Ruleset Woe

Julian Field MailScanner at ecs.soton.ac.uk
Tue Oct 16 12:02:56 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Martin.Hepworth wrote:
> Paul
>
> The default line needs to go last.
>   
Not true. Doesn't matter where the default line goes.
> MS works through the rulesets till it find a hit then stops.
>   
True. It uses the default value if *no* other rules hit.
> If it finds a default line first if will never evaluate any rule after that.
>   
Not true, see above.
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Paul Houselander
>> Sent: 16 October 2007 10:50
>> To: mailscanner at lists.mailscanner.info
>> Subject: Ruleset Woe
>>
>> Hi
>>
>> I thought I had a decent handle on how rulesets worked but now im not so
>> sure.
>>
>> I have a script that runs on a server that sends a daily csv file
>> containing
>> info about all the mail thats been blocked for a particluar domain.
>>
>> Since I started using the sane security clam definitions this mail keeps
>> getting flagged as a virus.
>>
>> Ive tried to use rulesets to exclude this particluar email from being
>> virus
>> checked
>>
>> I have these rulesets set up
>>
>> Scan Messages = %rules-dir%/scan.messages.rules
>> Virus Scanning = %rules-dir%/virus.scanning.rules
>>
>> The Email is sent from the local machine (127.0.0.1) and From:
>> admin at domain.com To: paul at differentdomain.com
>>
>> Ive tried the following in scan.messages.rules
>>
>> FromOrTo:	default	no
>> From:	admin at domain.com	no
>> FromOrTo:	*@differentdomain.com	yes
>>
>> But the message gets scanned (I want all other email scanned for the
>> domain)
>>
>> I also tried
>>
>> FromOrTo:	default	no
>> From:	127.0.0.1	no
>> From:	admin at domain.com	no
>> FromOrTo:	*@differentdomain.com	yes
>>
>> and the message still got scanned.
>>
>> I then tried in virus.scanning.rules
>>
>> FromOrTo:	default	no
>> From:	127.0.0.1	AND	To:	*@differentdomain.com	no
>> From:	admin at domain.com	AND	To:	*@differentdomain.com	no
>> FromOrTo:	*@differentdomain.com	yes
>>
>> and still the message got scanned (I am doing MailScanner reload after
>> each
>> edit)
>>
>> Any ideals on what im doing wrong.
>>
>> Kind Regards
>>
>> Paul
>>
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFHFJpgEfZZRxQVtlQRAmp8AJ41J+XJQaQEe81Lr3XM4POSXp2WrgCgpyn0
M4YPaSGxvSTgq4cogGSSHis=
=k5HJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list