Hi Thomas,
in exception.log:
Oct-16-11 09:01:06 Error: Worker_1: Malformed UTF-8 character (fatal) at sub
main::CheckAttachments line 53.
[assp.cfg]
DoBlockExes:=1
BlockExes:=1
BlockWLExes:=1
BlockNPExes:=1
BadAttachL1:=bat|btm|cmd|com|cpl|dll|lnk|msi|p[ir]f|reg|scr|vb[es]|url|exe|js|jse|ws[fh]|sh[sb]|ht[ab]|wmv|swf|avi|mpeg|mp[ge]|asf|mp[4321]|ogg|wav|tmp
BadAttachL2:=
BadAttachL3:=
GoodAttach:=
AttachmentError:=550 5.7.1 These attachments are not allowed -'FILENAME'-
Compress before mailing.
npAttachLog:=7
wlAttachLog:=7
extAttachLog:=7
AttachmentLog:=1
See more details in attached files.
Thanks in advance.
Mike.
Worker 1 - Connection Data ----
exception detected : Malformed UTF-8 character (fatal) at sub
main::CheckAttachments line 53.
last debug step was: Error: Malformed UTF-8 character (fatal) at sub
main::CheckAttachments line 53.
last sigoff was : last sigoff in main, sub main::SMTPTraffic, 11,
main::sigoffTry, 1, , , at 11-16-9 9:16 1318744866.68778 - 11
last sigon was : last sigon in main, sub main::SMTPTraffic, 13,
main::sigonTry, 1, , , at 11-16-9 9:16 1318744866.68796 - 13
this --------------------------------------
this->prepend =
this->socketcalls = 5
this->timelast = 1318744866
this->friend = IO::Socket::INET=GLOB(0x847e948b8)
this->fno = 211
this->_ =
this->self = IO::Socket::INET=GLOB(0x845039648)
this->debug = 0
this->timestart = 1318744866
this->type = S
this->getline = CODE(0x8110ec4e0)
this->outgoing =
friend --------------------------------------
friend->maximumuri =
friend->allLoveBombsSpam = 0
friend->NOOPcount = 0
friend->nohelo =
friend->ciphelo =
friend->msgid = [email protected]
friend->noscan =
friend->RWLokDone =
friend->obfuscateduri =
friend->socketcalls = 8
friend->pbblack =
friend->subject = _
friend->allLoveRBLSpam = 2
friend->spamlover = 2
friend->bspams =
friend->rcvdTime = 1318744866
friend->rcptNonexistent = 0
friend->delayqueue =
friend->allLoveHiSpam = 2
friend->sattachdone =
friend->SIZE = 34896
friend->spamconf = 0
friend->maillength = 33502
friend->averror =
friend->nodamping =
friend->loggedIpFromTo = 1
friend->fno = 210
friend->received =
friend->tagmode =
friend->localSenderOK =
friend->addressedToPenaltyTrap =
friend->addMSGIDsigDone =
friend->maxSize = 0
friend->acceptall =
friend->validHeloOK =
friend->localip = 10.0.0.10
friend->noprocessing =
friend->nopb =
friend->localport = 225
friend->rcptValidated = 1
friend->subject3 = Ïîäàííÿ
friend->rblfail =
friend->islocalmailaddress = 0
friend->forgedhelodone = 1
friend->headerpassed = 1
friend->validhelodone =
friend->allLoveBaysSpam = 2
friend->dkimverified =
friend->dlslre = 2
friend->IPinHeloOK =
friend->ispip =
friend->red =
friend->debug = 0
friend->msgtime = m1-44866-12712
friend->allLoveATSpam = 2
friend->attachdone =
friend->rcvd = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
friend->FromStrictOK = 1
friend->runlvl1PL = 1
friend->timestart = 1318744866
friend->rcptlist = HASH(0x844d2ac78)
friend->spamloversonly =
friend->saveprepend =
friend->allLoveHlSpam = 2
friend->numrcpt = 1
friend->spamfound =
friend->type = C
friend->msgiddone = 1
friend->skipuriblPL =
friend->allLoveSpam = 2
friend->maxRealSizeExternal =
friend->rwlok = 0
friend->authmethodes = HASH(0x84691f428)
friend->reporttype = -1
friend->spamprob = 0
friend->nocollect =
friend->cip =
friend->maximumuniqueuri =
friend->forgedHeloOK =
friend->messagescore = 0
friend->SenderBaseOK = 1
friend->helo = imx2.fcxx.com.ua
friend->outgoing =
friend->testmode =
friend->alllog =
friend->rbldone =
friend->maillog = 1
friend->greetingSent = 1
friend->signed =
friend->client = IO::Socket::INET=GLOB(0x847e948b8)
friend->mfn = 12712
friend->storecompletemail = 999999999
friend->allLoveMXASpam = 2
friend->uribldone =
friend->addressedToSpamBucket =
friend->nobayesian =
friend->prepend =
friend->formathelodone =
friend->invalidSRSBounce =
friend->localsenderdone =
friend->spamloverdone =
friend->skipnotspam = 1
friend->lastcmd = DATA
friend->allLoveURIBLSpam = 2
friend->saveprepend2 =
friend->userTempFail =
friend->noLog =
