dangerous content

infolistas listas grupolistas at gmail.com
Tue Sep 18 14:26:56 IST 2007


Another log this time user1 sending to me, I didnt get the dangerous content
message nor the Corrupt TNEF winmail.dat that cannot be analysed in message
AF5657FF98.75B99

Sep 18 10:23:01 mailbeta MailScanner[31952]: Message BFF1F7FF98.052FB from
10.10.10.49 (user1 at mydomain.com.br) to mfplan.com.br is not spam,
SpamAssassin (not cached, score=-103.754, required 3, autolearn=not spam,
ALL_TRUSTED -1.80, AWL 0.53, BAYES_00 -2.60, HTML_90_100 0.11, HTML_MESSAGE
0.00, USER_IN_WHITELIST -100.00)
Sep 18 10:23:01 mailbeta MailScanner[31952]: Spam Checks completed at 3791
bytes per second
Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus and Content Scanning:
Starting
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option
--unzip
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --jar
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --tar
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --tgz
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --deb
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option
--max-ratio
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option
--tempdir
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option
--recursive (-r)
Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option
--unrar
Sep 18 10:23:02 mailbeta MailScanner[31952]:
/var/spool/MailScanner/incoming/31952/.: lstat() failed. ERROR
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing
BFF1F7FF98.052FB msg-31952-4.txt
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing
BFF1F7FF98.052FB msg-31952-5.html (no rule matched)
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing
BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no rule matched)
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing
BFF1F7FF98.052FB msg-31952-5.html
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing
BFF1F7FF98.052FB msg-31952-4.txt
Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing
BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no match found)
Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Scanning completed at
172635 bytes per second
Sep 18 10:23:02 mailbeta MailScanner[31952]: Requeue: BFF1F7FF98.052FB to
D0A537FF9B
Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: from=<
user1 at mydomain.com.br>, size=46994, nrcpt=2 (queue active)
Sep 18 10:23:02 mailbeta postfix/virtual[32275]: D0A537FF9B: to=<
getall at mydomain.com.br>, relay=virtual, delay=13, delays=13/0.02/0/0.08,
dsn=2.0.0, status=sent (delivered to maildir)
Sep 18 10:23:02 mailbeta MailScanner[31952]: Uninfected: Delivered 1
messages
Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Processing completed at
96012 bytes per second
Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch completed at 3562 bytes
per second (45049 / 12)
Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch (1 message) processed in
12.65 seconds
Sep 18 10:23:02 mailbeta MailScanner[31952]: New Batch: Scanning 1 messages,
32156 bytes
Sep 18 10:23:02 mailbeta MailScanner[31952]: Spam Checks: Starting
Sep 18 10:23:02 mailbeta postfix/virtual[32277]: D0A537FF9B: to=<
teste at mydomain.com.br>, relay=virtual, delay=13, delays=13/0.08/0/0.07, dsn=
2.0.0, status=sent (delivered to maildir)
Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: removed

2007/9/18, infolistas listas <grupolistas at gmail.com>:
>
> I was viewing the log I hope its usefull
>
> ---
>
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 from
> 10.10.10.49 (user1 at mydomain.com.br ) to mfplan.com.br is not spam,
> SpamAssassin (not cached, score=-102.971, required 3, autolearn=not spam,
> ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 1.80,
> USER_IN_WHITELIST - 100.00)
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at 3925
> bytes per second
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat
> Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with real
> error: Can't run tnef decoder: Arquivo ou diretório inexistente at
> /usr/share/MailScanner/MailScanner/TNEF.pm line 238.
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat that
> cannot be analysed in message AF5657FF98.75B99
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning:
> Starting
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --unzip
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --jar
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --tar
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --tgz
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --deb
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --max-ratio
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --tempdir
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --recursive (-r)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option
> --unrar
> Sep 18 09:34:45 mailbeta MailScanner[30405]:
> /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
> AF5657FF98.75B99 msg-30405-6.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
> AF5657FF98.75B99 winmail.dat (no rule matched)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing
> AF5657FF98.75B99 msg-30405-5.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
> AF5657FF98.75B99 winmail.dat (no match found)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
> AF5657FF98.75B99 msg-30405-6.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing
> AF5657FF98.75B99 msg-30405-5.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at
> 161675 bytes per second
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 to
> 8FBF77FF99
> Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=<
> user1 at mydomain.com.br >, size=2922, nrcpt=2 (queue active)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 cleaned
> messages
> Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=<user2 at mydomain.com.br>,
> relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent
> (delivered to maildir)
> Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=<getall at mydomain.com.br>,
> relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent
> (delivered to maildir)
> Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed
> Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the
> Postfix sendmail command
> Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is
> reserved for the superuser
> Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29]
>
> 2007/9/18, infolistas listas <grupolistas at gmail.com>:
> >
> > That user isnt sending anything more than is set on the rules. (
> > atachments of all type are  allowed to be send). Only 9 users are allowed to
> > send attachments outside,all attachments are allowed inside domain,  that
> > user is one of them, the problem is only with her and another specific user,
> > thats from our own domain.
> > how do I turn the dangerous content checking out? will it interfeer with
> > the incoming checking of outside domain?
> > How can I make an exception for only one user?
> > I couldnt find anything, that pointed to the problem , the only thing
> > strange is that the messages coming from that user to the other specific
> > user where requeued, nor mailscanner nor spamassassin pointed anything
> > diferent.
> > Do you need logs?
> > Thanks
> >
> > 2007/9/17, Scott Silva <ssilva at sgvwater.com >:
> > >
> > > infolistas listas spake the following on 9/17/2007 4:16 PM:
> > > > Hi all,
> > > > I'm getting a problem from a specific user,
> > > > when this users send an email to another specific user the mail
> > > arrives
> > > > with the { dangerous content} flag.
> > > > How can I solve this?
> > > >
> > > >
> > > 1) Tell user to stop sending dangerous content.
> > > 2) Write ruleset to exempt the user from dangerous content rules.
> > > 3) Turn off dangerous content checking.
> > >
> > > You gave very limited info in your question, so I had to give a very
> > > general
> > > answer.
> > >
> > > --
> > >
> > > MailScanner is like deodorant...
> > > You hope everybody uses it, and
> > > you notice quickly if they don't!!!!
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/2a7ca759/attachment.html


More information about the MailScanner mailing list