-Original Message-
From: D.Monroe [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 8:31 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]magic-smtpd?
I'm curious to know if anyone on this list has made use of
magic-smtpd:
-Original Message-
From: Jeremy Kusnetz [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 3:29 PM
I've been running with virus scanning through uvscan and spam
scanning with spamassassin with no problems.
I would now like to move to where both virus and spam
scanning are
-Original Message-
From: Jeremy Kusnetz [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 5:01 PM
To: Dallas L. Engelken; [EMAIL PROTECTED]
Subject: RE: [Qmail-scanner-general]Trying to daemonize
uvscan through spamd
Actually I'm now looking at the uvscan docs, it seems
Actually I'm now looking at the uvscan docs, it seems by
adding --mime and --mailbox to uvscan it should handle the
unpacked email by itself. Maybe these should be added to
qmail-scanner itself? Also qmail-scanner sets the --secure
option, which activates --unzip, so should --unzip be
-Original Message-
From: Jeremy Kusnetz [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 5:01 PM
Actually I'm now looking at the uvscan docs, it seems by
adding --mime and --mailbox to uvscan it should handle the
unpacked email by itself. Maybe these should be added to
testing.. looks like sourceforge implemented rfc822 checks at the smtp
level to verify the remote party accepts mail for
[EMAIL PROTECTED]
just want to see if this goes through..
d
---
This SF.Net email is sponsored by: INetU
Attention Web
I'm afraid the perlscanner file checks happen first for a
reason - they're cheap :-) Any virus/whatever you can block
earlier means less work for your system.
is it possible to change the calls to perlscan_scanner() and scanloop()
around in the init_scanners() function? or will take break
-Original Message-
From: John Johnson [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]test
It works So do you know how SF managed this trick with
there mail servers?
-John
when i send
mail from:
-Original Message-
From: J. Kendzorra [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 3:43 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Environment variables
Hello list,
I searched the archive for that, but didn't find anything:
I'd like to use SpamAssassin
-Original Message-
From: J. Kendzorra [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 29, 2003 4:03 AM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Environment variables
Hi Dallas,
i tried your solution, but for me it didn't work because the
.qmail-file
didn't
-Original Message-
From: Adam Denenberg [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 16, 2003 8:28 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]uvscan confusion with --unzip
and --mime
Also i understand that since Q-S calls uvscan with --secure
that the
-Original Message-
From: Adam Denenberg [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 16, 2003 11:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [Qmail-scanner-general]uvscan confusion with
--unzip and --mime
so am i gaining anything by turning on either force_unzip or
this patch will prevent multiple X-Spam-Status: occurencys from
overriding your $sa_score and $sa_max values. for some people who use
the sql logging additions, this is important, otherwise it records
incorrect values. for everyone else, it's not overly important,
because the only place you
-Original Message-
From: Bill Moran [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 7:34 AM
To: Matt
Cc: ML qmail-scanner
Subject: Re: [Qmail-scanner-general]Worm.Sobig.F
Matt wrote:
How can I prevent the sobig worm from going out to people?
Get it off your
-Original Message-
From: CertaintyTech [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 12:04 PM
To: 'ML qmail-scanner'
Subject: RE: [Qmail-scanner-general]Worm.Sobig.F
option 1) restrict all outbound destination port 25 traffic
from your
internal lan, except for
-Original Message-
From: CertaintyTech [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 11:25 AM
To: Dallas L. Engelken; 'ML qmail-scanner'
Subject: RE: [Qmail-scanner-general]Worm.Sobig.F
Shouldn't the last entry in the access-list be:
access-list 102 permit ip any
-Original Message-
From: Brian Ipsen [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 24, 2003 10:29 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Suggestion: Option to archive
all messages tagged by SpamAssassin
Hi!
