dangerous content

Scott Silva ssilva at sgvwater.com
Tue Sep 18 18:29:05 IST 2007


infolistas listas spake the following on 9/18/2007 6:03 AM:
> I was viewing the log I hope its usefull
> 
> ---
> 
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 
> from 10.10.10.49 <http://10.10.10.49> (user1 at mydomain.com.br 
> <mailto:user1 at mydomain.com.br>) to mfplan.com.br <http://mfplan.com.br> 
> is not spam, SpamAssassin (not cached, score=-102.971, required 3, 
> autolearn=not spam, ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, 
> BLANK_LINES_70_80 1.80, USER_IN_WHITELIST - 100.00)
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at 
> 3925 bytes per second
> Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at 
> /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat
> Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with 
> real error: Can't run tnef decoder: Arquivo ou diretório inexistente at 
> /usr/share/MailScanner/MailScanner/TNEF.pm line 238.
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat 
> that cannot be analysed in message AF5657FF98.75B99
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning: 
> Starting
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option 
> --unzip
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --jar
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tar
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tgz
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --deb
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option 
> --max-ratio
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option 
> --tempdir
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option 
> --recursive (-r)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option 
> --unrar
> Sep 18 09:34:45 mailbeta MailScanner[30405]: 
> /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing 
> AF5657FF98.75B99 msg-30405-6.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing 
> AF5657FF98.75B99 winmail.dat (no rule matched)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing 
> AF5657FF98.75B99 msg-30405-5.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing 
> AF5657FF98.75B99 winmail.dat (no match found)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing 
> AF5657FF98.75B99 msg-30405-6.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing 
> AF5657FF98.75B99 msg-30405-5.txt
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at 
> 161675 bytes per second
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 
> to 8FBF77FF99
> Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: 
> from=<user1 at mydomain.com.br <mailto:user1 at mydomain.com.br> >, size=2922, 
> nrcpt=2 (queue active)
> Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 
> cleaned messages
> Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=< 
> user2 at mydomain.com.br <mailto:user2 at mydomain.com.br>>, relay=virtual, 
> delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to 
> maildir)
> Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=< 
> getall at mydomain.com.br <mailto:getall at mydomain.com.br>>, relay=virtual, 
> delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to 
> maildir)
> Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed
> Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the 
> Postfix sendmail command
> Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is 
> reserved for the superuser
> Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29 
> <http://10.10.10.29>]
> 
Is this user sending mail with Microsoft Outlook? Have them set their sending 
format to HTML or Text instead of Rich Text.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list