Ruleset for Quarantine Infections

Glenn Steen glenn.steen at gmail.com
Fri Dec 21 08:48:32 GMT 2007 

On 20/12/2007, Pascal Maes <pascal.maes at elec.ucl.ac.be> wrote:
>
> Le 20-déc.-07 à 14:34, Glenn Steen a écrit :
>
> >> [...]
> >> Hello,
> >>
> >>
> >> I have followed the instructions from <http://www.mailscanner.info/postfix.html
> >>>
> >> bu we have also an before-queue filter (clamsmtp) that could explain
> >> why the mail is coming from our server.
> >>
> >> I have changed the way tat the message is re-inected into postfix
> >> from
> >> clamsmtp.
> >> Now we have :
> >>
> >> # postcat 98B581C5CE2
> >> *** ENVELOPE RECORDS 98B581C5CE2 ***
> >> message_size:            2970             545
> >> 1               0            2970
> >> message_arrival_time: Thu Dec 20 11:02:02 2007
> >> create_time: Thu Dec 20 11:02:02 2007
> >> named_attribute: rewrite_context=remote
> >> sender:
> >> named_attribute: log_client_address=212.35.125.182
> >> named_attribute: log_message_origin=unknown[212.35.125.182]
> >> named_attribute: log_helo_name=web3.e-zone.net
> >> named_attribute: log_protocol_name=ESMTP
> >> named_attribute: client_name=localhost.localdomain
> >> named_attribute: reverse_client_name=localhost.localdomain
> >> named_attribute: client_address=127.0.0.1
> >> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be
> >> named_attribute: client_address_type=2
> >> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes at uclouvain.be
> >> original_recipient: pascal.maes at uclouvain.be
> >> recipient: pascal.maes at uclouvain.be
> >> *** MESSAGE CONTENTS 98B581C5CE2 ***
> >> [...]
> >>
> > Looking good so far:-).
> >
> >>
> >> And the message is still put in quarantine !
> >
> > What reason is given? The same?
> >
> > If you try the setting with the MailScanner command, does it return
> > the expected result?
> > MailScanner --value=quarantineinfections --ip=212.35.125.182
> > ... or similar, what do you get?
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
>
> Tha's what I get :
>
> ./MailScanner --value=quarantineinfections --ip=212.35.125.182
> Looked up internal option name "quarantineinfections"
> With sender =
> Client IP = 212.35.125.182
> Virus =
> Result is "0"
>
> 0=No 1=Yes
>
>
>
> Seems good.
Yep, so then it must be "something else" making it go into
quarantine... What does the logs say (Do you use MailWatch? What does
the details there look like?)?
... Or you have a genuine bug on your hands... You're not suffering
from the recent MailTools or MIME-tools and rpmforge problems?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list