qmail-scanner-general Mailing List for Qmail-Scanner: Content/Anti-virus Scanne (Page 3)
AV/content filter for Qmail
Brought to you by:
jhaar
You can subscribe to this list here.
2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(28) |
Sep
(50) |
Oct
(17) |
Nov
(43) |
Dec
(31) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2001 |
Jan
(46) |
Feb
(54) |
Mar
(68) |
Apr
(28) |
May
(29) |
Jun
(16) |
Jul
(80) |
Aug
(129) |
Sep
(153) |
Oct
(96) |
Nov
(87) |
Dec
(143) |
2002 |
Jan
(124) |
Feb
(154) |
Mar
(101) |
Apr
(124) |
May
(273) |
Jun
(182) |
Jul
(217) |
Aug
(233) |
Sep
(131) |
Oct
(142) |
Nov
(174) |
Dec
(115) |
2003 |
Jan
(142) |
Feb
(143) |
Mar
(138) |
Apr
(131) |
May
(156) |
Jun
(154) |
Jul
(80) |
Aug
(269) |
Sep
(371) |
Oct
(217) |
Nov
(243) |
Dec
(300) |
2004 |
Jan
(234) |
Feb
(302) |
Mar
(433) |
Apr
(227) |
May
(286) |
Jun
(239) |
Jul
(134) |
Aug
(146) |
Sep
(113) |
Oct
(121) |
Nov
(139) |
Dec
(115) |
2005 |
Jan
(80) |
Feb
(111) |
Mar
(51) |
Apr
(47) |
May
(48) |
Jun
(98) |
Jul
(56) |
Aug
(34) |
Sep
(42) |
Oct
(31) |
Nov
(40) |
Dec
(26) |
2006 |
Jan
(39) |
Feb
(45) |
Mar
(13) |
Apr
(45) |
May
(25) |
Jun
(34) |
Jul
(31) |
Aug
(25) |
Sep
(23) |
Oct
(17) |
Nov
(37) |
Dec
(29) |
2007 |
Jan
(42) |
Feb
(25) |
Mar
(9) |
Apr
(12) |
May
(36) |
Jun
(11) |
Jul
(9) |
Aug
(11) |
Sep
(24) |
Oct
(19) |
Nov
(27) |
Dec
(2) |
2008 |
Jan
(14) |
Feb
(10) |
Mar
(11) |
Apr
(17) |
May
(11) |
Jun
(27) |
Jul
(4) |
Aug
(2) |
Sep
(5) |
Oct
(17) |
Nov
(12) |
Dec
(7) |
2009 |
Jan
(12) |
Feb
(8) |
Mar
(4) |
Apr
(4) |
May
(11) |
Jun
(5) |
Jul
(7) |
Aug
|
Sep
(2) |
Oct
(6) |
Nov
(3) |
Dec
|
2010 |
Jan
(5) |
Feb
(12) |
Mar
(1) |
Apr
|
May
|
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(2) |
Oct
(1) |
Nov
(2) |
Dec
|
2011 |
Jan
(4) |
Feb
|
Mar
(23) |
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(10) |
Sep
(7) |
Oct
(1) |
Nov
(4) |
Dec
|
2012 |
Jan
|
Feb
(11) |
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(11) |
Dec
|
2013 |
Jan
|
Feb
|
Mar
(9) |
Apr
(4) |
May
(9) |
Jun
(5) |
Jul
|
Aug
|
Sep
(13) |
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
(9) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
|
2016 |
Jan
(3) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(7) |
Oct
|
Nov
|
Dec
(2) |
2017 |
Jan
|
Feb
|
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
2021 |
Jan
(8) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Jason H. <Jas...@tr...> - 2013-09-02 09:41:42
|
On 02/09/13 20:50, Harold Naparst wrote: > > Sending eicar test virus - should be caught by perlscanner module... 2/4 > X-Qmail-Scanner-2.08st:[mail13781102327902736] clamdscan: corrupt or > unknown clamd scanner error or memory/resource/perms problem - exit > status 512/2 > qmail-inject: fatal: qq temporary problem (#4.3.0) > Bad error. qmail-inject died > Re-reading your email now makes me think you may be on the wrong track. clamdscan reported an error - so you need to check out your syslogs and see what clamd is reporting the problem to be -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Jason H. <Jas...@tr...> - 2013-09-02 09:35:41
|
On 02/09/13 20:50, Harold Naparst wrote: > > This error appears consistently as a problem for at least the last ten > years on the forums and boards in various places. I have tried making > sure that qscand is running clamd and has ownership rights and so on. > However, I think this problem might be related to perl not running in > setuid mode. Apparently, setuid support has been discontinued in perl. > Did you read the FAQ? It states perl has to run setuid. I'm running current CentOS and its perl-5.8.8 still has setuid capabilities. If that isn't an option, then you'll have to do as the documentation suggests and run a setuid "wrapper" around the perl script - in fact it's in the ./contrib dir > Along with the low current traffic in this newsgroup, this makes me > suspect that qmail-scanner is an abandoned product and cannot be > expected to work on any linux system. Is this the case? Low volume could be because it does what it does and there are no outstanding bugs. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Harold N. <ha...@al...> - 2013-09-02 08:50:47
|
I am trying to install qmail-scanner on Gentoo to use clamav and spamassassin. According to the qmail-scanner instructions, I have verified the functioning of clamav and spamassassin. However, when I try to test the qmail-scanner: ./test_installation.sh -doit --log-details syslog Sending standard test message - no viruses... 1/4 done! Sending eicar test virus - should be caught by perlscanner module... 2/4 X-Qmail-Scanner-2.08st:[mail13781102327902736] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 qmail-inject: fatal: qq temporary problem (#4.3.0) Bad error. qmail-inject died This error appears consistently as a problem for at least the last ten years on the forums and boards in various places. I have tried making sure that qscand is running clamd and has ownership rights and so on. However, I think this problem might be related to perl not running in setuid mode. Apparently, setuid support has been discontinued in perl. Along with the low current traffic in this newsgroup, this makes me suspect that qmail-scanner is an abandoned product and cannot be expected to work on any linux system. Is this the case? Kind Regards, Harold Naparst |
From: Jason H. <Jas...@tr...> - 2013-06-14 01:41:43
|
On 13/06/13 17:05, Kunal Soni wrote: > Dear Jason, > > Thanks for the details. We have been using Spamassassin + ClamAV with > Qmail Scanner. Please let us know the steps to configure the DLP > Monitor with ClamAV and Qmail Scanner and How we can monitoer the > emails with the reserved words with this. > > Thanks again. > Well that's really a clamav question - Qmail-Scanner doesn't do much at all. I just searched Google for "howto create signatures clamav" and the first hit is a document showing you how to do it -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Kunal S. <kun...@gm...> - 2013-06-13 05:05:46
|
