Re: [Qmail-scanner-general] View quarantine spam messages thru webmail

2006-08-06 Thread Jason Haar 
Eric Carlson wrote:
 Can I ask a dumb question here after trying that and getting a user
 does not exist error? The name of the linux user doesn't exist, this
 is a Plesk managed system, but the mailbox sure does.
You have just answered your own question. The linux user (as you say)
doesn't exist.

I assume you are using some form of virtualdomain type system? My script
won't work for you then - it assumes each mailbox has an Unix account
associated with it. Standard Qmail stuff.

Someone will have to come up with a patch to deal with other scenarios 
- I'd be happy to see the contribution.


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general] View quarantine spam messages thru webmail

2006-08-05 Thread Eric Carlson 

There's a couple of buglets in that version (fixed in the next release). 
I've just put up the fixed version for one-off downloading until the 
next release comes out: http://qmail-scanner.sf.net/qscan-spam-to-users.pl

Hi,

Can I ask a dumb question here after trying that and getting a user
does not exist error? The name of the linux user doesn't exist, this
is a Plesk managed system, but the mailbox sure does. In other words,
if I look at (for example)
/var/qmail/mailnames/example.com/spam/MailDir I see the target mail
forder I'm trying to pull the spam to, but id spam doesn't know them
as a user at the linux level.

Cheers, looks to be just what I need apart from that!


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general] View quarantine spam messages thru webmail

2006-08-01 Thread Miloska 
On 8/1/06, Facundo Barrera [EMAIL PROTECTED] wrote:
 Hi list:
  I've currently achieve QS to quarantine all messages tagged as
 spam, is there a way, to see them thru webmail using an account ...let's say
 [EMAIL PROTECTED] (only the spam messages), not the one quarantine for
 having virus...
 this is the path where this messages are stored:

 /var/spool/qscan/quarantine/spam/new


It's a normal Maildir directory, similar then your other accounts.
Jjust set up an account to use this folder as a Maildir, and you can
use it trought imap / webmail / etc.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general] View quarantine spam messages thru webmail

2006-08-01 Thread Eric Carlson 
On Tue, 1 Aug 2006 08:36:36 -0300, you wrote:

Hi list:
 I've currently achieve QS to quarantine all messages tagged as
spam, is there a way, to see them thru webmail using an account ...let's say
[EMAIL PROTECTED] (only the spam messages), not the one quarantine for
having virus...
this is the path where this messages are stored:

/var/spool/qscan/quarantine/spam/new

Many thanks.

Oh man thats too much of a co-incidence - did you see my post saying
almost exactly the same


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]skip quarantine-attachments list if file is ziped

2004-07-07 Thread Doug Monroe 
Thomas Wahyudi wrote:
Hi all, Is there a way that i can skip the quarantine-attachments list
if the attacment is zip file ?
how about:
--unzip no


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]RE: Quarantine-attachments revisited

2003-12-19 Thread Micha Silver 
 
 What happens when you run:
 
 su -c /var/qmail/bin/qmail-scanner-queue.pl -g qscand
 
 does it error out or actually work?
 

Hello Ed:

It's strange. When I use the daemontools setuidgid it works, but with su -c
it silently ends, without doing anything:

[EMAIL PROTECTED] qmailscan]# setuidgid qmailq /var/qmail/bin/qmail-scanner-queue.pl
-g
perlscanner: generate new DB file from
/var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 16 entries.
[EMAIL PROTECTED] qmailscan]# su -c /var/qmail/bin/qmail-scanner-queue.pl -g qmailq
[EMAIL PROTECTED] qmailscan]#

After the su command, there's no change to quarantine-attachments.db.
What's the difference between the way those two commands work??

--Micha




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]Re: Quarantine-attachments revisited

2003-12-18 Thread Jason Haar 
On Thu, Dec 18, 2003 at 03:59:46PM +, [EMAIL PROTECTED] wrote:
 Do you mean the whole qmailscan directory? I tried changing the owner of
 quarantine-attachments.db to qmailq, but that didn't make any difference.
 
