > to=, delay=00:00:23, xdelay=00:00:00, mailer=local, > pri=155427, dsn=2.0.0, stat=Sent > > Apologies if I have missed a previous discussion about this. > > MailScanner: This is MailScanner version 4.41.3 > Spamassassin:SpamAssassin version 3.0.3 > > Ideas anyone ? > > Andrew > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Sun May 29 11:28:44 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: On Friday, May 27, 2005 7:48 PM Alex Neuman wrote: > Do you use sendmail? No Exim. With Exim stuff like this is pretty easy. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Sun May 29 11:29:58 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:49 2006 Subject: OT: GreetPause delay Message-ID: On Friday, May 27, 2005 8:22 PM Alex Neuman wrote: > Perhaps he means delaying it further *after* the HELO between MAIL > FROM: > and RCPT TO: and DATA. I think Exim can do that. That's right. I use Greet-Pause for "bad IPs" and further delaying and enforced pipelining on "bad IPs", helo failures, SPF etc. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 29 14:58:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: SA-Learn from raw files? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You should give it untouched RFC822 messages, not raw queue files. Max Kipness wrote: >Does this work? I placed a matching qf and df file in a directory and then >ran: > >sa-learn ^Öspam /path/to/directory > >It said it examined 2 messages and learned from 2 messages even though there >was only 1 email (but two files qf, df). > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 29 16:18:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Header added to outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steffan Henke wrote: >On Fri, 27 May 2005, Julian Field wrote: > > > >>I think the latest beta has that fixed. The messages are still >>scanned anyway (you have to do a whole batch at a time, that's the >>point of having batches) but it doesn't include the reports in the >>outgoing message. So as far as the recipient is concerned it hasn't >>been scanned. >> >> > > >I gave the latest beta a try, but still get the header >X-MailScanner: Found to be clean . >I also noticed that, no matter what rulesets I use, email to every domain >on my server is scanned. > >Let's say "domains.to.scan.rules" looks like this: >To: a.com yes >To: b.com yes >To: default no > >Strangely enough, mail to "c.com" on the server is scanned now ?! >Has the default behaviour of parsing the rulesets changed >in any of the latest releases ? > > Found and fixed. This is a bug I accidentally introduced recently as a result of another change someone wanted. I think I have found them all now. The scanning was working as intended, but the wrong header was being put in. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Sun May 29 16:31:59 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:49 2006 Subject: Header added to outgoing messages Message-ID: On Sun, 29 May 2005, Julian Field wrote: > Found and fixed. This is a bug I accidentally introduced recently as a > result of another change someone wanted. I think I have found them all > now. The scanning was working as intended, but the wrong header was > being put in. Julian, thanks again ! Anyways, to make sure no headers at all are added to outgoing messages, I changed the occurences of Dangerous Content Scanning Always Include SpamAssassin Report Use SpamAssassin from "yes" to the ruleset of the domains I would like to have scanned and everything went well, no headers and no scanning at all. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at HOME.CARLO65.DE Sun May 29 18:40:35 2005 From: mailscanner at HOME.CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:29:49 2006 Subject: Edited MailWatch.pm (CVS-Version) for use with new Perl-DBD-mysql module Message-ID: Hi all, as I had trouble installing version 2.1028 of Perl-DBD-MySQL on my SuSE 9.3 box, I decided to use the version of MailWatch.pm, somebody from the list sent a couple of months ago. Attached MailWatch.pm is a revised version and works with the current CVS release of MailWatch including MCP. Kind regards, Roland ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-PERL 10KB. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Sun May 29 23:10:16 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:49 2006 Subject: SV: Edited MailWatch.pm (CVS-Version) for use with new Perl-DBD-mysql module Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, I was about to do that myself (tomorrow in fact), and this saves some time... will give it a twirl tomorrow. BTW, this is the wrong list, consider dropping ot to mailwatch-users@lists.sourceforge.net too. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Roland Ehle Skickat: sö 2005-05-29 19:40 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Edited MailWatch.pm (CVS-Version) for use with new Perl-DBD-mysql module Hi all, as I had trouble installing version 2.1028 of Perl-DBD-MySQL on my SuSE 9.3 box, I decided to use the version of MailWatch.pm, somebody from the list sent a couple of months ago. Attached MailWatch.pm is a revised version and works with the current CVS release of MailWatch including MCP. Kind regards, Roland ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Mon May 30 04:21:20 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Hmm thats a little long...but still acceptable I guess.. > > have you gone through vmstat/sa type info to see if you can find > anything there that would help > # uptime 08:49:03 up 6 days, 21:13, 3 users, load average: 2.33, 2.14, 1.50 # vmstat procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 141960 40420 83580 107004 2 8 33 25 70 29 40 9 51 # sa # 'sa' doesn't show anything > -- > Martin Hepworth -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 12:17:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Beta release 4.42.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released 4.42.5 as the last test release before the stable release on or around 1st June. The last remaining problems with unscanned mail either getting scanned or saying it has been scanned should now be fixed. I have also improved the SuSE init.d script for SuSE 9.3. Download as usual from www.mailscanner.info. Here is the full Change Log for this release: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now provide the ability to alter the Subject: line if any HTML tags in the body of the message were disarmed (by having their "Allow .... Tags" set to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how many Spam Lists a message must appear in before it is considered to be spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon May 30 12:35:08 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:49 2006 Subject: Beta release 4.42.6 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they > check to ensure all input files have content before starting. Dunno if this is related to the above fix, but I get the following error trying to run the upgrade (from 4.42.5 if that makes any difference): | Global symbol "$oldfnamd" requires explicit package name at /usr/sbin/upgrade_MailScanner_conf line 154. | Execution of /usr/sbin/upgrade_MailScanner_conf aborted due to compilation errors. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 12:37:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Beta release 4.42.6 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I did of course mean 4.42.6. Julian Field wrote: > I have just released 4.42.5 as the last test release before the stable > release on or around 1st June. > The last remaining problems with unscanned mail either getting scanned > or saying it has been scanned should now be fixed. > > I have also improved the SuSE init.d script for SuSE 9.3. > > Download as usual from www.mailscanner.info. > > Here is the full Change Log for this release: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate > from > this version if you want Sophos to work (both the sophos and sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in the > body of the message were disarmed (by having their "Allow .... Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so > they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned mail when > using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh scripts. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 12:43:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:49 2006 Subject: Beta release 4.42.6 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Wilcock wrote: > Julian Field wrote: > >> - Added check to upgrade_MailScanner_conf and upgrade_langages_conf >> so they >> check to ensure all input files have content before starting. > > > Dunno if this is related to the above fix, but I get the following error > trying to run the upgrade (from 4.42.5 if that makes any difference): > | Global symbol "$oldfnamd" requires explicit package name at > /usr/sbin/upgrade_MailScanner_conf line 154. > | Execution of /usr/sbin/upgrade_MailScanner_conf aborted due to > compilation errors. Wretched typo. Should of course be "$oldfname". I have just fixed it and released 4.42.7. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon May 30 14:09:48 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:49 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>Hmm thats a little long...but still acceptable I guess.. >> >>have you gone through vmstat/sa type info to see if you can find >>anything there that would help >> > > > # uptime > 08:49:03 up 6 days, 21:13, 3 users, load average: 2.33, 2.14, 1.50 > Looks ok. > # vmstat > procs memory swap io system cpu > r b w swpd free buff cache si so bi bo in cs us sy id > 0 0 0 141960 40420 83580 107004 2 8 33 25 70 29 40 9 51 > Use # vmstat 2 and show us a few lines (abort with ctrl-C) > # sa > # > > 'sa' doesn't show anything > He meant the sar reports. In redhat, see the /var/log/sa/sar* reports. > > >>-- >>Martin Hepworth > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at UNIVAP.BR Mon May 30 15:04:10 2005 From: vlad at UNIVAP.BR (Vladimir M Costa) Date: Thu Jan 12 21:29:50 2006 Subject: Avg 7 antivirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, New installation of Grisoft AVG 7 for linux is into /opt/grisoft/avg7 subtree. This is valid for versions 7.0.12 and higher. In the configuration file '/etc/Mailscanner/virus.scanners.conf', is necessary change the installation directory to update/scan performed by Mailscanner. Vladimir M Costa ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon May 30 15:27:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:50 2006 Subject: Avg 7 antivirus Message-ID: Vladimir M Costa wrote: > Hi Julian, > > > New installation of Grisoft AVG 7 for linux is into /opt/grisoft/avg7 > subtree. This is valid for versions 7.0.12 and higher. > > In the configuration file '/etc/Mailscanner/virus.scanners.conf', is > necessary change the installation directory to update/scan performed > by Mailscanner. > > > > Vladimir M Costa > If that is all that differs, and if AVG is probable to "live in parallell versions" for a while, perhaps the best fix is to make a viki entry at http://wiki.mailscanner.info (perhaps documentation:anti_virus:AVG:index or somesuch). We have entries for mcafee, clamav, bitdefender and f-prot ... and it would be nice if someone, who actually use one of the others, would make entries for 'em. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon May 30 16:04:48 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:29:50 2006 Subject: System load is very high because of MailScanner Message-ID: You need to remove some of the spam tests check /etc/mail/spamassassin and see if you have and rules sets (.cf) that are bigger than 100K if you do re name them .bak and restart Mailscanner and see if your CPU load goes down. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BG Mahesh Sent: Sunday, May 29, 2005 8:21 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: System load is very high because of MailScanner > > Hmm thats a little long...but still acceptable I guess.. > > have you gone through vmstat/sa type info to see if you can find > anything there that would help > # uptime 08:49:03 up 6 days, 21:13, 3 users, load average: 2.33, 2.14, 1.50 # vmstat procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 141960 40420 83580 107004 2 8 33 25 70 29 40 9 51 # sa # 'sa' doesn't show anything > -- > Martin Hepworth -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Mon May 30 16:02:42 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: I encountered an similar error on a x86-gentoo-machine after updating to the actual mailscanner version after a few hours the mailscanner simply don't take the mail out of the hold folder and needs to be restarted to work again. until version 4.42.7-1 the bug still exists :( spamassassin 3.0.2,clamav 0.83,postfix 2.1.5 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 17:36:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have not been able to reproduce this problem. Sorry. Dirk Rieger wrote: >I encountered an similar error on a x86-gentoo-machine after updating to the >actual mailscanner version >after a few hours the mailscanner simply don't take the mail out of the hold >folder and needs to be restarted to work again. until version 4.42.7-1 the >bug still exists :( > >spamassassin 3.0.2,clamav 0.83,postfix 2.1.5 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From diego.fabara at ALEGROPCS.COM Mon May 30 17:38:04 2005 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:29:50 2006 Subject: did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Message-ID: Is it a problem with any mailscanner's parameters ?? May 30 11:33:16 aspamalegro sendmail[29226]: j4UGFhew029226: imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:33:40 aspamalegro sendmail[29259]: j4UGG4wh029259: imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:33:58 aspamalegro sendmail[31909]: j4UGW7DE031909: [65.170.70.38] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:34:05 aspamalegro sendmail[29270]: j4UGG5mM029270: imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:34:39 aspamalegro sendmail[32286]: j4UGYdmi032286: plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:34:47 aspamalegro sendmail[29640]: j4UGJ5qK029640: ns3.impsat.net.ec [200.31.6.44] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:34:54 aspamalegro sendmail[32309]: j4UGYsoT032309: omc3-s9.bay6.hotmail.com [65.54.249.83] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:35:00 aspamalegro sendmail[29642]: j4UGJFPw029642: ns3.impsat.net.ec [200.31.6.44] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:35:03 aspamalegro sendmail[32358]: j4UGZ30e032358: plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:35:04 aspamalegro sendmail[32364]: j4UGZ4LX032364: plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA May 30 11:35:08 aspamalegro sendmail[32372]: j4UGZ8DR032372: out008.topica-platinum-y.com [66.227.60.28] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon May 30 17:45:01 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have experianced this too... Fedore core 2 , mailscanner-4.40.11-1 sendmail 8.12.11, spamassassin-3.0.3-3_22.1.rhfc2.at I now restart mailscanner every hour via cron because of this... Rob... ----- Original Message ----- From: "Julian Field" To: Sent: Monday, May 30, 2005 12:36 PM Subject: Re: MailScanner children dying and not picking up new mail >I have not been able to reproduce this problem. Sorry. > > Dirk Rieger wrote: > >>I encountered an similar error on a x86-gentoo-machine after updating to >>the >>actual mailscanner version >>after a few hours the mailscanner simply don't take the mail out of the >>hold >>folder and needs to be restarted to work again. until version 4.42.7-1 the >>bug still exists :( >> >>spamassassin 3.0.2,clamav 0.83,postfix 2.1.5 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 17:50:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is not connected with MailScanner at all. Someone is connecting to your SMTP server and then disconnecting again. Quite possible they are either probing your network or checking to see if your SMTP server is alive for some reason. Diego Fabara wrote: >Is it a problem with any mailscanner's parameters ?? > >May 30 11:33:16 aspamalegro sendmail[29226]: j4UGFhew029226: >imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during >connection to MTA >May 30 11:33:40 aspamalegro sendmail[29259]: j4UGG4wh029259: >imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during >connection to MTA >May 30 11:33:58 aspamalegro sendmail[31909]: j4UGW7DE031909: >[65.170.70.38] did not issue MAIL/EXPN/VRFY/ETRN during connection to >MTA >May 30 11:34:05 aspamalegro sendmail[29270]: j4UGG5mM029270: >imr1.ericy.com [198.24.6.9] did not issue MAIL/EXPN/VRFY/ETRN during >connection to MTA >May 30 11:34:39 aspamalegro sendmail[32286]: j4UGYdmi032286: >plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue >MAIL/EXPN/VRFY/ETRN during connection to MTA >May 30 11:34:47 aspamalegro sendmail[29640]: j4UGJ5qK029640: >ns3.impsat.net.ec [200.31.6.44] did not issue MAIL/EXPN/VRFY/ETRN during >connection to MTA >May 30 11:34:54 aspamalegro sendmail[32309]: j4UGYsoT032309: >omc3-s9.bay6.hotmail.com [65.54.249.83] did not issue >MAIL/EXPN/VRFY/ETRN during connection to MTA >May 30 11:35:00 aspamalegro sendmail[29642]: j4UGJFPw029642: >ns3.impsat.net.ec [200.31.6.44] did not issue MAIL/EXPN/VRFY/ETRN during >connection to MTA >May 30 11:35:03 aspamalegro sendmail[32358]: j4UGZ30e032358: >plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue >MAIL/EXPN/VRFY/ETRN during connection to MTA >May 30 11:35:04 aspamalegro sendmail[32364]: j4UGZ4LX032364: >plb95-2-82-236-77-85.fbx.proxad.net [82.236.77.85] did not issue >MAIL/EXPN/VRFY/ETRN during connection to MTA >May 30 11:35:08 aspamalegro sendmail[32372]: j4UGZ8DR032372: >out008.topica-platinum-y.com [66.227.60.28] did not issue >MAIL/EXPN/VRFY/ETRN during connection to MTA > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 17:52:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Interesting that it is also happening with sendmail. That helps. Rob wrote: > I have experianced this too... > > Fedore core 2 , mailscanner-4.40.11-1 > sendmail 8.12.11, spamassassin-3.0.3-3_22.1.rhfc2.at > > > I now restart mailscanner every hour via cron because of this... > > Rob... > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Monday, May 30, 2005 12:36 PM > Subject: Re: MailScanner children dying and not picking up new mail > > >> I have not been able to reproduce this problem. Sorry. >> >> Dirk Rieger wrote: >> >>> I encountered an similar error on a x86-gentoo-machine after >>> updating to >>> the >>> actual mailscanner version >>> after a few hours the mailscanner simply don't take the mail out of the >>> hold >>> folder and needs to be restarted to work again. until version >>> 4.42.7-1 the >>> bug still exists :( >>> >>> spamassassin 3.0.2,clamav 0.83,postfix 2.1.5 >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 18:24:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can you try the attached patch for /usr/sbin/MailScanner. It should apply successfully to most recent versions, as this file changes pretty rarely. Please let me know how you get on, if my hunch is correct then it should help. Brent Emerson wrote: >I'm seeing the same behavior that was reported by Nigel Kennedy in the >thread "MailScanner occasionally not picking up from the hold queue" and >which is detailed in Debian bug #305239 >(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305239): An MS child >dies of old age, another child is spawned, and the new process never picks >up any messages from the hold queue. Eventually, all my MS children are >in state "sleeping" and all incoming mail accumulates in the hold queue. >A stop/start restores things to normal. The problem almost always seems >to occur exactly 4 hours after my automated 23:10 MS restart (3:10am), >when system load is low. > >My system: FreeBSD 4.9, Postfix 2.2.2, MailScanner 4.41.3, SpamAssassin >3.0.3, ClamAV 0.85. Most or all of my relevant perl modules are the >latest versions, which in some cases may be later than what Julian >recommends. > >Has there been a resolution/diagnosis of this yet? Any clues? Any debug >work I can do? > >Brent Emerson > >----Electric Embers: Powering the fires of change-------------------- > NPOGroups | NPOMail | NPOShield | web/database/email hosting >----http://electricembers.net--------A member of N-TEN and NoBAWC---- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.2KB. ] [ Unable to print this part. ] From rob at THEHOSTMASTERS.COM Mon May 30 18:28:48 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will try it tomorrow morning as I would have to stop the cronjob and for today, for me to keep an eye on it, is too close to days end... But I will try it tomorrow morning... I will let ya know how it goes... Thanks.. Rob... ----- Original Message ----- From: "Julian Field" To: Sent: Monday, May 30, 2005 1:24 PM Subject: Re: MailScanner children dying and not picking up new mail > Please can you try the attached patch for /usr/sbin/MailScanner. It > should apply successfully to most recent versions, as this file changes > pretty rarely. > > Please let me know how you get on, if my hunch is correct then it should > help. > > Brent Emerson wrote: > >>I'm seeing the same behavior that was reported by Nigel Kennedy in the >>thread "MailScanner occasionally not picking up from the hold queue" and >>which is detailed in Debian bug #305239 >>(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305239): An MS child >>dies of old age, another child is spawned, and the new process never picks >>up any messages from the hold queue. Eventually, all my MS children are >>in state "sleeping" and all incoming mail accumulates in the hold queue. >>A stop/start restores things to normal. The problem almost always seems >>to occur exactly 4 hours after my automated 23:10 MS restart (3:10am), >>when system load is low. >> >>My system: FreeBSD 4.9, Postfix 2.2.2, MailScanner 4.41.3, SpamAssassin >>3.0.3, ClamAV 0.85. Most or all of my relevant perl modules are the >>latest versions, which in some cases may be later than what Julian >>recommends. >> >>Has there been a resolution/diagnosis of this yet? Any clues? Any debug >>work I can do? >> >>Brent Emerson >> >>----Electric Embers: Powering the fires of change-------------------- >> NPOGroups | NPOMail | NPOShield | web/database/email hosting >>----http://electricembers.net--------A member of N-TEN and NoBAWC---- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 18:51:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scrub that