Dear Jason, Thanks for the details. We have been using Spamassassin + ClamAV with Qmail Scanner. Please let us know the steps to configure the DLP Monitor with ClamAV and Qmail Scanner and How we can monitoer the emails with the reserved words with this. Thanks again. On Thu, Jun 13, 2013 at 7:37 AM, < qma...@li...> wrote: > Send Qmail-scanner-general mailing list submissions to > qma...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > or, via email, send a message with subject or body 'help' to > qma...@li... > > You can reach the person managing the list at > qma...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Qmail-scanner-general digest..." > > > Today's Topics: > > 1. Unable to Block the attached emails (Kunal Soni) > 2. Required Mail Filter for reserved words (Kunal Soni) > 3. Re: Required Mail Filter for reserved words (Salvatore Toribio) > 4. Re: Required Mail Filter for reserved words (Jason Haar) > 5. Using qmail-scanner-queue.pl for injected mail (Jan > Nekvapil) > 6. Re: Using qmail-scanner-queue.pl for injected mail > (Salvatore Toribio) > 7. Re: Using qmail-scanner-queue.pl for injected mail (Jan > Nekvapil) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 16 May 2013 11:10:58 +0530 > From: Kunal Soni <kun...@gm...> > Subject: [Qmail-scanner-general] Unable to Block the attached emails > To: qma...@li... > Message-ID: > < > CAO...@ma...> > Content-Type: text/plain; charset="iso-8859-1" > > Dear Mailing list, > > We have been using Qmail Scanner 1.25 with Spamassassin and Clamav. From > past few days, we are unable to block the attached type emails from our > mail server. Please us to rectify this problem. The common content in these > emails are GTRL or $, USD. > > Please find attached is the same email for your reference. > > > > -- > Kunal Soni > (9810019739) > -------------- next part -------------- > An HTML attachment was scrubbed... > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Attached Message1 > Type: application/octet-stream > Size: 1333 bytes > Desc: not available > > ------------------------------ > > Message: 2 > Date: Tue, 28 May 2013 16:19:08 +0530 > From: Kunal Soni <kun...@gm...> > Subject: [Qmail-scanner-general] Required Mail Filter for reserved > words > To: qma...@li... > Message-ID: > < > CAO...@ma...> > Content-Type: text/plain; charset="iso-8859-1" > > HI ST, > > We have been using Qmail, configured using qmail rocks. > > I have one more requirement... > > Is there any way emails with any reserved word on the mail body can be sent > to postmaster > > As a scenario, we need to monitor the emails having some reserved words > like "resume", "resignation". If any email contains the above word will get > a copy to email address configured in qmail-scanner > > This is very important for our business needs. > > Thanks in advance. > > -- > Kunal Soni > (9810019739) > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 3 > Date: Tue, 28 May 2013 18:02:42 +0200 > From: Salvatore Toribio <to...@pu...> > Subject: Re: [Qmail-scanner-general] Required Mail Filter for reserved > words > To: Kunal Soni <kun...@gm...>, > qma...@li... > Message-ID: <a0624080fcdca84c44b6c@[10.10.82.254]> > Content-Type: text/plain; charset="us-ascii" ; format="flowed" > > Hi Kunal > > Sorry, no. The only thing qs could do for you is check for that words > in the subject, adding the rules to the file 'quarantine-events.txt' > (in older version it was a different file..) and rebuild > quarantine-events.db. > > Regards > > ST > > At 16:19 +0530 28-05-2013, Kunal Soni wrote: > >HI ST, > > > >We have been using Qmail, configured using qmail rocks. > > > >I have one more requirement... > > > >Is there any way emails with any reserved word on the mail body can > >be sent to postmaster > > > >As a scenario, we need to monitor the emails having some reserved > >words like "resume", "resignation". If any email contains the above > >word will get a copy to email address configured in qmail-scanner > > > >This is very important for our business needs. > > > >Thanks in advance. > > > > > >-- > >Kunal Soni > >(9810019739) > > > > ------------------------------ > > Message: 4 > Date: Wed, 29 May 2013 13:37:57 +1200 > From: Jason Haar <Jas...@tr...> > Subject: Re: [Qmail-scanner-general] Required Mail Filter for reserved > words > To: qma...@li... > Message-ID: <51A...@tr...> > Content-Type: text/plain; charset=ISO-8859-1 > > On 29/05/13 04:02, Salvatore Toribio wrote: > > Hi Kunal > > > > Sorry, no. > > Not quite true :-). > > >From the home page http://qmail-scanner.sf.net/ > > If an organization is using clamav, Qmail-Scanner can be directly used > for Data Loss Prevention (DLP). Localized clamav signature rules can be > written that enable Qmail-Scanner to detect and block emails that clamav > detects as "malware". A bit of a misuse perhaps - but clamav's built-in > support for archival formats and understanding of document types makes > it perfect in this role. If you want Qmail-Scanner to log but not block > such DLP "hits" (perhaps because the false positive rates are too high > to go with full block-mode), then Qmail-Scanner has a "dlp-monitor" > option which tells it which regex of normally quarantinable events are > in fact to be let past (i.e. without blocking). It will archive a copy > of such messages, and the logging will reflect this was a "DLP:" event. > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > > > > ------------------------------ > > Message: 5 > Date: Wed, 12 Jun 2013 14:05:30 +0100 > From: Jan Nekvapil <jan...@gm...> > Subject: [Qmail-scanner-general] Using qmail-scanner-queue.pl for > injected mail > To: qma...@li... > Message-ID: > <CAK8z+3ysBGjEnm8uJWGtGsYZ=+Kvn=F0hBbumd1Te41_m+= > zo...@ma...> > Content-Type: text/plain; charset=ISO-8859-1 > > Hello guys, > new qmail admin here building server for demanding client. > > I need to run additional scans also on mails from my users, but those > are send by qmail-inject which is invoking the original qmail-queue. > Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work > (even if its compiled using pp) as it fails with qq temporary problem > 4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to > qmail-queue-orig to avoid looping) > > I know I will have to check injected mail for looping also because > qmail-scanner is using it for reports. > > I am not afraid to touch qmail-inject.c a little but I couldn't find > the qmail-queue in there yet. > (also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on > testserver so I can change to 7)) > > > > ------------------------------ > > Message: 6 > Date: Wed, 12 Jun 2013 15:56:13 +0200 > From: Salvatore Toribio <to...