From mailscanner-list at okla.com Fri Sep 1 13:36:56 2017 From: mailscanner-list at okla.com (Tracy Greggs) Date: Fri, 1 Sep 2017 08:36:56 -0500 Subject: How can I blocked Java Script File By the MailScanner In-Reply-To: References: Message-ID: <000601d32327$64b77e00$2e267a00$@okla.com> This is what I added to my filename.rules.conf and this will do the trick. # Archive File Stuff deny \.jar$ Jar file No Jar Files Allowed deny \.ace$ ACE file NO ACE Files Allowed deny \.7z$ 7z file NO 7z Files Allowed deny \.rar$ RAR file NO RAR Files Allowed deny \.s7z$ s7z file NO s7z Files Allowed deny \.alz$ ALZ file NO ALZ Files Allowed deny \.apk$ APK file NO APK Files Allowed deny \.arc$ ARC file NO ARC Files Allowed deny \.ice$ ICE File NO ICE Files Allowed deny \.kgb$ KGB File NO KGB Files Allowed deny \.hki$ HKI File NO HKI Files Allowed deny \.uca$ UCA File NO UCA Files Allowed deny \.war$ WAR File NO WAR Files Allowed deny \.wim$ WIM File NO WIM Files Allowed deny \.xar$ XAR File NO XAR Files Allowed deny \.xp3$ XP3 File NO XP3 Files Allowed deny \.zipx$ ZIPX File NO ZIPX Files Allowed deny \.zoo$ ZOO File NO ZOO Files Allowed deny \.zpaq$ ZPAQ File NO ZPAQ Files Allowed deny \.sqx$ SQX File NO SQX Files Allowed deny \.sitx$ SITX File NO SITX Files Allowed deny \.sit$ SIT File NO SIT Files Allowed deny \.dar$ DAR File NO DAR Files Allowed deny \.js$ Javascript File NO Javascript Allowed From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info] On Behalf Of saifur rahman Sent: Wednesday, August 23, 2017 11:44 AM To: MailScanner Discussion Subject: How can I blocked Java Script File By the MailScanner Dear Sir, How can I blocked Java Script File By the MailScanner? Please Help me. -- With Regards, Md. Sayfur Rahman ( RHCE, MCSE, CCNA, HP-UX) System Administrator Spark Systems Limited -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.miller at juneau.org Fri Sep 1 21:39:27 2017 From: kevin.miller at juneau.org (Kevin Miller) Date: Fri, 1 Sep 2017 21:39:27 +0000 Subject: Adding a Precedence Bulk header Message-ID: Once monthly we send out utility billing bills (water/sewer). Is there a way that I can configure MailScanner to append a Precedence: Bulk header? If so, can it be a ruleset so that it is only applied to messages from a specific internal host? If not, that would be a really handy future feature. If there was a ruleset that had something like:
i.e. 192.168.50.3 Precedence bulk 192.168.50.4 X-MyCustomHeader "Your Header Here" Thanks. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 From mark at msapiro.net Fri Sep 1 23:52:09 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 1 Sep 2017 16:52:09 -0700 Subject: Adding a Precedence Bulk header In-Reply-To: References: Message-ID: <260d0cbf-5c4e-8a34-5ca2-a59b62e16bc2@msapiro.net> On 09/01/2017 02:39 PM, Kevin Miller wrote: > Once monthly we send out utility billing bills (water/sewer). Is there a way that I can configure MailScanner to append a Precedence: Bulk header? If so, can it be a ruleset so that it is only applied to messages from a specific internal host? > > If not, that would be a really handy future feature. If there was a ruleset that had something like: >
> i.e. > 192.168.50.3 Precedence bulk > 192.168.50.4 X-MyCustomHeader "Your Header Here" You can use Information Header and Information Header Value for this. Set both to rule sets and then the rule set for Information Header will be something like From 192.168.50.3 Precedence: From 192.168.50.4 X-MyCustomHeader: and for Information Header Value From 192.168.50.3 bulk From 192.168.50.4 "Your Header Here" -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From marek.gorny at bolix.pl Mon Sep 4 10:29:05 2017 From: marek.gorny at bolix.pl (=?gb2312?B?TWFyZWsgR6iucm55?=) Date: Mon, 4 Sep 2017 10:29:05 +0000 Subject: Mailscanner 5.0.6-4 ant port 25 not listening Message-ID: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> Hi, I have a MailScanner 5.0.6-4 with postfix 3.2.0 on OpenSUSE Leap 42.3 Problem is when I disable postfix service and run mailscanner service then port 25 not listening (telnet localhost 25 Connection refused) I have to start postfix service (systemctl start postfix.service) to listen on port 25. What i've done wrong, I may have missed something? Steps I took: 1. Install OpenSUSE Leap 42.3 (with postfix 42.3) 2. Install MailScanner 5.0.6-4 using install.sh with all defaults 3. Enable MailScanner (/etc/MailScanner/defaults) 4. Disable postfix (systemctl disable postfix.service) 5. Enable MailScanner (systemctl enable mailscanner.service and systemctl start mailscanner.service) systemctl status mailscanner.service ?? mailscanner.service - LSB: MailScanner daemon Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor preset: disabled) Active: active (running) since Mon 2017-09-04 12:01:42 CEST; 24min ago Docs: man:systemd-sysv-generator(8) Process: 18503 ExecStop=/usr/lib/MailScanner/init/ms-init stop (code=exited, status=0/SUCCESS) Process: 18611 ExecStart=/usr/lib/MailScanner/init/ms-init start (code=exited, status=0/SUCCESS) Tasks: 6 (limit: 512) CGroup: /system.slice/mailscanner.service ????19125 MailScanner: master process sleeping ????19126 MailScanner: waiting for messages ????19130 MailScanner: waiting for messages ????19131 MailScanner: waiting for messages ????19132 MailScanner: waiting for messages ????19134 MailScanner: waiting for messages MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1501 hostnames from the phishing whitelist Read 12428 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (5.0.6) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (51) MailScanner setting UID to (51) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = f-secure clamav" Found these virus scanners installed: f-secure, clamavmodule, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (f-secure,clamavmodule,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Regards Marek [Bolix] Bolix SA Ul. Stolarska 8 34-300 ?ywiec, Poland Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, specjalizuj?cym si? w produkcji system??w elewacyjnych. Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci rozwi?za?? budowlanych. [Bolix_Teraz_Polska] ________________________________ Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub podmiotu, do kt??rego jest zaadresowana i mo?e zawiera? tre?ci chronione przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? podj?cie jakichkolwiek dzia?a?? w oparciu o zawarte w niej informacje przez osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca korespondencji, kt??ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie nadawcy i usuni?cie tego materia?u z komputera. ATTENTION: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Mon Sep 4 10:35:30 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 4 Sep 2017 12:35:30 +0200 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> Message-ID: <201709041235.31189.Antony.Stone@mailscanner.open.source.it> On Monday 04 September 2017 at 12:29:05, Marek G?rny wrote: > Hi, > I have a MailScanner 5.0.6-4 with postfix 3.2.0 on OpenSUSE Leap 42.3 > Problem is when I disable postfix service and run mailscanner service then > port 25 not listening (telnet localhost 25 Connection refused) I have to > start postfix service (systemctl start postfix.service) to listen on port > 25. What i've done wrong, I may have missed something? Nothing is wrong. This is completely normal. MailScanner makes no attempt to speak (or listen to) SMTP; this was one of the design objectives. The way the system works is: 1. MTA (Postfix in your case) listens for incoming mail on SMTP port 25 2. Any received mail is placed in a queue directory (not delivered) 3. MailScanner monitors the queue directory and processes anything it finds there 4. Acceptable mail is moved by MailScanner to a different queue directory 5. A second postfix instance delivers mail from the second queue directory to the intended recipients (internal or external, as the case may be) I hope that helps, Antony. -- "Life is just a lot better if you feel you're having 10 [small] wins a day rather than a [big] win every 10 years or so." - Chris Hadfield, former skiing (and ski racing) instructor Please reply to the list; please *don't* CC me. From marek.gorny at bolix.pl Mon Sep 4 10:57:52 2017 From: marek.gorny at bolix.pl (=?iso-8859-2?Q?Marek_G=F3rny?=) Date: Mon, 4 Sep 2017 10:57:52 +0000 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <201709041235.31189.Antony.Stone@mailscanner.open.source.it> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041235.31189.Antony.Stone@mailscanner.open.source.it> Message-ID: <727e5cc8a52940b29f31efd257c7e83e@BolixEx2.bolix.local> Ok, all clear, maybe I did not explain clearly.. On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 postfix.service is disabled: systemctl status postfix.service postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled) Active: inactive (dead) and port 25 is listening: netstat -an |grep 25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN and I don't have to run postfix.service to listen on 25 only have to run mailscanner.service On "new version" when postfix.service is dead no listening on port 25 I have to run postfix and mailscanner services.. Regards Marek G?rny -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Monday, September 4, 2017 12:36 PM To: MailScanner Discussion Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening On Monday 04 September 2017 at 12:29:05, Marek G?rny wrote: > Hi, > I have a MailScanner 5.0.6-4 with postfix 3.2.0 on OpenSUSE Leap 42.3 > Problem is when I disable postfix service and run mailscanner service > then port 25 not listening (telnet localhost 25 Connection refused) I > have to start postfix service (systemctl start postfix.service) to > listen on port 25. What i've done wrong, I may have missed something? Nothing is wrong. This is completely normal. MailScanner makes no attempt to speak (or listen to) SMTP; this was one of the design objectives. The way the system works is: 1. MTA (Postfix in your case) listens for incoming mail on SMTP port 25 2. Any received mail is placed in a queue directory (not delivered) 3. MailScanner monitors the queue directory and processes anything it finds there 4. Acceptable mail is moved by MailScanner to a different queue directory 5. A second postfix instance delivers mail from the second queue directory to the intended recipients (internal or external, as the case may be) I hope that helps, Antony. -- "Life is just a lot better if you feel you're having 10 [small] wins a day rather than a [big] win every 10 years or so." - Chris Hadfield, former skiing (and ski racing) instructor Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner [Bolix] Bolix SA Ul. Stolarska 8 34-300 ?ywiec, Poland Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, specjalizuj?cym si? w produkcji system?w elewacyjnych. Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci rozwi?za? budowlanych. [Bolix_Teraz_Polska] ________________________________ Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub podmiotu, do kt?rego jest zaadresowana i mo?e zawiera? tre?ci chronione przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? podj?cie jakichkolwiek dzia?a? w oparciu o zawarte w niej informacje przez osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca korespondencji, kt?ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie nadawcy i usuni?cie tego materia?u z komputera. ATTENTION: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email From Antony.Stone at mailscanner.open.source.it Mon Sep 4 11:04:30 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 4 Sep 2017 13:04:30 +0200 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <727e5cc8a52940b29f31efd257c7e83e@BolixEx2.bolix.local> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041235.31189.Antony.Stone@mailscanner.open.source.it> <727e5cc8a52940b29f31efd257c7e83e@BolixEx2.bolix.local> Message-ID: <201709041304.30368.Antony.Stone@mailscanner.open.source.it> On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 postfix.service > is disabled: > and port 25 is listening: > > netstat -an |grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN Please add a "p" option and show us the output (as root): # netstat -lpn | grep 25 Antony. -- Heisenberg, G?del, and Chomsky walk in to a bar. Heisenberg says, "Clearly this is a joke, but how can we work out if it's funny or not?" G?del replies, "We can't know that because we're inside the joke." Chomsky says, "Of course it's funny. You're just saying it wrong." Please reply to the list; please *don't* CC me. From marek.gorny at bolix.pl Mon Sep 4 11:15:10 2017 From: marek.gorny at bolix.pl (=?iso-8859-2?Q?Marek_G=F3rny?=) Date: Mon, 4 Sep 2017 11:15:10 +0000 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <201709041304.30368.Antony.Stone@mailscanner.open.source.it> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041235.31189.Antony.Stone@mailscanner.open.source.it> <727e5cc8a52940b29f31efd257c7e83e@BolixEx2.bolix.local> <201709041304.30368.Antony.Stone@mailscanner.open.source.it> Message-ID: with postfix.service stoped: netstat -lpn | grep 25 udp 0 0 fe80::250:56ff:fea6:123 :::* 2235/ntpd udp 0 0 fe80::250:56ff:fea6:123 :::* 2235/ntpd unix 2 [ ACC ] STREAM LISTENING 19302 1599/perl /var/opt/f-secure/fsma//run/1.3.6.1.4.1.2213.45.1.1253 unix 2 [ ACC ] STREAM LISTENING 25603 2138/fsaua /var/opt/f-secure/fsaua//run/fsaua_socket unix 2 [ ACC ] STREAM LISTENING 25604 2138/fsaua /var/opt/f-secure/fsaua//run/api_socket_simplified unix 2 [ ACC ] STREAM LISTENING 25155 2039/cupsd /run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 25995 2714/clamd /var/run/clamav/clamd-socket and when postfix.service is started: netstat -lpn | grep 25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 31008/master udp 0 0 fe80::250:56ff:fea6:123 :::* 2235/ntpd udp 0 0 fe80::250:56ff:fea6:123 :::* 2235/ntpd unix 2 [ ACC ] STREAM LISTENING 19302 1599/perl /var/opt/f-secure/fsma//run/1.3.6.1.4.1.2213.45.1.1253 unix 2 [ ACC ] STREAM LISTENING 25603 2138/fsaua /var/opt/f-secure/fsaua//run/fsaua_socket unix 2 [ ACC ] STREAM LISTENING 25604 2138/fsaua /var/opt/f-secure/fsaua//run/api_socket_simplified unix 2 [ ACC ] STREAM LISTENING 25155 2039/cupsd /run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 25995 2714/clamd /var/run/clamav/clamd-socket Marek G?rny -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM To: MailScanner Discussion Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > postfix.service is disabled: > and port 25 is listening: > > netstat -an |grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN Please add a "p" option and show us the output (as root): # netstat -lpn | grep 25 Antony. -- Heisenberg, G?del, and Chomsky walk in to a bar. Heisenberg says, "Clearly this is a joke, but how can we work out if it's funny or not?" G?del replies, "We can't know that because we're inside the joke." Chomsky says, "Of course it's funny. You're just saying it wrong." Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner [Bolix] Bolix SA Ul. Stolarska 8 34-300 ?ywiec, Poland Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, specjalizuj?cym si? w produkcji system?w elewacyjnych. Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci rozwi?za? budowlanych. [Bolix_Teraz_Polska] ________________________________ Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub podmiotu, do kt?rego jest zaadresowana i mo?e zawiera? tre?ci chronione przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? podj?cie jakichkolwiek dzia?a? w oparciu o zawarte w niej informacje przez osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca korespondencji, kt?ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie nadawcy i usuni?cie tego materia?u z komputera. ATTENTION: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email From Antony.Stone at mailscanner.open.source.it Mon Sep 4 11:22:57 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 4 Sep 2017 13:22:57 +0200 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041304.30368.Antony.Stone@mailscanner.open.source.it> Message-ID: <201709041322.57639.Antony.Stone@mailscanner.open.source.it> On Monday 04 September 2017 at 13:15:10, Marek G?rny wrote: > with postfix.service stoped: > > netstat -lpn | grep 25 (no TCP socket listening on port 25 in output displayed) > and when postfix.service is started: > netstat -lpn | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN > 31008/master Okay, so that shows that when postfix is started, you have a process called "master" (which is standard for postfix), with PID 31008 on this occasion, listening on port 25. When postfix is not started, you have nothing listening on port 25. I realised after sending my last email that a better command to use is: # netstat -lptn | grep :25 The "t" option restricts the output to TCP sockets only, and the colon in the grep makes sure you only match port numbers. But anyway, I think this has shown that postfix is indeed listening on port 25, and if you stop it, nothing is listening on port 25. Regards, Antony. > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM > To: MailScanner Discussion > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > > postfix.service is disabled: > > > > and port 25 is listening: > > > > netstat -an |grep 25 > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN > > Please add a "p" option and show us the output (as root): > > # netstat -lpn | grep 25 > > > Antony. -- I thought I had type A blood, but it turned out to be a typo. Please reply to the list; please *don't* CC me. From marek.gorny at bolix.pl Mon Sep 4 11:32:59 2017 From: marek.gorny at bolix.pl (=?iso-8859-2?Q?Marek_G=F3rny?=) Date: Mon, 4 Sep 2017 11:32:59 +0000 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <201709041322.57639.Antony.Stone@mailscanner.open.source.it> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041304.30368.Antony.Stone@mailscanner.open.source.it> <201709041322.57639.Antony.Stone@mailscanner.open.source.it> Message-ID: Please correct me if I'm wrong: When i run mailscanner.service he should check postfix and his services (when MTA is set to postfix od course)? Marek G?rny -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:23 PM To: MailScanner Discussion Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening On Monday 04 September 2017 at 13:15:10, Marek G?rny wrote: > with postfix.service stoped: > > netstat -lpn | grep 25 (no TCP socket listening on port 25 in output displayed) > and when postfix.service is started: > netstat -lpn | grep 25 > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN > 31008/master Okay, so that shows that when postfix is started, you have a process called "master" (which is standard for postfix), with PID 31008 on this occasion, listening on port 25. When postfix is not started, you have nothing listening on port 25. I realised after sending my last email that a better command to use is: # netstat -lptn | grep :25 The "t" option restricts the output to TCP sockets only, and the colon in the grep makes sure you only match port numbers. But anyway, I think this has shown that postfix is indeed listening on port 25, and if you stop it, nothing is listening on port 25. Regards, Antony. > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM > To: MailScanner Discussion > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > > postfix.service is disabled: > > > > and port 25 is listening: > > > > netstat -an |grep 25 > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN > > Please add a "p" option and show us the output (as root): > > # netstat -lpn | grep 25 > > > Antony. -- I thought I had type A blood, but it turned out to be a typo. Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner [Bolix] Bolix SA Ul. Stolarska 8 34-300 ?ywiec, Poland Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, specjalizuj?cym si? w produkcji system?w elewacyjnych. Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci rozwi?za? budowlanych. [Bolix_Teraz_Polska] ________________________________ Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub podmiotu, do kt?rego jest zaadresowana i mo?e zawiera? tre?ci chronione przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? podj?cie jakichkolwiek dzia?a? w oparciu o zawarte w niej informacje przez osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca korespondencji, kt?ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie nadawcy i usuni?cie tego materia?u z komputera. ATTENTION: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email From iversons at rushville.k12.in.us Mon Sep 4 11:38:06 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 4 Sep 2017 07:38:06 -0400 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041304.30368.Antony.Stone@mailscanner.open.source.it> <201709041322.57639.Antony.Stone@mailscanner.open.source.it> Message-ID: No, MailScanner is decoupled from the MTA (at least in version 5). On Mon, Sep 4, 2017 at 7:32 AM, Marek G?rny wrote: > Please correct me if I'm wrong: > When i run mailscanner.service he should check postfix and his services > (when MTA is set to postfix od course)? > > Marek G?rny > > > -----Original Message----- > From: MailScanner [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists. > mailscanner.info] On Behalf Of Antony Stone > Sent: Monday, September 4, 2017 