patch. This is going to take a lot more looking at than I thought. No immediate solution folks, sorry. Julian Field wrote: > Please can you try the attached patch for /usr/sbin/MailScanner. It > should apply successfully to most recent versions, as this file changes > pretty rarely. > > Please let me know how you get on, if my hunch is correct then it should > help. > > Brent Emerson wrote: > >> I'm seeing the same behavior that was reported by Nigel Kennedy in the >> thread "MailScanner occasionally not picking up from the hold queue" and >> which is detailed in Debian bug #305239 >> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305239): An MS child >> dies of old age, another child is spawned, and the new process never >> picks >> up any messages from the hold queue. Eventually, all my MS children are >> in state "sleeping" and all incoming mail accumulates in the hold queue. >> A stop/start restores things to normal. The problem almost always seems >> to occur exactly 4 hours after my automated 23:10 MS restart (3:10am), >> when system load is low. >> >> My system: FreeBSD 4.9, Postfix 2.2.2, MailScanner 4.41.3, SpamAssassin >> 3.0.3, ClamAV 0.85. Most or all of my relevant perl modules are the >> latest versions, which in some cases may be later than what Julian >> recommends. >> >> Has there been a resolution/diagnosis of this yet? Any clues? Any >> debug >> work I can do? >> >> Brent Emerson >> >> ----Electric Embers: Powering the fires of change-------------------- >> NPOGroups | NPOMail | NPOShield | web/database/email hosting >> ----http://electricembers.net--------A member of N-TEN and NoBAWC---- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 19:14:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Okay, this patch is rather better. Please try applying it to /usr/sbin/MailScanner and let me know if it helps. Julian Field wrote: > Scrub that patch. This is going to take a lot more looking at than I > thought. > No immediate solution folks, sorry. > > Julian Field wrote: > >> Please can you try the attached patch for /usr/sbin/MailScanner. It >> should apply successfully to most recent versions, as this file changes >> pretty rarely. >> >> Please let me know how you get on, if my hunch is correct then it should >> help. >> >> Brent Emerson wrote: >> >>> I'm seeing the same behavior that was reported by Nigel Kennedy in the >>> thread "MailScanner occasionally not picking up from the hold queue" >>> and >>> which is detailed in Debian bug #305239 >>> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305239): An MS child >>> dies of old age, another child is spawned, and the new process never >>> picks >>> up any messages from the hold queue. Eventually, all my MS children >>> are >>> in state "sleeping" and all incoming mail accumulates in the hold >>> queue. >>> A stop/start restores things to normal. The problem almost always >>> seems >>> to occur exactly 4 hours after my automated 23:10 MS restart (3:10am), >>> when system load is low. >>> >>> My system: FreeBSD 4.9, Postfix 2.2.2, MailScanner 4.41.3, SpamAssassin >>> 3.0.3, ClamAV 0.85. Most or all of my relevant perl modules are the >>> latest versions, which in some cases may be later than what Julian >>> recommends. >>> >>> Has there been a resolution/diagnosis of this yet? Any clues? Any >>> debug >>> work I can do? >>> >>> Brent Emerson >>> >>> ----Electric Embers: Powering the fires of change-------------------- >>> NPOGroups | NPOMail | NPOShield | web/database/email hosting >>> ----http://electricembers.net--------A member of N-TEN and NoBAWC---- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.1KB. ] [ Unable to print this part. ] From raymond at PROLOCATION.NET Mon May 30 19:20:38 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Hi! > Okay, this patch is rather better. Please try applying it to > /usr/sbin/MailScanner and let me know if it helps. Is this only related to sendmail? I upgraded some exim boxes today and they seem to run ok? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 20:00:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> Okay, this patch is rather better. Please try applying it to >> /usr/sbin/MailScanner and let me know if it helps. > > > Is this only related to sendmail? I upgraded some exim boxes today and > they seem to run ok? > It's independent of the MTA being used, it may/should help with all of them. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon May 30 20:18:27 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, May 30, 2005 2:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Take 2: MailScanner children dying and not picking up new > mail > > Okay, this patch is rather better. Please try applying it to > /usr/sbin/MailScanner and let me know if it helps. > Version 4.42.7 with patch2 seems to be fine on test system here. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 21:21:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] While that version worked okay, it was inefficient as it would insist on shutting down all the MailScanner children before starting up new ones. I have now modified it to start up new ones as required (i.e. how it worked before I started tweaking it). But having you patching patches is a mess, so I will release a new beta. This will be 4.42.8 and should appear in the next few minutes. Julian Field wrote: > Raymond Dijkxhoorn wrote: > >> Hi! >> >>> Okay, this patch is rather better. Please try applying it to >>> /usr/sbin/MailScanner and let me know if it helps. >> >> >> >> Is this only related to sendmail? I upgraded some exim boxes today and >> they seem to run ok? >> > It's independent of the MTA being used, it may/should help with all of > them. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 30 21:37:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Beta release 4.42.8 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released 4.42.8. The main point of this is for you to try out the new worker-child process management code, which I hope will fix the problems a few people have been reporting, and handle the restarts efficiently. Download as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now provide the ability to alter the Subject: line if any HTML tags in the body of the message were disarmed (by having their "Allow .... Tags" set to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how many Spam Lists a message must appear in before it is considered to be spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. - Fixed typo in upgrade_MailScanner_conf. - Made significant changes to child worker process management and re-spawning, to try to avoid problems reported by a few users with MailScanner "slowly stopping working" over the space of several hours. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon May 30 23:23:46 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Hi! > While that version worked okay, it was inefficient as it would insist on > shutting down all the MailScanner children before starting up new ones. > > I have now modified it to start up new ones as required (i.e. how it > worked before I started tweaking it). But having you patching patches is > a mess, so I will release a new beta. > > This will be 4.42.8 and should appear in the next few minutes. Upgraded 6 boxes, seem to run ok, allthough the other one didnt break much for me eather... eh. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at ROGERS.COM Tue May 31 02:50:49 2005 From: gdoris at ROGERS.COM (Gerry Doris) Date: Thu Jan 12 21:29:50 2006 Subject: Mailwatch Permission Problems Message-ID: I was hoping for some help on permissions. I had everything working just fine on a Fedora Core 2 box that I upgraded on the weekend. Today I noticed that I can no longer run sa-learn from mailwatch. I get the following permission error and I can't work out how to fix it... SA Learn: error code 13 returned from sa-learn: bayes expire_old_tokens: lock: 26855 cannot create lockfile //.spamassassin/bayes.mutex: Permission denied In MailScanner.conf I have both "run as user" and "run as group" blank. The .spamassassin directory that being used is /root/.spamassassin. There's a bayes.mutex file in this directory that's being updated regularly as mail arrives. Naturally, sa-learn runs great as root from the command line. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue May 31 02:54:19 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:50 2006 Subject: Mailwatch Permission Problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You should double check this on the mailwatch list, but i think you should have the ownership of the bayes files changed to root.apache ? Pete Gerry Doris wrote: > I was hoping for some help on permissions. I had everything working just > fine on a Fedora Core 2 box that I upgraded on the weekend. Today I > noticed that I can no longer run sa-learn from mailwatch. I get the > following permission error and I can't work out how to fix it... > > SA Learn: error code 13 returned from sa-learn: bayes expire_old_tokens: > lock: 26855 cannot create lockfile //.spamassassin/bayes.mutex: > Permission denied > > In MailScanner.conf I have both "run as user" and "run as group" blank. > The .spamassassin directory that being used is /root/.spamassassin. > There's a bayes.mutex file in this directory that's being updated > regularly as mail arrives. > > Naturally, sa-learn runs great as root from the command line. > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at ROGERS.COM Tue May 31 03:25:39 2005 From: gdoris at ROGERS.COM (Gerry Doris) Date: Thu Jan 12 21:29:50 2006 Subject: Mailwatch Permission Problems Message-ID: On Tue, 31 May 2005, Peter Russell wrote: > You should double check this on the mailwatch list, but i think you > should have the ownership of the bayes files changed to root.apache ? > Pete > > Gerry Doris wrote: That fixed it. Thanks! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Thu May 26 13:47:25 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:29:50 2006 Subject: spam actions Message-ID: On Wed, 2005-05-25 at 16:05 -0400, Ugo Bellavance wrote: > MailWatch will not be aware so you might end up trying to release a > message that has been deleted by your cronjob. You can also use a > script to do the same thing to mysql. Search the archives for > clean_mailwatch. well, I've searched but not found any recommendations for trimming the mysql database. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue May 31 07:51:03 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:50 2006 Subject: spam actions Message-ID: Try this .. http://sourceforge.net/forum/forum.php?thread_id=1125762&forum_id=298819 Greg Matthews To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: spam actions 26/05/2005 10:47 PM Please respond to gmatt@nerc.ac.uk On Wed, 2005-05-25 at 16:05 -0400, Ugo Bellavance wrote: > MailWatch will not be aware so you might end up trying to release a > message that has been deleted by your cronjob. You can also use a > script to do the same thing to mysql. Search the archives for > clean_mailwatch. well, I've searched but not found any recommendations for trimming the mysql database. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 15:02:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Test message Message-ID: This is a test. 1 2 3. Submitted at just after 3pm BST. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Tue May 31 14:54:13 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: I can't see a change from the 4.42.8-1 to the older versions still the same with Mailscanner children dying and not picking new mails anymore... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Tue May 31 09:51:21 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:29:50 2006 Subject: OT (again): SA-SPF opinion Message-ID: Greetings - --On 26 May 2005 16:54:06 -0400 Stephen Swaney wrote: > I believe that SRS, Sender Rewriting Scheme, is only required if you are > relaying form you SPF hub. A typical example would be an ISP who is > relaying email from a home pc or a business hub that sends their outbound > email through the ISP's "smart relay". The ISP in this case has to > rewrite the header to make it look like the mail was sent From the smart > relay. It is also needed if, as a courtesy, your organisation allows current or past members to forward their mail off-site to an alternative mailbox. Here at our University we: * ...currently permit people to forward their incoming mail to an off-site address (although I understand this is currently under review) -- perhaps they're currently on sabbatical at another institution. * ...permit students and members of staff who have left to forward their incoming e-mail on to a new address for a period. For example this helps graduating students receive replies to requests for job information that they have sent out. In these common setups you are effectively relaying incoming mail arriving from an off-site source to a different off-site destination (albeit not in an 'open relay' manner!). We know from experience that without SRS this can cause problems if (a) the source publishes an SPF record and (b) the destination validates this. This implies that even if you choose not to publish an SPF record yourself you can still be put under pressure to implement SRS if you operate any such forwarding policy. Cheers, Mike Brudenell -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DRi at B-W-COMPUTER.DE Tue May 31 10:18:49 2005 From: DRi at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail [Virus checked] [Virus checked] Message-ID: I'm just applying the 4.42.8-version - hopefully to see a change in a few hours :) best regards Dirk Rieger Julian Field Sent by: MailScanner mailing list 30.05.2005 22:21 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Take 2: MailScanner children dying and not picking up new mail [Virus checked] While that version worked okay, it was inefficient as it would insist on shutting down all the MailScanner children before starting up new ones. I have now modified it to start up new ones as required (i.e. how it worked before I started tweaking it). But having you patching patches is a mess, so I will release a new beta. This will be 4.42.8 and should appear in the next few minutes. Julian Field wrote: > Raymond Dijkxhoorn wrote: > >> Hi! >> >>> Okay, this patch is rather better. Please try applying it to >>> /usr/sbin/MailScanner and let me know if it helps. >> >> >> >> Is this only related to sendmail? I upgraded some exim boxes today and >> they seem to run ok? >> > It's independent of the MTA being used, it may/should help with all of > them. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 15:10:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: The difference is in /usr/sbin/MailScanner. Make sure you haven't gained MailScanner.rpmnew or anything like that. and that you really do have a new one. On 31 May 2005, at 14:54, Dirk Rieger wrote: > I can't see a change from the 4.42.8-1 to the older versions > still the same with Mailscanner children dying and not picking new > mails > anymore... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 31 15:15:27 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another question on the rules... I have MailScanner.conf pointing to filename.conf.rules ...as per below #filename.conf.rules FromOrTo: bob@domain.com /etc/MailScanner/rules/filename.bob.rules FromOrTo: default /etc/MailScanner/rules/filename.default.rules #filename.bob.rules allow bob.exe - - #filename.default.rules ~ this has a boatload of denys in in...100 or so filenames.. Anyways...with the above config, *ANY FILE* sent from bob@domain.com is allowed through. Everything else works as it should (ie, no other users can send exe's or any other file listed as deny in filename.default.rules). I am assuming because the rules allow bob.exe to get through..but filename.default.rules does NOT get processed after that. Looking through the emails on the list regarding rules from last week, it would seem I need to change the filename.conf.rules so that it adds in the 2nd line as per below #filename.conf.rules FromOrTo: bob@domain.com /etc/MailScanner/rules/filename.bob.rules FromOrTo: *@domain.com /etc/MailScanner/rules/filename.defaul .rules FromOrTo: default /etc/MailScanner/rules/filename.default.rules Is this correct? Does 'default' not really mean 'everything'? I take it 'default' is only triggered if NO other rules have been processed...as opposed to meaning 'default' will ALWAYS get processed? thx Matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue May 31 15:25:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > > Another question on the rules... I have MailScanner.conf pointing to > filename.conf.rules ...as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > #filename.bob.rules > allow bob.exe - - > #filename.default.rules > ~ this has a boatload of denys in in...100 or so filenames.. > > Anyways...with the above config, *ANY FILE* sent from bob@domain.com > is allowed through. Everything else works as it > should (ie, no other users can send exe's or any other file listed as > deny in filename.default.rules). I am assuming because the rules allow > bob.exe to get through..but filename.default.rules does NOT get > processed after that. Looking through the emails on the list regarding > rules from last week, it would seem I need to change the > filename.conf.rules so that it adds in the 2nd line as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: *@domain.com > /etc/MailScanner/rules/filename.default.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > Is this correct? Does 'default' not really mean 'everything'? I take > it 'default' is only triggered if NO other rules have been > processed...as opposed to meaning 'default' will ALWAYS get processed? > Like firewall rules, first rule triggered stop the processing. The default is only processed if no other rule is triggerred. Ugo > thx > Matt > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 31 15:16:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:50 2006 Subject: Test message Message-ID: Jules that worked - recieved here 15.08. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > This is a test. 1 2 3. > > Submitted at just after 3pm BST. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DRi at B-W-COMPUTER.DE Tue May 31 15:52:22 2005 From: DRi at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail [Virus checked] [Virus checked] Message-ID: my Installation is below /opt with a symlink from /opt/MailScanner pointing to the actual Mailscanner dir /opt/MailScanner-4.42.8-1 so should be no chance to pick up an old MailScanner-Version... process is running like this: /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf best regards Dirk Rieger Julian Field Sent by: MailScanner mailing list 31.05.2005 16:10 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Take 2: MailScanner children dying and not picking up new mail [Virus checked] The difference is in /usr/sbin/MailScanner. Make sure you haven't gained MailScanner.rpmnew or anything like that. and that you really do have a new one. On 31 May 2005, at 14:54, Dirk Rieger wrote: > I can't see a change from the 4.42.8-1 to the older versions > still the same with Mailscanner children dying and not picking new > mails > anymore... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 31 15:51:47 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That doesn't go with what was said last week I don't think. Basically then, in filename.bob.rules, I have to have the ALLOW for BOB.EXE, *AND* then I have to have ALL my other denys in there that are already in filename.default.rules... ??? In which case..if I have 10 users that need various exceptions..then that means if I ever want to change my master default block list thats in filename.default.rules..I have to edit all 10 user exception rule files as well as the filename.default.rules?? This is getting pretty frustrating. All I want is to allow bob@domain.com to send one file, and then have all of the default rules applied. You'd think that would be a trivial issue to setup, without having to replicate the rules all over the place. If it was really like a proper rule processing setup as your typical firewall (I happen to work with Checkpoint, but all are pretty much the same), then you'd be able to configure it so that bob can send the bob.exe file...and if bob.PIF comes in...it would be blocked by the default rules. If you can't do that..then MailScanner is more like making exceptions ONLY based on user...and that specific user has it entirely own/separate ruleset. Thats not an exception; thats 2 rulesets. Matt >>> ugob@CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>> Matt Kehler wrote: > > Another question on the rules... I have MailScanner.conf pointing to > filename.conf.rules ...as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > #filename.bob.rules > allow bob.exe - - > #filename.default.rules > ~ this has a boatload of denys in in...100 or so filenames.. > > Anyways...with the above config, *ANY FILE* sent from bob@domain.com > is allowed through. Everything else works as it > should (ie, no other users can send exe's or any other file listed as > deny in filename.default.rules). I am assuming because the rules allow > bob.exe to get through..but filename.default.rules does NOT get > processed after that. Looking through the emails on the list regarding > rules from last week, it would seem I need to change the > filename.conf.rules so that it adds in the 2nd line as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: *@domain.com > /etc/MailScanner/rules/filename.default.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > Is this correct? Does 'default' not really mean 'everything'? I take > it 'default' is only triggered if NO other rules have been > processed...as opposed to meaning 'default' will ALWAYS get processed? > Like firewall rules, first rule triggered stop the processing. The default is only processed if no other rule is triggerred. Ugo > thx > Matt > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 31 15:54:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:50 2006 Subject: Subject tag feature - Feature ugrade request Message-ID: Jules Now that we've got (yet) another tag that maybe present in the Subject header is there anyway you could implement an 'order of precidence' for these? I've noticed at least 1 email where we got {Disarmed}{Spam?} which got missed by my MUA filters as I check for "starts with {Spam?}" rather than "contains {Spam?}". This is so I don't miss file emails from other sources that have the {Spam?} tag within the subject. Ie I'd to have {Spam?