@pu...> > Subject: Re: [Qmail-scanner-general] Using qmail-scanner-queue.pl for > injected mail > To: Jan Nekvapil <jan...@gm...>, > qma...@li... > Message-ID: <a0624080acdde2d478862@[10.10.82.254]> > Content-Type: text/plain; charset="us-ascii" ; format="flowed" > > Hi > > Maybe you can try doing in the same way of sqwebmail, sending the > mails through a bash script that invokes qmail-inject, something like > this: > > ----- > [root@fluffy-1 ~]# more /usr/sqwebmail/share/sqwebmail/sendit.sh > #!/bin/sh > # > # sendit.sh for qmail-inject and qmail-scanner 20091221 > # > # > > # $1 will contain the return (or bounce) address for this mailboxid, as > # specified by auth.c > # > # $2 will contain the sqwebmail mailboxid of the sender (note that we're > # executing under whatever id auth.c sets for this mailboxid). > Furthermore, > # $REMOTE_ADDR will contain the IP address where the client is coming from > # (the rest of the CGI vars are available too). > # > > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > export QMAILQUEUE > > # If you want to run spamassassin > #QS_SPAMASSASSIN="on" > #export QS_SPAMASSASSIN > > QMAILUSER="$1" > export QMAILUSER > > exec /var/qmail/bin/qmail-inject -hf "$1" > ----- > > Probably you can ignore the variable QMAILUSER. It's a start... > > Regards > > ST > > > At 14:05 +0100 12-06-2013, Jan Nekvapil wrote: > >Hello guys, > >new qmail admin here building server for demanding client. > > > >I need to run additional scans also on mails from my users, but those > >are send by qmail-inject which is invoking the original qmail-queue. > >Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work > >(even if its compiled using pp) as it fails with qq temporary problem > >4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to > >qmail-queue-orig to avoid looping) > > > >I know I will have to check injected mail for looping also because > >qmail-scanner is using it for reports. > > > >I am not afraid to touch qmail-inject.c a little but I couldn't find > >the qmail-queue in there yet. > >(also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on > >testserver so I can change to 7)) > > > > > > ------------------------------ > > Message: 7 > Date: Thu, 13 Jun 2013 04:07:15 +0200 > From: Jan Nekvapil <jan...@gm...> > Subject: Re: [Qmail-scanner-general] Using qmail-scanner-queue.pl for > injected mail > To: Salvatore Toribio <to...@pu...> > Cc: qma...@li... > Message-ID: > < > CAK...@ma...> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > thanks for reply. > > I tried using this script but qmail-inject just ignores exported > QMAILQUEUE and calls default qmail-queue > > ------- > #!/bin/sh > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > export QMAILQUEUE > exec /var/qmail/bin/qmail-inject-orig > ------- > /var/qmail/bin# ls -l *inject > lrwxrwxrwx 1 root root 30 Jun 13 01:43 qmail-inject -> > /var/qmail/bin/qmail-inject.sh > > if I try to wrap qmail-queue in bash script I get jus unable to exec > qq - inject fails this way if execv($QMAILQUEUE,0) fails, I tried > changing permisions permisions but still the same error. > > I am thinking of hardcoding /var/qmail/bin/qmail-scanner-queue.pl into > qmail.c where is declared path to qeue (with QMAILQUEUE patch it > should first look for env. var) > > 2013/6/12, Salvatore Toribio <to...@pu...>: > > Hi > > > > Maybe you can try doing in the same way of sqwebmail, sending the > > mails through a bash script that invokes qmail-inject, something like > > this: > > > > ----- > > [root@fluffy-1 ~]# more /usr/sqwebmail/share/sqwebmail/sendit.sh > > #!/bin/sh > > # > > # sendit.sh for qmail-inject and qmail-scanner 20091221 > > # > > # > > > > # $1 will contain the return (or bounce) address for this mailboxid, as > > # specified by auth.c > > # > > # $2 will contain the sqwebmail mailboxid of the sender (note that we're > > # executing under whatever id auth.c sets for this mailboxid). > > Furthermore, > > # $REMOTE_ADDR will contain the IP address where the client is coming > from > > # (the rest of the CGI vars are available too). > > # > > > > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > > export QMAILQUEUE > > > > # If you want to run spamassassin > > #QS_SPAMASSASSIN="on" > > #export QS_SPAMASSASSIN > > > > QMAILUSER="$1" > > export QMAILUSER > > > > exec /var/qmail/bin/qmail-inject -hf "$1" > > ----- > > > > Probably you can ignore the variable QMAILUSER. It's a start... > > > > Regards > > > > ST > > > > > > At 14:05 +0100 12-06-2013, Jan Nekvapil wrote: > >>Hello guys, > >>new qmail admin here building server for demanding client. > >> > >>I need to run additional scans also on mails from my users, but those > >>are send by qmail-inject which is invoking the original qmail-queue. > >>Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work > >>(even if its compiled using pp) as it fails with qq temporary problem > >>4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to > >>qmail-queue-orig to avoid looping) > >> > >>I know I will have to check injected mail for looping also because > >>qmail-scanner is using it for reports. > >> > >>I am not afraid to touch qmail-inject.c a little but I couldn't find > >>the qmail-queue in there yet. > >>(also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on > >>testserver so I can change to 7)) > >> > > > > > > ------------------------------ > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > > ------------------------------ > > _______________________________________________ > Qmail-scanner-general mailing list > Qma...@li... > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > > > End of Qmail-scanner-general Digest, Vol 51, Issue 1 > **************************************************** > -- Kunal Soni (9810019739) |