1:23 PM > To: MailScanner Discussion > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > On Monday 04 September 2017 at 13:15:10, Marek G?rny wrote: > > > with postfix.service stoped: > > > > netstat -lpn | grep 25 > > (no TCP socket listening on port 25 in output displayed) > > > and when postfix.service is started: > > netstat -lpn | grep 25 > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN > > 31008/master > > Okay, so that shows that when postfix is started, you have a process > called "master" (which is standard for postfix), with PID 31008 on this > occasion, listening on port 25. > > When postfix is not started, you have nothing listening on port 25. > > I realised after sending my last email that a better command to use is: > > # netstat -lptn | grep :25 > > The "t" option restricts the output to TCP sockets only, and the colon in > the grep makes sure you only match port numbers. > > > But anyway, I think this has shown that postfix is indeed listening on > port 25, > and if you stop it, nothing is listening on port 25. > > > Regards, > > > Antony. > > > -----Original Message----- > > From: MailScanner > > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM > > To: MailScanner Discussion > > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > > > On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > > > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > > > postfix.service is disabled: > > > > > > and port 25 is listening: > > > > > > netstat -an |grep 25 > > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > > LISTEN > > > > Please add a "p" option and show us the output (as root): > > > > # netstat -lpn | grep 25 > > > > > > Antony. > > -- > I thought I had type A blood, but it turned out to be a typo. > > Please reply to the > list; > please *don't* CC > me. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > [Bolix] > > Bolix SA > Ul. Stolarska 8 > 34-300 ?ywiec, Poland > Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, > specjalizuj?cym si? w produkcji system?w elewacyjnych. > Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci > rozwi?za? budowlanych. > > [Bolix_Teraz_Polska] laureatem-teraz-polska/75> > > ________________________________ > > Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, > VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego > Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 > > UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub > podmiotu, do kt?rego jest zaadresowana i mo?e zawiera? tre?ci chronione > przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej > przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? > podj?cie jakichkolwiek dzia?a? w oparciu o zawarte w niej informacje przez > osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca > korespondencji, kt?ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie > nadawcy i usuni?cie tego materia?u z komputera. > > ATTENTION: The information transmitted is intended only for the person or > entity to which it is addressed and may contain confidential and/or > privileged material. Any review, retransmission, dissemination or other use > of, Or taking of any action in reliance upon, this information by person or > entity other than the intended recipient is not permitted. If you received > this in error, please contact the sender and delete the material from any > computer. > > [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please > Consider the Environment before printing this Email > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Mon Sep 4 11:39:17 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 4 Sep 2017 13:39:17 +0200 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041322.57639.Antony.Stone@mailscanner.open.source.it> Message-ID: <201709041339.17842.Antony.Stone@mailscanner.open.source.it> On Monday 04 September 2017 at 13:32:59, Marek G?rny wrote: > Please correct me if I'm wrong: > When i run mailscanner.service he should check postfix and his services > (when MTA is set to postfix od course)? No; you need to start the postfix services, and you also need to start the mailscanner service. MailScanner will not start postfix for you (you might not want it to start under some circumstances), and will run quite happily with postfix stopped (processing any emails which happen to be in the incoming queue, for example). For debugging purposes it is often very useful to: - stop mailscanner and start postfix - send an email and ensure that it is received - check that it is placed in the incoming queue - then stop postfix and start mailscanner - check that the mail is found in the incoming queue and processed - check that the mail gets put into the outbound queue - then restart postfix and check that the email is found and delivered If the processes were interconnected so that starting mailscanner automatically started postfix you couldn't do this sort of thing. Regards, Antony. > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:23 PM > To: MailScanner Discussion > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > On Monday 04 September 2017 at 13:15:10, Marek G?rny wrote: > > with postfix.service stoped: > > > > netstat -lpn | grep 25 > > (no TCP socket listening on port 25 in output displayed) > > > and when postfix.service is started: > > netstat -lpn | grep 25 > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN > > > > 31008/master > > Okay, so that shows that when postfix is started, you have a process called > "master" (which is standard for postfix), with PID 31008 on this occasion, > listening on port 25. > > When postfix is not started, you have nothing listening on port 25. > > I realised after sending my last email that a better command to use is: > > # netstat -lptn | grep :25 > > The "t" option restricts the output to TCP sockets only, and the colon in > the grep makes sure you only match port numbers. > > > But anyway, I think this has shown that postfix is indeed listening on port > 25, and if you stop it, nothing is listening on port 25. > > > Regards, > > > Antony. > > > -----Original Message----- > > From: MailScanner > > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM > > To: MailScanner Discussion > > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > > > On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > > > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > > > postfix.service is disabled: > > > > > > and port 25 is listening: > > > > > > netstat -an |grep 25 > > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > > LISTEN > > > > Please add a "p" option and show us the output (as root): > > > > # netstat -lpn | grep 25 > > > > > > Antony. -- "Remember: the S in IoT stands for Security." - Jan-Piet Mens Please reply to the list; please *don't* CC me. From marek.gorny at bolix.pl Mon Sep 4 12:27:11 2017 From: marek.gorny at bolix.pl (=?iso-8859-2?Q?Marek_G=F3rny?=) Date: Mon, 4 Sep 2017 12:27:11 +0000 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: <201709041339.17842.Antony.Stone@mailscanner.open.source.it> References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041322.57639.Antony.Stone@mailscanner.open.source.it> <201709041339.17842.Antony.Stone@mailscanner.open.source.it> Message-ID: ok thanks a lot, so both services shoud be run to process emails; Restarting mailscanner.service i also noticed (don't now is normal): Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open "/var/spool/MailScanner/incoming/SpamAssassin-Temp/MoeRrUXo0p.virus": Operation not permitted (1) Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open "/var/spool/MailScanner/incoming/SpamAssassin-Temp/a8Y6q9zHFA.virus": Operation not permitted (1) Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open "/var/spool/MailScanner/incoming/SpamAssassin-Temp/pvaBzX5M2u.virus": Operation not permitted (1) Sep 04 14:05:29 mail2 ms-init[10821]: rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c (1165) [sender=3.1.0] checking out what's in the files: usr/lib/MailScanner/wrapper/f-secure-wrapper /opt/f-secure/fsav /var/spool/MailScanner/incoming/SpamAssassin-Temp/* F-Secure Anti-Virus CLI version 1.0 build 0069 Scan started at Mon Sep 4 14:11:02 2017 Database version: 2017-09-04_08 MoeRrUXo0p.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] a8Y6q9zHFA.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] pvaBzX5M2u.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] Scan ended at Mon Sep 4 14:11:02 2017 3 files scanned 3 files infected Regards Marek G?rny -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:39 PM To: MailScanner Discussion Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening On Monday 04 September 2017 at 13:32:59, Marek G?rny wrote: > Please correct me if I'm wrong: > When i run mailscanner.service he should check postfix and his > services (when MTA is set to postfix od course)? No; you need to start the postfix services, and you also need to start the mailscanner service. MailScanner will not start postfix for you (you might not want it to start under some circumstances), and will run quite happily with postfix stopped (processing any emails which happen to be in the incoming queue, for example). For debugging purposes it is often very useful to: - stop mailscanner and start postfix - send an email and ensure that it is received - check that it is placed in the incoming queue - then stop postfix and start mailscanner - check that the mail is found in the incoming queue and processed - check that the mail gets put into the outbound queue - then restart postfix and check that the email is found and delivered If the processes were interconnected so that starting mailscanner automatically started postfix you couldn't do this sort of thing. Regards, Antony. > -----Original Message----- > From: MailScanner > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:23 PM > To: MailScanner Discussion > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > On Monday 04 September 2017 at 13:15:10, Marek G?rny wrote: > > with postfix.service stoped: > > > > netstat -lpn | grep 25 > > (no TCP socket listening on port 25 in output displayed) > > > and when postfix.service is started: > > netstat -lpn | grep 25 > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN > > > > 31008/master > > Okay, so that shows that when postfix is started, you have a process called > "master" (which is standard for postfix), with PID 31008 on this occasion, > listening on port 25. > > When postfix is not started, you have nothing listening on port 25. > > I realised after sending my last email that a better command to use is: > > # netstat -lptn | grep :25 > > The "t" option restricts the output to TCP sockets only, and the