Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT

Fri, 19 Mar 2004 16:13:25 -0800 

On Fri, 19 Mar 2004 17:51:11 -0500, Ryan Moore <[EMAIL PROTECTED]> wrote:


>
>You probably want the -b option to reject the DATA phase of the SMTP 
>session if the milter detects a virus.
>
I added the -b option to clamav-milter.

As root, i typed " cat eircar.com | mail steve -s test "

Sendmail didn't like it. There's got to be more to it, I think.

Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: from=root, size=97,
class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093:
from=<[EMAIL PROTECTED]>, size=398, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1]
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093: Milter: data,
reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net

**** OK, the milter sets the 550 code

Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30398, stat=Virus detected
by ClamAV - http://www.clamav.net
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: to=steve, ctladdr=root
(0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30097,
relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: i2JNlWJx020091: DSN:
Service unavailable
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093: from=<>, size=2019,
class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1]
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093: Milter: data,
reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=32019, stat=Virus detected
by ClamAV - http://www.clamav.net
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: to=root,
delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31121, relay=[127.0.0.1]
[127.0.0.1], dsn=5.0.0, stat=Service unavailable
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: i2JNlWK0020091: return
to sender: Service unavailable

**** but sendmail doesn't know what to do with it but we can see the virus
file contines to get passed around, getting passed through the milter again

Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093: from=<>, size=3690,
class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1]
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093: Milter: data,
reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net
Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=33690, stat=Virus
detected by ClamAV - http://www.clamav.net
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWK0020091: to=postmaster,
delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32145, relay=[127.0.0.1]
[127.0.0.1], dsn=5.0.0, stat=Service unavailable
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: Losing
./qfi2JNlWJx020091: savemail panic
Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: SYSERR(root): savemail:
cannot save rejected email anywhere

*** and it's gone
--
   Steve
   


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to