From: Jan N. <jan...@gm...> - 2013-06-13 02:07:25
|
Hi, thanks for reply. I tried using this script but qmail-inject just ignores exported QMAILQUEUE and calls default qmail-queue ------- #!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE exec /var/qmail/bin/qmail-inject-orig ------- /var/qmail/bin# ls -l *inject lrwxrwxrwx 1 root root 30 Jun 13 01:43 qmail-inject -> /var/qmail/bin/qmail-inject.sh if I try to wrap qmail-queue in bash script I get jus unable to exec qq - inject fails this way if execv($QMAILQUEUE,0) fails, I tried changing permisions permisions but still the same error. I am thinking of hardcoding /var/qmail/bin/qmail-scanner-queue.pl into qmail.c where is declared path to qeue (with QMAILQUEUE patch it should first look for env. var) 2013/6/12, Salvatore Toribio <to...@pu...>: > Hi > > Maybe you can try doing in the same way of sqwebmail, sending the > mails through a bash script that invokes qmail-inject, something like > this: > > ----- > [root@fluffy-1 ~]# more /usr/sqwebmail/share/sqwebmail/sendit.sh > #!/bin/sh > # > # sendit.sh for qmail-inject and qmail-scanner 20091221 > # > # > > # $1 will contain the return (or bounce) address for this mailboxid, as > # specified by auth.c > # > # $2 will contain the sqwebmail mailboxid of the sender (note that we're > # executing under whatever id auth.c sets for this mailboxid). > Furthermore, > # $REMOTE_ADDR will contain the IP address where the client is coming from > # (the rest of the CGI vars are available too). > # > > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > export QMAILQUEUE > > # If you want to run spamassassin > #QS_SPAMASSASSIN="on" > #export QS_SPAMASSASSIN > > QMAILUSER="$1" > export QMAILUSER > > exec /var/qmail/bin/qmail-inject -hf "$1" > ----- > > Probably you can ignore the variable QMAILUSER. It's a start... > > Regards > > ST > > > At 14:05 +0100 12-06-2013, Jan Nekvapil wrote: >>Hello guys, >>new qmail admin here building server for demanding client. >> >>I need to run additional scans also on mails from my users, but those >>are send by qmail-inject which is invoking the original qmail-queue. >>Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work >>(even if its compiled using pp) as it fails with qq temporary problem >>4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to >>qmail-queue-orig to avoid looping) >> >>I know I will have to check injected mail for looping also because >>qmail-scanner is using it for reports. >> >>I am not afraid to touch qmail-inject.c a little but I couldn't find >>the qmail-queue in there yet. >>(also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on >>testserver so I can change to 7)) >> > |
From: Salvatore T. <to...@pu...> - 2013-06-12 13:56:23
|
Hi Maybe you can try doing in the same way of sqwebmail, sending the mails through a bash script that invokes qmail-inject, something like this: ----- [root@fluffy-1 ~]# more /usr/sqwebmail/share/sqwebmail/sendit.sh #!/bin/sh # # sendit.sh for qmail-inject and qmail-scanner 20091221 # # # $1 will contain the return (or bounce) address for this mailboxid, as # specified by auth.c # # $2 will contain the sqwebmail mailboxid of the sender (note that we're # executing under whatever id auth.c sets for this mailboxid). Furthermore, # $REMOTE_ADDR will contain the IP address where the client is coming from # (the rest of the CGI vars are available too). # QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE # If you want to run spamassassin #QS_SPAMASSASSIN="on" #export QS_SPAMASSASSIN QMAILUSER="$1" export QMAILUSER exec /var/qmail/bin/qmail-inject -hf "$1" ----- Probably you can ignore the variable QMAILUSER. It's a start... Regards ST At 14:05 +0100 12-06-2013, Jan Nekvapil wrote: >Hello guys, >new qmail admin here building server for demanding client. > >I need to run additional scans also on mails from my users, but those >are send by qmail-inject which is invoking the original qmail-queue. >Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work >(even if its compiled using pp) as it fails with qq temporary problem >4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to >qmail-queue-orig to avoid looping) > >I know I will have to check injected mail for looping also because >qmail-scanner is using it for reports. > >I am not afraid to touch qmail-inject.c a little but I couldn't find >the qmail-queue in there yet. >(also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on >testserver so I can change to 7)) > |
From: Jan N. <jan...@gm...> - 2013-06-12 13:05:37
|
Hello guys, new qmail admin here building server for demanding client. I need to run additional scans also on mails from my users, but those are send by qmail-inject which is invoking the original qmail-queue. Simply linking qmail-queue to qmail-scanner-queue.pl doesn't work (even if its compiled using pp) as it fails with qq temporary problem 4.3.3. (in qmail-scanner-queue.pl I changed the invoked qmail-queue to qmail-queue-orig to avoid looping) I know I will have to check injected mail for looping also because qmail-scanner is using it for reports. I am not afraid to touch qmail-inject.c a little but I couldn't find the qmail-queue in there yet. (also I used qmailrocks.thibs.com to setup qmail on Debian 6 (still on testserver so I can change to 7)) |
From: Jason H. <Jas...@tr...> - 2013-05-29 01:38:07
|
On 29/05/13 04:02, Salvatore Toribio wrote: > Hi Kunal > > Sorry, no. Not quite true :-). >From the home page http://qmail-scanner.sf.net/ If an organization is using clamav, Qmail-Scanner can be directly used for Data Loss Prevention (DLP). Localized clamav signature rules can be written that enable Qmail-Scanner to detect and block emails that clamav detects as "malware". A bit of a misuse perhaps - but clamav's built-in support for archival formats and understanding of document types makes it perfect in this role. If you want Qmail-Scanner to log but not block such DLP "hits" (perhaps because the false positive rates are too high to go with full block-mode), then Qmail-Scanner has a "dlp-monitor" option which tells it which regex of normally quarantinable events are in fact to be let past (i.e. without blocking). It will archive a copy of such messages, and the logging will reflect this was a "DLP:" event. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Salvatore T. <to...@pu...> - 2013-05-28 16:02:55
