possible corrupt sanesecurity defs

Ugo Bellavance ugob at lubik.ca
Wed Feb 20 20:23:24 GMT 2008

Chris Yuzik wrote:
> Julian Field wrote:
>>> Julian,
>>> Using Sendmail. We DO quarantine viruses. They are NOT quarantined as 
>>> raw queue files. So, for example, we have a file called "message" in 
>>> a dir called /var/spool/MailScanner/quarantine/20080220/m1KHWhuB006243.
>> In which case something like this should do the trick more or less:
>> bash
>> cd /var/spool/MailScanner/quarantine/20080220
>> for F in *
>> do
>>   /usr/sbin/sendmail -t < $F
>>   echo $F
>> done
>> That should deliver the message to where the mail said it was 
>> addressed to in the headers, not the original envelope, but it's 
>> probably close enough.
>> I have just had a good look at a sample of messages caught by this 
>> signature, and yes there are a lot of them.
>> However they all appear to be spam.
>> So I'm just going to let MailScanner deal with them appropriately, no 
>> need for panic actions here.
>> Jules
> Jules,
> I had to modify this a bit because there were approximately 3.2 
> bazillion files from postmaster to postmaster that were also tagged. 
> Needless to say, I didn't want to re-inject those into the queue.
> Most of the emails nailed by this false positive were not spam in our case.
> So what I did was:
> 1) created MySQL query to give me a list of the message IDs that were 
> incorrectly tagged as being virus infected, and saved that as a text file.
> 2) created a small perl script ( I suck at bash scripting ) to loop over 
> the text file and do a system command that looks like 
> '/usr/sbin/sendmail -t < m1KEoKOn020766/message'
> If anyone wants a copy of my script, please let me know.

For those who are using MailWatch, I think that there is a way to 
acheive this... maybe a script is already on the MW list...


More information about the MailScanner mailing list