friend->nodkim =
friend->timelast = 1318744866
friend->mailfrom = [email protected]
friend->allLovePBSpam = 2
friend->pbwhite =
friend->BlackHeloOK =
friend->rblneutral =
friend->bayesdone =
friend->senderok =
friend->baysprob =
friend->friend = IO::Socket::INET=GLOB(0x845039648)
friend->subject2 =
friend->ip = 10.10.240.30
friend->ScriptOK =
friend->hasmallogname =
friend->messagelow =
friend->bayeslowconf =
friend->nodelay =
friend->attachcomment = no bad attachments
friend->filescandone =
friend->maxSizeExternal =
friend->datastart = 723
friend->preheaderlength = 0
friend->allLoveDLSpam = 2
friend->isDKIM =
friend->maillogbuf = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
Date: Fri, 14 Oct 2011 09:37:39 +0300
From: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
X-Mailer: The Bat! (v4.0.14) Professional
Reply-To: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
Organization: FC
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: Ïîäàííÿ
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------D61E312D385D9DB2"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.0.1
X-Antivirus-Code: 0x100000
------------D61E312D385D9DB2
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
--
Ñ óâàæåíèåì, Ñåðãåé
------------D61E312D385D9DB2
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
Content-transfer-encoding: base64
Content-Disposition: attachment;
filename="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
cut...
------------D61E312D385D9DB2--
.
friend->_ = kDcBqDt5t4P0R94ELDY3ZJyaJ28CEJseMqA8
friend->baystestmode =
friend->maxRealSize = 0
friend->PTROK =
friend->allLoveBoSpam = 2
friend->relayok = 1
friend->clamscandone =
friend->nopbwhite =
friend->PBOK =
friend->isbounce =
friend->accBackISPIP =
friend->delaydone =
friend->gripdone = 1
friend->self = IO::Socket::INET=GLOB(0x847e948b8)
friend->rcvdTimeStr = 16 Oct 2011 09:01:06 +0300
friend->backsctrdone =
friend->BATVrcpt =
friend->donotdelay = 1
friend->sayMessageOK =
friend->StatsmsgDelayed =
friend->cmdlist = IO::Socket::INET=GLOB(0x847e948b8).cmdlist
friend->logrecord =
friend->server = IO::Socket::INET=GLOB(0x845039648)
friend->rcpt = [email protected]
friend->invalidhelodone =
friend->whitelisted = 1
friend->fullhelo = EHLO imx2.fcxx.com.ua
friend->obfuscatedip =
friend->PBExtremeOK = 1
friend->msgidsigdone =
friend->nomlog =
friend->port = 53554
friend->allLoveSPFSpam = 2
friend->delayed =
friend->resetState = 1
friend->spfstrict =
friend->originalsubject =
friend->contentonly =
friend->BombHeaderOK =
friend->spfok =
friend->bombdone =
friend->rcptnoprocessing =
friend->doneDoDomainIP =
friend->messagescoredone =
friend->getline = CODE(0x831f871f8)
friend->BATVfrom =
friend->MXAOK =
friend->MSGIDsigRemoved =
friend->rblcachedone =
friend->SpamCollectAddress =
friend->spambuf = 0
friend->invalidHeloOK =
friend->allLovePTRSpam = 2
friend->BlackDomainOK = 1
friend->userauth = HASH(0x84691f278)
friend->writtenDataToFriend = 6
friend->myheader =
friend->doneDoFrequencyIP = 10.10.240.30
friend->allLoveISSpam = 2
friend->NoSpoofingOK =
friend->allLoveSRSSpam = 2
friend->SPFokDone = 1
friend->ismaxsize =
friend->redsl = 2
friend->allLoveSBSpam = 2
friend->allLoveBlSpam = 2
friend->header = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
Date: Fri, 14 Oct 2011 09:37:39 +0300
From: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
X-Mailer: The Bat! (v4.0.14) Professional
Reply-To: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
Organization: FC
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: Ïîäàííÿ
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------D61E312D385D9DB2"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.0.1
X-Antivirus-Code: 0x100000
------------D61E312D385D9DB2
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
--
Ñ óâàæåíèåì, Ñåðãåé
------------D61E312D385D9DB2
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
Content-transfer-encoding: base64
Content-Disposition: attachment;
filename="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
cut...