|
Hi Kunal Sorry, no. The only thing qs could do for you is check for that words in the subject, adding the rules to the file 'quarantine-events.txt' (in older version it was a different file..) and rebuild quarantine-events.db. Regards ST At 16:19 +0530 28-05-2013, Kunal Soni wrote: >HI ST, > >We have been using Qmail, configured using qmail rocks. > >I have one more requirement... > >Is there any way emails with any reserved word on the mail body can >be sent to postmaster > >As a scenario, we need to monitor the emails having some reserved >words like "resume", "resignation". If any email contains the above >word will get a copy to email address configured in qmail-scanner > >This is very important for our business needs. > >Thanks in advance. > > >-- >Kunal Soni >(9810019739) |
From: Kunal S. <kun...@gm...> - 2013-05-28 10:49:16
|
HI ST, We have been using Qmail, configured using qmail rocks. I have one more requirement... Is there any way emails with any reserved word on the mail body can be sent to postmaster As a scenario, we need to monitor the emails having some reserved words like "resume", "resignation". If any email contains the above word will get a copy to email address configured in qmail-scanner This is very important for our business needs. Thanks in advance. -- Kunal Soni (9810019739) |
From: Salvatore T. <to...@pu...> - 2013-05-14 11:30:27
|
At 16:41 +0530 14-05-2013, Kunal Soni wrote: >Hi ST, > >We have already enabled sa_quarantine and sa_delete to blocks spam mails. > >qmail-queue.log is big file. > >1. How to use qmail-queue.log with MINIDEBUG Edit qmail-scanner-queue.pl (usually /var/qmail/bin/qmail-scanner-queue.pl) then search for DEBUG and change: my $DEBUG='0'; my $MINIDEBUG='1'; >2. How to rotate qmail-queue.log file. Just to be quick you can rename the file: mv qmail-queue.log qmail-queue.log.1 I usually use logrotate, it is very easy, you only need to create a file like this one (assuming your system has logrotate on it...) [root@hedwig-1 ~]# more /etc/logrotate.d/qmail-scanner /var/spool/qscan/qmail-queue.log { weekly rotate 5 copytruncate #compress notifempty missingok } /var/spool/qscan/quarantine.log { weekly rotate 5 copytruncate #compress notifempty missingok } Regards ST > >Thanks in advance. > > > > >On Tue, May 14, 2013 at 4:08 PM, Salvatore Toribio ><<mailto:to...@pu...>to...@pu...> wrote: > >Hi Kunal > >Please check qmail-queue.log, at least with MINIDEBUG enabled. There >you should find what qmail-scanner does with the spam messages. > >Remember you need to enable sa_quarantine or sa_delete to block spam mails. > >Regards > >ST > >PS: versio 1.25st is really old. > > > > >At 13:42 +0530 14-05-2013, Kunal Soni wrote: > >>Dear Mailing List, >> > >We have been using qmailscanner 1.25 st with Qmail. > > >Few of the emails which are marked SPAM in Maillogs are getting >delivered to the Receipients. Please find attached are the email >maillogs and email which was delivered to user. > > >Please do the needful. > > >Logs ---- > > >May 14 12:49:15 bismail spamd[6598]: spamd: identified spam >(24.3/5.0) for qscand:510 in 4.1 seconds, 1097 bytes. > >May 14 12:49:15 bismail spamd[6598]: spamd: result: Y 24 - >BAYES_99,FSL_HELO_BARE_IP_1,FSL_HELO_BARE_IP_2,MISSING_DATE,MISSING_MID,RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_NONE,SUBJ_ALL_CAPS >scantime=4.1,size=1097,user=qscand,uid=510,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34171,mid=(unknown),bayes=1.000000,autolearn=spam > >May 14 12:49:15 bismail spamd[6597]: prefork: child states: II > >May 14 12:49:16 >bismail <http://qmail-scanner-queue.pl/>qmail-scanner-queue.pl: >qmail-scanner[4267]: >SA:SPAM-QUARANTINE:RC:0(178.123.185.86):SA:1(24.3/5.0): 5.386898 >1097 ><> <mailto:vik...@mp...>vik...@mp...YOU_NEED_TO_READ_THIS ><<mailto:136...@bi...>136...@bi...> >bismail.mpgbis.com13685159507754267-unpacked:1097 > > >In the Attached email, when we check the email source, it doesnt >yield the SPAM Score. > > >-- >Kunal Soni > >(9810019739) > > > > >-- >Kunal Soni >(9810019739) |
From: Salvatore T. <to...@pu...> - 2013-05-14 11:05:26
|
Hi Kunal Please check qmail-queue.log, at least with MINIDEBUG enabled. There you should find what qmail-scanner does with the spam messages. Remember you need to enable sa_quarantine or sa_delete to block spam mails. Regards ST PS: versio 1.25st is really old. At 13:42 +0530 14-05-2013, Kunal Soni wrote: >Dear Mailing List, > >We have been using qmailscanner 1.25 st with Qmail. > >Few of the emails which are marked SPAM in Maillogs are getting >delivered to the Receipients. Please find attached are the email >maillogs and email which was delivered to user. > >Please do the needful. > >Logs ---- > >May 14 12:49:15 bismail spamd[6598]: spamd: identified spam >(24.3/5.0) for qscand:510 in 4.1 seconds, 1097 bytes. >May 14 12:49:15 bismail spamd[6598]: spamd: result: Y 24 - >BAYES_99,FSL_HELO_BARE_IP_1,FSL_HELO_BARE_IP_2,MISSING_DATE,MISSING_MID,RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_NONE,SUBJ_ALL_CAPS >scantime=4.1,size=1097,user=qscand,uid=510,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34171,mid=(unknown),bayes=1.000000,autolearn=spam >May 14 12:49:15 bismail spamd[6597]: prefork: child states: II >May 14 12:49:16 >bismail <http://qmail-scanner-queue.pl/>qmail-scanner-queue.pl: >qmail-scanner[4267]: >SA:SPAM-QUARANTINE:RC:0(178.123.185.86):SA:1(24.3/5.0): 5.386898 >1097 ><> <mailto:vik...@mp...>vik...@mp...YOU_NEED_TO_READ_THIS ><<mailto:136...@bi...>136...@bi...> >bismail.mpgbis.com13685159507754267-unpacked:1097 > >In the Attached email, when we check the email source, it doesnt >yield the SPAM Score. > >-- >Kunal Soni >(9810019739) |
From: Jason H. <Jas...@tr...> - 2013-05-03 09:25:43
|
On 03/05/13 20:53, Alessio Cecchi wrote: > I found the solutions, increase the value of "my $QE_LEN=20;" to 60. > Can this create problems? That should be fine. The length limit was only put in place to limit the lengths of syslog records - so having a larger limit for the "old" mailstats logfile should cause no problems -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Alessio C. <al...@sk...> - 2013-05-03 08:54:04
