clamd and tnef error?

Randal, Phil prandal at herefordshire.gov.uk
Wed Sep 15 14:03:29 IST 2010


Setting 

Incoming Work Permissions = 0660

Does indeed fix it.

Jules, should this change in the default MailScanner.conf?

Cheers,

Phil

--
Phil Randal | Networks Engineer
NHS Herefordshire & Herefordshire Council  | Deputy Chief Executive's Office | I.C.T. Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal at herefordshire.gov.uk

Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: 15 September 2010 11:27
To: MailScanner discussion
Subject: Re: clamd and tnef error?

On 14 September 2010 15:45, Steve Freegard <steve.freegard at fsl.com> wrote:
> On 14/09/10 14:13, Paul wrote:
>
>> I've switched to the internal tnef expander and there are no errors.
>
> Small word of warning on the internal expander; Convert-TNEF hasn't 
> been updated in a very long time and I recently had a number of issues 
> on multiple sites where it was causing MailScanner to segfault on 
> messages generated by recent versions of Exchange.  This was causing 
> MailScanner to quarantine loads of messages as 'attempted to kill 
> MailScanner' and required a bit of cleanup to correct.
>
> That said - I also had issues with the external expander a long time 
> ago which is why I switched to the internal as the preferred method.  
> But the external expander is much more up-to-date and I doubt if these 
> problems are still present.
>
> These days 'Expand TNEF = no' is my preferred method and get the 
> Exchange server to send messages in MIME format instead of working 
> around bad defaults on the Exchange side.
>
In a world where all winmail.dat files were generated internally, I would agree with you.... But since that is not the case, I would have to beg to differ...

I've been happy with the internal TNEF expander for years, but ...
some (business-critical, of course) emails couldn't be expanded -> couldn't be scanned -> ended up in the quarantine. Sigh. So I went for the external one, with good success.
AFAICT the problem is that the clamav group permission is 4, not 6. I fail to see the risk of allowing the group to be able to write as well as read.
I have my Incoming settings like:
Incoming Work User = postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0660
,,, which work perfectly.

> Regards,
> Steve.

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.
You should be aware that Herefordshire Council monitors its email service.
This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.


More information about the MailScanner mailing list