JavaScrip files

Richard Mealing richard at fastnet.co.uk
Fri May 13 16:24:20 UTC 2016




From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Bryan Laurila
Sent: Friday, May 13, 2016 17:04
To: mailscanner at lists.mailscanner.info
Subject: JavaScrip files

Lately we have been getting hit with a ton of spam loaded with JavaScript files to the tune of about 4-6 gb per day.  These files have been filling up our quarantine directory and have caused our MailScanner boxes to stop processing email.  I have cleared out the quarantine directories and have set “Quarantine Infections = no” to prevent these files from crashing the system.

We also have a large number of false-positive items that we have to retrieve out of the quarantine on a weekly basis so keeping the “Quarantine Infections = no” in place for the long-term is not an option.

Is there a way to set this the “Quarantine Infections” option back to ”no” but still delete/refuse all emails containing JavaScript files?

Thanks!

Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System

"Life begins at the end of your comfort zone!"





I sometimes get this problem. I created a script to just search for horrible files and delete them from the quarantine. You might just want to recursively grep through your quarantine directory for js files or anything you just don’t want, then remove them.
Something like –

#!/usr/local/bin/bash
cd /var/spool/MailScanner/quarantine &&
grep -r VOICE * | cut -d "/" -f1,2 | grep -v Binary | sort | uniq | while read crap ; do rm -r $crap ; done


Just replace VOICE with your search. I guess there may be better options, but this works fine for me.

Thanks,
Rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160513/d072f675/attachment.html>


More information about the MailScanner mailing list