possible corrupt sanesecurity defs

Scott Silva ssilva at sgvwater.com
Wed Feb 20 20:47:50 GMT 2008

on 2/20/2008 12:23 PM Ugo Bellavance spake the following:
> Chris Yuzik wrote:
>> Julian Field wrote:
>>>> Julian,
>>>> Using Sendmail. We DO quarantine viruses. They are NOT quarantined 
>>>> as raw queue files. So, for example, we have a file called "message" 
>>>> in a dir called 
>>>> /var/spool/MailScanner/quarantine/20080220/m1KHWhuB006243.
>>> In which case something like this should do the trick more or less:
>>> bash
>>> cd /var/spool/MailScanner/quarantine/20080220
>>> for F in *
>>> do
>>>   /usr/sbin/sendmail -t < $F
>>>   echo $F
>>> done
>>> That should deliver the message to where the mail said it was 
>>> addressed to in the headers, not the original envelope, but it's 
>>> probably close enough.
>>> I have just had a good look at a sample of messages caught by this 
>>> signature, and yes there are a lot of them.
>>> However they all appear to be spam.
>>> So I'm just going to let MailScanner deal with them appropriately, no 
>>> need for panic actions here.
>>> Jules
>> Jules,
>> I had to modify this a bit because there were approximately 3.2 
>> bazillion files from postmaster to postmaster that were also tagged. 
>> Needless to say, I didn't want to re-inject those into the queue.
>> Most of the emails nailed by this false positive were not spam in our 
>> case.
>> So what I did was:
>> 1) created MySQL query to give me a list of the message IDs that were 
>> incorrectly tagged as being virus infected, and saved that as a text 
>> file.
>> 2) created a small perl script ( I suck at bash scripting ) to loop 
>> over the text file and do a system command that looks like 
>> '/usr/sbin/sendmail -t < m1KEoKOn020766/message'
>> If anyone wants a copy of my script, please let me know.
> For those who are using MailWatch, I think that there is a way to 
> acheive this... maybe a script is already on the MW list...
> Ugo
I would just be happy if I could set Mailwatch to not protect me from myself 
and allow me to release virus content. I think I saw a patch somewhere, but I 
sure can't find it.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080220/afd1d51f/signature.bin

More information about the MailScanner mailing list