This is about to go farther than my knowledge. I would look at how the test messages are send if you want to be able to send custom test messages. There are a few web sites that will send you a test virus but you have to be able to receive email. You could also try and download the eicar test virus just google "eicar test".
-----Original Message----- From: russ [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 1:48 PM To: Jason Staudenmayer; [EMAIL PROTECTED] Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db OK, I think you do have a good point. I just need to figure out how get around that issue. As of now a message from sqwebmail is run through qmail-filter - into qmail-scanner-queue.pl and then into qmail-inject. Therefore, it does not get the FROM: RECEPT: until it gets to qmail-inject. That makes sense!! Any idea's for a work around? On Sun, 2003-10-12 at 13:29, Jason Staudenmayer wrote: > I'm wondering if that's the problem. For some reason it can't find the > sender or recip and that causes the clean-up. > I'm willing to bet if you can make this box live on the net it might work. > > -----Original Message----- > From: russ [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 12, 2003 1:27 PM > To: Jason Staudenmayer > Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > It only works internally now, I am setting it up as a mail server for a > high school and being able to filter extensions is a must. I could send > from it to you, but that is about it. > > On Sun, 2003-10-12 at 13:12, Jason Staudenmayer wrote: > > Sending from, like you sending it out from this box or somebody sending to > > this box? Will this email be processed by that box if not give and address > > that will and I'll send a test messages and you can log it and we'll look > at > > it. > > > > -----Original Message----- > > From: russ [mailto:[EMAIL PROTECTED] > > Sent: Sunday, October 12, 2003 1:11 PM > > To: Jason Staudenmayer > > Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > > > > It is live e-mail, sending from sqwebmail. I will set the details to 1 > > and get it back to you. I am considering a fresh install and start over > > again. > > > > On Sun, 2003-10-12 at 12:24, Jason Staudenmayer wrote: > > > Are these log records for live email??? > > > I seems that there is no sender or recip which is causing the scanner to > > > dump. Let me see some real email get scanned or it could be that > studmail > > or > > > qmail is mangling the message. > > > > > > -----Original Message----- > > > From: russ [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, October 12, 2003 11:58 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [Qmail-scanner-general]Will not use > quarantine-attachments.db > > > > > > > > > On Sun, 2003-10-12 at 11:28, Jason Staudenmayer wrote: > > > > What's the output of "/var/qmail/bin/qmail-scanner-queue.pl -g" > > > > And let's see the qmail-quarentine.txt file > > > > > > Here are the outputs: > > > > > > > > > # Sample of well-known viruses that perlscan_scanner can use > > > > > > # > > > > > > # This is case-insensitive, and TAB-delimited. > > > > > > # > > > > > > # ****** > > > > > > # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after > > > > > > # this file is modified > > > > > > # ****** > > > > > > # > > > > > > # Format: three columns > > > > > > # > > > > > > # filename<TAB>size (in bytes)<TAB>Description of virus/whatever > > > > > > # > > > > > > # OR: > > > > > > # > > > > > > # string<TAB>Header<TAB>Description of virus/whatever > > > > > > # > > > > > > # [this one allows you to match on (e.g.) Subject line. > > > > > > # > > > > > > # NOTE 1: This is the crudest "virus scanning" you can do - we are > > > > > > # arbitrarily deciding that particular filenames of certain sizes > > > contain > > > > > > # viruses - when they may not. However this can be useful for the times > > > > > > # when a new virus is discovered and your scanner cannot detect it > > > (yet). > > > > > > # > > > > > > # NOTE 2: This is only good for picking up stand-alone viruses like the > > > > > > # following. Macro viruses are impossible to detect with this method as > > > > > > # they infect users docs. > > > > > > # > > > > > > # NOTE 3: Wildcards are supported. This system can also be used to deny > > > > > > # Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other > > > > > > # wildcard type is supported. Be very careful with this feature. With > > > > > > # wildcards, the size field is ignored (i.e. any size matches). > > > > > > # > > > > > > # .exe 0 Executable attachment too large > > > > > > # > > > > > > # That would ban .EXE files from your site (but would > > > > > > # still allow .zip files... > > > > > > # > > > > > > # .mp3 0 MP3 attachments disallowed > > > > > > # > > > > > > # ...would stop any Email containing MP3 attachments passing. > > > > > > # > > > > > > # NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over > > > > > > # a certain size - you should > > > > > > # "echo 10000000 > /var/qmail/control/databytes" > > > > > > # to set the maximum SMTP message size to 10Mb. > > > > > > # > > > > > > # NOTE 5: The second option allows you to match on header. This would > > > allow > > > > > > # you to block Email viruses when you don't know anything else other > > > than > > > > > > # there's a wierd Subject line (or From line, or X-Spanska: header, > > > ...). > > > > > > # Note that it's a case-sensitive, REGEX string, and the system will > > > > > > # automatically surround it with ^ and $ before matching. i.e. if you > > > > > > # want wildcards, explicitly put them in... > > > > > > # > > > > > > # The string _must_be_ "Virus-" followed by the header you wish to match > > > > > > # on - followed by a colon (:). > > > > > > # > > > > > > # e.g. > > > > > > # > > > > > > # Pickles.