|
Il 16/04/2013 15:58, Alessio Cecchi ha scritto: > Hi, > > after the upgrade to the latest version of qmail-scanner+ST path > (qmail-scanner-2.11st with clamav and spamassassin) I saw that in the > log "mailstats.csv" the name of the virus, if an email was reject due > clamav, wan truncated: > > Tue, 16 Apr 2013 10:28:36 CEST > CLAMDSCAN:SecuriteInfo.com.Spa:RC:0(86.96.26.50): 0.778577 > 44464 se...@do... rec...@do... > Hello <009d01ce3a7d$68771240$396536c0$@ae> > mx01eeh13661009137987521-unpacked:44464 > > but in qmail-queue.log I saw that the complet name of virus was: > > SecuriteInfo.com.Spammer.emirates.net.ae > > This is a problem for me becaus we use mailstats.csv for parsing and > generating statistics. > > Can qmail-scanner show in mailstats.csv the full name of the "virus" as > returned by clamd? I found the solutions, increase the value of "my $QE_LEN=20;" to 60. Can this create problems? -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it |
From: Alessio C. <al...@sk...> - 2013-04-16 14:23:28
|
Hi, after the upgrade to the latest version of qmail-scanner+ST path (qmail-scanner-2.11st with clamav and spamassassin) I saw that in the log "mailstats.csv" the name of the virus, if an email was reject due clamav, wan truncated: Tue, 16 Apr 2013 10:28:36 CEST CLAMDSCAN:SecuriteInfo.com.Spa:RC:0(86.96.26.50): 0.778577 44464 se...@do... rec...@do... Hello <009d01ce3a7d$68771240$396536c0$@ae> mx01eeh13661009137987521-unpacked:44464 but in qmail-queue.log I saw that the complet name of virus was: SecuriteInfo.com.Spammer.emirates.net.ae This is a problem for me becaus we use mailstats.csv for parsing and generating statistics. Can qmail-scanner show in mailstats.csv the full name of the "virus" as returned by clamd? Thanks -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it |
From: Timothy T. <ti...@ja...> - 2013-04-11 06:18:35
|
For example: X-Qmail-Scanner: 2.10st (Clear:RC:0(88.62.131.50):SA:1(10.0/5.0):. Processed in 3.024611 secs Process 10179) It's 10.0 which is TWICE the 5.0 I have configured... But then the same message sent to another address and it's deleted... what's happening? |
From: Timothy T. <ti...@ja...> - 2013-04-11 06:02:06
|
Nevermind. I'm an idiot. :) On Thu, Apr 11, 2013 at 1:10 AM, Timothy Timmons <ti...@ja...> wrote: > For example: > > X-Qmail-Scanner: 2.10st (Clear:RC:0(88.62.131.50):SA:1(10.0/5.0):. > Processed in 3.024611 secs Process 10179) > > It's 10.0 which is TWICE the 5.0 I have configured... > > But then the same message sent to another address and it's deleted... > what's happening? |
From: Chris B. <cb...@da...> - 2013-04-01 16:27:34
|
That was likely the problem. We ended up reconfiguring without MHR since it's for non-commercial use anyways. Leaving MHR out fixed the issue for our use case. Thanks for the feedback. Chris Berry Linux Systems Administrator Davis Tool x521 >>> Salvatore Toribio <to...@pu...> 3/30/2013 2:08 AM >>> Hi Maybe the problem is with mhr and zip attachments... There was an error there that has been fixed in version 2.11, but Jason forgot to mention it in the changes... v2.10 if($file eq "." || $file eq ".." || $file =~ /^[0-9]+\.[0-9]+\-[0-9]+\.$hostname|^(orig\-|)$file_id|^textfile[0-9]+/){ v2.11 if(-d $file || $file eq "." || $file eq ".." || $file =~ /^[0-9]+\.[0-9]+\-[0-9]+\.$hostname|^(orig\-|)$file_id|^textfile[0-9]+/){ So updating to 2.11 should fix your problem. ST At 18:54 +1300 30-03-2013, Jason Haar wrote: >On 30/03/13 09:41, Chris Berry wrote: >> >> Fri, 29 Mar 2013 10:13:39 PDT:24830: mhr: starting scan of directory >> "/var/spool/qscan/tmp/relay136457719958624830"... >> >> Fri, 29 Mar 2013 10:13:39 PDT:24830: error_condition: >> X-Qmail-Scanner-2.10: Requeuing: Read failed: Is a directory at >> /var/qmail/bin/qmail-scanner-queue.pl line 2761 >> >> > >As each Q-S install is different, you will need to look at line 2761 in >qmail-scanner-queue.pl to see what it was trying to do. Looks like it >wanted to open a file but found a directory instead > >> relay:/var/spool/qscan # cat /var/qmail/bin/qmail-scanner-queue.pl | >> grep @scanner_array= >> >> my @scanner_array=("clamdscan_scanner","mhr_scanner","spamassassin"); >> >> >> I don't remember turning that on, but I see from the 2.10 change log >> notes that perhaps it's a new default? Since it's failing near there >> I'm wondering if that might be the problem. Any thoughts? >> >> > >You must have installed is as "automatic" - so it just enabled all the >AVs it discovered. You can explicitly tell the ./configure script you >only want clamdscan and SA and get rid of MHR if you wish > >-- >Cheers > ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Qmail-scanner-general mailing list Qma...@li... https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general |
From: Salvatore T. <to...@pu...> - 2013-03-30 09:09:04
|
Hi Maybe the problem is with mhr and zip attachments... There was an error there that has been fixed in version 2.11, but Jason forgot to mention it in the changes... v2.10 if($file eq "." || $file eq ".." || $file =~ /^[0-9]+\.[0-9]+\-[0-9]+\.$hostname|^(orig\-|)$file_id|^textfile[0-9]+/){ v2.11 if(-d $file || $file eq "." || $file eq ".." || $file =~ /^[0-9]+\.[0-9]+\-[0-9]+\.$hostname|^(orig\-|)$file_id|^textfile[0-9]+/){ So updating to 2.11 should fix your problem. ST At 18:54 +1300 30-03-2013, Jason Haar wrote: >On 30/03/13 09:41, Chris Berry wrote: >> >> Fri, 29 Mar 2013 10:13:39 PDT:24830: mhr: starting scan of directory >> "/var/spool/qscan/tmp/relay136457719958624830"... >> >> Fri, 29 Mar 2013 10:13:39 PDT:24830: error_condition: >> X-Qmail-Scanner-2.10: Requeuing: Read failed: Is a directory at >> /var/qmail/bin/qmail-scanner-queue.pl line 2761 >> >> > >As each Q-S install is different, you will need to look at line 2761 in >qmail-scanner-queue.pl to see what it was trying to do. Looks like it >wanted to open a file but found a directory instead > >> relay:/var/spool/qscan # cat /var/qmail/bin/qmail-scanner-queue.pl | >> grep @scanner_array= >> >> my @scanner_array=("clamdscan_scanner","mhr_scanner","spamassassin"); >> >> >> I don't remember turning that on, but I see from the 2.10 change log >> notes that perhaps it's a new default? Since it's failing near there >> I'm wondering if that might be the problem. Any thoughts? >> >> > >You must have installed is as "automatic" - so it just enabled all the >AVs it discovered. You can explicitly tell the ./configure script you >only want clamdscan and SA and get rid of MHR if you wish > >-- >Cheers > |