} before the {Disarmed} tag. Some people would no doubt prefer it the other way around. I guess you same code could be used for Administrator notices too, ie Virus warning maybe more important than blocked filename etc. I've no idea how difficult this would be to implement but for me this would help alot. (sent again as first one seems to have disappeared into jiscmail's bitbucket ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Tue May 31 15:58:51 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:50 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: my Installation is below /opt with a symlink from /opt/MailScanner pointing to the actual Mailscanner dir /opt/MailScanner-4.42.8-1 so should be no chance to pick up an old MailScanner-Version... process is running like this: /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf best regards Dirk Rieger ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 16:09:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What's wrong with this? Filename rules = /etc/MailScanner/rules/filename.rules Then in filename.rules put this: From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf FromOrTo: default /etc/MailScanner/all.normal.conf Then in bob.allow.conf put this: allow    bob.exe    -    - and in all.normal.conf put all your normal deny rules you apply to everyone else. Seems perfectly flexible to me :-) On 31 May 2005, at 15:51, Matt Kehler wrote: That doesn't go with what was said last week I don't think.   Basically then, in filename.bob.rules, I have to have the ALLOW for BOB.EXE, *AND* then I have to have ALL my other denys in there that are already in filename.default.rules...  ???  In which case..if I have 10 users that need various exceptions..then that means if I ever want to change my master default block list thats in filename.default.rules..I have to edit all 10 user exception rule files as well as the filename.default.rules??   This is getting pretty frustrating.  All I want is to allow bob@domain.com to send one file, and then have all of the default rules applied.  You'd think that would be a trivial issue to setup, without having to replicate the rules all over the place.    If it was really like a proper rule processing setup as your typical firewall (I happen to work with Checkpoint, but all are pretty much the same), then you'd be able to configure it so that bob can send the bob.exe file...and if bob.PIF comes in...it would be blocked by the default rules.  If you can't do that..then MailScanner is more like making exceptions ONLY based on user...and that specific user has it entirely own/separate ruleset.   Thats not an exception; thats 2 rulesets.   Matt >>> ugob@CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>> Matt Kehler wrote: >  > Another question on the rules...  I have MailScanner.conf pointing to > filename.conf.rules ...as per below >  > #filename.conf.rules > FromOrTo:       bob@domain.com          > /etc/MailScanner/rules/filename.bob.rules > FromOrTo:       default                 > /etc/MailScanner/rules/filename.default.rules >  > #filename.bob.rules > allow   bob.exe    -       - > #filename.default.rules >  ~ this has a boatload of denys in in...100 or so filenames.. >  > Anyways...with the above config, *ANY FILE* sent from bob@domain.com > is allowed through.  Everything else works as it > should (ie, no other users can send exe's or any other file listed as > deny in filename.default.rules).  I am assuming because the rules allow > bob.exe to get through..but filename.default.rules does NOT get > processed after that.  Looking through the emails on the list regarding > rules from last week, it would seem I need to change the > filename.conf.rules so that it adds in the 2nd line as per below >  > #filename.conf.rules > FromOrTo:       bob@domain.com          > /etc/MailScanner/rules/filename.bob.rules > FromOrTo:       *@domain.com >              /etc/MailScanner/rules/filename.default.rules > FromOrTo:       default                 > /etc/MailScanner/rules/filename.default.rules >  > Is this correct?  Does 'default' not really mean 'everything'?  I take > it 'default' is only triggered if NO other rules have been > processed...as opposed to meaning 'default' will ALWAYS get processed? >  Like firewall rules, first rule triggered stop the processing.  The default is only processed if no other rule is triggerred. Ugo > thx > Matt >  >  >  >  > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 16:10:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: Subject tag feature - Feature ugrade request Message-ID: For now I will just reverse the order so the Spam ends up at before Disarmed, as most people are doing what you want. On 31 May 2005, at 15:54, Martin Hepworth wrote: > Jules > Now that we've got (yet) another tag that maybe present in the Subject > header is there anyway you could implement an 'order of precidence' > for > these? > > I've noticed at least 1 email where we got {Disarmed}{Spam?} which got > missed by my MUA filters as I check for "starts with {Spam?}" rather > than "contains {Spam?}". This is so I don't miss file emails from > other > sources that have the {Spam?} tag within the subject. > > Ie I'd to have {Spam?} before the {Disarmed} tag. Some people would no > doubt prefer it the other way around. > > I guess you same code could be used for Administrator notices too, ie > Virus warning maybe more important than blocked filename etc. > > I've no idea how difficult this would be to implement but for me this > would help alot. > > (sent again as first one seems to have disappeared into jiscmail's > bitbucket ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue May 31 13:50:39 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:50 2006 Subject: spam actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: > On Wed, 2005-05-25 at 16:05 -0400, Ugo Bellavance wrote: > >>MailWatch will not be aware so you might end up trying to release a >>message that has been deleted by your cronjob. You can also use a >>script to do the same thing to mysql. Search the archives for >>clean_mailwatch. > > > well, I've searched but not found any recommendations for trimming the > mysql database. Check Dhawal's message in this thread. > > GREG > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 31 16:16:41 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nothings wrong with that..thats perfect. I was not aware that you can have 2 .conf files in the same line as per below. Apparantly thats what I was missing :) From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf If that works, then I'm set.! thank!! Matt >>> MailScanner@ECS.SOTON.AC.UK 5/31/2005 10:09:27 AM >>> What's wrong with this? Filename rules = /etc/MailScanner/rules/filename.rules Then in filename.rules put this: From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf FromOrTo: default /etc/MailScanner/all.normal.conf Then in bob.allow.conf put this: allow bob.exe - - and in all.normal.conf put all your normal deny rules you apply to everyone else. Seems perfectly flexible to me :-) On 31 May 2005, at 15:51, Matt Kehler wrote: That doesn't go with what was said last week I don't think. Basically then, in filename.bob.rules, I have to have the ALLOW for BOB.EXE, *AND* then I have to have ALL my other denys in there that are already in filename.default.rules... ??? In which case..if I have 10 users that need various exceptions..then that means if I ever want to change my master default block list thats in filename.default.rules..I have to edit all 10 user exception rule files as well as the filename.default.rules?? This is getting pretty frustrating. All I want is to allow bob@domain.com to send one file, and then have all of the default rules applied. You'd think that would be a trivial issue to setup, without having to replicate the rules all over the place. If it was really like a proper rule processing setup as your typical firewall (I happen to work with Checkpoint, but all are pretty much the same), then you'd be able to configure it so that bob can send the bob.exe file...and if bob.PIF comes in...it would be blocked by the default rules. If you can't do that..then MailScanner is more like making exceptions ONLY based on user...and that specific user has it entirely own/separate ruleset. Thats not an exception; thats 2 rulesets. Matt >>> ugob@CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>> Matt Kehler wrote: > > Another question on the rules... I have MailScanner.conf pointing to > filename.conf.rules ...as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > #filename.bob.rules > allow bob.exe - - > #filename.default.rules > ~ this has a boatload of denys in in...100 or so filenames.. > > Anyways...with the above config, *ANY FILE* sent from bob@domain.com > is allowed through. Everything else works as it > should (ie, no other users can send exe's or any other file listed as > deny in filename.default.rules). I am assuming because the rules allow > bob.exe to get through..but filename.default.rules does NOT get > processed after that. Looking through the emails on the list regarding > rules from last week, it would seem I need to change the > filename.conf.rules so that it adds in the 2nd line as per below > > #filename.conf.rules > FromOrTo: bob@domain.com > /etc/MailScanner/rules/filename.bob.rules > FromOrTo: *@domain.com > /etc/MailScanner/rules/filename.default.rules > FromOrTo: default > /etc/MailScanner/rules/filename.default.rules > > Is this correct? Does 'default' not really mean 'everything'? I take > it 'default' is only triggered if NO other rules have been > processed...as opposed to meaning 'default' will ALWAYS get processed? > Like firewall rules, first rule triggered stop the processing. The default is only processed if no other rule is triggerred. Ugo > thx > Matt > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 16:27:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can have as many .conf files as you like in 1 line, which enables you to concatenate rulesets. The ruleset system is very flexible, to the point of confusion when you start concatenating multiple .conf files and multiple settings, which you can do with some configuration options. On 31 May 2005, at 16:16, Matt Kehler wrote: Nothings wrong with that..thats perfect.  I was not aware that you can have 2 .conf files in the same line  as per below.  Apparantly thats what I was missing :)   From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf   If that works, then I'm set.!   thank!! Matt >>> MailScanner@ECS.SOTON.AC.UK 5/31/2005 10:09:27 AM >>> What's wrong with this? Filename rules = /etc/MailScanner/rules/filename.rules Then in filename.rules put this: From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf FromOrTo: default /etc/MailScanner/all.normal.conf Then in bob.allow.conf put this: allow    bob.exe    -    - and in all.normal.conf put all your normal deny rules you apply to everyone else. Seems perfectly flexible to me :-) On 31 May 2005, at 15:51, Matt Kehler wrote: That doesn't go with what was said last week I don't think.   Basically then, in filename.bob.rules, I have to have the ALLOW for BOB.EXE, *AND* then I have to have ALL my other denys in there that are already in filename.default.rules...  ???  