Normal mail in quarantine

Plant, Dean dean.plant at roke.co.uk
Fri Mar 31 13:34:58 IST 2006


Julian Field wrote:
> On 31 Mar 2006, at 11:52, Plant, Dean wrote:
> 
>> I have just gone live with an upgraded MailScanner server and noticed
>> that some non spam & non dangerous mail is being stored in
>> quarantine. Any idea's to what I may have configured incorrectly.
> 
> Take a look at this option:
> 
> # Do you want to stop any virus-infected spam getting into the spam
> or MCP
> # archives? If you have a system where users can release messages
> from the
> # spam or MCP archives, then you probably want to stop them being
> able to
> # release any infected messages, so set this to yes.
> # It is set to no by default as it causes a small hit in performance,
> and
> # many people don't allow users to access the spam quarantine, so
> don't # need it.
> # This can also be the filename of a ruleset.
> Keep Spam And MCP Archive Clean = no

I'm not sure if I am understanding that option or I have not clearly
worded my question. My problem is that I am intermittingly getting email
that is clean of viruses with spam scores below 5 (i.e. clean messages)
stored in quarantine. These mails should be passing through the relay
and not be stored at all.

My Non Spam Actions is set to deliver only. The messages being wrongly
stored are going into /var/spool/MailScanner/quarantine/20060331


My MailScanner.conf

%org-name% = roke.co.uk
%org-long-name% = RSYS002X\nRoke Manor Research Ltd
%web-site% = www.roke.co.uk
%etc-dir% = /etc/MailScanner
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
Max Children = 5
Run As User =
Run As Group =
Queue Scan Interval = 5
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Restart Every = 14400
MTA = sendmail
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User =
Incoming Work Group =
Incoming Work Permissions = 0600
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Max Unscanned Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 1000
Scan Messages = yes
Reject Message = no
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
File Command =
File Timeout = 20
Unrar Command =# /usr/bin/unrar
Unrar Timeout = 50
Find UU-Encoded Files = no
Maximum Message Size = 0
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 4
Find Archives By Content = yes
Virus Scanning = %rules-dir%/virus.rules
Virus Scanners = clamavmodule
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Zip-Password
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Allowed Sophos Error Messages =
Sophos IDE Dir = /usr/local/Sophos/ide
Sophos Lib Dir = /usr/local/Sophos/lib
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd
ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 100000000 # (100 Mbytes)
ClamAVmodule Maximum Compression Ratio = 0
Dangerous Content Scanning = yes
Allow Partial Messages = no
Allow External Message Bodies = %rules-dir%/ext.message.rules
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Allow IFrame Tags = disarm
Allow Form Tags = disarm
Allow Script Tags = disarm
Allow WebBugs = disarm
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text =  %rules-dir%/dangerous.html.rules
Convert HTML To Text = no
Allow Filenames =
Deny Filenames =
Filename Rules = %rules-dir%/filename.rules
Allow Filetypes =
Deny Filetypes =
Filetype Rules = %etc-dir%/filetype.rules.conf
Quarantine Infections = yes
Quarantine Silent Viruses = yes
Quarantine Modified Body = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = no
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report  =
%report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report =
%report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        =
%report-dir%/deleted.virus.message.txt
Stored Bad Content Message Report  =
%report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
%report-dir%/stored.filename.message.txt
Stored Virus Message Report        =
%report-dir%/stored.virus.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %rules-dir%/sig.html.rules
Inline Text Signature = %rules-dir%/sig.txt.rules
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-MailScanner-%org-name%:
Spam Header = X-MailScanner-%org-name%-SpamCheck:
Spam Score Header = X-MailScanner-%org-name%-SpamScore:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-MailScanner-From:
Envelope To Header = X-MailScanner-To:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 0
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = yes
Multiple Headers = append
Hostname = the MailScanner
Sign Messages Already Processed = no
Sign Clean Messages = %rules-dir%/signing.rules
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet
E-Mail Service Provider for details
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages = %rules-dir%/deliver.cleaned.rules
Notify Senders = %rules-dir%/notify.senders.rules
Notify Senders Of Viruses = yes
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = yes
Virus Subject Text = {Roke Identified Virus}
Filename Modify Subject = yes
Filename Subject Text = {Roke Rejected Filename}
Content Modify Subject = yes
Content Subject Text = {Roke Blocked Content}
Disarmed Modify Subject = yes
Disarmed Subject Text = {Roke Disarmed Contect}
Phishing Modify Subject = no
Phishing Subject Text = {{Roke Identified Fraud}
Spam Modify Subject = yes
Spam Subject Text = {Roke Identified Spam}
High Scoring Spam Modify Subject = yes
High Scoring Spam Subject Text = {Roke High Spam _SCORE_ }
Warning Is Attachment = yes
Attachment Warning Filename = RokeVirusWarning.txt
Attachment Encoding Charset = us-ascii
Archive Mail =
Send Notices = yes
Notices Include Full Headers = no
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \nMailScanner\nEmail Virus Scanner
Notices From = MailScanner
Notices To = viruswarnings at roke.co.uk
Local Postmaster = postmaster
Spam List Definitions = /etc/MailScanner/spam.lists.conf
Virus Scanner Definitions = /etc/MailScanner/virus.scanners.conf
Spam Checks = /etc/MailScanner/rules/spam.check.rules
Spam List = # ORDB-RBL # Infinite-Monkeys # MAPS-RBL+ costs money
(except .ac.uk)
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 5
Spam List Timeout = 20
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.high.rules
Ignore Spam Whitelist If Recipients Exceed = 20
Use SpamAssassin = %rules-dir%/spam.check.rules
Max SpamAssassin Size = 90000
Required SpamAssassin Score = 5
High SpamAssassin Score = 10
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 120
Max SpamAssassin Timeouts = 20
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File =
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 7200
Wait During Bayes Rebuild = yes
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20000
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20
Spam Actions = store attachment deliver
High Scoring Spam Actions = forward spamcheck at roke.co.uk
Non Spam Actions = deliver
Sender Spam Report =  %report-dir%/sender.spam.report.txt
Sender Spam List Report =  %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report =  %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning =  %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no
Syslog Facility = mail
Log Speed = yes
Log Spam = no
Log Non Spam = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Silent Viruses = no
Log Dangerous HTML Tags = no
SpamAssassin User State Dir =
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Default Rules Dir =
MCP Checks = no
First Check = mcp
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = yes
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = yes
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100000
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Use Default Rules With Multiple Recipients = no
Spam Score Number Format = %d
MailScanner Version Number = 4.51.6
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = no
Run In Foreground = no
Always Looked Up Last = &MailWatchLogging
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = no
Lockfile Dir = /tmp
Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions
Lock Type = posix
Minimum Code Status = supported

Dean


More information about the MailScanner mailing list