*Breakfast Virus-Subject: Fake Example Pickles virus > > > > > > # > > > > > > # will match "Subject: Pickles for Breakfast" - and > > > > > > # not "Subject: Pickles - where did you go?" > > > > > > # > > > > > > # > > > > > > # NOTE 6: Similar to the headers option, you can match on the mail > > > ENVELOPE > > > > > > # headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to > > > > > > # Virus-<header>, except that the header names are MAILFROM and RCPTTO > > > only. > > > > > > # > > > > > > # e.g. > > > > > > # > > > > > > # [EMAIL PROTECTED] Virus-MAILFROM: Bad mail envelope not allowed here! > > > > > > # > > > > > > # NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to > > > match > > > > > > # actions against the IP address of the SMTP client. > > > > > > # > > > > > > > > > EICAR.COM 69 EICAR Test Virus > > > > > > Happy99.exe 10000 Happy99 Trojan > > > > > > zipped_files.exe 120495 W32/ExploreZip.worm.pak virus > > > > > > ILOVEYOU Virus-Subject: Love Letter Virus/Trojan > > > > > > message/partial.* Virus-Content-Type: Message/partial MIME attachments > > > blocked by policy > > > > > > #The following matches Date: headers that are over 100 chars in length > > > > > > #these are impossible in the wild > > > > > > .{100,} Virus-Date: MIME Header Buffer Overflow > > > > > > .{100,} Virus-Mime-Version: MIME Header Buffer Overflow > > > > > > .{100,} Virus-Resent-Date: MIME Header Buffer Overflow > > > > > > # > > > > > > #Let's stop that nasty BadTrans virus from uploading your keystrokes... > > > > > > > > > [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]| > > > > > > [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > > > > > > m|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > > > > > > cite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] > > > atka.net|[EMAIL PROTECTED] Virus-To: BadTrans Trojan exploit! > > > > > > > > > # > > > > > > # These are examples of prudent defaults to set for most sites. > > > > > > # Commented out by default > > > > > > .vbs 0 VBS files not allowed per Company security policy > > > > > > .lnk 0 LNK files not allowed per Company security policy > > > > > > .scr 0 SCR files not allowed per Company security policy > > > > > > .wsh 0 WSH files not allowed per Company security policy > > > > > > .hta 0 HTA files not allowed per Company security policy > > > > > > .pif 0 PIF files not allowed per Company security policy > > > > > > .exe 0 EXE files not allowed > > > > > > .mp3 0 MP# files not allowed > > > > > > > > > # ****** > > > > > > # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after > > > > > > # this file is modified > > > > > > # ****** > > > > > > # > > > > > > # EOF > > > > > > and > > > > > > > > > perlscanner: generate new DB file from > > > /var/spool/qmailscan/quarantine-attachments.txt > > > > > > perlscanner: total of 17 entries. > > > > > > Thanks, > > > > > > > > > > > > -----Original Message----- > > > > From: russ [mailto:[EMAIL PROTECTED] > > > > Sent: Sunday, October 12, 2003 10:57 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [Qmail-scanner-general]Will not use > > quarantine-attachments.db > > > > > > > > > > > > On Sun, 2003-10-12 at 10:34, Jason Staudenmayer wrote: > > > > > Let's see your debug log. > > > > > > > > > > -----Original Message----- > > > > > From: russ [mailto:[EMAIL PROTECTED] > > > > > Sent: Sunday, October 12, 2003 10:28 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: [Qmail-scanner-general]Will not use > quarantine-attachments.db > > > > > > > > > > > > > > > qmail-scanner seems to be working correctly, except that no matter > > what > > > > > I do to "quarantine-attachments.db" (ie. changing rights and owners > > > > > etc.) all rules in that list a ignored. Can someone please point me > in > > > > > the right direction to fix this. PLEASE. > > > > > > > > Here is part of debug log, .exe files are set to be rejected, but they > > > > pass right through. When I run /var/qmail/bin/qmail-scanner-queue.pl > > > > -r it reads the rules just fine. > > > > > > > > > > > > uid=88 at Sun, 12 Oct 2003 00:19:54 -0400 > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: setting UID to EUID so > > > > subprocesses can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: incoming pipe connection from > via > > > > local process 22878 > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org106593239445622878 > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: start dumping incoming msg > > > > into > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 > > > > [1065932394.6983] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: found a top-level boundary > > > > definition of =_0_22874_1065932394 > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 1: Content-Type > > > > of text/plain found > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 2: Content-Type > > > > of application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: rename new msg from > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 > > > to > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > > > [1065932394.76823] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: starting > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > > > [1065932394.76891] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: finished > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > > > [1065932394.81511] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: Checking all attachments > to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/1065932394.228 > > > > 80-0.studmail.essextech.org is a TNEF file?: 256 [1065932394.82294] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is > > > > > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065932394.83063] > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: unpacking message took > > > > 0.062109 seconds > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 00:19:54 -0400:22878: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org106593239445622878/ > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: +++ starting debugging for > > > > process 22906 by uid=88 at Sun, 12 Oct 2003 00:28:36 -0400 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: setting UID to EUID so > > > > subprocesses can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: incoming pipe connection from > via > > > > local process 22906 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org106593291645622906 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: start dumping incoming msg > > > > into > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 > > > > [1065932916.61332] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: found a top-level boundary > > > > definition of =_0_22902_1065932916 > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 1: Content-Type > > > > of text/plain found > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 2: Content-Type > > > > of application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: rename new msg from > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 > > > to > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > > > [1065932916.68368] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: starting > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > > > [1065932916.68433] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: finished > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > > > [1065932916.73092] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: Checking all attachments > to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/1065932916.229 > > > > 08-0.studmail.essextech.org is a TNEF file?: 256 [1065932916.73869] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is > > > > > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065932916.74597] > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: unpacking message took > > > > 0.062042 seconds > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 00:28:36 -0400:22906: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org106593291645622906/ > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: +++ starting debugging for > > > > process 22941 by uid=88 at Sun, 12 Oct 2003 00:42:19 -0400 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: setting UID to EUID so > > > > subprocesses can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: incoming pipe connection from > via > > > > local process 22941 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org106593373945622941 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: start dumping incoming msg > > > > into > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 > > > > [1065933739.09837] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: found a top-level boundary > > > > definition of =_0_22937_1065933738 > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 1: Content-Type > > > > of text/plain found > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 2: Content-Type > > > > of application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: rename new msg from > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 > > > to > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > > > [1065933739.16798] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: starting > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > > > [1065933739.16866] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: finished > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > > > [1065933739.21535] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: Checking all attachments > to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/1065933739.229 > > > > 43-0.studmail.essextech.org is a TNEF file?: 256 [1065933739.22332] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is > > > > > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065933739.23054] > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: unpacking message took > > > > 0.062266 seconds > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 00:42:19 -0400:22941: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org106593373945622941/ > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: +++ starting debugging for > > > > process 22963 by uid=88 at Sun, 12 Oct 2003 00:46:37 -0400 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: setting UID to EUID so > > > > subprocesses can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: incoming pipe connection from > via > > > > local process 22963 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org106593399745622963 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: start dumping incoming msg > > > > into > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 > > > > [1065933997.61003] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: found a top-level boundary > > > > definition of =_0_22959_1065933997 > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 1: Content-Type > > > > of text/plain found > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 2: Content-Type > > > > of application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: rename new msg from > > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 > > > to > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > > > [1065933997.68061] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: starting > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > > > [1065933997.68125] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: finished > /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > > > [1065933997.72819] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: Checking all attachments > to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/1065933997.229 > > > > 65-0.studmail.essextech.org is a TNEF file?: 256 [1065933997.73611] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is > > > > > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065933997.74338] > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: unpacking message took > > > > 0.062531 seconds > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 00:46:37 -0400:22963: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org106593399745622963/ > > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: +++ starting debugging for > process > > > > 825 by uid=88 at Sun, 12 Oct 2003 01:02:54 -0400 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: setting UID to EUID so > subprocesses > > > > can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: incoming pipe connection from via > > > > local process 825 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org1065934974456825 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: start dumping incoming msg > > > > into > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > > > > [1065934974.26459] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: found a top-level boundary > > > > definition of =_0_821_1065934972 > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 1: Content-Type > of > > > > text/plain found > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 2: Content-Type > of > > > > application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: rename new msg from > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 > > > > to > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > > > [1065934974.34216] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: starting /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > > > [1065934974.3428] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: finished /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > > > [1065934974.42108] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: Checking all attachments to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/1065934974.827-0 > > > > .studmail.essextech.org is a TNEF file?: 256 [1065934974.4575] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is > > > > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065934974.46536] > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: unpacking message took > > > > 0.122948 seconds > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 01:02:54 -0400:825: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org1065934974456825/ > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: +++ starting debugging for > process > > > > 883 by uid=88 at Sun, 12 Oct 2003 01:14:08 -0400 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: setting UID to EUID so > subprocesses > > > > can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: incoming pipe connection from via > > > > local process 883 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org1065935648456883 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: start dumping incoming msg > > > > into > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > > > > [1065935648.28141] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: primary Content-Type of > > > > multipart/mixed found > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: found a top-level boundary > > > > definition of =_0_879_1065935647 > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 1: Content-Type > of > > > > text/plain found > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: found C-T attachment filename > > > > flashcom.exe > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 2: Content-Type > of > > > > application/octet-stream found > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: rename new msg from > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 > > > > to > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > > > [1065935648.35128] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: starting /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > > > [1065935648.35192] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: finished /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > > > [1065935648.39819] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: Checking all attachments to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/1065935648.885-0 > > > > .studmail.essextech.org is a TNEF file?: 256 [1065935648.4062] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is > > > > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/FLASHCOM.EXE > > > > is a TNEF file?: 256 [1065935648.41393] > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: unpacking message took > > > > 0.062403 seconds > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 01:14:08 -0400:883: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org1065935648456883/ > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: +++ starting debugging for > process > > > > 1282 by uid=0 at Sun, 12 Oct 2003 02:08:27 -0400 > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: setting UID to EUID so > > > > subprocesses can access files generated by this script > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: program name is > > > > qmail-scanner-queue.pl, version 1.20rc3 > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: incoming pipe connection from > via > > > > local process 1282 > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: mkdir > > > > /var/spool/qmailscan/studmail.essextech.org10659389074561282 > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: start dumping incoming msg > > > > into > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > > > > [1065938907.99297] > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: disallowed breakage found > in > > > > header name ( > > > > > > > > ) - potential virus > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: rename new msg from > > > > > /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 > > > > to > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > > > > [1065938907.99762] > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: starting /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > > > > > </var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 > > > > [1065938907.99848] > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: finished /usr/bin/reformime > > > > -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > > > [1065938908.01408] > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: Checking all attachments to > > > > see if they're MS-TNEF > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: is > > > > > > > > > > /var/spool/qmailscan/studmail.essextech.org10659389074561282/1065938908.1284 > > > > -0.studmail.essextech.org is a TNEF file?: 256 [1065938908.02251] > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: unpacking message took > > > > 0.024462 seconds > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: unsetting QMAILQUEUE env var > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: g_e_h: no sender and no recips. > > > > > > > > Sun, 12 Oct 2003 02:08:27 -0400:1282: cleanup: /bin/rm -rf > > > > /var/spool/qmailscan/studmail.essextech.org10659389074561282/ > > > > > /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 -- Russel Oliver [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
