config questions
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Nov 28 14:51:40 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
-----BEGIN PGP SIGNED MESSAGE-----
We are still intending to publish a lightweight system based on this
idea. The one major extra feature is that it requires a mouse click
by a sysadmin to confirm the file release request, so you can stop
your users collecting viruses out of the quarantine, or any other
file you don't want them to get access to. You can give a reason for
your decision as well. They collect their attachment from a web
server URL. It works with multiple MailScanner servers and is pretty
intelligent about finding all the log files and so on.
Only snag is that the poor guy who is writing it is incredibly busy
doing his day job and doesn't have much spare time to devote to this
at the moment. He is horribly overworked, which of course isn't
helped by me giving him a constant stream of extra jobs to do as
well :-) Sorry Andy!
Jules.
On 28 Nov 2005, at 14:27, Greg Borders wrote:
> Juan Ramón Gonzalez wrote:
>> 1) How could be emails bigger than for example 10Mb been delivered
>> without being filtered/scanned?
>> We know about:
>> Maximum Message Size = X
>> but that option doesn't solve our needs (deliver with no filter/
>> scan).
>>
>> 2) We have set at:
>> filename.rules.conf
>> delete+deny \.scr$
>>
>> We want that kind of emails filtered would be deleted and not
>> quarantined if we have
>> "MailScanner.conf"
>> Quarantine Infections = yes
>>
>> Any way to do it (delete if we have quarantine = yes)?
>>
>> Thank you.
> I've got a system in place that does the basics. I thought I'd
> share my efforts with the MailScanner community, to help make it
> easier for the next person to implement.
>
> The MailScanner.conf file has a "Quarantine Permissions" variable
> that mentions setting it to 644 for allowing the web server to have
> access to the files. (It caused me a lot of frustration until I
> found that setting.)
>
> The MailScanner.conf also has the "Maximum Attachment Size"
> setting. This is typically set to -1 for unlimited size, or any
> number of bytes for a system wide restriction. Of course being a
> SysAdmin, we don't want to limit ourselves, so I created a separate
> rule set for indivduals / groups. So the MailScanner.conf line
> looks like :
> Maximum Attachment Size = %rules-dir%/max.attachment.size.rules
>
> And the rules file contains:
>
> #list of users and the max file bytes they can receive before they
> are quarantined.
> #Fred 100meg for special courier file
> FromOrTo: fred at comany-x.com 104857600
>
> #test user max size for testuser 1 meg!
> FromOrTo: testuser at company-x.com 1048576
>
> #everybodyelse gets default (no scan=-1)
> FromOrTo: default -1
>
> Note you can set various levels of file sizes depending on what you
> want. I tested my settings with my testuser account, and it didn't
> affect the live users. Later I can set the default to a
> comfortable limit.
>
> Next, we need to change a couple of reports in
> /etc/MailScanner/reports/en/
>
> From my tests, send.error.report.txt and stored.virus.message.txt
> were sent to the sender / recipient respectively when the
> "Attachment is too large" flag is tripped.. I included some lines
> in the stored.virus.message.txt that recreated the URL to the file.
> The available perl variables make this a cinch.
>
> URL: for direct download:
> http://www.company-x/pickup/$datenumber/$id/$filename
>
> Lastly, Note the above url path doesn't have the full /var/spool/
> MailScanner/quarantine/ in it. For Apache users. this is easy to
> do. With an alias in the httpd.conf file, you can better protect
> the quarantine area from malicious types.
>
> Alias /pickup/ "/var/spool/MailScanner/quarantine/"
> <Directory "/var/spool/MailScanner/quarantine/">
> Options Indexes MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
> Restart your MS and HTTPD daemons and all is good.
> Hope this helps anyone that needs to have automated access to their
> quarantine files!
>
>
> --
> This transmission may contain information that is privileged,
> confidential
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure,
> copying,
> distribution, or use of the information contained herein (including
> any
> reliance thereon) is STRICTLY PROHIBITED. If you received this
> transmission
> in error, please immediately contact the sender and destroy the
> material in
> its entirety, whether in electronic or hard copy format. Thank you.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)
iQEVAwUBQ4sZfvw32o+k+q+hAQGosAf/bXY2/NXnqm6jmh13CdY+vqvCKo2NdqWS
RSgApZbp5doOZvIRHQS17FpABC47Jbf2V+RGRH39QpBUxUXTSVO1nB736abhi+yO
SsZdU3iDVZMUZbHbpgcdhB+TGk/cjBWKg0d8ixFZEYINj5fy13Rw7I7qIeqPMgd8
J49dRHs2sgleUjzvJm5KmJxpce0W9fOB3PjZUfg/sqFGWn0KmomozKf5kDsry78Q
Z2x0enagYGNf1oWq4FYz96Yy02koPUzQZDDiOz/dgaki2hv8LW9VKcFLmEk+H6VQ
VYwJ0gKybHw+Mfo8Itg/zeawtVQW7RnauVbYsuYg9oJQMfr9nKJ4+Q==
=dM4j
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list