ScamNailer script unnecessarily updates the file

Mark Sapiro mark at
Sun Dec 27 19:08:31 GMT 2009

The ScamNailer script knows when it actually retrieved new data, but it
builds a new output file and runs the mailscanner_restart command even
when it hasn't got new data.

The main problem with this occurs if the site compiles it's rules. If
the mailscanner_restart command includes possible rule compilation, it
will recompile unchanged rules, and if it doesn't recompile, the
compiled rules will potentially be ignored until the next compile
because the ScamNailer output file is newer than the compiled rules.

The attached diff.txt patch fixes this by returning the '$generate'
flag from the GetPhishingUpdate() function, and calling
GetPhishingUpdate() first and skiping the rest if its return is false.

Also note that the current script still contains

# Filename of list of extra addresses you have added, 1 per line.
# Does not matter if this file does not exist.
my $local_extras = '/etc/MailScanner/ScamNailer.local.addresses';

even though the code to process that file is gone. This is actually a
good thing from the point of view of the patch because it is more
complicated to know if the local_extras file has changed, although
this can be done by checking if it is newer than the output file.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
--- ScamNailer-2.07	2009-10-12 12:47:27.000000000 -0700
+++ ScamNailer	2009-12-27 10:01:05.000000000 -0800
@@ -59,15 +59,15 @@
 $output_filename = $ARGV[0] if $ARGV[0]; # Use filename if they gave one
+# First do all the addresses we read from DNS and anycast and only do the
+# rest if needed.
+if (GetPhishingUpdate()) {
 open(SACF, ">$output_filename") or die "Cannot write to $output_filename $!";
 print SACF "# ScamNailer rules\n";
 print SACF "# Generated by $0 at " . `date` . "\n";
-# Now do all the addresses we read from DNS and anycast
-# Now read all the addresses we generated from that process.
+# Now read all the addresses we generated from GetPhishingUpdate().
 open(PHISHIN, $emailscurrent . 'phishing.emails.list')
   or die "Cannot read " . $emailscurrent . "phishing.emails.list, $!\n";
 while(<PHISHIN>) {
@@ -132,6 +132,7 @@
 system($mailscanner_restart) if $mailscanner_restart;
 exit 0;
 sub GetPhishingUpdate {
   my $cache = $emailscurrent . 'cache/';
@@ -379,5 +380,6 @@
     print "ok\n" unless $quiet;
+  $generate;

More information about the MailScanner mailing list