Prombem with rule actions

Gareth list-mailscanner at linguaphone.com
Mon Sep 3 19:58:25 IST 2007


Thanks for your help so far. I am just off out this evening so I will pick
up on the thread again tomorrow morning.

Incase it helps diagnosing the problem if there is a virus with a high spam
score then nothing is saved either. Not even to the normal virus quaranteen.

Thanks
Gareth

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Julian
> Field
> Sent: 03 September 2007 19:53
> To: MailScanner discussion
> Subject: Re: Prombem with rule actions
>
>
> I probably need to add more logging to the SpamAssassin Rule Actions code.
>
> Gareth wrote:
> > I have a custom rule action :-
> > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver
> >
> > I received 2 emails. One was identified as a virus by sanesecurity
> > signatures and a spam score of around 17. You can see it being
> logged. The
> > other message (E1D42AA0090.C4C0E) had a spam score of 34 but nothing got
> > saved to the spam folder and there is nothing in the log saying
> it tried to
> > save it.
> >
> > [root at mailscanner 20070903]# pwd
> > /var/spool/MailScanner/quarantine/20070903
> > [root at mailscanner 20070903]# ls -l
> > total 1776
> > drwxrwx--- 2 postfix apache 4096 Sep  3 01:36 00703AA0092.84CA8
> > ...
> > drwxrwx--- 2 postfix apache 4096 Sep  3 04:27 F392AAA0090.3C632
> > drwxrwx--- 2 postfix apache 4096 Sep  3 19:19 spam
> >
> > Sep  3 19:26:29 mailscanner MailScanner[7702]: New Batch: Scanning 1
> > messages, 1583 bytes
> > Sep  3 19:26:36 mailscanner MailScanner[7723]: New Batch: Found
> 2 messages
> > waiting
> > Sep  3 19:26:36 mailscanner MailScanner[7723]: New Batch: Scanning 1
> > messages, 10944 bytes
> > Sep  3 19:26:43 mailscanner MailScanner[7702]: Spam Checks: Found 1 spam
> > messages
> > Sep  3 19:26:43 mailscanner MailScanner[7702]: Virus and
> Content Scanning:
> > Starting
> > Sep  3 19:26:48 mailscanner MailScanner[7723]: Spam Checks: Found 1 spam
> > messages
> > Sep  3 19:26:48 mailscanner MailScanner[7723]: Virus and
> Content Scanning:
> > Starting
> > Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
> > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/
> > Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
> > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/GVauoBZVdM.gif
> > Sep  3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED::
> > MSRBL-Images/0-0-wgr4:: ./7AB3CAA0092.0CAE9/rOiW6mkZar.gif
> > Sep  3 19:26:48 mailscanner MailScanner[7702]: Logging message
> > E1D42AA0090.C4C0E to SQL
> > Sep  3 19:26:48 mailscanner MailScanner[7681]:
> E1D42AA0090.C4C0E: Logged to
> > MailWatch SQL
> > Sep  3 19:26:49 mailscanner MailScanner[7723]: Virus Scanning:
> ClamAV Module
> > found 3 infections
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning:
> Bitdefender
> > found 3 infections
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Infected message
> > 7AB3CAA0092.0CAE9 came from 193.238.209.194
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Found 3
> > viruses
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved entire message to
> > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved infected
> > "GVauoBZVdM.gif" to
> > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Saved infected
> > "rOiW6mkZar.gif" to
> > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9
> > Sep  3 19:26:52 mailscanner MailScanner[7723]: Logging message
> > 7AB3CAA0092.0CAE9 to SQL
> > Sep  3 19:26:52 mailscanner MailScanner[7681]:
> 7AB3CAA0092.0CAE9: Logged to
> > MailWatch SQL
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> >> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Julian
> >> Field
> >> Sent: 03 September 2007 19:14
> >> To: MailScanner discussion
> >> Subject: Re: Prombem with rule actions
> >>
> >>
> >>
> >>
> >> Gareth wrote:
> >>
> >>> In MailScanner.conf I have :-
> >>> Quarantine Dir = /var/spool/MailScanner/quarantine
> >>> Quarantine User = root
