possible corrupt sanesecurity defs
Scott Silva
ssilva at sgvwater.com
Wed Feb 20 20:47:50 GMT 2008
on 2/20/2008 12:23 PM Ugo Bellavance spake the following:
> Chris Yuzik wrote:
>> Julian Field wrote:
>>>> Julian,
>>>>
>>>> Using Sendmail. We DO quarantine viruses. They are NOT quarantined
>>>> as raw queue files. So, for example, we have a file called "message"
>>>> in a dir called
>>>> /var/spool/MailScanner/quarantine/20080220/m1KHWhuB006243.
>>>>
>>> In which case something like this should do the trick more or less:
>>>
>>> bash
>>> cd /var/spool/MailScanner/quarantine/20080220
>>> for F in *
>>> do
>>> /usr/sbin/sendmail -t < $F
>>> echo $F
>>> done
>>>
>>> That should deliver the message to where the mail said it was
>>> addressed to in the headers, not the original envelope, but it's
>>> probably close enough.
>>>
>>> I have just had a good look at a sample of messages caught by this
>>> signature, and yes there are a lot of them.
>>> However they all appear to be spam.
>>> So I'm just going to let MailScanner deal with them appropriately, no
>>> need for panic actions here.
>>>
>>> Jules
>>>
>>
>> Jules,
>>
>> I had to modify this a bit because there were approximately 3.2
>> bazillion files from postmaster to postmaster that were also tagged.
>> Needless to say, I didn't want to re-inject those into the queue.
>>
>> Most of the emails nailed by this false positive were not spam in our
>> case.
>>
>> So what I did was:
>> 1) created MySQL query to give me a list of the message IDs that were
>> incorrectly tagged as being virus infected, and saved that as a text
>> file.
>> 2) created a small perl script ( I suck at bash scripting ) to loop
>> over the text file and do a system command that looks like
>> '/usr/sbin/sendmail -t < m1KEoKOn020766/message'
>>
>> If anyone wants a copy of my script, please let me know.
>
> For those who are using MailWatch, I think that there is a way to
> acheive this... maybe a script is already on the MW list...
>
> Ugo
>
I would just be happy if I could set Mailwatch to not protect me from myself
and allow me to release virus content. I think I saw a patch somewhere, but I
sure can't find it.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080220/afd1d51f/signature.bin
More information about the MailScanner
mailing list