"Virus Scanning" ruleset being ignored?
martinh at solidstatelogic.com
martinh at solidstatelogic.com
Wed Jan 3 17:49:03 CET 2007
Daniel
I'd run this in debug mode....looks like somethings going wrong
somewhere....!
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Daniel Maher
> Sent: 03 January 2007 16:38
> To: MailScanner discussion
> Subject: RE: "Virus Scanning" ruleset being ignored?
>
> Thanks for the reply,
>
> I agree with your statement; however, that does not explain why files
are
> still scanned for viruses if the ruleset is:
> FromOrTo: default no
>
> Interestingly enough, with that set, the I see this in the logs when
the
> email is processed by MailScanner:
> Jan 3 11:25:41 ad-postfix MailScanner[28089]: Virus and Content
Scanning:
> Starting
> Jan 3 11:25:44 ad-postfix MailScanner[28089]:
>
/var/spool/MailScanner/incoming/28089/./C62F81A65DB.211F7/eicar_com.zip:
> Eicar-Test-Signature FOUND
> Jan 3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: ClamAV
> found 1 infections
> Jan 3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: Found 1
> viruses
> Jan 3 11:25:44 ad-postfix MailScanner[28089]: Filename Checks:
Allowing
> C62F81A65DB.211F7 eicar_com.zip
>
> However, in the headers for the email once it has been received, I see
> this:
> X-Ubisoft-MailScanner: Not scanned: please contact your Internet
E-Mail
> Service Provider for details
>
> So what's the deal? Is it being scanned, or isn't it? The output
from
> MailScanner appears to be suggesting both. :P
>
> --
> _
> °v° Daniel Maher
> /(_)\ Administrateur Système Unix
> ^ ^ Unix System Administrator
>
> SMASH '5' FOR VICTORY!
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Martin.Hepworth
> > Sent: January 3, 2007 10:42 AM
> > To: MailScanner discussion
> > Subject: RE: "Virus Scanning" ruleset being ignored?
> >
> > Daniel
> >
> > Depends on the actual envelope-from in the email not the 'From:'
line
> >
> > Check on the Post MailScanner email. There should be a
> > X-MailScanner-From: header line
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-
> > > bounces at lists.mailscanner.info] On Behalf Of Daniel Maher
> > > Sent: 03 January 2007 15:35
> > > To: MailScanner discussion
> > > Subject: "Virus Scanning" ruleset being ignored?
> > >
> > > Hello all,
> > >
> > >
> > >
> > > I am attempting to set up a very simple ruleset for the "Virus
> > Scanning"
> > > directive. In this ruleset, there is one From address for which
virus
> > > scanning is disabled, followed by a default of yes. I then
pointed
> > the
> > > directive in MailScanner.conf to the path and filename of the
ruleset.
> > > Unfortunately, the ruleset is apparently being ignored.
> > >
> > >
> > >
> > > MailScanner.conf:
> > >
> > > ...
> > >
> > > Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
> > >
> > > ...
> > >
> > >
> > >
> > > virus.scanning.rules:
> > >
> > > From: somebody at somewhere.org no
> > >
> > > From: default yes
> > >
> > >
> > >
> > > Mail from "somebody at somewhere.org" will still be scanned for
viruses,
> > > however. Following this attempt, I decided to see if the
following
> > simple
> > > ruleset would have any effect:
> > >
> > > FromOrTo: default no
> > >
> > >
> > >
> > > This was also ignored, as all mail was still scanned. The only
way
> > that I
> > > could manage any effect whatsoever was to set the following in
> > > MailScanner.conf:
> > >
> > > Virus Scanning = no
> > >
> > >
> > >
> > > This did exactly what it's supposed to do - though it's hardly the
> > > solution I'm looking for. :P
> > >
> > >
> > >
> > > The permissions on path and filename for the ruleset are fine; in
> > fact,
> > > I'm using another ruleset for a different directive already, in
the
> > same
> > > format (and it works properly). Any ideas on why the new one
doesn't
> > > appear to have any effect would be greatly appreciated. Thank
you!
> > >
> > >
> > >
> > > --
> > >
> > > _
> > > °v° Daniel Maher
> > > /(_)\ Administrateur Système Unix
> > > ^ ^ Unix System Administrator
> > >
> > >
> > >
> > > SMASH '5' FOR VICTORY!
> > >
> > >
> >
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
More information about the MailScanner
mailing list