<div dir="ltr">It is after 5.10.<br><br><a href="http://lists.mailscanner.info/pipermail/mailscanner/2011-May/097870.html">http://lists.mailscanner.info/pipermail/mailscanner/2011-May/097870.html</a><br><br><br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Mon, Jun 16, 2014 at 11:45 AM, Martijn <span dir="ltr"><<a href="mailto:mailinglist@mindconnect.nl" target="_blank">mailinglist@mindconnect.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
For the record:<br>
This install of MailScanner on Ubuntu 10.04 LTS has been functioning<br>
without any noticable problems (except for the notification mails) or<br>
errors in the logs for about 2 years now, and that is without the perl<br>
-U switch.<br>
<br>
Should I've noticed anything else with this parameter missing? This may<br>
lead to me writing more tests to ensure proper functioning.<br>
<div class=""><br>
Thanks,<br>
- Martijn<br>
<br>
On 16-6-2014 1:58, Jerry Benton wrote:<br>
</div><div class="">> Did you add the -U option to your /usr/sbin/MailScanner?<br>
><br>
> #!/usr/bin/perl -U -I/usr/share/MailScanner/<br>
><br>
> -<br>
> Jerry Benton<br>
</div>> <a href="http://www.mailborder.com" target="_blank">www.mailborder.com</a> <<a href="http://www.mailborder.com" target="_blank">http://www.mailborder.com</a>><br>
<div class="">><br>
><br>
><br>
> On Jun 16, 2014, at 1:17 AM, Martijn <<a href="mailto:mailinglist@mindconnect.nl">mailinglist@mindconnect.nl</a><br>
</div><div class="">> <mailto:<a href="mailto:mailinglist@mindconnect.nl">mailinglist@mindconnect.nl</a>>> wrote:<br>
><br>
>> I'm running tests for upgrading a system to a newer version of Ubuntu<br>
>> LTS, and during my tests I found a difference in behaviour between the<br>
>> MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.<br>
>><br>
>> The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS<br>
>> install. MailScanner version is: 4.84.5 from the <a href="http://apt.baruwa.org" target="_blank">apt.baruwa.org</a><br>
</div>>> <<a href="http://apt.baruwa.org" target="_blank">http://apt.baruwa.org</a>><br>
<div><div class="h5">>> repository, both before and after the upgrade.<br>
>><br>
>> The MailScanner configuration between the two systems is completely<br>
>> identical. MailScanner --debug --lint shows no issues.<br>
>><br>
>><br>
>> I've found two seperate issues:<br>
>><br>
>> Issue #1: The install on 10.04 doesn't send blocked filename<br>
>> notifications but the install on 12.04 does.<br>
>><br>
>> Deny Filenames list is configured as:<br>
>> Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$<br>
>> \.scr$ \.dll$ \.reg$<br>
>><br>
>> And:<br>
>> Notify Senders Of Blocked Filenames Or Filetypes = yes<br>
>><br>
>> On 10.04, when sending an eicar test file, the mail is considered to<br>
>> contain a virus and therefor deleted. No notification mail is sent,<br>
>> although the configuration would suggest it should. The logs say this:<br>
>><br>
>> New Batch: Scanning 1 messages, 1965 bytes<br>
>> Virus and Content Scanning: Starting<br>
>> Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/<br>
>> Virus Scanning: Clamd found 1 infections<br>
>> Infected message DECEF36C443.ACC6F came from 195.241.145.230<br>
>> Virus Scanning: Found 1 viruses<br>
>> Virus Scanning completed at 10980 bytes per second<br>
>> Saved entire message to<br>
>> /var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F<br>
>> Spam Checks: Starting<br>
>> Message DECEF36C443.ACC6F from 195.241.145.230 (victim@testdomain.ext<br>
</div></div>>> <mailto:<a href="mailto:victim@testdomain.ext">victim@testdomain.ext</a>>)<br>
<div class="">>> to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,<br>
>> required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00<br>
>> -1.90)<br>
>> Spam Checks completed at 271 bytes per second<br>
>> Cleaned: Delivered 1 cleaned messages<br>
>> Deleted 1 messages from processing-database<br>
>> Batch completed at 264 bytes per second (1965 / 7)<br>
>> Batch (1 message) processed in 7.42 seconds<br>
>><br>
>> After upgrading to 12.04, the difference in behaviour is that<br>
>> MailScanner now suddenly DOES sends a notification message to notify of<br>
>> a deleted attachment. The log now has this:<br>
>><br>
>> New Batch: Scanning 1 messages, 1841 bytes<br>
>> Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 <a href="http://eicar.com" target="_blank">eicar.com</a><br>
</div>>> <<a href="http://eicar.com" target="_blank">http://eicar.com</a>>)<br>
<div class="">>> Other Checks: Found 1 problems<br>
>> Virus and Content Scanning: Starting<br>
>> Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/<br>
>> Virus Scanning: Clamd found 1 infections<br>
>> Infected message 7CE27442AE.AFD34 came from 10.0.3.2<br>
>> Virus Scanning: Found 1 viruses<br>
>> Virus Scanning completed at 2784 bytes per second<br>
>> Saved entire message to<br>
>> /var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34<br>
</div>>> Saved infected "<a href="http://eicar.com" target="_blank">eicar.com</a> <<a href="http://eicar.com" target="_blank">http://eicar.com</a>>" to<br>
<div class="">>> /var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34<br>
>> Spam Checks: Starting<br>
>> Expired 1 records from the SpamAssassin cache<br>
>> Message 7CE27442AE.AFD34 from 10.0.3.2 (victim@testdomain.ext<br>
</div>>> <mailto:<a href="mailto:victim@testdomain.ext">victim@testdomain.ext</a>>) to<br>
<div class="">>> testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,<br>
>> required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)<br>
>> Spam Checks completed at 209 bytes per second<br>
>> Requeue: 7CE27442AE.AFD34 to 0BD61442B7<br>
>> Cleaned: Delivered 1 cleaned messages<br>
>> Virus Processing completed at 3872 bytes per second<br>
>> Deleted 1 messages from processing-database<br>
>> Batch completed at 185 bytes per second (1841 / 9)<br>
>> Batch (1 message) processed in 9.92 seconds<br>
>><br>
>> Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34<br>
</div>>> <a href="http://eicar.com" target="_blank">eicar.com</a> <<a href="http://eicar.com" target="_blank">http://eicar.com</a>>)". This notice wasn't there on 10.04 LTS.<br>
<div class="">>><br>
>> Question: does anyone know what the cause of this difference in<br>
>> behaviour is, as the MailScanner version and configuration are the same?<br>
>><br>
>> Issue #2:<br>
>> So, notifications are sent on 12.04, but:<br>
>> The option called "Notify Senders Of Blocked Filenames Or Filetypes"<br>
>> doesn't send a notification to the sender. It sends the notification to<br>
>> the _receiver_ of the message.<br>
>><br>
>> Questions: Is this expected behaviour and should all those options<br>
>> actually be called 'Notify Recipient *' or am I missing something here ;-)<br>
>><br>
>> Thanks,<br>
>> - Martijn<br>
>> --<br>
>> MailScanner mailing list<br>
>> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
</div>>> <mailto:<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><br>
<div class="HOEnZb"><div class="h5">>> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
>><br>
>> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>><br>
>> Support MailScanner development - buy the book off the website!<br>
><br>
><br>
><br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><div><div><br>--<br></div>Jerry Benton<br></div>Mailborder Systems<br><a href="http://www.mailborder.com" target="_blank">www.mailborder.com</a><br>
</div>
</div>