------------D61E312D385D9DB2--
.
Worker 1 - Connection Data ----
exception detected : Malformed UTF-8 character (fatal) at sub
main::CheckAttachments line 53.
last debug step was: Error: Malformed UTF-8 character (fatal) at sub
main::CheckAttachments line 53.
last sigoff was : last sigoff in main, sub main::SMTPTraffic, 11,
main::sigoffTry, 1, , , at 11-16-9 9:16 1318744866.68778 - 11
last sigon was : last sigon in main, sub main::SMTPTraffic, 13,
main::sigonTry, 1, , , at 11-16-9 9:16 1318744866.68796 - 13
this --------------------------------------
this->maximumuri =
this->allLoveBombsSpam = 0
this->NOOPcount = 0
this->nohelo =
this->ciphelo =
this->msgid = [email protected]
this->noscan =
this->RWLokDone =
this->obfuscateduri =
this->socketcalls = 8
this->pbblack =
this->subject = _
this->allLoveRBLSpam = 2
this->spamlover = 2
this->bspams =
this->rcvdTime = 1318744866
this->rcptNonexistent = 0
this->delayqueue =
this->allLoveHiSpam = 2
this->sattachdone =
this->SIZE = 34896
this->spamconf = 0
this->maillength = 33502
this->averror =
this->nodamping =
this->loggedIpFromTo = 1
this->fno = 210
this->received =
this->tagmode =
this->localSenderOK =
this->addressedToPenaltyTrap =
this->addMSGIDsigDone =
this->maxSize = 0
this->acceptall =
this->validHeloOK =
this->localip = 10.0.0.10
this->noprocessing =
this->nopb =
this->localport = 225
this->rcptValidated = 1
this->subject3 = Ïîäàííÿ
this->rblfail =
this->islocalmailaddress = 0
this->forgedhelodone = 1
this->headerpassed = 1
this->validhelodone =
this->allLoveBaysSpam = 2
this->dkimverified =
this->dlslre = 2
this->IPinHeloOK =
this->ispip =
this->red =
this->debug = 0
this->msgtime = m1-44866-12712
this->allLoveATSpam = 2
this->attachdone =
this->rcvd = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
this->FromStrictOK = 1
this->runlvl1PL = 1
this->timestart = 1318744866
this->rcptlist = HASH(0x844d2ac78)
this->spamloversonly =
this->saveprepend =
this->allLoveHlSpam = 2
this->numrcpt = 1
this->spamfound =
this->type = C
this->msgiddone = 1
this->skipuriblPL =
this->allLoveSpam = 2
this->maxRealSizeExternal =
this->rwlok = 0
this->authmethodes = HASH(0x84691f428)
this->reporttype = -1
this->spamprob = 0
this->nocollect =
this->cip =
this->maximumuniqueuri =
this->forgedHeloOK =
this->messagescore = 0
this->SenderBaseOK = 1
this->helo = imx2.fcxx.com.ua
this->outgoing =
this->testmode =
this->alllog =
this->rbldone =
this->maillog = 1
this->greetingSent = 1
this->signed =
this->client = IO::Socket::INET=GLOB(0x847e948b8)
this->mfn = 12712
this->storecompletemail = 999999999
this->allLoveMXASpam = 2
this->uribldone =
this->addressedToSpamBucket =
this->nobayesian =
this->prepend =
this->formathelodone =
this->invalidSRSBounce =
this->localsenderdone =
this->spamloverdone =
this->skipnotspam = 1
this->lastcmd = DATA
this->allLoveURIBLSpam = 2
this->saveprepend2 =
this->userTempFail =
this->noLog =
this->nodkim =
this->timelast = 1318744866
this->mailfrom = [email protected]
this->allLovePBSpam = 2
this->pbwhite =
this->BlackHeloOK =
this->rblneutral =
this->bayesdone =
this->senderok =
this->baysprob =
this->friend = IO::Socket::INET=GLOB(0x845039648)
this->subject2 =
this->ip = 10.10.240.30
this->ScriptOK =
this->hasmallogname =
this->messagelow =
this->bayeslowconf =
this->nodelay =
this->attachcomment = no bad attachments
this->filescandone =
this->maxSizeExternal =
this->datastart = 723
this->preheaderlength = 0
this->allLoveDLSpam = 2
this->isDKIM =
this->maillogbuf = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
Date: Fri, 14 Oct 2011 09:37:39 +0300
From: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
X-Mailer: The Bat! (v4.0.14) Professional
Reply-To: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
Organization: FC
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: Ïîäàííÿ
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------D61E312D385D9DB2"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.0.1
X-Antivirus-Code: 0x100000
------------D61E312D385D9DB2
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
--
Ñ óâàæåíèåì, Ñåðãåé
------------D61E312D385D9DB2
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
Content-transfer-encoding: base64
Content-Disposition: attachment;
filename="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
cut...