colon in > the grep makes sure you only match port numbers. > > > But anyway, I think this has shown that postfix is indeed listening on port > 25, and if you stop it, nothing is listening on port 25. > > > Regards, > > > Antony. > > > -----Original Message----- > > From: MailScanner > > [mailto:mailscanner-bounces+marek.gorny=bolix.pl at lists.mailscanner.info] > > On Behalf Of Antony Stone Sent: Monday, September 4, 2017 1:05 PM > > To: MailScanner Discussion > > Subject: Re: Mailscanner 5.0.6-4 ant port 25 not listening > > > > On Monday 04 September 2017 at 12:57:52, Marek G?rny wrote: > > > On my "prod version" OpenSUSE 13.2 with MailScanner 4.85.2 > > > postfix.service is disabled: > > > > > > and port 25 is listening: > > > > > > netstat -an |grep 25 > > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > > LISTEN > > > > Please add a "p" option and show us the output (as root): > > > > # netstat -lpn | grep 25 > > > > > > Antony. -- "Remember: the S in IoT stands for Security." - Jan-Piet Mens Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner [Bolix] Bolix SA Ul. Stolarska 8 34-300 ?ywiec, Poland Bolix S.A. jest wiod?cym polskim producentem chemii budowlanej, specjalizuj?cym si? w produkcji system?w elewacyjnych. Marka BOLIX istnieje ju? od 1991 roku i jest synonimem najwy?szej jako?ci rozwi?za? budowlanych. [Bolix_Teraz_Polska] ________________________________ Nr KRS: 0000230009 - S?d Rejonowy w Bielsku-Bia?ej, VIII Wydzia? Gospodarczy Krajowego Rejestru S?dowego Kapita? zak?adowy: 10 000 000 z?.; REGON: 015433210; NIP: 526-26-85-697 UWAGA: Niniejsza korespondencja przeznaczona jest wy??cznie dla osoby lub podmiotu, do kt?rego jest zaadresowana i mo?e zawiera? tre?ci chronione przepisami prawa. Wgl?d w tre?? wiadomo?ci otrzymanej omy?kowo, dalsze jej przekazywanie, rozpowszechnianie lub innego rodzaju wykorzystanie, b?d? podj?cie jakichkolwiek dzia?a? w oparciu o zawarte w niej informacje przez osob? lub podmiot nie b?d?cy adresatem, jest niedozwolone. Odbiorca korespondencji, kt?ry otrzyma? j? omy?kowo, proszony jest o zawiadomienie nadawcy i usuni?cie tego materia?u z komputera. ATTENTION: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, Or taking of any action in reliance upon, this information by person or entity other than the intended recipient is not permitted. If you received this in error, please contact the sender and delete the material from any computer. [Las] Prosz? pomy?l o ?rodowisku przed wydrukowaniem tego maila. Please Consider the Environment before printing this Email From Antony.Stone at mailscanner.open.source.it Mon Sep 4 12:32:19 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Mon, 4 Sep 2017 14:32:19 +0200 Subject: Mailscanner 5.0.6-4 ant port 25 not listening In-Reply-To: References: <825df263fd93476e9c0d8f7ad90f0eca@BolixEx2.bolix.local> <201709041339.17842.Antony.Stone@mailscanner.open.source.it> Message-ID: <201709041432.20177.Antony.Stone@mailscanner.open.source.it> On Monday 04 September 2017 at 14:27:11, Marek G?rny wrote: > ok thanks a lot, > so both services shoud be run to process emails; > > Restarting mailscanner.service i also noticed (don't now is normal): > > Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open > "/var/spool/MailScanner/incoming/SpamAssassin-Temp/MoeRrUXo0p.virus": > Operation not permitted (1) > > Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open > "/var/spool/MailScanner/incoming/SpamAssassin-Temp/a8Y6q9zHFA.virus": > Operation not permitted (1) > > Sep 04 14:05:29 mail2 ms-init[10821]: rsync: send_files failed to open > "/var/spool/MailScanner/incoming/SpamAssassin-Temp/pvaBzX5M2u.virus": > Operation not permitted (1) > > Sep 04 14:05:29 mail2 ms-init[10821]: rsync error: some files/attrs were not > transferred (see previous errors) (code 23) at main.c (1165) [sender=3.1.0] My first comment is that I didn't know MailScanner used rsync these days as part of its operation - maybe someone more familiar with version 5 can comment on this? > checking out what's in the files: > > MoeRrUXo0p.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] > a8Y6q9zHFA.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] > pvaBzX5M2u.virus: Infected: EICAR-Test-File (not a virus) [Aquarius] So, they're all test files, but the error messages indicate a permissions problem with the files or the directory. Two questions: 1. How did you install MailScanner? 2. What happens if you send another Eicar test through the system - does it also get stuck in this directory or does it get delivered? Antony. -- I just got a new mobile phone, and I called it Titanic. It's already syncing. Please reply to the list; please *don't* CC me. From saifurcse at gmail.com Wed Sep 6 05:22:08 2017 From: saifurcse at gmail.com (saifur rahman) Date: Wed, 6 Sep 2017 11:22:08 +0600 Subject: You've received a new fax - Virus Message-ID: Dear Sir, You have received a fax..............I got virus msg with word file attachment. How can I blocked You've received a new fax - Virus By the Mailscanner. Plz help me sir -- *With Regards**,* Md. Sayfur Rahman ( RHCE, MCSE, CCNA, HP-UX) System Administrator Spark Systems Limited -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Wed Sep 6 07:53:31 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Wed, 6 Sep 2017 09:53:31 +0200 Subject: You've received a new fax - Virus