AW: winmail.dat problem in version 4.84.5

Berndt, Achim aberndt at studio-hamburg.de
Mon Feb 11 11:40:59 GMT 2013 

Hello,

the TNEF.pm from
https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm
works for me.

Many thanks for all.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Randal, Phil
Gesendet: Donnerstag, 7. Februar 2013 13:38
An: MailScanner discussion
Betreff: RE: winmail.dat problem in version 4.84.5

There's a build of TNEF.pm in the MailScanner Git repo:

https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm

With this version(and latest MailScanner)  I'm seeing temporary directories of form tnefxxxxxx being created in /var/spool/mqueue.in

Cheers,

Phil

--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Berndt, Achim
Sent: 07 February 2013 10:45
To: MailScanner discussion
Subject: AW: winmail.dat problem in version 4.84.5

Hello again

Should I change the TNEF.pm
from
MailScanner 4.85.5-3 (original):
  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0);
  $dir =~ s,^.*/,,;
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
    MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                              "$dir/$unpackdir");
    return 0;

to
    MailScanner 4.85.5-3 (new):
  my $unpackdir = tempdir("tnefXXXXXX");
  $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
  unless (mkdir "$dir/$unpackdir", 0777) {
   MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not cre create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
                             "$dir/$unpackdir");
   return 0;

regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Alex Neuman
Gesendet: Mittwoch, 6. Februar 2013 17:08
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5


On Wed, Feb 6, 2013 at 2:29 AM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hi Alex,

thanks for your answer.
You're welcome!
Splitting of the mails is not the problem, because there are the same failures with single-recipient mails also.
You mentioned it.
MailScanner can't create a sub-directory sometimes, but I don't know why?!
When a program "can't create" subdirectories or folders, it usually means it doesn't have permission to.
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
That appears to be caused by the user MailScanner is running as not having permission to create the file. It could also be that the disk is full (not likely) or that it ran out of inodes (also not likely).
Is the option "not to scan winmail.dat files" really an option?
If you look for winmail.dat in the MailScanner.conf and read the comments therein, you'll find options such as:
Expand TNEF = yes
... which has this as its comment:
# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.

If you set it to "no" TNEF messages (those containing winmail.dat) will not be unpacked. Depending on your particular situation, most antivirus programs will still be able to detect viruses inside.

You will *not*, however, be able to limit the type of files included, so that if you've forbidden people from sending .mov files and they send them in a TNEF-encoded message they will still (probably) go through.

Regards
Achim

Von: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] Im Auftrag von Alex Neuman
Gesendet: Dienstag, 5. Februar 2013 20:50
An: MailScanner discussion
Betreff: Re: winmail.dat problem in version 4.84.5

Splitting mail is something you have to *do things* for it to happen. If you undo the changes you made to split the e-mails (how to do this depends on which MTA you're using, I'm assuming sendmail from the logs), you should be able to avoid the problem.

Do you know why splitting e-mails to multiple recipients was needed in the first place? Did whoever installed this prior to you taking over document it? The procedure is detailed here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient

You can also try changing which method you use to process winmail.dat files, or not to process them at all. The risk is minimal. Check your mailscanner.conf settings, there is more information in the comments.
On Tue, Feb 5, 2013 at 12:13 PM, Berndt, Achim <aberndt at studio-hamburg.de<mailto:aberndt at studio-hamburg.de>> wrote:
Hello,

we made last week an update of our mail-gateways. We have now the OS-Version openSUSE12.2 and the
MailScanner-Version 4.84.5 (from 4.81.4). Unfortunately there is now a problem with scanning of winmail.dat
attachments?! If there is a mail with 2 recipients and a winmail.dat attachment, MailScanner split the mail
and try to scan it two times. The first scan is successfull, but the second one not?! Do you have an explanation
for the problem?

Mail-Log:
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=274800, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3G032743: to=<peter at studio-hamburg.de<mailto:peter at studio-hamburg.de>>, delay=00:00:01, mailer=esmtp, pri=304800, stat=queued
Feb  4 16:12:14 mxi2 MailScanner[26355]: New Batch: Scanning 1 messages, 275339 bytes
Feb  4 16:12:14 mxi2 MailScanner[26355]: Virus and Content Scanning: Starting
Feb  4 16:12:14 mxi2 MailScanner[26355]: Message r14FCB3G032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (275339 > 200000 bytes)
Feb  4 16:12:14 mxi2 MailScanner[26355]: Uninfected: Delivered 1 messages
Feb  4 16:12:14 mxi2 MailScanner[26355]: Deleted 1 messages from processing-database
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: from=<alex at bdo.de<mailto:alex at bdo.de>>, size=282469, class=0, nrcpts=1, msgid=<86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de<mailto:86D1E45AA30DB1478EB30D571D10BC7AAFA19310EE at HH0EX001.bdocorp.de>>, proto=ESMTP, daemon=MTA, relay=mx01.bdo.de<http://mx01.bdo.de> [194.76.208.111<tel:%5B194.76.208.111>]
Feb  4 16:12:14 mxi2 sendmail-in[32743]: r14FCB3H032743: to=<waller at studio-hamburg.de<mailto:waller at studio-hamburg.de>>, delay=00:00:00, mailer=esmtp, pri=312469, stat=queued
Feb  4 16:12:15 mxi2 MailScanner[26300]: New Batch: Scanning 1 messages, 283011 bytes
Feb  4 16:12:15 mxi2 MailScanner[26300]: Expanding TNEF archive at /var/spool/MailScanner/incoming/26300/r14FCB3H032743/winmail.dat
Feb  4 16:12:15 mxi2 MailScanner[26300]: Trying to unpack nwinmail.dat in message r14FCB3H032743, could not create subdirectory r14FCB3H032743//tnefgKmhWJ, failed to unpack TNEF message
Feb  4 16:12:15 mxi2 MailScanner[26300]: Corrupt TNEF winmail.dat that cannot be analysed in message r14FCB3H032743
Feb  4 16:12:15 mxi2 MailScanner[26300]: Virus and Content Scanning: Starting
Feb  4 16:12:15 mxi2 MailScanner[26300]: Message r14FCB3H032743 from 194.76.208.111 (alex at bdo.de<mailto:alex at bdo.de>) to studio-hamburg.de<http://studio-hamburg.de> is too big for spam checks (283011 > 200000 bytes)
Feb  4 16:12:15 mxi2 MailScanner[26300]: Cleaned: Delivered 1 cleaned messages

Regards
Achim


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505<tel:%2B507-6781-9505>
+507-832-6725<tel:%2B507-832-6725>
+1-440-253-9789<tel:%2B1-440-253-9789> (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



--

--

Alex Neuman van der Hans
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

+507-6781-9505
+507-832-6725
+1-440-253-9789 (USA)

Follow @AlexNeuman on Twitter
http://facebook.com/vidadigital


-- So-called "legal disclaimers" are not legally binding, so don't bother. A cute graphic saying "save the planet, don't print this" can potentially create more CO2, not less, so don't bother either.
"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130211/6c20adfb/attachment.html

More information about the MailScanner mailing list