Re: [Qmail-scanner-general] View quarantine spam messages thru webmail
Eric Carlson wrote: Can I ask a dumb question here after trying that and getting a user does not exist error? The name of the linux user doesn't exist, this is a Plesk managed system, but the mailbox sure does. You have just answered your own question. The linux user (as you say) doesn't exist. I assume you are using some form of virtualdomain type system? My script won't work for you then - it assumes each mailbox has an Unix account associated with it. Standard Qmail stuff. Someone will have to come up with a patch to deal with other scenarios - I'd be happy to see the contribution. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general] View quarantine spam messages thru webmail
There's a couple of buglets in that version (fixed in the next release). I've just put up the fixed version for one-off downloading until the next release comes out: http://qmail-scanner.sf.net/qscan-spam-to-users.pl Hi, Can I ask a dumb question here after trying that and getting a user does not exist error? The name of the linux user doesn't exist, this is a Plesk managed system, but the mailbox sure does. In other words, if I look at (for example) /var/qmail/mailnames/example.com/spam/MailDir I see the target mail forder I'm trying to pull the spam to, but id spam doesn't know them as a user at the linux level. Cheers, looks to be just what I need apart from that! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general] View quarantine spam messages thru webmail
On 8/1/06, Facundo Barrera [EMAIL PROTECTED] wrote: Hi list: I've currently achieve QS to quarantine all messages tagged as spam, is there a way, to see them thru webmail using an account ...let's say [EMAIL PROTECTED] (only the spam messages), not the one quarantine for having virus... this is the path where this messages are stored: /var/spool/qscan/quarantine/spam/new It's a normal Maildir directory, similar then your other accounts. Jjust set up an account to use this folder as a Maildir, and you can use it trought imap / webmail / etc. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general] View quarantine spam messages thru webmail
On Tue, 1 Aug 2006 08:36:36 -0300, you wrote: Hi list: I've currently achieve QS to quarantine all messages tagged as spam, is there a way, to see them thru webmail using an account ...let's say [EMAIL PROTECTED] (only the spam messages), not the one quarantine for having virus... this is the path where this messages are stored: /var/spool/qscan/quarantine/spam/new Many thanks. Oh man thats too much of a co-incidence - did you see my post saying almost exactly the same - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general]skip quarantine-attachments list if file is ziped
Thomas Wahyudi wrote: Hi all, Is there a way that i can skip the quarantine-attachments list if the attacment is zip file ? how about: --unzip no --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]RE: Quarantine-attachments revisited
What happens when you run: su -c /var/qmail/bin/qmail-scanner-queue.pl -g qscand does it error out or actually work? Hello Ed: It's strange. When I use the daemontools setuidgid it works, but with su -c it silently ends, without doing anything: [EMAIL PROTECTED] qmailscan]# setuidgid qmailq /var/qmail/bin/qmail-scanner-queue.pl -g perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 16 entries. [EMAIL PROTECTED] qmailscan]# su -c /var/qmail/bin/qmail-scanner-queue.pl -g qmailq [EMAIL PROTECTED] qmailscan]# After the su command, there's no change to quarantine-attachments.db. What's the difference between the way those two commands work?? --Micha --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general]Re: Quarantine-attachments revisited
On Thu, Dec 18, 2003 at 03:59:46PM +, [EMAIL PROTECTED] wrote: Do you mean the whole qmailscan directory? I tried changing the owner of quarantine-attachments.db to qmailq, but that didn't make any difference. Yes (and there are most likely others here who know better than I) ... in all of my installations including 1.15 version, the whole /var/spool/qmailscan directory tree is owned by the qmailq user. If qmailq is running these (is Please upgrade to 1.20. The official release of 1.20 now runs everything as qscand. Telling such people to change ownerships to qmailq is just making their problem worse -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]No quarantine
-Original Message- From: Marcio R A Garcia [mailto:[EMAIL PROTECTED] Sent: Friday, October 03, 2003 2:31 PM To: [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]No quarantine Anything like this: cd /var/spool/qmailscan/quarantine rm -rf new ln -s /dev/null new Maybe work you are better off commenting out the lines... why waste cpu cycles if you dont need to quarantine?? this is how i did it in the past... i dont know what v1.2x looks like. sub email_quarantine_report { my($start_email_time)=[gettimeofday]; my($one_recip); debug(e_v_r: quarantine msg to $scandir/$vmaildir/new/$file_id); # rename($scandir/$wmaildir/new/$file_id,$scandir/$vmaildir/new/$file_i d)||tempfail(cannot rename $scandir/$wmaildir/new/$file_id into $scandir/$vmaildir/new/ - $!); # open(QTINE,$scandir/$vmaildir/new/$file_id); # print QTINE \n*** Qmail-Scanner Quarantine Envelope Details Begin ***\n; # print QTINE ${V_HEADER}-Mail-From: \$returnpath\ via $hostname\n; # print QTINE ${V_HEADER}-Rcpt-To: \$recips\\n; # print QTINE $V_HEADER: $VERSION ($SCANINFO $destring Found. Processed in ,tv_interval($start_time,[gettimeofday]), secs)\n; # print QTINE Quarantine-Description: $quarantine_description\n; # print QTINE *** Qmail-Scanner Envelope Details End ***\n; # close QTINE; d --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]Cleaning quarantine?