Reports about newest beta

Jonas A. Larsen jonas at vrt.dk
Tue Aug 18 14:33:38 IST 2009


Hi Julian

 

I've installed the newest beta(4.78.9) on 1 of my scanners and got some
feedback in that context.

 

I got 2 issues:

 

1/

This is the first install for me which has the mailscanner crash/dos
protection. And I just receved a couple of mails which apparently would
crash mailscanner.

These mails seems to have been moved to
/var/spool/MailScanner/quarantine/20090818/

Normally spam would have been moved to
/var/spool/MailScanner/quarantine/20090818/spam and ham to
/var/spool/MailScanner/quarantine/20090818/nonspam

These 3 mails was each moved to /var/spool/MailScanner/quarantine/20090818/
and a directory was created for each mail named after the mail id, and
inside was a file called message with the mail content.

Is this the normal designed behavior? If yes is it customizeable somehow? As
in can I control where the "kill mails" are stored.

 

/2

My second issue is more of a problem, I've started using the new virus-spam
feature with great success (and I encourage everyone else to as well if you
can spare the extra cpu time).

 

However in the conf it says:

 

# Some virus scanners now use their signatures to detect spam as well as

# viruses. These "viruses" are called "spam-viruses". When they are found

# the following header will be added to your message before it is passed to

# SpamAssassin, listing all the "spam-viruses" that were found as a comma-

# separated list.

# This can also be the filename of a ruleset.

Spam-Virus Header = X-%org-name%-SpamVirus-Report:

 

# This defines which virus reports from your virus scanners are really the

# names of "spam-viruses" as described in the "Spam-Virus Header" section

# above. This is a space-separated list of strings which can contain "*"

# wildcards to mean "any string of characters", and which will match the

# whole name of the virus reported by your virus scanner. So for example

# "HTML/*" will match all virus names which start with the string "HTML/".

# The supplied example is suitable for F-Prot6 and the SaneSecurity

# databases for ClamAV. The test is case-sensitive.

# This cannot be a ruleset, it must be a simple value as described.

Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*

 

I don't understand how/why you would make Spam-Virus Header a ruleset? What
would u control with it?

 

But I do see why you would want a ruleset for the Virus Names Which Are Spam
option. This would allow me to deploy some of the databases sanesecurity
lables with a high chance of FP's by assigning them different headers and
thus giving them fewer points in SA than the more trusthworthy DB's.

 

Was there a technical reason why this option isn't possible to set in a
ruleset, or did you just think it would be overkill?

 

Overall the new beta seems to be running fine except for the mails which
appears to make it crash, I have not looked into detail about the mails (it
was actually test mails) but ile do that later on.

 

 

Hope you survived my longish rant J

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090818/de7a5a5e/attachment.html


More information about the MailScanner mailing list