Quarantine Directory

Steve Campbell campbell at cnpapers.com
Fri May 5 17:04:32 IST 2006 

----- Original Message ----- 
From: "Glenn Steen" <glenn.steen at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, May 05, 2006 11:33 AM
Subject: Re: Quarantine Directory


> On 05/05/06, Jeff A. Earickson <jaearick at colby.edu> wrote:
>> Andrew,
>>
>> Whatsamatter, vi not good enough for you?? :)
>
> If it was, there would be no vim:-):-)
>
>>
>> If you are using sendmail, you can see what is in a quarantine
>> directory with:
>>
>> usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, 
>> eg
>>
>> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990
>>
>> Maybe write a shell script to do something like:
>>
>> #/usr/bin/ksh
>> for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505`
>> do
>>     /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid
>> done
>>
>> something like that for various dates and msgids.  Or loop thru the
>> directories then grep for the msgids in your syslog.
>>
>> Jeff Earickson
>> Colby College
>>
> If it's Postfix and you are storing as queue files, use "postcat
> /path/to/filename" ... Example:
> # postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
> | less -e
> If not storing as queue files, then the message is decoded in the file
> named message ... and the spam quarantine would contain decoded
> messages too... Example:
> # file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
> /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC
> 822 mail text
> # less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
> ....
> The virus/dangerous content quarantine is very similar, but there you have
> # ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/
> totalt 28
> -rw-rw----  1 postfix apache 12364 maj  3 01:55 message
> -rw-rw----  1 postfix apache 11102 maj  3 01:55 msg-12029-9.html
> # less -e 
> /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message
> ....
> etc etc
>
> But Steve is right, the most convenient way is definitely MailWatch:
> http://mailwatch.sf.net


Thank goodness for the above paragraph. I thought I was using one of the 
best tools for email ever all for the wrong reasons there for a minute.

Steve

>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --

More information about the MailScanner mailing list