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Nicholas Sent: Thursday, August 28, 2003 12:09 PM To: Qmail-scanner Subject: [Qmail-scanner-general]Cleaning quarantine? So can I just delete messages in quarantine? Are these messages also still somewhere in the Qmail spool? Thanks,. -marc These messages have been fully delivered to the quarantine maildir and are no longer in the queue. Delete them if you want. I personally have a cron that runs and deletes all files 15 days or older just so I have a little buffer in case a legit message was mistaken as a virus. --- Ed Henderson Certainty Tech http://www.certainty.net/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm
Darley Ware wrote: Hello, I want to use the quarantine-attachments feature to block the new E-Card marketing worm from FriendGreetings.com. http://www.sophos.com/virusinfo/articles/greetings.html My question is can I block messages from an entire domain? I tried the following but it did not work... .*friendgreetings.com Virus-From: E-Card marketing worm why not put @friendgreetings.com in /var/qmail/control/badmailfrom (and restart)? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm
Doug Monroe wrote: Darley Ware wrote: Hello, I want to use the quarantine-attachments feature to block the new E-Card marketing worm from FriendGreetings.com. http://www.sophos.com/virusinfo/articles/greetings.html My question is can I block messages from an entire domain? I tried the following but it did not work... .*friendgreetings.com Virus-From: E-Card marketing worm or...use this in quarantine-attachments? .*you have an E-Card from.*tabVirus-Subject:tabFriendGreeting nuisance mail denied, see: http://www.sophos.com/virusinfo/articles/greetings.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm
They have moved BTW to http://www.cool-downloads.com and http://www.cool-downloads.net - Original Message - From: Doug Monroe [EMAIL PROTECTED] To: Darley Ware [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 29, 2002 2:00 PM Subject: Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm Darley Ware wrote: Hello, I want to use the quarantine-attachments feature to block the new E-Card marketing worm from FriendGreetings.com. This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm
Or stick the entire friendgreeting.com net range in tcp.stmp if you use tcpserver (use www.hexillion.com/utilities to look up the netrange). Or look through the internet headers for e-card email (if you have have received it already), and block the ip it came from Michael Martinez -Original Message- From: Doug Monroe [mailto:doug;planetconnect.com] Sent: Tuesday, October 29, 2002 9:00 AM To: Darley Ware Cc: [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]Using quarantine-attachments for e-card marketing worm Darley Ware wrote: Hello, I want to use the quarantine-attachments feature to block the new E-Card marketing worm from FriendGreetings.com. http://www.sophos.com/virusinfo/articles/greetings.html My question is can I block messages from an entire domain? I tried the following but it did not work... .*friendgreetings.com Virus-From: E-Card marketing worm why not put @friendgreetings.com in /var/qmail/control/badmailfrom (and restart)? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]Possible quarantine-attachments.db Problem
Whilst upgrading my qmail-scanner installation to 1.12 recently I decided to check the quarantine-attachments.txt file and found the line: .{100,} Virus-Date: Date Buffer Overflow trojan had been replace with the following: .{100,} Virus-Date: MIME Header Buffer Overflow .{100,} Virus-Mime-Version: MIME Header Buffer Overflow .{100,} Virus-Resent-Date: MIME Header Buffer Overflow so I decided to change my config. Try changing the descriptions so that each one is unique. --- Ed. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
RE: [Qmail-scanner-general]Possible quarantine-attachments.db Problem
-Original Message- From: CertaintyTech - Ed Henderson [mailto:[EMAIL PROTECTED]] Sent: 14 June 2002 17:40 To: Hine,Chris; [EMAIL PROTECTED] Subject: RE: [Qmail-scanner-general]Possible quarantine-attachments.db Problem Whilst upgrading my qmail-scanner installation to 1.12 recently I decided to check the quarantine-attachments.txt file and found the line: .{100,} Virus-Date: Date Buffer Overflow trojan had been replace with the following: .{100,} Virus-Date: MIME Header Buffer Overflow .{100,} Virus-Mime-Version: MIME Header Buffer Overflow .{100,} Virus-Resent-Date: MIME Header Buffer Overflow so I decided to change my config. Try changing the descriptions so that each one is unique. --- Ed. I did try that (although I already had a number of items in there with the same descriptions); .{100,} Virus-Date: MIME Header Buffer Overflow 1 .{100,} Virus-Mime-Version: MIME Header Buffer Overflow 2 .{100,} Virus-Resent-Date: MIME Header Buffer Overflow 3 with the same results as before. It seems that the first field must be unique, which makes sense for filenames, but not necessarily for headers. Chris ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ___ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general