Are these log records for live email??? I seems that there is no sender or recip which is causing the scanner to dump. Let me see some real email get scanned or it could be that studmail or qmail is mangling the message.
-----Original Message----- From: russ [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 11:58 AM To: [EMAIL PROTECTED] Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db On Sun, 2003-10-12 at 11:28, Jason Staudenmayer wrote: > What's the output of "/var/qmail/bin/qmail-scanner-queue.pl -g" > And let's see the qmail-quarentine.txt file Here are the outputs: # Sample of well-known viruses that perlscan_scanner can use # # This is case-insensitive, and TAB-delimited. # # ****** # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after # this file is modified # ****** # # Format: three columns # # filename<TAB>size (in bytes)<TAB>Description of virus/whatever # # OR: # # string<TAB>Header<TAB>Description of virus/whatever # # [this one allows you to match on (e.g.) Subject line. # # NOTE 1: This is the crudest "virus scanning" you can do - we are # arbitrarily deciding that particular filenames of certain sizes contain # viruses - when they may not. However this can be useful for the times # when a new virus is discovered and your scanner cannot detect it (yet). # # NOTE 2: This is only good for picking up stand-alone viruses like the # following. Macro viruses are impossible to detect with this method as # they infect users docs. # # NOTE 3: Wildcards are supported. This system can also be used to deny # Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other # wildcard type is supported. Be very careful with this feature. With # wildcards, the size field is ignored (i.e. any size matches). # # .exe 0 Executable attachment too large # # That would ban .EXE files from your site (but would # still allow .zip files... # # .mp3 0 MP3 attachments disallowed # # ...would stop any Email containing MP3 attachments passing. # # NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over # a certain size - you should # "echo 10000000 > /var/qmail/control/databytes" # to set the maximum SMTP message size to 10Mb. # # NOTE 5: The second option allows you to match on header. This would allow # you to block Email viruses when you don't know anything else other than # there's a wierd Subject line (or From line, or X-Spanska: header, ...). # Note that it's a case-sensitive, REGEX string, and the system will # automatically surround it with ^ and $ before matching. i.e. if you # want wildcards, explicitly put them in... # # The string _must_be_ "Virus-" followed by the header you wish to match # on - followed by a colon (:). # # e.g. # # Pickles.*Breakfast Virus-Subject: Fake Example Pickles virus # # will match "Subject: Pickles for Breakfast" - and # not "Subject: Pickles - where did you go?" # # # NOTE 6: Similar to the headers option, you can match on the mail ENVELOPE # headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to # Virus-<header>, except that the header names are MAILFROM and RCPTTO only. # # e.g. # # [EMAIL PROTECTED] Virus-MAILFROM: Bad mail envelope not allowed here! # # NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to match # actions against the IP address of the SMTP client. # EICAR.COM 69 EICAR Test Virus Happy99.exe 10000 Happy99 Trojan zipped_files.exe 120495 W32/ExploreZip.worm.pak virus ILOVEYOU Virus-Subject: Love Letter Virus/Trojan message/partial.* Virus-Content-Type: Message/partial MIME attachments blocked by policy #The following matches Date: headers that are over 100 chars in length #these are impossible in the wild .{100,} Virus-Date: MIME Header Buffer Overflow .{100,} Virus-Mime-Version: MIME Header Buffer Overflow .{100,} Virus-Resent-Date: MIME Header Buffer Overflow # #Let's stop that nasty BadTrans virus from uploading your keystrokes... [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]| [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] m|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] cite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] atka.net|[EMAIL PROTECTED] Virus-To: BadTrans Trojan exploit! # # These are examples of prudent defaults to set for most sites. # Commented out by default .vbs 0 VBS files not allowed per Company security policy .lnk 0 LNK files not allowed per Company security policy .scr 0 SCR files not allowed per Company security policy .wsh 0 WSH files not allowed per Company security policy .hta 0 HTA files not allowed per Company security policy .pif 0 PIF files not allowed per Company security policy .exe 0 EXE files not allowed .mp3 0 MP# files not allowed # ****** # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after # this file is modified # ****** # # EOF and perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 17 entries. Thanks, > > > -----Original Message----- > From: russ [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 12, 2003 10:57 AM > To: [EMAIL PROTECTED] > Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > On Sun, 2003-10-12 at 10:34, Jason Staudenmayer wrote: > > Let's see your debug log. > > > > -----Original Message----- > > From: russ [mailto:[EMAIL PROTECTED] > > Sent: Sunday, October 12, 2003 10:28 AM > > To: [EMAIL PROTECTED] > > Subject: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > > > > qmail-scanner seems to be working correctly, except that no matter what > > I do to "quarantine-attachments.db" (ie. changing rights and owners > > etc.) all rules in that list a ignored. Can someone please point me in > > the right direction to fix this. PLEASE. > > Here is part of debug log, .exe files are set to be rejected, but they > pass right through. When I run /var/qmail/bin/qmail-scanner-queue.pl > -r it reads the rules just fine. > > > uid=88 at Sun, 12 Oct 2003 00:19:54 -0400 > > Sun, 12 Oct 2003 00:19:54 -0400:22878: setting UID to EUID so > subprocesses can access files generated by this script > > Sun, 12 Oct 2003 00:19:54 -0400:22878: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 00:19:54 -0400:22878: incoming pipe connection from via > local process 22878 > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org106593239445622878 > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 > [1065932394.6983] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: found a top-level boundary > definition of =_0_22874_1065932394 > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 1: Content-Type > of text/plain found > > Sun, 12 Oct 2003 00:19:54 -0400:22878: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 2: Content-Type > of application/octet-stream found > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 to > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > [1065932394.76823] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > </var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > [1065932394.76891] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > [1065932394.81511] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593239445622878/1065932394.228 > 80-0.studmail.essextech.org is a TNEF file?: 256 [1065932394.82294] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593239445622878/FLASHCOM.EXE > is a TNEF file?: 256 [1065932394.83063] > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: unpacking message took > 0.062109 seconds > > Sun, 12 Oct 2003 00:19:54 -0400:22878: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 00:19:54 -0400:22878: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 00:19:54 -0400:22878: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org106593239445622878/ > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: +++ starting debugging for > process 22906 by uid=88 at Sun, 12 Oct 2003 00:28:36 -0400 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: setting UID to EUID so > subprocesses can access files generated by this script > > Sun, 12 Oct 2003 00:28:36 -0400:22906: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: incoming pipe connection from via > local process 22906 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org106593291645622906 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 > [1065932916.61332] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: found a top-level boundary > definition of =_0_22902_1065932916 > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 1: Content-Type > of text/plain found > > Sun, 12 Oct 2003 00:28:36 -0400:22906: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 2: Content-Type > of application/octet-stream found > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 to > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > [1065932916.68368] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > </var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > [1065932916.68433] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > [1065932916.73092] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593291645622906/1065932916.229 > 08-0.studmail.essextech.org is a TNEF file?: 256 [1065932916.73869] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593291645622906/FLASHCOM.EXE > is a TNEF file?: 256 [1065932916.74597] > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: unpacking message took > 0.062042 seconds > > Sun, 12 Oct 2003 00:28:36 -0400:22906: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 00:28:36 -0400:22906: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 00:28:36 -0400:22906: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org106593291645622906/ > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: +++ starting debugging for > process 22941 by uid=88 at Sun, 12 Oct 2003 00:42:19 -0400 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: setting UID to EUID so > subprocesses can access files generated by this script > > Sun, 12 Oct 2003 00:42:19 -0400:22941: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: incoming pipe connection from via > local process 22941 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org106593373945622941 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 > [1065933739.09837] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: found a top-level boundary > definition of =_0_22937_1065933738 > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 1: Content-Type > of text/plain found > > Sun, 12 Oct 2003 00:42:19 -0400:22941: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 2: Content-Type > of application/octet-stream found > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 to > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > [1065933739.16798] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > </var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > [1065933739.16866] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > [1065933739.21535] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593373945622941/1065933739.229 > 43-0.studmail.essextech.org is a TNEF file?: 256 [1065933739.22332] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593373945622941/FLASHCOM.EXE > is a TNEF file?: 256 [1065933739.23054] > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: unpacking message took > 0.062266 seconds > > Sun, 12 Oct 2003 00:42:19 -0400:22941: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 00:42:19 -0400:22941: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 00:42:19 -0400:22941: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org106593373945622941/ > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: +++ starting debugging for > process 22963 by uid=88 at Sun, 12 Oct 2003 00:46:37 -0400 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: setting UID to EUID so > subprocesses can access files generated by this script > > Sun, 12 Oct 2003 00:46:37 -0400:22963: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: incoming pipe connection from via > local process 22963 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org106593399745622963 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 > [1065933997.61003] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: found a top-level boundary > definition of =_0_22959_1065933997 > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 1: Content-Type > of text/plain found > > Sun, 12 Oct 2003 00:46:37 -0400:22963: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 2: Content-Type > of application/octet-stream found > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 to > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > [1065933997.68061] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > </var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > [1065933997.68125] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > [1065933997.72819] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593399745622963/1065933997.229 > 65-0.studmail.essextech.org is a TNEF file?: 256 [1065933997.73611] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > /var/spool/qmailscan/studmail.essextech.org106593399745622963/FLASHCOM.EXE > is a TNEF file?: 256 [1065933997.74338] > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: unpacking message took > 0.062531 seconds > > Sun, 12 Oct 2003 00:46:37 -0400:22963: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 00:46:37 -0400:22963: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 