Normal mail in quarantine

Plant, Dean dean.plant at roke.co.uk
Fri Mar 31 14:10:17 IST 2006


Plant, Dean wrote:
> Julian Field wrote:
>> On 31 Mar 2006, at 11:52, Plant, Dean wrote:
>> 
>>> I have just gone live with an upgraded MailScanner server and
>>> noticed that some non spam & non dangerous mail is being stored in
>>> quarantine. Any idea's to what I may have configured incorrectly.
>> 
>> Take a look at this option:
>> 
>> # Do you want to stop any virus-infected spam getting into the spam
>> or MCP # archives? If you have a system where users can release
>> messages from the # spam or MCP archives, then you probably want to
>> stop them being able to # release any infected messages, so set this
>> to yes. # It is set to no by default as it causes a small hit in
>> performance, and # many people don't allow users to access the spam
>> quarantine, so don't # need it. # This can also be the filename of a
>> ruleset. 
>> Keep Spam And MCP Archive Clean = no
> 
> I'm not sure if I am understanding that option or I have not clearly
> worded my question. My problem is that I am intermittingly getting
> email that is clean of viruses with spam scores below 5 (i.e. clean
> messages) stored in quarantine. These mails should be passing through
> the relay and not be stored at all.
> 
> My Non Spam Actions is set to deliver only. The messages being wrongly
> stored are going into /var/spool/MailScanner/quarantine/20060331
> 
> 
Ok, I see whats happening now, looks like I have been caught out by one
of the newer features. If I had spent more time looking at the log files
rather than looking in mailwatch I would have seen this.

The messages being quarantined are disarmed messages,

Content Checks: Detected and have disarmed web bug, form, form input
tags in HTML message in k2VCwGBr017217 from
bo-b1h6rw4au718qsbaas71hbww96yp3d at b.airlinenetwork.chtah.com
Mar 31 13:58:32 rsys002x MailScanner[15255]: Saved entire message to
/var/spool/MailScanner/quarantine/20060331/k2VCwGBr017217

It looks like mailwatch 1.0.3 does not support the disarm notification
as it says the message is clean, that's what confused me.

Thanks for your help.

Dean


More information about the MailScanner mailing list