> >>> Quarantine Group = apache
> >>> Quarantine Permissions = 0660
> >>>
> >>> However all quarantine entries are stored in the format :-
> >>> %quarantine-dir%/<<date>>/<<msgid>> and they are viruses and blocked
> >>> attachments.
> >>> I am assuming this is correct for the virus quaranteen?
> >>>
> >>>
> >> Yes, correct.
> >>
> >>> If that is the case then MailScanner does not seem to be creating the
> >>> additional 'spam' etc... subdirectories for some reason.
> >>>
> >>>
> >> It should always try to create them. Try creating them by hand and see
> >> if it puts anything in them. Make sure you give them permissions which
> >> are generous enough.
> >>
> >>> Are you sure the format is not
> >>>
> >> %quarantine-dir%/spam/<<date>>/<<msgid>> as
> >>
> >>> if that was the case it could just be the issue that the spam
> >>>
> >> directory does
> >>
> >>> not exist.
> >>>
> >>>
> >> Yes, sure :-)
> >>
> >>
> >>>> -----Original Message-----
> >>>> From: mailscanner-bounces at lists.mailscanner.info
> >>>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Steve
> >>>> Freegard
> >>>> Sent: 03 September 2007 18:48
> >>>> To: MailScanner discussion
> >>>> Subject: Re: Prombem with rule actions
> >>>>
> >>>>
> >>>> Gareth wrote:
> >>>>
> >>>>
> >>>>> Understood but where are these quarantines?
> >>>>>
> >>>>> I have /var/spool/mailscanner/quaranteen which contains
> >>>>>
> >> directories like
> >>
> >>>>> 20070803 and within that directories named according to the
> >>>>>
> >>>>>
> >>>> mail ID with the
> >>>>
> >>>>
> >>>>> message and any attachments within it.
> >>>>>
> >>>>> Where do each of these store options actually try to save the files?
> >>>>>
> >>>>>
> >>>>>
> >>>>>> #    store                   - store the message in the (spam)
> >>>>>>
> >>>>>>
> >>>> quarantine
> >>>>
> >>>>
> >>>> %quarantine-dir%/<<date>>/spam/<<msgid>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>> #    store-nonmcp            - store the message in the
> >>>>>>
> >>>>>>
> >>>> non-MCP quarantine
> >>>>
> >>>> %quarantine-dir%/<<date>>/nonmcp/<<msgid>>
> >>>>
> >>>>
> >>>>
> >>>>>> #    store-mcp               - store the message in the MCP
> >>>>>>
> >> quarantine
> >>
> >>>> %quarantine-dir%/<<date>>/mcp/<<msgid>>
> >>>>
> >>>>
> >>>>
> >>>>>> #    store-nonspam           - store the message in the
> >>>>>>
> >>>>>>
> >>>> non-spam quarantine
> >>>>
> >>>> %quarantine-dir%/<<date>>/nonspam/<<msgid>>
> >>>>
> >>>>
> >>>>
> >>>>>> #    store-spam              - store the message in the spam
> >>>>>>
> >> quarantine
> >>
> >>>> %quarantine-dir%/<<date>>/spam/<<msgid>>
> >>>>
> >>>>
> >>>> If you are having trobule with MailWatch reading these then make sure
> >>>> your permissions settings are correct (Quarantine Perms = 0660 and
> >>>> Quarantine Group = <<web server group>>) and that you are storing
> >>>> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue
> >>>> Files = No) as these are the most common causes of problems.
> >>>>
> >>>> Cheers,
> >>>> Steve.
> >>>> --
> >>>> MailScanner mailing list
> >>>> mailscanner at lists.mailscanner.info
> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>
> >>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>
> >>>> Support MailScanner development - buy the book off the website!
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >> Jules
> >>
> >> --
> >> Julian Field MEng CITP
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >>
> >> MailScanner customisation, or any advanced system administration help?
> >> Contact me at Jules at Jules.FM
> >>
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> For all your IT requirements visit www.transtec.co.uk
> >>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >> For all your IT requirements visit www.transtec.co.uk
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >>
> >
> >
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>



More information about the MailScanner mailing list