00:46:37 -0400:22963: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org106593399745622963/ > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > Sun, 12 Oct 2003 01:02:54 -0400:825: +++ starting debugging for process > 825 by uid=88 at Sun, 12 Oct 2003 01:02:54 -0400 > > Sun, 12 Oct 2003 01:02:54 -0400:825: setting UID to EUID so subprocesses > can access files generated by this script > > Sun, 12 Oct 2003 01:02:54 -0400:825: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 01:02:54 -0400:825: incoming pipe connection from via > local process 825 > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org1065934974456825 > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > [1065934974.26459] > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: found a top-level boundary > definition of =_0_821_1065934972 > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 1: Content-Type of > text/plain found > > Sun, 12 Oct 2003 01:02:54 -0400:825: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 2: Content-Type of > application/octet-stream found > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > to > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > [1065934974.34216] > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > </var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > [1065934974.3428] > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > [1065934974.42108] > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > /var/spool/qmailscan/studmail.essextech.org1065934974456825/1065934974.827-0 > .studmail.essextech.org is a TNEF file?: 256 [1065934974.4575] > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > /var/spool/qmailscan/studmail.essextech.org1065934974456825/FLASHCOM.EXE > is a TNEF file?: 256 [1065934974.46536] > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: unpacking message took > 0.122948 seconds > > Sun, 12 Oct 2003 01:02:54 -0400:825: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 01:02:54 -0400:825: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 01:02:54 -0400:825: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org1065934974456825/ > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > Sun, 12 Oct 2003 01:14:08 -0400:883: +++ starting debugging for process > 883 by uid=88 at Sun, 12 Oct 2003 01:14:08 -0400 > > Sun, 12 Oct 2003 01:14:08 -0400:883: setting UID to EUID so subprocesses > can access files generated by this script > > Sun, 12 Oct 2003 01:14:08 -0400:883: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 01:14:08 -0400:883: incoming pipe connection from via > local process 883 > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org1065935648456883 > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > [1065935648.28141] > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: primary Content-Type of > multipart/mixed found > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: found a top-level boundary > definition of =_0_879_1065935647 > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 1: Content-Type of > text/plain found > > Sun, 12 Oct 2003 01:14:08 -0400:883: found C-T attachment filename > flashcom.exe > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 2: Content-Type of > application/octet-stream found > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > to > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > [1065935648.35128] > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > </var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > [1065935648.35192] > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > [1065935648.39819] > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > /var/spool/qmailscan/studmail.essextech.org1065935648456883/1065935648.885-0 > .studmail.essextech.org is a TNEF file?: 256 [1065935648.4062] > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > /var/spool/qmailscan/studmail.essextech.org1065935648456883/FLASHCOM.EXE > is a TNEF file?: 256 [1065935648.41393] > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: unpacking message took > 0.062403 seconds > > Sun, 12 Oct 2003 01:14:08 -0400:883: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 01:14:08 -0400:883: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 01:14:08 -0400:883: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org1065935648456883/ > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > Sun, 12 Oct 2003 02:08:27 -0400:1282: +++ starting debugging for process > 1282 by uid=0 at Sun, 12 Oct 2003 02:08:27 -0400 > > Sun, 12 Oct 2003 02:08:27 -0400:1282: setting UID to EUID so > subprocesses can access files generated by this script > > Sun, 12 Oct 2003 02:08:27 -0400:1282: program name is > qmail-scanner-queue.pl, version 1.20rc3 > > Sun, 12 Oct 2003 02:08:27 -0400:1282: incoming pipe connection from via > local process 1282 > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: mkdir > /var/spool/qmailscan/studmail.essextech.org10659389074561282 > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: start dumping incoming msg > into > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > [1065938907.99297] > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: disallowed breakage found in > header name ( > > ) - potential virus > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: rename new msg from > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > to > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > [1065938907.99762] > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: starting /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > </var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > [1065938907.99848] > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: finished /usr/bin/reformime > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > [1065938908.01408] > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: Checking all attachments to > see if they're MS-TNEF > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: is > /var/spool/qmailscan/studmail.essextech.org10659389074561282/1065938908.1284 > -0.studmail.essextech.org is a TNEF file?: 256 [1065938908.02251] > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: unpacking message took > 0.024462 seconds > > Sun, 12 Oct 2003 02:08:27 -0400:1282: unsetting QMAILQUEUE env var > > Sun, 12 Oct 2003 02:08:27 -0400:1282: g_e_h: no sender and no recips. > > Sun, 12 Oct 2003 02:08:27 -0400:1282: cleanup: /bin/rm -rf > /var/spool/qmailscan/studmail.essextech.org10659389074561282/ > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 -- Russel Oliver [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
