MailScanner Notify

Danilo Marques de Gouveia dm.gouveia at gmail.com
Fri Mar 18 21:03:53 GMT 2011 

Hi guys,

MailScanner do not advice the recipient that a virus was found and archive
only, can anyone help me?

Versions;
Postfix        2.7.1
Postgrey          1.32
MailScanner     4.79.11
MailWatch       1.0.5
clamAV            0.96.5
SpamAssassin 3.003.001


MailScanner Config

%etc-dir% = /etc/MailScanner
%mcp-dir% = /etc/MailScanner/mcp
%org-long-name% = Test.inc
%org-name% = test
%report-dir% = /etc/MailScanner/reports/pt_br
%rules-dir% = /etc/MailScanner/rules
%web-site% = www.test.com
Add Envelope From Header = yes
Add Envelope To Header = no
Add Text Of Doc = no
Add Watermark = yes
Allow External Message Bodies = no
Allow File MIME Types =
Allow Filenames =
Allow Filetypes =
Allow Form Tags = yes #disarm
Allow IFrame Tags = yes #disarm
Allow Multiple HTML Signatures = no
Allow Object Codebase Tags = yes
Allow Partial Messages = no
Allow Password-Protected Archives = no
Allow Script Tags = yes #disarm
Allow WebBugs = yes #disarm
Allowed Sophos Error Messages =
Also Find Numeric Phishing = yes
Always Include MCP Report = no
Always Include SpamAssassin Report = no
Always Looked Up Last = &MailWatchLogging
Always Looked Up Last After Batch = no
Antiword = /usr/bin/antiword -f
Antiword Timeout = 50
Archive Mail = /var/spool/MailScanner/archive
Archives Are = zip ole #rar
Archives: Allow File MIME Types =
Archives: Allow Filenames =
Archives: Allow Filetypes =
Archives: Deny File MIME Types =
Archives: Deny Filenames = #\.com$ \.exe$ \.bat$ \.asc$
Archives: Deny Filetypes =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
Attach Image To HTML Message Only = yes
Attach Image To Signature = yes #no
Attachment Encoding Charset = ISO-8859-1
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe
.mpeg .mp3 .rpm .htm .html .eml
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachments Min Total Size To Zip = 100k
Attachments Zip Filename = MessageAttachments.zip
Automatic Syntax Check = yes
Block Encrypted Messages = no
Block Unencrypted Messages = no
Bounce MCP As Attachment = no
Bounce Spam As Attachment = no
Cache SpamAssassin Results = yes
Check Filenames In Password-Protected Archives = no #yes
Check SpamAssassin If On Spam List = yes
Check Watermarks To Skip Spam Checks = yes
Check Watermarks With No Sender = yes
ClamAV Full Message Scan = no #yes
ClamAVmodule Maximum Compression Ratio = 250
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum Recursion Level = 8
Clamd Lock File = /var/run/clamav/clamd.pid
Clamd Socket = /var/run/clamav/clamd.ctl
Clamd Use Threads = yes
Clean Header Value       = Found to be clean
Content Modify Subject = start
Content Subject Text = [Conteudo Suspeito] #{Dangerous Content?}
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Country Sub-Domains List = %etc-dir%/country.domains.conf
Custom Functions Dir = /etc/MailScanner/CustomFunctions
Custom Spam Scanner Timeout = 20
Custom Spam Scanner Timeout History = 20
Dangerous Content Scanning = yes
Debug = no
Debug SpamAssassin = no
Definite MCP Is High Scoring = no
Definite Spam Is High Scoring = no
Deleted Bad Content Message Report  =
%report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report =
%report-dir%/deleted.filename.message.txt
Deleted Size Message Report        = %report-dir%/deleted.size.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deliver Cleaned Messages = yes
Deliver Disinfected Files = no
Deliver In Background = yes
Deliver Unparsable TNEF = yes #no
Delivery Method = batch
Deny File MIME Types =
Deny Filenames = #\.com$ \.exe$ \.bat$ \.asc$
Deny Filetypes =
Detailed MCP Report = yes
Detailed Spam Report = yes
Disarmed Modify Subject = start
Disarmed Subject Text = [HTML Desativado] #{Disarmed}
Disinfected Header Value = Disinfected
Disinfected Report = %report-dir%/disinfected.report.txt
Dont Sign HTML If Headers Exist = # In-Reply-To: References:
Enable Spam Bounce = %rules-dir%/bounce.rules
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
Expand TNEF = no
File Command = /usr/bin/file
File Timeout = 20
Filename Modify Subject = start
Filename Rules = %etc-dir%/filename.rules.conf
