Reports about newest beta
Jonas A. Larsen
jonas at vrt.dk
Tue Aug 18 14:33:38 IST 2009
Hi Julian
I've installed the newest beta(4.78.9) on 1 of my scanners and got some
feedback in that context.
I got 2 issues:
1/
This is the first install for me which has the mailscanner crash/dos
protection. And I just receved a couple of mails which apparently would
crash mailscanner.
These mails seems to have been moved to
/var/spool/MailScanner/quarantine/20090818/
Normally spam would have been moved to
/var/spool/MailScanner/quarantine/20090818/spam and ham to
/var/spool/MailScanner/quarantine/20090818/nonspam
These 3 mails was each moved to /var/spool/MailScanner/quarantine/20090818/
and a directory was created for each mail named after the mail id, and
inside was a file called message with the mail content.
Is this the normal designed behavior? If yes is it customizeable somehow? As
in can I control where the "kill mails" are stored.
/2
My second issue is more of a problem, I've started using the new virus-spam
feature with great success (and I encourage everyone else to as well if you
can spare the extra cpu time).
However in the conf it says:
# Some virus scanners now use their signatures to detect spam as well as
# viruses. These "viruses" are called "spam-viruses". When they are found
# the following header will be added to your message before it is passed to
# SpamAssassin, listing all the "spam-viruses" that were found as a comma-
# separated list.
# This can also be the filename of a ruleset.
Spam-Virus Header = X-%org-name%-SpamVirus-Report:
# This defines which virus reports from your virus scanners are really the
# names of "spam-viruses" as described in the "Spam-Virus Header" section
# above. This is a space-separated list of strings which can contain "*"
# wildcards to mean "any string of characters", and which will match the
# whole name of the virus reported by your virus scanner. So for example
# "HTML/*" will match all virus names which start with the string "HTML/".
# The supplied example is suitable for F-Prot6 and the SaneSecurity
# databases for ClamAV. The test is case-sensitive.
# This cannot be a ruleset, it must be a simple value as described.
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/*
I don't understand how/why you would make Spam-Virus Header a ruleset? What
would u control with it?
But I do see why you would want a ruleset for the Virus Names Which Are Spam
option. This would allow me to deploy some of the databases sanesecurity
lables with a high chance of FP's by assigning them different headers and
thus giving them fewer points in SA than the more trusthworthy DB's.
Was there a technical reason why this option isn't possible to set in a
ruleset, or did you just think it would be overkill?
Overall the new beta seems to be running fine except for the mails which
appears to make it crash, I have not looked into detail about the mails (it
was actually test mails) but ile do that later on.
Hope you survived my longish rant J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090818/de7a5a5e/attachment.html
More information about the MailScanner
mailing list