one of my users complains she can no longer send PDFs, claim our mail server 'blocks them and marks them as virus'
she says she emailed to her gmail account, as well, account on our server, and, on our server it came with a text attachement 'ZW.txt' which says 'virus detected' I'm guessing this ZW.txt is added by some equipment at their end ? before they upload it to our server unfortunately, I deleted copy of that email that she send to me, with the pdf and 'ZW.txt', and, I'm awaiting her to resend, BUT, looking through the logs I found this: if I understand this, the PDF is identified as as a CCIT voice file ?? what else I need to check ? --------------------- # grep 16729-04 /var/log/maillog Jan 10 12:50:45 amavis[16729]: (16729-04) LMTP::10024 /var/amavis/tmp/amavis-20110110T124521-16729: <i...@tld.com> -> <i...@tld.com>,<aj.mailu...@gmail.com>,<voy...@sbt.net.au> SIZE=364042 BODY=8BITMIME Received: from bilby.sbt.net.au ([127.0.0.1]) by localhost (bilby.sbt.net.au [127.0.0.1]) (amavisd-new bilby, port 10024) with LMTP; Mon, 10 Jan 2011 12:50:45 +1100 (EST) Jan 10 12:50:45 amavis[16729]: (16729-04) Checking: 0yFdiUKYq59X [58.9.36.88] <i...@tld.com> -> <i...@tld.com>,<aj.mailu...@gmail.com>,<voy...@sbt.net.au> Jan 10 12:50:45 amavis[16729]: (16729-04) Open relay? Nonlocal recips but not originating: i...@tld.com, aj.mailu...@gmail.com Jan 10 12:50:45 amavis[16729]: (16729-04) p003 1 Content-Type: multipart/mixed Jan 10 12:50:45 amavis[16729]: (16729-04) p001 1/1 Content-Type: text/plain, size: 940 B, name: Jan 10 12:50:45 amavis[16729]: (16729-04) p002 1/2 Content-Type: application/pdf, size: 263858 B, name: SPR0A0J15-00.pdf Jan 10 12:50:45 amavis[16729]: (16729-04) (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: /usr/share/file/magic, 917: Warning description `8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data enco' truncated Jan 10 12:50:45 amavis[16729]: (16729-04) (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: /usr/share/file/magic, 947: Warning description `8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data enco' truncated Jan 10 12:50:46 amavis[16729]: (16729-04) (!)BitDefender av-scanner FAILED: /usr/bin/bdc DIED, signal 11 (000b) at (eval 114) line 594. Jan 10 12:50:49 amavis[16729]: (16729-04) FWD via SMTP: <i...@tld.com> -> <i...@tld.com>,<aj.mailu...@gmail.com>,<voy...@sbt.net.au>,BODY=8BITMIME 250 2.0.0 Ok, id=16729-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E30FDB446BC Jan 10 12:50:49 amavis[16729]: (16729-04) Passed CLEAN, [58.9.36.88] [58.9.36.88] <i...@tld.com> -> <i...@tld.com>,<aj.mailu...@gmail.com>,<voy...@sbt.net.au>, Message-ID: <4d2a65d3.6010...@tld.com>, mail_id: 0yFdiUKYq59X, Hits: -2.483, size: 364041, queued_as: E30FDB446BC, 3647 ms Jan 10 12:50:49 amavis[16729]: (16729-04) TIMING-SA total 2608 ms - parse: 91 (3.5%), extract_message_metadata: 118 (4.5%), get_uri_detail_list: 10 (0.4%), tests_pri_-1000: 32 (1.2%), tests_pri_-950: 5 (0.2%), tests_pri_-900: 4 (0.1%), tests_pri_-400: 98 (3.8%), check_bayes: 87 (3.3%), tests_pri_0: 1818 (69.7%), check_spf: 1.01 (0.0%), check_razor2: 1425 (54.6%), check_pyzor: 0.53 (0.0%), tests_pri_500: 8 (0.3%), tests_pri_900: 4 (0.2%), tests_pri_1000: 121 (4.6%), total_awl: 117 (4.5%), check_awl: 13 (0.5%), update_awl: 0.24 (0.0%), learn: 277 (10.6%), get_report: 4 (0.1%) Jan 10 12:50:49 postfix/lmtp[16847]: 5E11CB446F7: to=<i...@tld.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=18/0/0.01/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=16729-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E30FDB446BC) Jan 10 12:50:49 postfix/lmtp[16847]: 5E11CB446F7: to=<aj.mailu...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=18/0/0.01/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=16729-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E30FDB446BC) Jan 10 12:50:49 postfix/lmtp[16847]: 5E11CB446F7: to=<voy...@sbt.net.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=18/0/0.01/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=16729-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E30FDB446BC) Jan 10 12:50:49 amavis[16729]: (16729-04) TIMING [total 3662 ms] - SMTP greeting: 4 (0%)0, SMTP LHLO: 2 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 6 (0%)0, SMTP DATA: 95 (3%)3, check_init: 1 (0%)3, digest_hdr: 3 (0%)3, digest_body_dkim: 9 (0%)3, gen_mail_id: 3 (0%)3, mime_decode: 101 (3%)6, get-file-type2: 53 (1%)8, parts_decode: 1 (0%)8, check_header: 4 (0%)8, AV-scan-1: 115 (3%)11, AV-scan-2: 381 (10%)21, spam-wb-list: 8 (0%)21, SA parse: 94 (3%)24, SA check: 2507 (68%)93, update_cache: 17 (0%)93, decide_mail_destiny: 2 (0%)93, fwd-connect: 12 (0%)93, fwd-mail-pip: 18 (0%)94, fwd-rcpt-pip: 1 (0%)94, fwd-data-chkpnt: 0 (0%)94, write-header: 2 (0%)94, fwd-data-contents: 46 (1%)95, fwd-end-chkpnt: 140 (4%)99, prepare-dsn: 2 (0%)99, main_log_entry: 24 (1%)100, update_snmp: 6 (0%)100, SMTP pre-response: 1 (0%)100, SMTP response: 2 (0%)100, unlink-2-files: 1 (0%)100, rundown: 1 (0%)100 Jan 10 12:53:32 amavis[16729]: (16729-04) loaded policy bank "AUTHENTICATED" --------------------- -- Voytek ------------------------------------------------------------------------------ Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
