Maybe there's something wrong the pipe from sqwebmail and it's dropping the sender and recip info. If the test message works everything should be fine. The test script uses qmail-inject and qmail-queue which is what you might be missing from your pipe.
-----Original Message----- From: russ [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 1:24 PM To: [EMAIL PROTECTED] Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db Is there a place I can get a "test" virus. I would like to see if it can pick that up. The test install script works fine, and a test message send from a machine with outlook express fails (without even trying) saying it has a bad header. I wonder if it is just when sqwebmail sends a message that it doesn't work. It was a project just to get sqwebmail to pipe the message into the scanner. Thanks, On Sun, 2003-10-12 at 12:15, Jason Staudenmayer wrote: > What version are you running? It looks like there is something seriously > wrong with this install it's not scanning anything. Are you missing perl > modules or something? Did you get any compile/install errors? Also make sure > log details is set to 1 and send me another fresh clip of your log file with > that set. > > -----Original Message----- > From: russ [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 12, 2003 11:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > On Sun, 2003-10-12 at 11:28, Jason Staudenmayer wrote: > > What's the output of "/var/qmail/bin/qmail-scanner-queue.pl -g" > > And let's see the qmail-quarentine.txt file > > Here are the outputs: > > > # Sample of well-known viruses that perlscan_scanner can use > > # > > # This is case-insensitive, and TAB-delimited. > > # > > # ****** > > # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after > > # this file is modified > > # ****** > > # > > # Format: three columns > > # > > # filename<TAB>size (in bytes)<TAB>Description of virus/whatever > > # > > # OR: > > # > > # string<TAB>Header<TAB>Description of virus/whatever > > # > > # [this one allows you to match on (e.g.) Subject line. > > # > > # NOTE 1: This is the crudest "virus scanning" you can do - we are > > # arbitrarily deciding that particular filenames of certain sizes > contain > > # viruses - when they may not. However this can be useful for the times > > # when a new virus is discovered and your scanner cannot detect it > (yet). > > # > > # NOTE 2: This is only good for picking up stand-alone viruses like the > > # following. Macro viruses are impossible to detect with this method as > > # they infect users docs. > > # > > # NOTE 3: Wildcards are supported. This system can also be used to deny > > # Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other > > # wildcard type is supported. Be very careful with this feature. With > > # wildcards, the size field is ignored (i.e. any size matches). > > # > > # .exe 0 Executable attachment too large > > # > > # That would ban .EXE files from your site (but would > > # still allow .zip files... > > # > > # .mp3 0 MP3 attachments disallowed > > # > > # ...would stop any Email containing MP3 attachments passing. > > # > > # NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over > > # a certain size - you should > > # "echo 10000000 > /var/qmail/control/databytes" > > # to set the maximum SMTP message size to 10Mb. > > # > > # NOTE 5: The second option allows you to match on header. This would > allow > > # you to block Email viruses when you don't know anything else other > than > > # there's a wierd Subject line (or From line, or X-Spanska: header, > ...). > > # Note that it's a case-sensitive, REGEX string, and the system will > > # automatically surround it with ^ and $ before matching. i.e. if you > > # want wildcards, explicitly put them in... > > # > > # The string _must_be_ "Virus-" followed by the header you wish to match > > # on - followed by a colon (:). > > # > > # e.g. > > # > > # Pickles.*Breakfast Virus-Subject: Fake Example Pickles virus > > # > > # will match "Subject: Pickles for Breakfast" - and > > # not "Subject: Pickles - where did you go?" > > # > > # > > # NOTE 6: Similar to the headers option, you can match on the mail > ENVELOPE > > # headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to > > # Virus-<header>, except that the header names are MAILFROM and RCPTTO > only. > > # > > # e.g. > > # > > # [EMAIL PROTECTED] Virus-MAILFROM: Bad mail envelope not allowed here! > > # > > # NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to > match > > # actions against the IP address of the SMTP client. > > # > > > EICAR.COM 69 EICAR Test Virus > > Happy99.exe 10000 Happy99 Trojan > > zipped_files.exe 120495 W32/ExploreZip.worm.pak virus > > ILOVEYOU Virus-Subject: Love Letter Virus/Trojan > > message/partial.* Virus-Content-Type: Message/partial MIME attachments > blocked by policy > > #The following matches Date: headers that are over 100 chars in length > > #these are impossible in the wild > > .{100,} Virus-Date: MIME Header Buffer Overflow > > .{100,} Virus-Mime-Version: MIME Header Buffer Overflow > > .{100,} Virus-Resent-Date: MIME Header Buffer Overflow > > # > > #Let's stop that nasty BadTrans virus from uploading your keystrokes... > > [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]| > [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > m|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > cite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > atka.net|[EMAIL PROTECTED] Virus-To: BadTrans Trojan exploit! > > > # > > # These are examples of prudent defaults to set for most sites. > > # Commented out by default > > .vbs 0 VBS files not allowed per Company security policy > > .lnk 0 LNK files not allowed per Company security policy > > .scr 0 SCR files not allowed per Company security policy > > .wsh 0 WSH files not allowed per Company security policy > > .hta 0 HTA files not allowed per Company security policy > > .pif 0 PIF files not allowed per Company security policy > > .exe 0 EXE files not allowed > > .mp3 0 MP# files not allowed > > > # ****** > > # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after > > # this file is modified > > # ****** > > # > > # EOF > > and > > > perlscanner: generate new DB file from > /var/spool/qmailscan/quarantine-attachments.txt > > perlscanner: total of 17 entries. > > Thanks, > > > > > > -----Original