Filename Subject Text = [Anexo Suspeito]
Filetype Rules = %etc-dir%/filetype.rules.conf
Find Archives By Content = yes
Find Phishing Fraud = yes
Find UU-Encoded Files = no
First Check = spam
Fpscand Port = 10200
Gunzip Command = /bin/gunzip
Gunzip Timeout = 50
Hide Incoming Work Dir = yes
Hide Incoming Work Dir in Notices = no
High Scoring MCP Actions = deliver
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
High Scoring Spam Actions = store notify
High Scoring Spam Modify Subject = no #start
High Scoring Spam Subject Text = {Spam?}
High SpamAssassin Score = 10
Highlight Phishing Fraud = yes
Hostname = MailScanner #the %org-name% ($HOSTNAME) MailScanner
ID Header = X-%org-name%-MailScanner-ID:
Ignore Spam Whitelist If Recipients Exceed = 20
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
Include Binary Attachments In SpamAssassin = no
Include Scanner Name In Reports = yes
Include Scores In MCP Report = no
Include Scores In SpamAssassin Report = yes
Incoming Queue Dir = /var/spool/postfix/hold
Incoming Work Dir = /var/spool/MailScanner/incoming
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Incoming Work User =
Infected Header Value    = Found to be infected
Information Header Value = Please contact the ISP for more information
Inline HTML Signature = %report-dir%/inline.sig.html
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Signature = %report-dir%/inline.sig.txt
Inline Text Warning = %report-dir%/inline.warning.txt
IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
Is Definitely MCP = no
Is Definitely Not MCP = no
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = no
Keep Spam And MCP Archive Clean = no
Known Web Bug Servers = msgtag.com
Language Strings = %report-dir%/languages.conf
Local Postmaster = postmaster
Lock Type =
Lockfile Dir = /var/lock/subsys/MailScanner
Log Dangerous HTML Tags = no
Log Delivery And Non-Delivery = no
Log MCP = no
Log Non Spam = no
Log Permitted File MIME Types = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Silent Viruses = no
Log Spam = yes #no
Log SpamAssassin Rule Actions = yes
Log Speed = yes #no
Mail Header = X-%org-name%-MailScanner:
MailScanner Version Number = 4.79.11
Mark Infected Messages = yes
Mark Unscanned Messages = no #yes
Max Children = 5
Max Custom Spam Scanner Size = 20k
Max Custom Spam Scanner Timeouts = 10
Max Normal Queue Size = 800
Max Spam Check Size = 200k
Max Spam List Timeouts = 7
Max SpamAssassin Size = 80k continue 120k
Max SpamAssassin Timeouts = 5
Max Unsafe Bytes Per Scan = 50m
Max Unsafe Messages Per Scan = 30
Max Unscanned Bytes Per Scan = 100m
Max Unscanned Messages Per Scan = 30
Maximum Archive Depth = 0
Maximum Attachment Size = -1
Maximum Attachments Per Message = 50
Maximum Message Size = %rules-dir%/max.message.size.rules
Maximum Processing Attempts = 3
MCP Actions = deliver
MCP Checks = no
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-MCPCheck:
MCP High SpamAssassin Score = 10
MCP Max SpamAssassin Size = 100k
MCP Max SpamAssassin Timeouts = 20
MCP Modify Subject = start
MCP Required SpamAssassin Score = 1
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin Timeout = 10
MCP SpamAssassin User State Dir =
MCP Subject Text = {MCP?}
Minimum Attachment Size = -1
Minimum Code Status = supported
Minimum Stars If On Spam List = 0
Missing Mail Archive Is = directory
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld
/usr/local/share/clamav/*.cvd
Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide
MTA = postfix
Multiple Headers = append
Never Notify Senders Of Precedence = list bulk
Non MCP Actions = deliver
Non Spam Actions = deliver #header "X-Spam-Status: No"
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\
nwww.mailscanner.info
Notices From = MailScanner
Notices Include Full Headers = no #yes
Notices To = root at test.com
Notify Senders = no
Notify Senders Of Blocked Filenames Or Filetypes = no #yes
Notify Senders Of Blocked Size Attachments = no
Notify Senders Of Other Blocked Content = yes
Notify Senders Of Viruses = no
Outgoing Queue Dir = /var/spool/postfix/incoming
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Phishing Modify Subject = start #no
