dangerous content

infolistas listas grupolistas at gmail.com
Tue Sep 18 14:03:47 IST 2007


I was viewing the log I hope its usefull

---

Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 from
10.10.10.49 (user1 at mydomain.com.br) to mfplan.com.br is not spam,
SpamAssassin (not cached, score=-102.971, required 3, autolearn=not spam,
ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 1.80,
USER_IN_WHITELIST -100.00)
Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at 3925
bytes per second
Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at
/var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat
Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with real
error: Can't run tnef decoder: Arquivo ou diretório inexistente at
/usr/share/MailScanner/MailScanner/TNEF.pm line 238.
Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat that
cannot be analysed in message AF5657FF98.75B99
Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning:
Starting
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
--unzip
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --jar
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tar
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tgz
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --deb
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
--max-ratio
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
--tempdir
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
--recursive (-r)
Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
--unrar
Sep 18 09:34:45 mailbeta MailScanner[30405]:
/var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
AF5657FF98.75B99 msg-30405-6.txt
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
AF5657FF98.75B99 winmail.dat (no rule matched)
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
AF5657FF98.75B99 msg-30405-5.txt
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
AF5657FF98.75B99 winmail.dat (no match found)
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
AF5657FF98.75B99 msg-30405-6.txt
Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
AF5657FF98.75B99 msg-30405-5.txt
Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at
161675 bytes per second
Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 to
8FBF77FF99
Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=<
user1 at mydomain.com.br>, size=2922, nrcpt=2 (queue active)
Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 cleaned
messages
Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=<
user2 at mydomain.com.br>, relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=
2.0.0, status=sent (delivered to maildir)
Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=<
getall at mydomain.com.br>, relay=virtual, delay=17, delays=17/0.01/0/0.02,
dsn=2.0.0, status=sent (delivered to maildir)
Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed
Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the
Postfix sendmail command
Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is
reserved for the superuser
Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29]

2007/9/18, infolistas listas <grupolistas at gmail.com>:
>
> That user isnt sending anything more than is set on the rules. (
> atachments of all type are  allowed to be send). Only 9 users are allowed to
> send attachments outside,all attachments are allowed inside domain,  that
> user is one of them, the problem is only with her and another specific user,
> thats from our own domain.
> how do I turn the dangerous content checking out? will it interfeer with
> the incoming checking of outside domain?
> How can I make an exception for only one user?
> I couldnt find anything, that pointed to the problem , the only thing
> strange is that the messages coming from that user to the other specific
> user where requeued, nor mailscanner nor spamassassin pointed anything
> diferent.
> Do you need logs?
> Thanks
>
> 2007/9/17, Scott Silva <ssilva at sgvwater.com>:
> >
> > infolistas listas spake the following on 9/17/2007 4:16 PM:
> > > Hi all,
> > > I'm getting a problem from a specific user,
> > > when this users send an email to another specific user the mail
> > arrives
> > > with the { dangerous content} flag.
> > > How can I solve this?
> > >
> > >
> > 1) Tell user to stop sending dangerous content.
> > 2) Write ruleset to exempt the user from dangerous content rules.
> > 3) Turn off dangerous content checking.
> >
> > You gave very limited info in your question, so I had to give a very
> > general
> > answer.
> >
> > --
> >
> > MailScanner is like deodorant...
> > You hope everybody uses it, and
> > you notice quickly if they don't!!!!
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/ebf010d1/attachment.html


More information about the MailScanner mailing list