Message----- > > From: russ [mailto:[EMAIL PROTECTED] > > Sent: Sunday, October 12, 2003 10:57 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > > > > On Sun, 2003-10-12 at 10:34, Jason Staudenmayer wrote: > > > Let's see your debug log. > > > > > > -----Original Message----- > > > From: russ [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, October 12, 2003 10:28 AM > > > To: [EMAIL PROTECTED] > > > Subject: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > > > > > > > qmail-scanner seems to be working correctly, except that no matter what > > > I do to "quarantine-attachments.db" (ie. changing rights and owners > > > etc.) all rules in that list a ignored. Can someone please point me in > > > the right direction to fix this. PLEASE. > > > > Here is part of debug log, .exe files are set to be rejected, but they > > pass right through. When I run /var/qmail/bin/qmail-scanner-queue.pl > > -r it reads the rules just fine. > > > > > > uid=88 at Sun, 12 Oct 2003 00:19:54 -0400 > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: setting UID to EUID so > > subprocesses can access files generated by this script > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: incoming pipe connection from via > > local process 22878 > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org106593239445622878 > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 > > [1065932394.6983] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: found a top-level boundary > > definition of =_0_22874_1065932394 > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 1: Content-Type > > of text/plain found > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 2: Content-Type > > of application/octet-stream found > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 > to > > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > [1065932394.76823] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > </var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > [1065932394.76891] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > [1065932394.81511] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/1065932394.228 > > 80-0.studmail.essextech.org is a TNEF file?: 256 [1065932394.82294] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/FLASHCOM.EXE > > is a TNEF file?: 256 [1065932394.83063] > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: unpacking message took > > 0.062109 seconds > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: +++ starting debugging for > > process 22906 by uid=88 at Sun, 12 Oct 2003 00:28:36 -0400 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: setting UID to EUID so > > subprocesses can access files generated by this script > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: incoming pipe connection from via > > local process 22906 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org106593291645622906 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 > > [1065932916.61332] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: found a top-level boundary > > definition of =_0_22902_1065932916 > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 1: Content-Type > > of text/plain found > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 2: Content-Type > > of application/octet-stream found > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 > to > > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > [1065932916.68368] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > </var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > [1065932916.68433] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > [1065932916.73092] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/1065932916.229 > > 08-0.studmail.essextech.org is a TNEF file?: 256 [1065932916.73869] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/FLASHCOM.EXE > > is a TNEF file?: 256 [1065932916.74597] > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: unpacking message took > > 0.062042 seconds > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: +++ starting debugging for > > process 22941 by uid=88 at Sun, 12 Oct 2003 00:42:19 -0400 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: setting UID to EUID so > > subprocesses can access files generated by this script > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: incoming pipe connection from via > > local process 22941 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org106593373945622941 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 > > [1065933739.09837] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: found a top-level boundary > > definition of =_0_22937_1065933738 > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 1: Content-Type > > of text/plain found > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 2: Content-Type > > of application/octet-stream found > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 > to > > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > [1065933739.16798] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > </var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > [1065933739.16866] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > [1065933739.21535] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/1065933739.229 > > 43-0.studmail.essextech.org is a TNEF file?: 256 [1065933739.22332] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/FLASHCOM.EXE > > is a TNEF file?: 256 [1065933739.23054] > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: unpacking message took > > 0.062266 seconds > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: +++ starting debugging for > > process 22963 by uid=88 at Sun, 12 Oct 2003 00:46:37 -0400 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: setting UID to EUID so > > subprocesses can access files generated by this script > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: incoming pipe connection from via > > local process 22963 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org106593399745622963 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 > > [1065933997.61003] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: found a top-level boundary > > definition of =_0_22959_1065933997 > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 1: Content-Type > > of text/plain found > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 2: Content-Type > > of application/octet-stream found > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 > to > > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > [1065933997.68061] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > </var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > [1065933997.68125] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > [1065933997.72819] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/1065933997.229 > > 65-0.studmail.essextech.org is a TNEF file?: 256 [1065933997.73611] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/FLASHCOM.EXE > > is a TNEF file?: 256 [1065933997.74338] > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: unpacking message took > > 0.062531 seconds > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: +++ starting debugging for process > > 825 by uid=88 at Sun, 12 Oct 2003 01:02:54 -0400 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: setting UID to EUID so subprocesses > > can access files generated by this script > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: incoming pipe connection from via > > local process 825 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org1065934974456825 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > > [1065934974.26459] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: found a top-level boundary > > definition of =_0_821_1065934972 > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 1: Content-Type of > > text/plain found > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 2: Content-Type of > > application/octet-stream found > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > > to > > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > [1065934974.34216] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > </var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > [1065934974.3428] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > [1065934974.42108] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/1065934974.827-0 > > .studmail.essextech.org is a TNEF file?: 256 [1065934974.4575] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/FLASHCOM.EXE > > is a TNEF file?: 256 [1065934974.46536] > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: unpacking message took > > 0.122948 seconds > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: +++ starting debugging for process > > 883 by uid=88 at Sun, 12 Oct 2003 01:14:08 -0400 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: setting UID to EUID so subprocesses > > can access files generated by this script > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: incoming pipe connection from via > > local process 883 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org1065935648456883 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > > [1065935648.28141] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: primary Content-Type of > > multipart/mixed found > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: found a top-level boundary > > definition of =_0_879_1065935647 > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 1: Content-Type of > > text/plain found > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: found C-T attachment filename > > flashcom.exe > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 2: Content-Type of > > application/octet-stream found > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > > to > > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > [1065935648.35128] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > </var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > [1065935648.35192] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > [1065935648.39819] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/1065935648.885-0 > > .studmail.essextech.org is a TNEF file?: 256 [1065935648.4062] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/FLASHCOM.EXE > > is a TNEF file?: 256 [1065935648.41393] > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: unpacking message took > > 0.062403 seconds > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: +++ starting debugging for process > > 1282 by uid=0 at Sun, 12 Oct 2003 02:08:27 -0400 > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: setting UID to EUID so > > subprocesses can access files generated by this script > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: program name is > > qmail-scanner-queue.pl, version 1.20rc3 > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: incoming pipe connection from via > > local process 1282 > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: mkdir > > /var/spool/qmailscan/studmail.essextech.org10659389074561282 > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: start dumping incoming msg > > into > > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > > [1065938907.99297] > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: disallowed breakage found in > > header name ( > > > > ) - potential virus > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: rename new msg from > > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > > to > > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > > [1065938907.99762] > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: starting /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > </var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > > [1065938907.99848] > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: finished /usr/bin/reformime > > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > [1065938908.01408] > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: Checking all attachments to > > see if they're MS-TNEF > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: is > > > /var/spool/qmailscan/studmail.essextech.org10659389074561282/1065938908.1284 > > -0.studmail.essextech.org is a TNEF file?: 256 [1065938908.02251] > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: unpacking message took > > 0.024462 seconds > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: unsetting QMAILQUEUE env var > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: g_e_h: no sender and no recips. > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: cleanup: /bin/rm -rf > > /var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 -- Russel Oliver [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