From: Jason H. <Jas...@tr...> - 2013-03-30 05:55:05
|
On 30/03/13 09:41, Chris Berry wrote: > > Fri, 29 Mar 2013 10:13:39 PDT:24830: mhr: starting scan of directory > "/var/spool/qscan/tmp/relay136457719958624830"... > > Fri, 29 Mar 2013 10:13:39 PDT:24830: error_condition: > X-Qmail-Scanner-2.10: Requeuing: Read failed: Is a directory at > /var/qmail/bin/qmail-scanner-queue.pl line 2761 > > As each Q-S install is different, you will need to look at line 2761 in qmail-scanner-queue.pl to see what it was trying to do. Looks like it wanted to open a file but found a directory instead > relay:/var/spool/qscan # cat /var/qmail/bin/qmail-scanner-queue.pl | > grep @scanner_array= > > my @scanner_array=("clamdscan_scanner","mhr_scanner","spamassassin"); > > > I don't remember turning that on, but I see from the 2.10 change log > notes that perhaps it's a new default? Since it's failing near there > I'm wondering if that might be the problem. Any thoughts? > > You must have installed is as "automatic" - so it just enabled all the AVs it discovered. You can explicitly tell the ./configure script you only want clamdscan and SA and get rid of MHR if you wish -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Chris B. <cb...@da...> - 2013-03-29 20:42:11
|
I'm having a problem where one of my users can't receive emails with attachments from a single customer. When the message first comes in I get the following in /var/log/qmail/smtpd/current: 2013-03-29 09:42:33.680656500.s:@400000005155c38507dbecbc tcpserver: pid 21905 from 192.104.67.3 2013-03-29 09:42:33.680656500.s:@400000005155c38507df963c tcpserver: ok 21905 relay.davistl.com:192.168.200.25:25 mail2.eaton.com:192.104.67.3::29629 2013-03-29 09:42:33.680656500.s:@400000005155c3862bf16d84 mailfront[21905]: MAIL FROM:<GaryShojaie@Eaton.com> SIZE=7823876 2013-03-29 09:42:33.680656500.s:@400000005155c3862bf17554 mailfront[21905]: RCPT TO:<MI...@da...> 2013-03-29 09:42:33.680656500.s:@400000005155c3a0379e1b14 mailfront[21905]: 451 4.3.0 Temporary qmail-queue failure. 2013-03-29 09:42:33.680656500.s:@400000005155c3a0379e1efc mailfront[21905]: bytes in: 7823992 bytes out: 285 2013-03-29 09:42:33.680656500.s:@400000005155c3a037a097cc tcpserver: end 21905 status 0 Initially I thought softlimit might not be high enough, but increasing it didn't help and emailing a file with an even larger attachment from one of my accounts worked fine: 2013-03-29 09:52:39.069600500 tcpserver: pid 23160 from 205.188.105.147 2013-03-29 09:52:39.165676500 tcpserver: ok 23160 relay.davistl.com:192.168.200.25:25 imr-da05.mx.aol.com:205.188.105.147::64354 2013-03-29 09:52:41.803962500 mailfront[23160]: MAIL FROM:<blu...@ao...> SIZE=11808740 2013-03-29 09:52:41.803964500 mailfront[23160]: RCPT TO:<mi...@da...> 2013-03-29 09:53:12.182697500 mailfront[23160]: 2.6.0 Accepted message qp 23162 bytes 11657485 2013-03-29 09:53:12.182698500 mailfront[23160]: bytes in: 11808855 bytes out: 295 2013-03-29 09:53:12.182819500 tcpserver: end 23160 status 0 After reading some of the mailfront code it didn't look like the problem was there, so I looked at /var/spool/qscan/qmail-queue.log and found messages like this: Fri, 29 Mar 2013 10:13:19 PDT:24830: +++ starting debugging for process 24830 by uid=1003 Fri, 29 Mar 2013 10:13:19 PDT:24830: setting UID to EUID so subprocesses can access files generated by this script Fri, 29 Mar 2013 10:13:19 PDT:24830: program name is qmail-scanner-queue.pl, version 2.10 Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: mkdir /var/spool/qscan/tmp/relay136457719958624830 Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: start dumping incoming msg into /var/spool/qscan/working/tmp/relay136457719958624830 [0.000262] Fri, 29 Mar 2013 10:13:19 PDT:24830: c_a_g: found MIME attachment Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: primary Content-Type of multipart/mixed found Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: found a top-level boundary definition of _004_5137F0726DAB194A9D1D9AC87004F6D309F90ASIMTCSMB06napaade_ Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: attachment 1: Content-Type of multipart/alternative found Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: attachment 2: Content-Type of text/plain found Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: attachment 3: Content-Type of text/html found Fri, 29 Mar 2013 10:13:19 PDT:24830: found C-T attachment filename "1c17784.zip" Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: attachment 5: Content-Type of application/x-zip-compressed found Fri, 29 Mar 2013 10:13:19 PDT:24830: w_c: base64 looks like a zip file, filename=1c17784.zip,type=application/x-zip-compressed Fri, 29 Mar 2013 10:13:38 PDT:24830: w_c: rename new msg from /var/spool/qscan/working/tmp/relay136457719958624830 to /var/spool/qscan/working/new/relay136457719958624830 Fri, 29 Mar 2013 10:13:38 PDT:24830: w_c: total time between DATA command and "." was 18.987336 secs Fri, 29 Mar 2013 10:13:38 PDT:24830: w_c: (this is basically the time it took the client to send the message over the network Fri, 29 Mar 2013 10:13:38 PDT:24830: w_c: resetting timer so as to measure actual Qmail-Scanner processing time Fri, 29 Mar 2013 10:13:38 PDT:24830: incoming SMTP connection from via SMTP from mail2.eaton.com Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: starting /usr/bin/reformime -x/var/spool/qscan/tmp/relay136457719958624830/ </var/spool/qscan/working/new/relay136457719958624830 [0.000246] Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: finished /usr/bin/reformime -x/var/spool/qscan/tmp/relay136457719958624830/ [0.06757] Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: Checking all attachments to see if they're MS-TNEF Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: is /var/spool/qscan/tmp/relay136457719958624830/1C17784.zip is a TNEF file?: 256 [0.001004] Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: is /var/spool/qscan/tmp/relay136457719958624830/1364577218.24865-0.relay is a TNEF file?: 256 [0.000773] Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: is /var/spool/qscan/tmp/relay136457719958624830/1364577218.24865-1.relay is a TNEF file?: 256 [0.000746] Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: Check for zip files... Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: potential zip archive file found (1C17784.zip). Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: it is possibly a zip file, run unzip -Pxx1518412100xx -t /var/spool/qscan/tmp/relay136457719958624830/1C17784.zip Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: it is a zip file Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: check size of contents before unzipping to disk Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: this zip file unpacks to 4585272 bytes of content Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: run /usr/bin/unzip -Pxx1518412100xx /var/spool/qscan/tmp/relay136457719958624830/1C17784.zip 2>&1 Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: 0, and successfully unzipped Fri, 29 Mar 2013 10:13:38 PDT:24830: u_f: using chmod to ensure files are readable () Fri, 29 Mar 2013 10:13:38 PDT:24830: d_m: unpacking message took 0.147106 seconds Fri, 29 Mar 2013 10:13:38 PDT:24830: unsetting QMAILQUEUE env var Fri, 29 Mar 2013 10:13:38 PDT:24830: g_e_h: return-path is "GaryShojaie@Eaton.com", recips is "MI...@da...,cb...@da..." Fri, 29 Mar 2013 10:13:38 PDT:24830: from=<GaryShojaie@Eaton.com>,subj=RE: Davis Tool Contact Info., x-qmail-scanner-message-id=<5137F0726DAB194A9D1D9AC87004F6D309F90A@SIMTCSMB06.napa.ad.etn.com> via SMTP from mail2.eaton.com Fri, 29 Mar 2013 10:13:38 PDT:24830: ini_sc: start scanning Fri, 29 Mar 2013 10:13:38 PDT:24830: ini_sc: recursively scan the directory /var/spool/qscan/tmp/relay136457719958624830/ Fri, 29 Mar 2013 10:13:38 PDT:24830: scanloop(virus): starting scan of directory "/var/spool/qscan/tmp/relay136457719958624830"... Fri, 29 Mar 2013 10:13:38 PDT:24830: scanloop: scanner=clamdscan_scanner,plain_text_msg=0 Fri, 29 Mar 2013 10:13:38 PDT:24830: clamdscan: starting scan of directory "/var/spool/qscan/tmp/relay136457719958624830"... Fri, 29 Mar 2013 10:13:38 PDT:24830: run /usr/bin/clamdscan --no-summary /var/spool/qscan/tmp/relay136457719958624830 2>&1 Fri, 29 Mar 2013 10:13:39 PDT:24830: --output of clamdscan was: /var/spool/qscan/tmp/relay136457719958624830: OK -- Fri, 29 Mar 2013 10:13:39 PDT:24830: clamdscan: finished scan of dir "/var/spool/qscan/tmp/relay136457719958624830" in 1.280143 secs Fri, 29 Mar 2013 10:13:39 PDT:24830: scanloop: scanner=mhr_scanner,plain_text_msg=0 Fri, 29 Mar 2013 10:13:39 PDT:24830: mhr: starting scan of directory "/var/spool/qscan/tmp/relay136457719958624830"... Fri, 29 Mar 2013 10:13:39 PDT:24830: error_condition: X-Qmail-Scanner-2.10: Requeuing: Read failed: Is a directory at /var/qmail/bin/qmail-scanner-queue.pl line 2761 The last line looks like a problem. I saw the note in the 2.11 release (I'm on 2.10) about mhr so I double checked that Digest::SHA and Digest::SHA1 were installed and working: relay:/var/log/qmail/smtpd # perl -MDigest::SHA -el relay:/var/log/qmail/smtpd # perl -MDigest::SHA1 -el The permissions and ownership of the /var/spool/qscan/tmp folder look ok: relay:/var/spool/qscan # ls -alh | grep tmp drwxr-x--- 2 qscand qscand 4.0K Mar 29 13:30 tmp It appears that my config thinks it should be using MHR: relay:/var/spool/qscan # cat /var/qmail/bin/qmail-scanner-queue.pl | grep @scanner_array= my @scanner_array=("clamdscan_scanner","mhr_scanner","spamassassin"); I don't remember turning that on, but I see from the 2.10 change log notes that perhaps it's a new default? Since it's failing near there I'm wondering if that might be the problem. Any thoughts? Chris Berry Linux Systems Administrator Davis Tool x521 |
From: Jason H. <Jas...@tr...> - 2013-03-05 19:01:11
|
On 06/03/13 02:35, Adrian Bulgariu wrote: > i am wondering if I could use a spam folder for each e-mail address not > only global spam folder. Because maybe some e-mail are ok and users > should easily get them > contrib/qscan-spam-to-users.pl already does that. You call it as a cronjob, and it will move the quarantined spam into a separate per-user Maildir structure. However, it will not move that mail into the individual users Maildir structure, because Qmail-Scanner is typically run on edge mail relays - ie the mailboxes don't actually reside there. But you could hack it or otherwise run your own post-processing script to move that mail back into users structures afterwards Anyway, it's somewhere to start... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Adrian B. <ad...@we...> - 2013-03-05 14:02:22
|
hi i am wondering if I could use a spam folder for each e-mail address not only global spam folder. Because maybe some e-mail are ok and users should easily get them thanks |
From: Jason H. <Jas...@tr...> - 2013-03-05 08:25:31
|
A new version, 2.11 is now available. Besides some minor bug fixes for the new MHR support, one new feature appears. Qmail-Scanner will from now on try to push any "metadata" it figures out while parsing an email back into the email via "X-Qmail-Scanner-" headers - so that SpamAssassin can then have new rules created that use such headers. This is fairly specific and probably not of much use to a lot of sites, but has allowed us to create SA rules that can match emails containing ZIP attachments that contain EXE files - something SA certainly cannot do itself. For more details and download instructions, please head over to http://qmail-scanner.sf.net/ -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Qmail-scanner-announce mailing list Qma...@li... https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce |