Error with EMTPY_MESSAGE
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sat Sep 13 18:46:18 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Glenn Steen wrote:
> 2008/9/13 Hugo van der Kooij <hvdkooij at vanderkooij.org>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hugo van der Kooij wrote:
>>> Hi,
>>>
>>> It seems to me that SA is flagging just about any message as EMPTY_MESSAGE.
>>>
>>> Is anyone else seeing this too?
>> I just had quite a bit of a discussion about malware that just walks
>> past MailScanner with multiple AV scanners active.
>>
>> It seems that it might be related to postfix. Where MailScanner is
>> trying to decode postfix queue files but not doing the right thing.
>>
>> My result on 3 sample queue files was 0% through MailScanner. But
>> decoding them with postcat allowed me to hit 100% of the files.
>>
>> So the issue may require all postfix users to look very carefully into
>> their messages and the ability to scan them properly.
>>
>> Hugo.
>>
> Can I get a sample, please? Send it off-list.
> Do you do milters? Which milters? Version of postfix?
I use postfix 2.3.2 as it is the normal shipped package for Centos 5.
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIy/w4BvzDRVjxmYERAn5YAJ9AdNuMzmtRng6ApE7jQ8gIrVd35QCgueXG
vG5NfmOYhiRdb4QCgAGswBQ=
=2b04
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list