> > > Also, with clamav-milter and sendmail. I see that the headers of > quarantined messages go to /var/spool/mqueue with root:smmsp owner/group > permissions and the header of the email starts with hf whilst the body of > the message starts with df. So the message in question looks like this: > > -rw------- 1 root smmsp 10050 Apr 12 09:40 hf13CDdtaZ2926176 > > -rw------- 1 root smmsp 100157 Apr 12 09:39 df13CDdtaZ2926176 > > > > To release the message how does one find the queue_id to use the > sendmail -qI command? > > I just checked out our quarantine to see what you were talking about and > found a couple of ads in there. > Forwarded off a sample to Micah, but it looks like there are some very > phishy looking links in the samples I have. > HTML link: americanexpress.com/rewards-info > Actual underlying link: > https://urldefense.proofpoint.com/v2/url?u=https-3A__click.o.delta.com_u_-3Fqs-3D1568763c78f67b6cdcd44df9cfac10c6bdd8a68c567c4d04238da45d4092cc1adeef2f53a3a8c4248f7140f92bd80fb33b830537983d2ad07ed440f137dd0226&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=P8yJim8mHfh9YWQcm2zQMPSq7pKr5iHpgTAzY5BA-xw&s=PC29G4XeTV8m9J0VpeSVtq9inSWRkSuL-sm_4k0mvpA&e= > > If you ask me, that deserves to be quarantined. >
Yes I agree but it's a bit subjective. > For Sendmail, it should be something like "sendmail -q" I would definitely > look it up in the man pages, as I've been using postfix and exim now for > awhile. Well from http://www.postfix.org/postqueue.1.html -i queue_id Schedule immediate delivery of deferred mail with the specified queue ID. This option implements the traditional sendmail -qI command, by contacting the flush(8) server. But that (sendmail -qI) doesn't appear to unquarantine anything. My question is what does "queue_id" refer to? And from a user's blog (with translation on) https://nauwg3k7ped5ecgcukpptbgr6e-jj2cvlaia66be-www-usebox-net.translate.goog/jjm/sendmail/ Processing the queue > If we remember the Sendmail execution line, we will see that it is > indicated by means of -q30m processing the messages stored in the queue > every 30 minutes. You can force the process by: > # sendmail -q > If we wanted to process a specific message we would use -qI _Q-ID_, for > example: > # sendmail -qI hB8HQQhK013863 > Or indicating the sender with -qS _remitente_: > # sendmail -qS '<reid...@mydomain.com>' > Or indicating one of the recipients with -qR _destinatario_: > # sendmail -qR '<nou...@domain.without-mail.com>' So I still don't know what "queue_id" is.
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