------------D61E312D385D9DB2--
.
this->_ = kDcBqDt5t4P0R94ELDY3ZJyaJ28CEJseMqA8
this->baystestmode =
this->maxRealSize = 0
this->PTROK =
this->allLoveBoSpam = 2
this->relayok = 1
this->clamscandone =
this->nopbwhite =
this->PBOK =
this->isbounce =
this->accBackISPIP =
this->delaydone =
this->gripdone = 1
this->self = IO::Socket::INET=GLOB(0x847e948b8)
this->rcvdTimeStr = 16 Oct 2011 09:01:06 +0300
this->backsctrdone =
this->BATVrcpt =
this->donotdelay = 1
this->sayMessageOK =
this->StatsmsgDelayed =
this->cmdlist = IO::Socket::INET=GLOB(0x847e948b8).cmdlist
this->logrecord =
this->server = IO::Socket::INET=GLOB(0x845039648)
this->rcpt = [email protected]
this->invalidhelodone =
this->whitelisted = 1
this->fullhelo = EHLO imx2.fcxx.com.ua
this->obfuscatedip =
this->PBExtremeOK = 1
this->msgidsigdone =
this->nomlog =
this->port = 53554
this->allLoveSPFSpam = 2
this->delayed =
this->resetState = 1
this->spfstrict =
this->originalsubject =
this->contentonly =
this->BombHeaderOK =
this->spfok =
this->bombdone =
this->rcptnoprocessing =
this->doneDoDomainIP =
this->messagescoredone =
this->getline = CODE(0x831f871f8)
this->BATVfrom =
this->MXAOK =
this->MSGIDsigRemoved =
this->rblcachedone =
this->SpamCollectAddress =
this->spambuf = 0
this->invalidHeloOK =
this->allLovePTRSpam = 2
this->BlackDomainOK = 1
this->userauth = HASH(0x84691f278)
this->writtenDataToFriend = 6
this->myheader =
this->doneDoFrequencyIP = 10.10.240.30
this->allLoveISSpam = 2
this->NoSpoofingOK =
this->allLoveSRSSpam = 2
this->SPFokDone = 1
this->ismaxsize =
this->redsl = 2
this->allLoveSBSpam = 2
this->allLoveBlSpam = 2
this->header = Received: from imx2.fcxx.com.ua ([10.10.240.30]
helo=imx2.fcxx.com.ua)
by emx1i.fcxx.com.ua with ESMTP (2.1.2); 16 Oct 2011 09:01:06 +0300
Date: Fri, 14 Oct 2011 09:37:39 +0300
From: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
X-Mailer: The Bat! (v4.0.14) Professional
Reply-To: Ñåðãåé Ñòàðîâîéòîâ <[email protected]>
Organization: FC
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: Ïîäàííÿ
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------D61E312D385D9DB2"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.0.1
X-Antivirus-Code: 0x100000
------------D61E312D385D9DB2
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
--
Ñ óâàæåíèåì, Ñåðãåé
------------D61E312D385D9DB2
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
Content-transfer-encoding: base64
Content-Disposition: attachment;
filename="ÁÀÐÄÀØ Í.Ì. ïîäàííÿ.docx"
cut...
------------D61E312D385D9DB2--
.
Oct-16-11 09:01:06 m1-44866-12712 [Worker_1] 10.10.240.30
<[email protected]> info: found message size announcement: 34.08 kByte
Oct-16-11 09:01:06 m1-44866-12712 [Worker_1] 10.10.240.30
<[email protected]> to: [email protected] info: 1 attachment
found for Level-1
Oct-16-11 09:01:06 [Worker_1] Error: Worker_1: Malformed UTF-8 character
(fatal) at sub main::CheckAttachments line 53.
Oct-16-11 09:01:06 [Worker_1] Info: auto restart died worker Worker_1
Oct-16-11 09:01:06 [Worker_1] info: wrote all current available connection data
to file /usr/local/share/assp/debug/con343.txt
Oct-16-11 09:01:06 m1-44866-12712 [Worker_1] 10.10.240.30
<[email protected]> to: [email protected] info: wrote all current
available connection data to file /usr/local/share/assp/debug/con344.txt
Oct-16-11 09:01:07 [Worker_1] Worker_1 started
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