In-Reply-To: References: Message-ID: <201709060953.31137.Antony.Stone@mailscanner.open.source.it> On Wednesday 06 September 2017 at 07:22:08, saifur rahman wrote: > Dear Sir, > > You have received a fax..............I got virus msg with word file > attachment. Which anti-virus scanner identified this as a virus and what was it called? > How can I blocked You've received a new fax - Virus By the Mailscanner. Which anti-virus engine/s have you currently configured in MailScanner? Antony. -- Perfection in design is achieved not when there is nothing left to add, but rather when there is nothing left to take away. - Antoine de Saint-Exupery Please reply to the list; please *don't* CC me. From steveb_clamav at sanesecurity.com Wed Sep 6 08:04:52 2017 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed, 6 Sep 2017 09:04:52 +0100 Subject: You've received a new fax - Virus In-Reply-To: References: Message-ID: On Wed, September 6, 2017 6:22 am, saifur rahman wrote: > Dear Sir, > > > You have received a fax..............I got virus msg with word file > attachment. > > > How can I blocked You've received a new fax - Virus By the Mailscanner. ClamAV or ClamAV + Sanesecurity.com signatures would probably sort this out for you. -- Cheers, Steve Twitter: @sanesecurity From saifurcse at gmail.com Wed Sep 6 10:19:30 2017 From: saifurcse at gmail.com (saifur rahman) Date: Wed, 6 Sep 2017 16:19:30 +0600 Subject: You've received a new fax - Virus In-Reply-To: References: Message-ID: Dear Sir, I am using ClamAV with MailScanner............... On Wed, Sep 6, 2017 at 2:04 PM, Steve Basford < steveb_clamav at sanesecurity.com> wrote: > > On Wed, September 6, 2017 6:22 am, saifur rahman wrote: > > Dear Sir, > > > > > > You have received a fax..............I got virus msg with word file > > attachment. > > > > > > How can I blocked You've received a new fax - Virus By the Mailscanner. > > ClamAV or ClamAV + Sanesecurity.com signatures would probably sort this > out for you. > > -- > Cheers, > > Steve > Twitter: @sanesecurity > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- *With Regards**,* Md. Sayfur Rahman ( RHCE, MCSE, CCNA, HP-UX) System Administrator Spark Systems Limited -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at replies.cyways.com Wed Sep 6 13:03:23 2017 From: mailscanner at replies.cyways.com (Peter H. Lemieux) Date: Wed, 6 Sep 2017 09:03:23 -0400 Subject: You've received a new fax - Virus In-Reply-To: References: Message-ID: <5955204f-788b-9dc6-8188-f06b27f9aefa@replies.cyways.com> Most malware inside of MS Office documents are macro viruses. I use the daemonized version of ClamAV, clamd, and in clamd.conf have activated these directives: ScanOLE2 yes OLE2BlockMacros yes That marks all messages with attached MS Office documents containing macros as viral. There might be someone in your office who needs to receive such documents, but the vast majority of Word/Excel documents containing macros are malware. Peter On 09/06/2017 06:19 AM, saifur rahman wrote: > Dear Sir, > > I am using ClamAV with MailScanner............... > > On Wed, Sep 6, 2017 at 2:04 PM, Steve Basford > > > wrote: > > > On Wed, September 6, 2017 6:22 am, saifur rahman wrote: > > Dear Sir, > > > > > > You have received a fax..............I got virus msg with word file > > attachment. > > > > > > How can I blocked You've received a new fax - Virus By the Mailscanner. > > ClamAV or ClamAV + Sanesecurity.com signatures would probably sort this > out for you. > > -- > Cheers, > > Steve > Twitter: @sanesecurity > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > *With Regards**,* > Md. Sayfur Rahman ( RHCE, MCSE, CCNA, HP-UX) > System Administrator > Spark Systems Limited > > > > From Eoin.Kim at rcst.com.au Thu Sep 7 04:16:25 2017 From: Eoin.Kim at rcst.com.au (Eoin Kim) Date: Thu, 7 Sep 2017 04:16:25 +0000 Subject: Code inside message Message-ID: <008a8f5060874dd09d8eab157c77b46c@rcst.com.au> Hi all, One of managers in my company is getting Google Alert emails daily. On arrival, the message shows {Disarmed} in the subject. When he opens the message in Outlook, it looks like the whole message content shows up but above it, a bunch of JSON codes are showing as well. Are there any related configuration in MailScanner regarding this or is this an issue with Outlook? Thank you very much. Eoin Kim Systems Administrator RCS Telecommunications Level 1 - The Annexe 133 Mary Street Brisbane, QLD, 4000 Office: 07 3228 0843 Mobile: 0419 726 231 [RCST logo drop shadow] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 3384 bytes Desc: image001.jpg URL: From m.a.young at durham.ac.uk Thu Sep 7 12:38:25 2017 From: m.a.young at durham.ac.uk (M A Young) Date: Thu, 7 Sep 2017 13:38:25 +0100 (BST) Subject: Code inside message In-Reply-To: <008a8f5060874dd09d8eab157c77b46c@rcst.com.au> References: <008a8f5060874dd09d8eab157c77b46c@rcst.com.au> Message-ID: On Thu, 7 Sep 2017, Eoin Kim wrote: > One of managers in my company is getting Google Alert emails daily. On > arrival, the message shows {Disarmed} in the subject. When he opens the > message in Outlook, it looks like the whole message content shows up but > above it, a bunch of JSON codes are showing as well. Are there any related > configuration in MailScanner regarding this or is this an issue with > Outlook? Thank you very much. I suspect the json code is in a