In which case..if I have 10 users that need various exceptions..then that means if I ever want to change my master default block list thats in filename.default.rules..I have to edit all 10 user exception rule files as well as the filename.default.rules??   This is getting pretty frustrating.  All I want is to allow bob@domain.com to send one file, and then have all of the default rules applied.  You'd think that would be a trivial issue to setup, without having to replicate the rules all over the place.    If it was really like a proper rule processing setup as your typical firewall (I happen to work with Checkpoint, but all are pretty much the same), then you'd be able to configure it so that bob can send the bob.exe file...and if bob.PIF comes in...it would be blocked by the default rules.  If you can't do that..then MailScanner is more like making exceptions ONLY based on user...and that specific user has it entirely own/separate ruleset.   Thats not an exception; thats 2 rulesets.   Matt >>> ugob@CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>> Matt Kehler wrote: >  > Another question on the rules...  I have MailScanner.conf pointing to > filename.conf.rules ...as per below >  > #filename.conf.rules > FromOrTo:       bob@domain.com          > /etc/MailScanner/rules/filename.bob.rules > FromOrTo:       default                 > /etc/MailScanner/rules/filename.default.rules >  > #filename.bob.rules > allow   bob.exe    -       - > #filename.default.rules >  ~ this has a boatload of denys in in...100 or so filenames.. >  > Anyways...with the above config, *ANY FILE* sent from bob@domain.com > is allowed through.  Everything else works as it > should (ie, no other users can send exe's or any other file listed as > deny in filename.default.rules).  I am assuming because the rules allow > bob.exe to get through..but filename.default.rules does NOT get > processed after that.  Looking through the emails on the list regarding > rules from last week, it would seem I need to change the > filename.conf.rules so that it adds in the 2nd line as per below >  > #filename.conf.rules > FromOrTo:       bob@domain.com          > /etc/MailScanner/rules/filename.bob.rules > FromOrTo:       *@domain.com >              /etc/MailScanner/rules/filename.default.rules > FromOrTo:       default                 > /etc/MailScanner/rules/filename.default.rules >  > Is this correct?  Does 'default' not really mean 'everything'?  I take > it 'default' is only triggered if NO other rules have been > processed...as opposed to meaning 'default' will ALWAYS get processed? >  Like firewall rules, first rule triggered stop the processing.  The default is only processed if no other rule is triggerred. Ugo > thx > Matt >  >  >  >  > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 16:37:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 31 May 2005, at 15:15, Matt Kehler wrote:   Another question on the rules...  I have MailScanner.conf pointing to filename.conf.rules ...as per below   #filename.conf.rules FromOrTo:       bob@domain.com         /etc/MailScanner/rules/filename.bob.rules FromOrTo:       default                 /etc/MailScanner/rules/filename.default.rules   #filename.bob.rules allow   bob.exe    -       - #filename.default.rules  ~ this has a boatload of denys in in...100 or so filenames..   Anyways...with the above config, *ANY FILE* sent from bob@domain.com is allowed through. Correct. The "default" ruleset is only used when no other rules match at all. So this will be used in all cases except where the message is to or from bob@domain.com. The filename.rules.conf and filetype.rules.conf are "default allow". If you want "default deny" then you need to add a rule to the end of filename.bob.rules that denies everything.   Everything else works as it should (ie, no other users can send exe's or any other file listed as deny in filename.default.rules).  I am assuming because the rules allow bob.exe to get through..but filename.default.rules does NOT get processed after that. Correct.   Looking through the emails on the list regarding rules from last week, it would seem I need to change the filename.conf.rules so that it adds in the 2nd line as per below   #filename.conf.rules FromOrTo:       bob@domain.com         /etc/MailScanner/rules/filename.bob.rules FromOrTo:       *@domain.com             /etc/MailScanner/rules/filename.defaul .rules FromOrTo:       default                 /etc/MailScanner/rules/filename.default.rules   Is this correct? Yes.   Does 'default' not really mean 'everything'? If I meant "everything" that is what it would have said :-) The "default" rule in a ruleset is *ONLY* used when no other rule matches. It specified the default action to be taken in the event that nothing else defines an action.   I take it 'default' is only triggered if NO other rules have been processed...as opposed to meaning 'default' will ALWAYS get processed? Correct. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue May 31 16:29:28 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:50 2006 Subject: No subject Message-ID: I note that it is possible to use MailScanner to disinfect viruses that are contained as excel and word macros. I was wondering, however, if it was possible to use this set up to remove all macros, regardless of whether they have been detected as viruses? Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue May 31 16:32:19 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:50 2006 Subject: Problems with Bitdefender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I run Bitdefender and McAfee on my MS servers (4.35.5 and 4.34.4). This morning I noticed my quarantine dir getting bigger. Since I don't quarantine virus infected messages, it had to be something else. Turns out it was an undetected virus by McAfee (another one). Bitdefender was catching it (last updated this morning at 10:41 and file was quarantined at 11:02) but MS still quarantined it. Is there something wrong with MS' virus detection with Bitdefender? Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Tue May 31 16:23:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > That doesn't go with what was said last week I don't think. > > Basically then, in filename.bob.rules, I have to have the ALLOW for > BOB.EXE, *AND* then I have to have ALL my other denys in there that are > already in filename.default.rules... ??? In which case..if I have 10 > users that need various exceptions..then that means if I ever want to > change my master default block list thats in filename.default.rules..I > have to edit all 10 user exception rule files as well as the > filename.default.rules?? > > This is getting pretty frustrating. All I want is to allow > bob@domain.com to send one file, and then have > all of the default rules applied. You'd think that would be a trivial > issue to setup, without having to replicate the rules all over the place. > > If it was really like a proper rule processing setup as your typical > firewall (I happen to work with Checkpoint, but all are pretty much the > same), then you'd be able to configure it so that bob can send the > bob.exe file...and if bob.PIF comes in...it would be blocked by the > default rules. If you can't do that..then MailScanner is more like > making exceptions ONLY based on user...and that specific user has it > entirely own/separate ruleset. Thats not an exception; thats 2 rulesets. I never said MailScanner could do exceptions. In fact, I said the opposite, in some post in this thread. I'm not a ruleset guru, but based on what Julian said in that post: To: user@domain.com filename.allowexe.conf To *@domain.com filename.normal.conf FromOrTo: default filename.rules.conf If a message arrives addressed to user@domain.com, the rules applied are all those in filename.allowexe.conf followed by filename.normal.conf. If a message arrives addressed to any-other-user@domain.com, the rules applied are all those in filename.normal.conf. Mail from or to anywhere else has the filename.rules.conf applied. So if you would make, instead of *@domain.com, a line with total wildcards, you'd probably be able to get the result you want. However, make sure you'll never hit the default. Julian, could you confirm (theoratically) what I said here, so that I'm not misleading anyone? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue May 31 16:39:49 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:50 2006 Subject: Problems with Bitdefender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Hello, > > I run Bitdefender and McAfee on my MS servers (4.35.5 and 4.34.4). > This morning I noticed my quarantine dir getting bigger. > > Since I don't quarantine virus infected messages, it had to be > something else. Turns out it was an undetected virus by McAfee > (another one). Bitdefender was catching it (last updated this morning > at 10:41 and file was quarantined at 11:02) but MS still quarantined it. > > Is there something wrong with MS' virus detection with Bitdefender? > > Denis > Some log information: May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: from=, size=25281, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=host18-9.pool80207.interbusiness.it [80.207.9.18] May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: to=<...>, delay=00:00:01, mailer=relay, pri=55281, stat=queued May 31 11:28:40 smtpe2 MailScanner[8358]: /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/20_04_2005.exe infected: Win32.Bagle.BO@mm May 31 11:28:40 smtpe2 MailScanner[8358]: /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/5.zip=>20_04_2005.exe infected: Win32.Bagle.BO@mm May 31 11:28:40 smtpe2 MailScanner[8358]: Infected message j4VFSYb7012101 came from 80.207.9.18 May 31 11:28:40 smtpe2 MailScanner[8358]: Filename Checks: Fichiers EXE dangereux (j4VFSYb7012101 20_04_2005.exe) May 31 11:28:40 smtpe2 MailScanner[8358]: Saved entire message to /quarantaine/usherbrooke/20050531/j4VFSYb7012101 May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected "20_04_2005.exe" to /quarantaine/usherbrooke/20050531/j4VFSYb7012101 May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected "5.zip" to /quarantaine/usherbrooke/20050531/j4VFSYb7012101 May 31 11:28:41 smtpe2 sendmail[12174]: j4VFSYb7012101: to=<...>, delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=145281, relay=courriel.usherbrooke.ca. [132.210.244.161], dsn=2.0.0, stat=Sent (j4VFSf105362 Message accepted for delivery) Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Tue May 31 16:45:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: No subject Message-ID: On 31 May 2005, at 16:29, Gray, Richard wrote: > I note that it is possible to use MailScanner to disinfect viruses > that are contained as excel and word macros. > > I was wondering, however, if it was possible to use this set up to > remove all macros, regardless of whether they have been detected as > viruses? No. The disinfection is done by the virus scanners, so unless they can do it you are stuck. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue May 31 16:48:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: My head hurts... On 31 May 2005, at 16:23, Ugo Bellavance wrote: > Matt Kehler wrote: > >> That doesn't go with what was said last week I don't think. >> Basically then, in filename.bob.rules, I have to have the ALLOW >> for BOB.EXE, *AND* then I have to have ALL my other denys in there >> that are already in filename.default.rules... ??? In which >> case..if I have 10 users that need various exceptions..then that >> means if I ever want to change my master default block list thats >> in filename.default.rules..I have to edit all 10 user exception >> rule files as well as the filename.default.rules?? >> This is getting pretty frustrating. All I want is to allow >> bob@domain.com to send one file, and then >> have all of the default rules applied. You'd think that would be >> a trivial issue to setup, without having to replicate the rules >> all over the place. If it was really like a proper rule >> processing setup as your typical firewall (I happen to work with >> Checkpoint, but all are pretty much the same), then you'd be able >> to configure it so that bob can send the bob.exe file...and if >> bob.PIF comes in...it would be blocked by the default rules. If >> you can't do that..then MailScanner is more like making exceptions >> ONLY based on user...and that specific user has it entirely own/ >> separate ruleset. Thats not an exception; thats 2 rulesets. >> > > I never said MailScanner could do exceptions. In fact, I said the > opposite, in some post in this thread. > > I'm not a ruleset guru, but based on what Julian said in that post: > > > > To: user@domain.com filename.allowexe.conf > To *@domain.com filename.normal.conf > FromOrTo: default filename.rules.conf > > If a message arrives addressed to user@domain.com, the rules > applied are > all those in filename.allowexe.conf followed by filename.normal.conf. > > If a message arrives addressed to any-other-user@domain.com, the rules > applied are all those in filename.normal.conf. > > Mail from or to anywhere else has the filename.rules.conf applied. > > > So if you would make, instead of *@domain.com, a line with total > wildcards, you'd probably be able to get the result you want. > However, make sure you'll never hit the default. > > Julian, could you confirm (theoratically) what I said here, so that > I'm not misleading anyone? > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 31 16:48:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:50 2006 Subject: Subject tag feature - Feature ugrade request Message-ID: Jules Ta, wasn't expecting a quick fix, just something for you put to on the todo list. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > For now I will just reverse the order so the Spam ends up at before > Disarmed, as most people are doing what you want. > > On 31 May 2005, at 15:54, Martin Hepworth wrote: > >> Jules >> Now that we've got (yet) another tag that maybe present in the Subject >> header is there anyway you could implement an 'order of precidence' for >> these? >> >> I've noticed at least 1 email where we got {Disarmed}{Spam?} which got >> missed by my MUA filters as I check for "starts with {Spam?}" rather >> than "contains {Spam?}". This is so I don't miss file emails from other >> sources that have the {Spam?} tag within the subject. >> >> Ie I'd to have {Spam?} before the {Disarmed} tag. Some people would no >> doubt prefer it the other way around. >> >> I guess you same code could be used for Administrator notices too, ie >> Virus warning maybe more important than blocked filename etc. >> >> I've no idea how difficult this would be to implement but for me this >> would help alot. >> >> (sent again as first one seems to have disappeared into jiscmail's >> bitbucket ;-) >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Tue May 31 16:53:15 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mine too :). But it all works now, tested and verified. I was missing adding the 2nd conf in the same line for bob@domain.com ..as per below #filename.conf.rules From: bob@domain.com /etc/MailScanner/bob.allow.conf /etc/MailScanner/all.normal.conf FromOrTo: default /etc/MailScanner/all.normal.conf thanks everyone Matt >>> MailScanner@ECS.SOTON.AC.UK 5/31/2005 10:48:28 AM >>> My head hurts... On 31 May 2005, at 16:23, Ugo Bellavance wrote: > Matt Kehler wrote: > >> That doesn't go with what was said last week I don't think. >> Basically then, in filename.bob.rules, I have to have the ALLOW >> for BOB.EXE, *AND* then I have to have ALL my other denys in there >> that are already in filename.default.rules... ??? In which >> case..if I have 10 users that need various exceptions..then that >> means if I ever want to change my master default block list thats >> in filename.default.rules..I have to edit all 10 user exception >> rule files as well as the filename.default.rules?? >> This is getting pretty frustrating. All I want is to allow >> bob@domain.com to send one file, and then >> have all of the default rules applied. You'd think that would be >> a trivial issue to setup, without having to replicate the rules >> all over the place. If it was really like a proper rule >> processing setup as your typical firewall (I happen to work with >> Checkpoint, but all are pretty much the same), then you'd be able >> to configure it so that bob can send the bob.exe file...and if >> bob.PIF comes in...it would be blocked by the default rules. If >> you can't do that..then MailScanner is more like making exceptions >> ONLY based on user...and that specific user has it entirely own/ >> separate ruleset. Thats not an exception; thats 2 rulesets. >> > > I never said MailScanner could do exceptions. In fact, I said the > opposite, in some post in this thread. > > I'm not a ruleset guru, but based on what Julian said in that post: > > > > To: user@domain.com filename.allowexe.conf > To *@domain.com filename.normal.conf > FromOrTo: default filename.rules.conf > > If a message arrives addressed to user@domain.com, the rules > applied are > all those in filename.allowexe.conf followed by filename.normal.conf. > > If a message arrives addressed to any-other-user@domain.com, the rules > applied are all those in filename.normal.conf. > > Mail from or to anywhere else has the filename.rules.conf applied. > > > So if you would make, instead of *@domain.com, a line with total > wildcards, you'd probably be able to get the result you want. > However, make sure you'll never hit the default. > > Julian, could you confirm (theoratically) what I said here, so that > I'm not misleading anyone? > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue May 31 10:23:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:50 2006 Subject: Subject tag feature - Feature ugrade request Message-ID: Jules Now that we've got (yet) another tag that maybe present in the Subject header is there anyway you could implement an 'order of precidence' for these? I've noticed at least 1 email where we got {Disarmed}{Spam?} which got missed by my MUA filters as I check for "starts with {Spam?}" rather than "contains {Spam?}". This is so I don't miss file emails from other sources that have the {Spam?} tag within the subject. Ie I'd to have {Spam?} before the {Disarmed} tag. Some people would no doubt prefer it the other way around. I guess you same code could be used for Administrator notices too, ie Virus warning maybe more important than blocked filename etc. I've no idea how difficult this would be to implement but for me this would help alot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at BUSCHOR.CH Tue May 31 16:27:17 2005 From: lists at BUSCHOR.CH (No Name) Date: Thu Jan 12 21:29:50 2006 Subject: MailScanner/SpamAssassin timeouts Message-ID: MailScanner/SpamAssassin timeout problems is a regular subject in this mailing list, but I didn't find my version in the archive. My environment consists of MailScanner 4.41.3, SpamAssassin 3.0.3 and ClamAV 0.85.1. The problem crops up after the MS initiated SA bayes database rebuild. As long as the bayes_auto_expire feature is enabled in SA configuration and disabled in MS there isn't any problem. If I disable auto expiring in SA (bayes_auto_expire 0) and enable it in MS (Rebuild Bayes Every = 28800) I get some SA timeouts, but only from the MS process which did the bayes database rebuild and only for some batches. If I TERM this process the timeout problem is gone. The problem also disappears after the periodically restart of this process, but if I do not kill the suspicious MS process it disables SA network checks and later SA local checks and I get some spam unchecked through. The other MS processes do not show any problem during these timeouts. Question: Is it possible to have a MailScanner process which only does SA bayes rebuild and terminates afterwards ? regards Thomas Buschor You'll find some more detailed informations below, some shell snippets and a logfile excerpt. Shell Snippets -------------- root# ls -al /var/spool/MailScanner/spamassassin/ total 10246 drwx------ 3 mailscn mail 41472 May 26 16:51 ./ drwxr-xr-x 8 mailscn mail 512 May 18 12:47 ../ -rw------- 1 mailscn mail 1040 May 26 16:50 bayes.lock -rw------- 1 mailscn mail 2060 May 26 16:52 bayes.lock.zinal.switch.ch.549 -rw------- 1 mailscn mail 5736 May 26 16:51 bayes_journal -rw------- 1 mailscn mail 9994240 May 26 16:50 bayes_seen -rw------- 1 mailscn mail 5611520 May 26 16:50 bayes_toks drwxr-xr-x 2 root other 512 May 18 10:13 to-learn/ root# ps -ef | grep 549 mailscn 549 29604 0 16:51:14 ? 0:00 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da root 623 611 0 16:53:08 pts/1 0:00 grep 549 ==> process with pid 549 is a child process of the later killed MS process 29604 root# kill -TERM 29604 root# ps -ef | grep mailscn mailscn 425 11 0 0:00 mailscn 57 12276 0 16:48:00 ? 0:03 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da mailscn 11 12276 0 16:47:49 ? 0:03 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da mailscn 29980 12276 0 16:47:05 ? 0:03 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da root 676 611 0 16:54:04 pts/1 0:00 grep mailscn mailscn 28710 1 0 May 18 ? 0:00 /usr/exim/bin/exim -C / etc/mail/exim.conf.scanout -oP /var/run/exim-scanout.pid mailscn 645 57 0 0:00 mailscn 28707 1 0 May 18 ? 0:31 /usr/exim/bin/exim -C / etc/mail/exim.conf.scanin -bd mailscn 672 12276 4 16:53:55 ? 0:02 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da mailscn 567 29980 0 0:00 mailscn 12276 1 0 08:42:37 ? 0:00 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da mailscn 449 12276 0 16:50:31 ? 