Difference in MailScanner behaviour between Ubuntu 10.04 LTS and 12.04 LTS
Martijn
mailinglist at mindconnect.nl
Mon Jun 16 20:43:15 IST 2014
Thank you for your suggestion.
The MailScanner running on 12.04 LTS doesn't seem to need the -U for the
notifications to work, but it may need it for other things to work, so I
guess it's best to add it in there as well.
Adding -U on the MailScanner running on 10.04 LTS does make both
installs behave the same, so that seems like good news. However...
On second thought, the behaviour now displayed by both installs seems
faulty as well, looking at these comments in the configuration file:
Notify Senders = no
[...]
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages [...]
Notify Senders Of Blocked Filenames Or Filetypes = yes
Summing this all up would mean that even though the second option is set
to yes, the notification shouldn't be send at all, since Notify Senders
is set to no.
I'll have a look at the bug tracker to see if this is a known issue.
Can you (or anyone else) shed some light on my second question?:
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.
If this is expected, shouldn't those options actually be called 'Notify
Recipient *'? Am I interpreting this option the wrong way?
Thanks,
- Martijn
On 16-6-2014 13:28, Jerry Benton wrote:
> It is after 5.10.
>
> http://lists.mailscanner.info/pipermail/mailscanner/2011-May/097870.html
>
>
>
>
> On Mon, Jun 16, 2014 at 11:45 AM, Martijn <mailinglist at mindconnect.nl
> <mailto:mailinglist at mindconnect.nl>> wrote:
>
> For the record:
> This install of MailScanner on Ubuntu 10.04 LTS has been functioning
> without any noticable problems (except for the notification mails) or
> errors in the logs for about 2 years now, and that is without the perl
> -U switch.
>
> Should I've noticed anything else with this parameter missing? This may
> lead to me writing more tests to ensure proper functioning.
>
> Thanks,
> - Martijn
>
> On 16-6-2014 1:58, Jerry Benton wrote:
> > Did you add the -U option to your /usr/sbin/MailScanner?
> >
> > #!/usr/bin/perl -U -I/usr/share/MailScanner/
> >
> > -
> > Jerry Benton
> > www.mailborder.com <http://www.mailborder.com>
> <http://www.mailborder.com>
> >
> >
> >
> > On Jun 16, 2014, at 1:17 AM, Martijn <mailinglist at mindconnect.nl
> <mailto:mailinglist at mindconnect.nl>
> > <mailto:mailinglist at mindconnect.nl
> <mailto:mailinglist at mindconnect.nl>>> wrote:
> >
> >> I'm running tests for upgrading a system to a newer version of
> Ubuntu
> >> LTS, and during my tests I found a difference in behaviour
> between the
> >> MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
> >>
> >> The 12.04 LTS system is an upgraded install of a copy of the
> 10.04 LTS
> >> install. MailScanner version is: 4.84.5 from the apt.baruwa.org
> <http://apt.baruwa.org>
> >> <http://apt.baruwa.org>
> >> repository, both before and after the upgrade.
> >>
> >> The MailScanner configuration between the two systems is completely
> >> identical. MailScanner --debug --lint shows no issues.
> >>
> >>
> >> I've found two seperate issues:
> >>
> >> Issue #1: The install on 10.04 doesn't send blocked filename
> >> notifications but the install on 12.04 does.
> >>
> >> Deny Filenames list is configured as:
> >> Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$
> \.vbs$ \.vb$
> >> \.scr$ \.dll$ \.reg$
> >>
> >> And:
> >> Notify Senders Of Blocked Filenames Or Filetypes = yes
> >>
> >> On 10.04, when sending an eicar test file, the mail is considered to
> >> contain a virus and therefor deleted. No notification mail is sent,
> >> although the configuration would suggest it should. The logs say
> this:
> >>
> >> New Batch: Scanning 1 messages, 1965 bytes
> >> Virus and Content Scanning: Starting
> >> Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
> >> Virus Scanning: Clamd found 1 infections
> >> Infected message DECEF36C443.ACC6F came from 195.241.145.230
> >> Virus Scanning: Found 1 viruses
> >> Virus Scanning completed at 10980 bytes per second
> >> Saved entire message to
> >> /var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
> >> Spam Checks: Starting
> >> Message DECEF36C443.ACC6F from 195.241.145.230
> (victim at testdomain.ext
> >> <mailto:victim at testdomain.ext <mailto:victim at testdomain.ext>>)
> >> to testdomain.ext is not spam, SpamAssassin (not cached,
> score=-3.228,
> >> required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33,
> BAYES_00
> >> -1.90)
> >> Spam Checks completed at 271 bytes per second
> >> Cleaned: Delivered 1 cleaned messages
> >> Deleted 1 messages from processing-database
> >> Batch completed at 264 bytes per second (1965 / 7)
> >> Batch (1 message) processed in 7.42 seconds
> >>
> >> After upgrading to 12.04, the difference in behaviour is that
> >> MailScanner now suddenly DOES sends a notification message to
> notify of
> >> a deleted attachment. The log now has this:
> >>
> >> New Batch: Scanning 1 messages, 1841 bytes
> >> Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
> eicar.com <http://eicar.com>
> >> <http://eicar.com>)
> >> Other Checks: Found 1 problems
> >> Virus and Content Scanning: Starting
> >> Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
> >> Virus Scanning: Clamd found 1 infections
> >> Infected message 7CE27442AE.AFD34 came from 10.0.3.2
> >> Virus Scanning: Found 1 viruses
> >> Virus Scanning completed at 2784 bytes per second
> >> Saved entire message to
> >> /var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
> >> Saved infected "eicar.com <http://eicar.com> <http://eicar.com>" to
> >> /var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
> >> Spam Checks: Starting
> >> Expired 1 records from the SpamAssassin cache
> >> Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext
> >> <mailto:victim at testdomain.ext <mailto:victim at testdomain.ext>>) to
> >> testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
> >> required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
> >> Spam Checks completed at 209 bytes per second
> >> Requeue: 7CE27442AE.AFD34 to 0BD61442B7
> >> Cleaned: Delivered 1 cleaned messages
> >> Virus Processing completed at 3872 bytes per second
> >> Deleted 1 messages from processing-database
> >> Batch completed at 185 bytes per second (1841 / 9)
> >> Batch (1 message) processed in 9.92 seconds
> >>
> >> Notice the "Filename Checks: Blocked Filename Detected
> (7CE27442AE.AFD34
> >> eicar.com <http://eicar.com> <http://eicar.com>)". This notice
> wasn't there on 10.04 LTS.
> >>
> >> Question: does anyone know what the cause of this difference in
> >> behaviour is, as the MailScanner version and configuration are
> the same?
> >>
> >> Issue #2:
> >> So, notifications are sent on 12.04, but:
> >> The option called "Notify Senders Of Blocked Filenames Or Filetypes"
> >> doesn't send a notification to the sender. It sends the
> notification to
> >> the _receiver_ of the message.
> >>
> >> Questions: Is this expected behaviour and should all those options
> >> actually be called 'Notify Recipient *' or am I missing
> something here ;-)
> >>
> >> Thanks,
> >> - Martijn
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> >> <mailto:mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>>
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> >
> >
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
> --
>
> --
> Jerry Benton
> Mailborder Systems
> www.mailborder.com <http://www.mailborder.com>
>
>
More information about the MailScanner
mailing list