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Subject Text = [Phishing] #{Fraud?}
PID file = /var/run/MailScanner/MailScanner.pid
Place New Headers At Top Of Message = no
Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db
Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine Group =
Quarantine Infections = yes
Quarantine Modified Body = no
Quarantine Permissions = 0600
Quarantine Silent Viruses = no
Quarantine User =
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Queue Scan Interval = 2
Read IP Address From Received Header = no
Rebuild Bayes Every = 0
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Reject Message = no
Rejection Report = %report-dir%/rejection.report.txt
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Required SpamAssassin Score = 5
Restart Every = 7600
Run As Group = postfix
Run As User = postfix
Run In Foreground = no
Scan Messages = yes
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Send Notices = yes
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Sender Size Report         = %report-dir%/sender.size.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Sign Clean Messages = no #yes
Sign Messages Already Processed = no
Signature Image <img> Filename = signature.jpg
Signature Image Filename = %report-dir%/sig.jpg
Silent Viruses = HTML-IFrame All-Viruses
Size Modify Subject = no #start
Size Subject Text = {Size}
Sophos IDE Dir = /opt/sophos-av/lib/sav
Sophos Lib Dir = /opt/sophos-av/lib
Spam Actions = deliver #header "X-Spam-Status: Yes"
Spam Checks = yes
Spam Domain List =
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam List =
Spam List Definitions = %etc-dir%/spam.lists.conf
Spam List Timeout = 5
Spam List Timeouts History = 10
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3
Spam Modify Subject = start
Spam Score = no #yes
Spam Score Character = s
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Spam Score Number Format = %d
Spam Subject Text = [SPAM] #{Spam?}
SpamAssassin Auto Whitelist = yes
SpamAssassin Cache Database File =
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
SpamAssassin Cache Timings = 1800,300,10800,172800,600
SpamAssassin Default Rules Dir =
SpamAssassin Install Prefix =
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Rule Actions =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Temporary Dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin Timeout = 35 #75
SpamAssassin Timeouts History = 30
SpamAssassin User State Dir = /var/lib/MailScanner
SpamScore Number Instead Of Stars = no
Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:
Split Exim Spool = no
Still Deliver Silent Viruses = no
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
%report-dir%/stored.filename.message.txt
Stored Size Message Report        = %report-dir%/stored.size.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Syslog Facility = mail
Syslog Socket Type =
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
Treat Invalid Watermarks With No Sender as Spam = nothing
Unpack Microsoft Documents = yes #off
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
Unscanned Header Value = Not scanned #: please contact your Internet E-Mail
Service Provider for details
Unzip Filenames = *.txt *.ini *.log *.csv
Unzip Maximum File Size = 50k
Unzip Maximum Files Per Archive = 10
Unzip MimeType = text/plain
Use Custom Spam Scanner = no
Use Default Rules With Multiple Recipients = no
Use SpamAssassin = yes
Use Stricter Phishing Net = yes
Use TNEF Contents = no #replace
Use Watermarking = no
Virus Modify Subject = start
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Virus Scanner Timeout = 30
Virus Scanners = clamav
Virus Scanning = yes
Virus Subject Text = [Virus]
Wait During Bayes Rebuild = no
Warning Is Attachment = yes
Watermark Header = X-%org-name%-MailScanner-Watermark:
Watermark Lifetime = 604800
Watermark Secret = %org-name%-Secret
Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
Zip Attachments = no
-- 
Danilo Marques de Gouveia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110318/a64aa0a3/attachment.html

More information about the MailScanner mailing list