0:03 /usr/local/bin/perl -I/ opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /da mailscn 666 449 0 0:00 root# ll /var/spool/MailScanner/spamassassin/ total 10246 drwx------ 3 mailscn mail 41472 May 26 16:53 ./ drwxr-xr-x 8 mailscn mail 512 May 18 12:47 ../ -rw------- 1 mailscn mail 2460 May 26 16:53 bayes.lock.zinal.switch.ch.549 -rw------- 1 mailscn mail 7896 May 26 16:53 bayes_journal -rw------- 1 mailscn mail 9994240 May 26 16:50 bayes_seen -rw------- 1 mailscn mail 5611520 May 26 16:50 bayes_toks drwxr-xr-x 2 root other 512 May 18 10:13 to-learn/ ==> lock was not cleaned even if using TERM signal MailScanner log excerpt ----------------------- Some comments to the logs you'll find below - rebuilding bayes database lasts more or less 1 minute the MS/SA timeout is set to 120s (SpamAssassin Timeout = 120) - most log entries from the other processes are removed (on request I can give you the full log) - my comments begin with "==>" May 26 16:43:39 localhost MailScanner[29604]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... May 26 16:43:40 localhost MailScanner[29604]: Read 120 hostnames from the phishing whitelist May 26 16:43:40 localhost MailScanner[29604]: Bayes database rebuild is due May 26 16:43:40 localhost MailScanner[29604]: SpamAssassin Bayes database rebuil d starting May 26 16:44:02 localhost MailScanner[5483]: New Batch: Scanning 1 messages, 4882 bytes May 26 16:44:12 localhost MailScanner[5435]: New Batch: Found 2 messages waiting May 26 16:44:12 localhost MailScanner[5435]: New Batch: Scanning 1 messages, 1810 bytes May 26 16:44:33 localhost MailScanner[5789]: New Batch: Found 3 messages waiting May 26 16:44:33 localhost MailScanner[5789]: New Batch: Scanning 1 messages, 1125 bytes May 26 16:44:34 localhost MailScanner[29604]: SpamAssassin Bayes database rebuild completed ==> bayes rebuild completed in less than 1 minute MailScanner.conf: SpamAssassin Timeout = 120 May 26 16:44:36 localhost MailScanner[29604]: Using locktype = posix May 26 16:44:36 localhost MailScanner[29604]: Creating hardcoded struct_flock subroutine for solaris (misc-type) May 26 16:44:44 localhost MailScanner[5435]: Spam Checks: Found 1 spam messages May 26 16:44:44 localhost MailScanner[5435]: Virus and Content Scanning: Startin g May 26 16:44:44 localhost MailScanner[5789]: Spam Checks: Found 1 spam messages May 26 16:44:44 localhost MailScanner[5789]: Virus and Content Scanning: Startin g May 26 16:44:44 localhost MailScanner[5789]: Uninfected: Delivered 1 messages May 26 16:44:44 localhost MailScanner[5435]: Uninfected: Delivered 1 messages May 26 16:44:45 localhost MailScanner[5483]: Spam Checks: Found 1 spam messages May 26 16:44:45 localhost MailScanner[5483]: Virus and Content Scanning: Startin g May 26 16:44:45 localhost MailScanner[5483]: Uninfected: Delivered 1 messages May 26 16:45:48 localhost MailScanner[29604]: New Batch: Scanning 1 messages, 4424 bytes ==> below only log entries for MailScanner[29604] (the other MS processes run as expected) May 26 16:47:58 localhost MailScanner[29604]: New Batch: Found 2 messages waiting May 26 16:47:58 localhost MailScanner[29604]: New Batch: Scanning 1 messages, 2025 bytes May 26 16:48:14 localhost MailScanner[29604]: Spam Checks: Found 1 spam messages May 26 16:48:14 localhost MailScanner[29604]: Virus and Content Scanning: Starting May 26 16:48:15 localhost MailScanner[29604]: Uninfected: Delivered 1 messages May 26 16:49:03 localhost MailScanner[29604]: New Batch: Scanning 1 messages, 70836 bytes May 26 16:49:20 localhost MailScanner[29604]: Spam Checks: Found 1 spam messages May 26 16:49:20 localhost MailScanner[29604]: Virus and Content Scanning: Starting May 26 16:49:20 localhost MailScanner[29604]: ClamAVModule::INFECTED:: Worm.Mytob.T:: ./1DbJfS-00001w-V9/document.zip May 26 16:49:20 localhost MailScanner[29604]: ClamAVModule::INFECTED:: Worm.Mytob.T:: ./1DbJfS-00001w-V9/ document.htm .exe May 26 16:49:20 localhost MailScanner[29604]: Virus Scanning: ClamAV Module found 2 infections May 26 16:49:20 localhost MailScanner[29604]: Infected message 1DbJfS-00001w-V9 came from ::1.57096 May 26 16:49:20 localhost MailScanner[29604]: Virus Scanning: Found 2 viruses May 26 16:49:20 localhost MailScanner[29604]: Filename Checks: Windows/DOS Executable (1DbJfS-00001w-V9 document.htm .exe) May 26 16:49:20 localhost MailScanner[29604]: Filetype Checks: No executables (1DbJfS-00001w-V9 document.htm .exe) May 26 16:49:20 localhost MailScanner[29604]: Other Checks: Found 2 problems May 26 16:49:20 localhost MailScanner[29604]: Saved entire message to /var/spool/MailScanner/quarantine/20050526/1DbJfS-00001w-V9 May 26 16:49:20 localhost MailScanner[29604]: Saved infected "document.zip" to /var/spool/MailScanner/quarantine/ 20050526/1DbJfS-00001w-V9 May 26 16:49:20 localhost MailScanner[29604]: Saved infected "document.htm .exe" to /var/spool/MailScanner/quarantine/ 20050526/1DbJfS-00001w-V9 May 26 16:49:21 localhost MailScanner[29604]: Silent: Delivered 1 messages containing silent viruses May 26 16:49:39 localhost MailScanner[29604]: New Batch: Scanning 1 messages, 3177 bytes May 26 16:50:49 localhost MailScanner[29604]: Virus and Content Scanning: Starting May 26 16:50:49 localhost MailScanner[29604]: Uninfected: Delivered 1 messages May 26 16:51:13 localhost MailScanner[29604]: New Batch: Scanning 1 messages, 14192 bytes May 26 16:53:14 localhost MailScanner[29604]: SpamAssassin timed out and was killed, failure 1 of 10 ==> 1st timeout occured May 26 16:53:15 localhost MailScanner[29604]: Virus and Content Scanning: Starting May 26 16:53:15 localhost MailScanner[29604]: Uninfected: Delivered 1 messages ==> kill -TERM 29604 ==> no more Timeouts ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue May 31 17:26:33 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:50 2006 Subject: rules help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > You can have as many .conf files as you like in 1 line, which enables > you to concatenate rulesets. The ruleset system is very flexible, to the > point of confusion when you start concatenating multiple .conf files and > multiple settings, which you can do with some configuration options. > That adds much clarity to the confusion of posts over the last few weeks. Julian, no wonder your head hurts! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue May 31 18:45:46 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:50 2006 Subject: Problems with Bitdefender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Denis Beauchemin wrote: > >> Hello, >> >> I run Bitdefender and McAfee on my MS servers (4.35.5 and 4.34.4). >> This morning I noticed my quarantine dir getting bigger. >> >> Since I don't quarantine virus infected messages, it had to be >> something else. Turns out it was an undetected virus by McAfee >> (another one). Bitdefender was catching it (last updated this >> morning at 10:41 and file was quarantined at 11:02) but MS still >> quarantined it. >> >> Is there something wrong with MS' virus detection with Bitdefender? >> >> Denis >> > Some log information: > May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: > from=, size=25281, class=0, nrcpts=1, > msgid=, proto=SMTP, daemon=MTA, > relay=host18-9.pool80207.interbusiness.it [80.207.9.18] > May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: to=<...>, > delay=00:00:01, mailer=relay, pri=55281, stat=queued > May 31 11:28:40 smtpe2 MailScanner[8358]: > /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/20_04_2005.exe > infected: Win32.Bagle.BO@mm > May 31 11:28:40 smtpe2 MailScanner[8358]: > /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/5.zip=>20_04_2005.exe > infected: Win32.Bagle.BO@mm > May 31 11:28:40 smtpe2 MailScanner[8358]: Infected message > j4VFSYb7012101 came from 80.207.9.18 > May 31 11:28:40 smtpe2 MailScanner[8358]: Filename Checks: Fichiers > EXE dangereux (j4VFSYb7012101 20_04_2005.exe) > May 31 11:28:40 smtpe2 MailScanner[8358]: Saved entire message to > /quarantaine/usherbrooke/20050531/j4VFSYb7012101 > May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected > "20_04_2005.exe" to /quarantaine/usherbrooke/20050531/j4VFSYb7012101 > May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected "5.zip" to > /quarantaine/usherbrooke/20050531/j4VFSYb7012101 > May 31 11:28:41 smtpe2 sendmail[12174]: j4VFSYb7012101: to=<...>, > delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=145281, > relay=courriel.usherbrooke.ca. [132.210.244.161], dsn=2.0.0, stat=Sent > (j4VFSf105362 Message accepted for delivery) > > Denis > Sorry, my mistake... I have a ruleset for Quarantine Infections and it is geared towards McAfee and not Bitdefender (I don't quarantine W32/ and Phish-BankFraud). I just added Win32 to the list. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From steve.swaney at FSL.COM Tue May 31 19:34:37 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:50 2006 Subject: Warinig - Worm.Zafi.B Message-ID: We're seeing two systems in the UK getting hammered by the Worm.Zafi.B virus. All of the infections are from the same system so it's not too hard to block. The symptom is that there are so many viruses being detected that mail starts quickly backing up on the infected system. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrews at STUSOFT.COM Tue May 31 21:06:31 2005 From: andrews at STUSOFT.COM (andrews) Date: Thu Jan 12 21:29:50 2006 Subject: Warinig - Worm.Zafi.B Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We're getting swamped with W32/Mitglieder.CM@dr Andrew Stephen Swaney wrote: >We're seeing two systems in the UK getting hammered by the Worm.Zafi.B >virus. All of the infections are from the same system so it's not too hard >to block. > >The symptom is that there are so many viruses being detected that mail >starts quickly backing up on the infected system. > >Steve > >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrews at STUSOFT.COM Tue May 31 21:06:31 2005 From: andrews at STUSOFT.COM (andrews) Date: Thu Jan 12 21:29:50 2006 Subject: Warinig - Worm.Zafi.B Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We're getting swamped with W32/Mitglieder.CM@dr Andrew Stephen Swaney wrote: >We're seeing two systems in the UK getting hammered by the Worm.Zafi.B >virus. All of the infections are from the same system so it's not too hard >to block. > >The symptom is that there are so many viruses being detected that mail >starts quickly backing up on the infected system. > >Steve > >Steve Swaney >President >Fortress Systems Ltd. >www.fsl.com >steve.swaney@fsl.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue May 31 21:10:26 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:50 2006 Subject: Warinig - Worm.Zafi.B Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We're not getting hit hard, but the number of infected emails is higher then normal, but most of them are: Worm.Mytob.BY andrews wrote: > We're getting swamped with > > W32/Mitglieder.CM@dr > Andrew > > > Stephen Swaney wrote: > >> We're seeing two systems in the UK getting hammered by the Worm.Zafi.B >> virus. All of the infections are from the same system so it's not >> too hard >> to block. >> The symptom is that there are so many viruses being detected that mail >> starts quickly backing up on the infected system. >> Steve > -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue May 31 22:47:49 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:50 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Hi! > We're seeing two systems in the UK getting hammered by the Worm.Zafi.B > virus. All of the infections are from the same system so it's not too hard > to block. > > The symptom is that there are so many viruses being detected that mail > starts quickly backing up on the infected system. What IP? Did you ever look at http://virbl.bit.nl ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue May 31 23:14:58 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:50 2006 Subject: Huh? Message-ID: Implemented phishing detection and it works a treat but whitelisting wasn't working. Reread the comments in the .conf file and lines 12-13 say I can use wildcards, while 19-20 say I can't. What's up w/that? I removed the wildcards from my entries but won't know if it worked until I get a new newsletter, probably next week... #12 You can also use wildcards, so you can list *.bank.com instead of #13 listing multiple web servers individually. Use with care. #14 ... #18 #19 Note: Do not add any form of wildcard, regular expression or anything #20 other than a fully qualified hostname to this file. It won't work. #21 ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website!