<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Did you add the -U option to your /usr/sbin/MailScanner?<div><br></div><div>#!/usr/bin/perl -U -I/usr/share/MailScanner/<br><div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class="Apple-interchange-newline">-</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">Jerry Benton</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><a href="http://www.mailborder.com">www.mailborder.com</a></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br></div><br class="Apple-interchange-newline">
</div>
<br><div><div>On Jun 16, 2014, at 1:17 AM, Martijn <<a href="mailto:mailinglist@mindconnect.nl">mailinglist@mindconnect.nl</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">I'm running tests for upgrading a system to a newer version of Ubuntu <br>LTS, and during my tests I found a difference in behaviour between the <br>MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.<br><br>The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS <br>install. MailScanner version is: 4.84.5 from the <a href="http://apt.baruwa.org">apt.baruwa.org</a> <br>repository, both before and after the upgrade.<br><br>The MailScanner configuration between the two systems is completely <br>identical. MailScanner --debug --lint shows no issues.<br><br><br>I've found two seperate issues:<br><br>Issue #1: The install on 10.04 doesn't send blocked filename <br>notifications but the install on 12.04 does.<br><br>Deny Filenames list is configured as:<br>Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$ <br>\.scr$ \.dll$ \.reg$<br><br>And:<br>Notify Senders Of Blocked Filenames Or Filetypes = yes<br><br>On 10.04, when sending an eicar test file, the mail is considered to <br>contain a virus and therefor deleted. No notification mail is sent, <br>although the configuration would suggest it should. The logs say this:<br><br>New Batch: Scanning 1 messages, 1965 bytes<br>Virus and Content Scanning: Starting<br>Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/<br>Virus Scanning: Clamd found 1 infections<br>Infected message DECEF36C443.ACC6F came from 195.241.145.230<br>Virus Scanning: Found 1 viruses<br>Virus Scanning completed at 10980 bytes per second<br>Saved entire message to <br>/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F<br>Spam Checks: Starting<br>Message DECEF36C443.ACC6F from 195.241.145.230 (<a href="mailto:victim@testdomain.ext">victim@testdomain.ext</a>) <br>to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228, <br>required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00 <br>-1.90)<br>Spam Checks completed at 271 bytes per second<br>Cleaned: Delivered 1 cleaned messages<br>Deleted 1 messages from processing-database<br>Batch completed at 264 bytes per second (1965 / 7)<br>Batch (1 message) processed in 7.42 seconds<br><br>After upgrading to 12.04, the difference in behaviour is that <br>MailScanner now suddenly DOES sends a notification message to notify of <br>a deleted attachment. The log now has this:<br><br>New Batch: Scanning 1 messages, 1841 bytes<br>Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 <a href="http://eicar.com">eicar.com</a>)<br>Other Checks: Found 1 problems<br>Virus and Content Scanning: Starting<br>Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/<br>Virus Scanning: Clamd found 1 infections<br>Infected message 7CE27442AE.AFD34 came from 10.0.3.2<br>Virus Scanning: Found 1 viruses<br>Virus Scanning completed at 2784 bytes per second<br>Saved entire message to <br>/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34<br>Saved infected "<a href="http://eicar.com">eicar.com</a>" to <br>/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34<br>Spam Checks: Starting<br>Expired 1 records from the SpamAssassin cache<br>Message 7CE27442AE.AFD34 from 10.0.3.2 (<a href="mailto:victim@testdomain.ext">victim@testdomain.ext</a>) to <br>testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879, <br>required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)<br>Spam Checks completed at 209 bytes per second<br>Requeue: 7CE27442AE.AFD34 to 0BD61442B7<br>Cleaned: Delivered 1 cleaned messages<br>Virus Processing completed at 3872 bytes per second<br>Deleted 1 messages from processing-database<br>Batch completed at 185 bytes per second (1841 / 9)<br>Batch (1 message) processed in 9.92 seconds<br><br>Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 <br><a href="http://eicar.com">eicar.com</a>)". This notice wasn't there on 10.04 LTS.<br><br>Question: does anyone know what the cause of this difference in <br>behaviour is, as the MailScanner version and configuration are the same?<br><br>Issue #2:<br>So, notifications are sent on 12.04, but:<br>The option called "Notify Senders Of Blocked Filenames Or Filetypes" <br>doesn't send a notification to the sender. It sends the notification to <br>the _receiver_ of the message.<br><br>Questions: Is this expected behaviour and should all those options <br>actually be called 'Notify Recipient *' or am I missing something here ;-)<br><br>Thanks,<br>- Martijn<br>-- <br>MailScanner mailing list<br><a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>http://lists.mailscanner.info/mailman/listinfo/mailscanner<br><br>Before posting, read http://wiki.mailscanner.info/posting<br><br>Support MailScanner development - buy the book off the website! <br></blockquote></div><br></div></body></html>