I miss an option, where it is possible to
-Original Message-
From: Tyler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 10:19 AM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Spam Assassin Scripts
Just wondering if anyone had any ideas as to how to add my
own spamassassin scripts to
-Original Message-
From: Tyler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 12:08 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Spam Assassin Scripts
Here are the scripts I am using. Right now, the QMAILQUEUE
env variable is set to
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 12:32 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]problems with SA
--scanners clamscan,verbose_spamassassin
see what @scanners has in it... jsut because you
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 1:41 PM
To: Dallas L. Engelken
Subject: RE: [Qmail-scanner-general]problems with SA
this is the only thing in my scanner_array:
my @scanner_array=(clamscan_scanner);
so I
-Original Message-
From: Nick Lomonte [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 3:14 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]performance issue
Like so many others, with the recent flood of SoBig spam
coming through our server, I decided to
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 4:15 PM
To: Dallas L. Engelken; [EMAIL PROTECTED]
Subject: RE: [Qmail-scanner-general]problems with SA
I just confirmed. Although, I didn't install Spamassassin
prior
I had a bit of a problem with McAfee. It does not run on RH9
unless you do a trick: LD_PRELOAD=/lib/libc.so.6 uvscan This
preloads the correct library. I set up an alias (in
/etc/profile.d/color*) which created and alias for uvscan
(uvscan='LD_PRELOAD=/lib/libc.so.6 uvscan')
installing
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 2:03 PM
To: [EMAIL PROTECTED]
Cc: Dallas L. Engelken
Subject: RE: [Qmail-scanner-general]question about mysql sa with qs
Aug 28 14:59:02 fbsd spamc[3554]: invalid usage
-Original Message-
From: Kazuhiko [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 8:16 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]version string of F-Prot Antivirus
Hello.
I recently downloaded 'F-Prot Antivirus for Linux
Workstations - for home
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 5:56 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Using Bayes/Spamassassin with
Qmailscanner
I am trying to implement bayes filtering with
qmailscanner/spamassassin
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 30, 2003 8:02 AM
To: Dallas L. Engelken; [EMAIL PROTECTED]
Subject: RE: [Qmail-scanner-general]Using Bayes/Spamassassin
with Qmailscanner
edit your local.cf and point bayes to a global
-Original Message-
From: Jesse Guardiani [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 10:04 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]SoBig.F silent
Howdy list,
I have sobig in my list of --silent-viruses.
And I am (appropriately) still
How does qmail-scanner actually send the notification though?
Does it just use the sendmail command?
my $qmailinject = '/var/qmail/bin/qmail-inject';
open(SM,|$qmailinject -h -f '')||tempfail(cannot open $qmailinject
for sending quarantine report - $!);
If that's the case, then
-Original Message-
From: Chris Eagles [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 9:08 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Fwd: Uvscan on 1.20rc3 using
--redundant
When using qmail-scanner-1.20rc3 if the --redundant switch is
set
-Original Message-
From: Chris Eagles [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 10:22 AM
To: Dallas L. Engelken
Subject: RE: [Qmail-scanner-general]Fwd: Uvscan on 1.20rc3
using --redundant
Do you know why they aren't added to qs package
-Original Message-
From: Marcio R A Garcia [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2003 2:31 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]No quarantine
Anything like this:
cd /var/spool/qmailscan/quarantine
rm -rf new
ln -s /dev/null new
I have redundant scanning off in my 1.16 qmail-scanner and
uvscan setup b/c i use --unzip with uvscan. I would like to
turn off force_unzip, but i need perlscanner to block
attachments outside and inside the zip.
is it possible for perlscanner to block outside and inside
the zip
so i should probably turn off --unzip then in uvscan since i
have to leave it on in Q-S to get perlscanner to read inside
and outside the zip and then turn redundant_scanning on.
That seems most optimal CPU wise for needing to catch
attachments and viruses both inside and outside the
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Clamscan -- any thoughts?
I'm using clam-av with qmail-scanner. Is anyone else STILL
haven't problems blocking the microsoft
if ($sa_status == 0) {
if ($sa_max == 0) {
$tag_score .= SA:?($sa_score/$sa_max):;
} else {
$tag_score .= SA:0($sa_score/$sa_max):;
$sa_comment = No, hits=$sa_score required=$sa_max if
($spamc_options =~ /\-c/);
}
} else {
$tag_score .=
-Original Message-
From: Jason Haar [mailto:[EMAIL PROTECTED]
Sent: Monday, February 02, 2004 5:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]hostname call
On Tue, Jan 27, 2004 at 10:49:49AM +, Mark Powell wrote:
Hi,
Is there any reason that the
-Original Message-
From: Jason Haar [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 03, 2004 2:53 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]hostname call
On Tue, Feb 03, 2004 at 08:44:08AM -0600, Dallas L. Engelken wrote:
# HOSTNAME GRABBED DYNAMICALLY
Jason Haar wrote:
On Tue, Feb 03, 2004 at 08:44:08AM -0600, Dallas L. Engelken wrote:
# HOSTNAME GRABBED DYNAMICALLY open(ME,/var/qmail/control/me);
flock(ME,2);
my $temphost=ME;
close(ME);
Care to explain the need of a flock? Seems to me you could
be making
things worse
-Original Message-
From: Doug Monroe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 03, 2004 5:13 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]hostname call
Dallas L. Engelken wrote:
you call open() expensive!