 Yes (and there are most likely others here who know better than I) ... in
 all of my installations including 1.15 version, the whole 
 /var/spool/qmailscan
 directory tree is owned by the qmailq user. If qmailq is running these (is


Please upgrade to 1.20.

The official release of 1.20 now runs everything as qscand. Telling such
people to change ownerships to qmailq is just making their problem worse

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]No quarantine

2003-10-03 Thread Dallas L. Engelken 
 -Original Message-
 From: Marcio R A Garcia [mailto:[EMAIL PROTECTED] 
 Sent: Friday, October 03, 2003 2:31 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Qmail-scanner-general]No quarantine
 
 
 
 
 Anything like this:
 
 cd /var/spool/qmailscan/quarantine
 rm -rf new
 ln -s /dev/null  new
 
 
 Maybe work 

you are better off commenting out the lines... why waste cpu cycles if
you dont need to quarantine??  this is how i did it in the past... i
dont know what v1.2x looks like.

sub email_quarantine_report {
  my($start_email_time)=[gettimeofday];
  my($one_recip);
  debug(e_v_r: quarantine  msg to $scandir/$vmaildir/new/$file_id);
#
rename($scandir/$wmaildir/new/$file_id,$scandir/$vmaildir/new/$file_i
d)||tempfail(cannot rename $scandir/$wmaildir/new/$file_id into
$scandir/$vmaildir/new/ - $!);
#  open(QTINE,$scandir/$vmaildir/new/$file_id);
#  print QTINE \n*** Qmail-Scanner Quarantine Envelope Details Begin
***\n;
#  print QTINE ${V_HEADER}-Mail-From: \$returnpath\ via $hostname\n;
#  print QTINE ${V_HEADER}-Rcpt-To: \$recips\\n;
#  print QTINE $V_HEADER: $VERSION ($SCANINFO $destring Found.
Processed in ,tv_interval($start_time,[gettimeofday]), secs)\n;
#  print QTINE Quarantine-Description: $quarantine_description\n;
#  print QTINE *** Qmail-Scanner Envelope Details End ***\n;
#  close QTINE;

d


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]Cleaning quarantine?

2003-08-28 Thread CertaintyTech 
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Marc Nicholas
 Sent: Thursday, August 28, 2003 12:09 PM
 To: Qmail-scanner
 Subject: [Qmail-scanner-general]Cleaning quarantine?
 
 
 So can I just delete messages in quarantine? Are these 
 messages also still
 somewhere in the Qmail spool?
 
 Thanks,.
 
 
 -marc

These messages have been fully delivered to the quarantine maildir and
are no longer in the queue.  Delete them if you want.  I personally have
a cron that runs and deletes all files 15 days or older just so I have a
little buffer in case a legit message was mistaken as a virus.
---
Ed Henderson
Certainty Tech
http://www.certainty.net/




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm

2002-10-29 Thread Doug Monroe 
Darley Ware wrote:
 
 Hello,
 
 I want to use the quarantine-attachments feature to block the new E-Card
 marketing worm from FriendGreetings.com.
 
 http://www.sophos.com/virusinfo/articles/greetings.html
 
 My question is can I block messages from an entire domain? I tried the
 following but it did not work...
 
 .*friendgreetings.com Virus-From:  E-Card marketing worm

why not put @friendgreetings.com  in /var/qmail/control/badmailfrom 
(and restart)?


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm

2002-10-29 Thread Doug Monroe 
Doug Monroe wrote:
 
 Darley Ware wrote:
 
  Hello,
 
  I want to use the quarantine-attachments feature to block the new E-Card
  marketing worm from FriendGreetings.com.
 
  http://www.sophos.com/virusinfo/articles/greetings.html
 
  My question is can I block messages from an entire domain? I tried the
  following but it did not work...
 
  .*friendgreetings.com Virus-From:  E-Card marketing worm

or...use this in quarantine-attachments?

.*you have an E-Card from.*tabVirus-Subject:tabFriendGreeting nuisance
mail denied, see: http://www.sophos.com/virusinfo/articles/greetings.html


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm

2002-10-29 Thread Alex Shipp 
They have moved BTW to

http://www.cool-downloads.com
and
http://www.cool-downloads.net



- Original Message -
From: Doug Monroe [EMAIL PROTECTED]
To: Darley Ware [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, October 29, 2002 2:00 PM
Subject: Re: [Qmail-scanner-general]Using quarantine-attachments for e-card
marketing worm


Darley Ware wrote:

 Hello,

 I want to use the quarantine-attachments feature to block the new E-Card
 marketing worm from FriendGreetings.com.




This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm

2002-10-29 Thread Martinez, Michael - CSREES/ISTM 
Or stick the entire friendgreeting.com net range in tcp.stmp if you use
tcpserver (use www.hexillion.com/utilities to look up the netrange).

Or look through the internet headers for e-card email (if you have have
received it already), and block the ip it came from

Michael Martinez


 -Original Message-
 From: Doug Monroe [mailto:doug;planetconnect.com]
 Sent: Tuesday, October 29, 2002 9:00 AM
 To: Darley Ware
 Cc: [EMAIL PROTECTED]
 Subject: Re: [Qmail-scanner-general]Using quarantine-attachments for
 e-card marketing worm
 
 
 Darley Ware wrote:
  
  Hello,
  
  I want to use the quarantine-attachments feature to block 
 the new E-Card
  marketing worm from FriendGreetings.com.
  
  http://www.sophos.com/virusinfo/articles/greetings.html
  
  My question is can I block messages from an entire domain? 
 I tried the
  following but it did not work...
  
  .*friendgreetings.com Virus-From:  E-Card marketing worm
 
 why not put @friendgreetings.com  in /var/qmail/control/badmailfrom 
 (and restart)?
 
 
 ---
 This sf.net email is sponsored by:ThinkGeek
 Welcome to geek heaven.
 http://thinkgeek.com/sf
 ___
 Qmail-scanner-general mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]Possible quarantine-attachments.db Problem

2002-06-14 Thread CertaintyTech - Ed Henderson 

 Whilst upgrading my qmail-scanner installation to 1.12 recently I 
 decided to
 check the quarantine-attachments.txt file and found the line:
 .{100,}   Virus-Date: Date Buffer Overflow trojan
 had been replace with the following:
 .{100,}   Virus-Date: MIME Header 
 Buffer Overflow
 .{100,}   Virus-Mime-Version: MIME Header 
 Buffer Overflow 
 .{100,}   Virus-Resent-Date:  MIME Header 
 Buffer Overflow
 so I decided to change my config.
 


Try changing the descriptions so that each one is unique.

---
Ed.

___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

RE: [Qmail-scanner-general]Possible quarantine-attachments.db Problem

2002-06-14 Thread Hine,Chris 

 -Original Message-
 From: CertaintyTech - Ed Henderson [mailto:[EMAIL PROTECTED]]
 Sent: 14 June 2002 17:40
 To: Hine,Chris; [EMAIL PROTECTED]
 Subject: RE: [Qmail-scanner-general]Possible quarantine-attachments.db
 Problem
 
 
  Whilst upgrading my qmail-scanner installation to 1.12 recently I 
  decided to
  check the quarantine-attachments.txt file and found the line:
  .{100,} Virus-Date: Date Buffer 
 Overflow trojan
  had been replace with the following:
  .{100,} Virus-Date: MIME Header 
  Buffer Overflow
  .{100,} Virus-Mime-Version: MIME Header 
  Buffer Overflow 
  .{100,} Virus-Resent-Date:  MIME Header 
  Buffer Overflow
  so I decided to change my config.
  
 
 
 Try changing the descriptions so that each one is unique.
 
 ---
 Ed.

I did try that (although I already had a number of items in there with
the same descriptions);
.{100,} Virus-Date: MIME Header Buffer Overflow 1
.{100,} Virus-Mime-Version: MIME Header Buffer Overflow 2
.{100,} Virus-Resent-Date:  MIME Header Buffer Overflow 3

with the same results as before.
It seems that the first field must be unique, which makes sense for 
filenames, but not necessarily for headers.
Chris

___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

___
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general