I said -relatively- expensive, relative
I was looking through the code on 1.21 and saw that virus scans are
disabled on plain text messages... This can be a problem when a plain
text message with an old style Uuencoded attachment is in-lined into a
message using begin and end statements... Take the following email for
example...
I wouldn't necessarily call this a vulnerability. I ran into
this when writting the Regex Scanner for QSQ. Find
$skip_text_msgs and set it to 0 so that all e-mails,
including plain text, are scanned.
This only applies to the 1.2x versions, 1.1x don't have this feature.
You don't
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Saturday, April 03, 2004 2:37 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]g_e_h: no sender and no recips
Hello friends,
I am using RH8.0 Linux,
It doesnt need to be addressed at all. It isnt a bug or a
problem with QS. If you are so worried about it, set
$skip_text_msgs = 0 and call it a day. This isnt anything
new. The only argument i see here is that MAYBE this should
be 0 by default.
Call it what you will... I just
No I don't call it a vulnerability. The skip_text_msgs
feature, intended to skip messages that just seem to be plain
text, improves performance by not scanning messages that
don't appear to have binary content. Admittedly, yes, its
not perfect. Not being a user of QSQ 1.2x, I don't
Just tested ripmime and it sees it..
[EMAIL PROTECTED] tmp]# ripmime -v -imsg1
Decoding filename=textfile0_1
Decoding filename=Dad, Lavena, Alta.jpg
Decoding filename=textfile1_1
Decoding filename=Dad, Lavena, Alta.jpg
reformime does not.
[EMAIL PROTECTED] tmp]# reformime -i
Here is the proof that QS bypasses Virus Scans on it
Thu, 08 Apr 2004 10:14:43 -0500:17737: from=Kathy Scott
[EMAIL PROTECTED],subj=FW: Mom Russell,
x-qmail-scanner-message-id=[EMAIL PROTECTED]
nmgi.com via local process 17737 Thu, 08 Apr 2004 10:14:43
-0500:17737: This is a
scanloop: scanner=spamassassin,plain_text_msg=0
Any one could explain what that means ?
It means 'sub scanloop' its calling the 'sub spamassassin' and
$plain_text_msg is set to 0, either because you have the default set to
off, or because the particular message it is scanning had MIME
if ($REJECT_VIRUS $quarantine_event $destring =~
m/^virus/) {
error_condition(Virus detected, send SMTP error
code...,33);
}
if ($REJECT_SPAM $spam_event) {
error_condition(Spam detected, send SMTP error
code...,32);
}
I'm eager to
1. I am an infected Windows PC. I use SMTP to send the virus to my
default SMTP gateway, it rejects the message (due to virus)
at the SMTP
layer. The virus doesn't report that SMTP error to the end user - so
they are unaware they are infected.
How many viruses send mail via the SMTP
Sending a 5xx error only makes sense if a message is
quarantined due to policy reasons (by perl_scanner) since
that is usually where you have false positives. Otherwise
99.9% of messages that have detectable viruses have fake
senders and therefore it would be meaningless to send a
I gather that you would like to completely replace the
psender functionality (or create another option that is
mutually exclusive to psender) with the ability to return a
550 and a customer error message.
Well, not completely replace it, but there is literally no difference
between
On Wed, May 12, 2004 at 08:08:04AM -0500, Dallas L. Engelken wrote:
Nobody will bitch at you for handing a 550 to a virus infected
email... I guarantee it!
But no-one has explained why it is better than the current system!
First of all, this is not a debate...
Jesse was making
What we *should* do is include a qmail patch to allow q-s to
return 550 message rejected because it contains a virus
when it detects a virus.
Then if the virus is using its own SMTP engine (most do) it
will be unable to send mails to our servers. No bounces are
generated; virus can't
If this was a real user, sending a virus-infected file, then both
methods would cause the user to be notified.
Not if you're using psender functionality. That is the whole
basis for this discussion. The addition of psender
functionality, IMO, makes in necessary to return a 550.
So why don't we change qmail-scanner to return
a 5xx SMTP error code and a short message when a
virus email is quarantined?
That way, a legitimate sender will instantly
know that there is a problem with his email,
instead of believing that the email was delivered
successfully. If the
Patch:
-
http://www.engelken.net/download/policyonzip.patch
Description:
-
This patch allows you to configure whether or not perlscan_scanner has
access to filenames that are inside of zip files. Currently, with
$force_unzip=1, files are unzipped and
In order to get error codes that mean something, instead of
'451 qq temp
fail', you'll need to recompile qmail/netqmail.
And since we are talking about permanent failures, that should have said
551 mail server permanently rejected message where exit code is 31.
Just curious which smtp clients re-attach the original message and
send it back to the return-path?? Whoever does this should
be shot!
I don't
Err - Qmail for starters? Sendmail? Postfix? Exchange? All
mail servers default to bouncing the ENTIRE message back to
sender - most
Is anyone seeing messages in qmail-scanner that cause ripmime to exceed
20 parts and cause tempfail ?
output spotted from /usr/local/bin/ripmime --unique_names -i - -d
/var/qmail/qmailscan/tmp/mailgw.nmgi.com108670228878018143/
(mime.c:2666:MIME_unpack_stage2:WARNING: Current recursion level of
Argh...
d_m: output spotted from /usr/local/bin/ripmime --disable-qmail-bounce
--no-ole --recursion-max 30 --unique_names -i - -d
/var/qmail/qmailscan/tmp/localhost108800011278119877/
(mime.c:1032:MIME_is_file_mime:ERROR: cannot open file
Argh...
d_m: output spotted from /usr/local/bin/ripmime
--disable-qmail-bounce --no-ole --recursion-max 30
--unique_names -i - -d
/var/qmail/qmailscan/tmp/localhost108800011278119877/
(mime.c:1032:MIME_is_file_mime:ERROR: cannot open file
Argh...
d_m: output spotted from /usr/local/bin/ripmime
--disable-qmail-bounce --no-ole --recursion-max 30
--unique_names -i - -d
/var/qmail/qmailscan/tmp/localhost108800011278119877/
(mime.c:1032:MIME_is_file_mime:ERROR: cannot open file
FYI
-Original Message-
From: Paul L Daniels [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 26, 2004 9:28 PM
To: Dallas L. Engelken
Cc: [EMAIL PROTECTED]
Subject: Re: [Ripmime-general] RE: Yet another ripmime 1.3.1.2 error
Dallas (and everyone else)
[NOTE -I can't
FYI again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Paul L Daniels
Sent: Monday, June 28, 2004 5:08 AM
To: [EMAIL PROTECTED]
Subject: [Ripmime-general] ripMIME 1.3.2.0
1.3.2.0 has been released publically;
Hey guys..
I was looking at this sub, and noticed it calls avpdaemon like
`$avpdaemon_binary $ENV{'TMPDIR'} 21`;
However, if you've messed with aveclient/aveserver, you'll see that this
does not work.
# /usr/local/kav/bin/aveclient -p /var/run/aveserver -s /tmp
/tmp ERROR not a regular file
Hey guys..
I was looking at this sub, and noticed it calls avpdaemon like
`$avpdaemon_binary $ENV{'TMPDIR'} 21`;
However, if you've messed with aveclient/aveserver, you'll see that
this does not work.
# /usr/local/kav/bin/aveclient -p /var/run/aveserver -s /tmp
/tmp ERROR
The only problem that I can think of now, is how to
determine if mail is delivered local, or it is delivered
remote (to sign it or to check it), since --local-domains
isn't good enough. I was thinking of some way to read the
domains from rcpthosts and know which domains are local
IMO, Your best best is a patch to qmail-remote.c that 'signs' the
domain key at that point as its leaving your system.
Maybe but I want to integrate it in qmail-scanner so I cannot
patch qmail-remote, since qmail-local handles incoming and
outgoing mails
Oh no..
Qmail-queue
my qmail-smtpd/run
exec /usr/local/bin/softlimit -m 12000 \
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/qmail/tcp.smtp.cdb
-c $MAXSM TPD \ -u $QMAILDUID -g
$NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd $LOCAL \
/home/vpopmail/bin/vchkpw /usr/bin/true 21
Nicola
Sounds like
71 matches
Mail list logo