Thanks, EE. I tried the eicar test inline instead of as an attachment, and
it found it nicely - what I expected in both logs.
I think it's safe to say that bad/mimeloader/types are checked before
simscan does its thing. I'm really disliking the way bad//types are logged.
Deceiving at best.
I'm with you regarding disabling this stuff. How to do that? Just comment
out everything and qmailctl cdb?
With these kinds of problems, wouldn't it be better if the basic toaster had
these commented out?
Erik Espinoza wrote:
I believe invalid message content is badmimetypes/badloadertypes. I
tend to disable this right after installation as there is just too
much voodoo going on in there.
Erik
On 9/5/06, Eric Shubes <[EMAIL PROTECTED]> wrote:
It appears to me that when clamav detects a virus and simscan rejects it,
the logs appear to indicate that the message was delivered. At least they
appear normal.
I sent the eicar virus signature to a toaster, and it said the following
smtp log:
2006-09-05 12:08:15.448619500 tcpserver: pid 26519 from 130.13.157.174
2006-09-05 12:08:15.448621500 tcpserver: ok 26519 spin4:10.0.1.70:25
:130.13.157.174::52293
2006-09-05 12:08:18.233107500 CHKUSER accepted sender: from
<[EMAIL PROTECTED]::> remote <doris.shubes.net:unknown:130.13.157.174>
rcpt <>
: sender accepted
2006-09-05 12:08:18.389119500 CHKUSER accepted rcpt: from
<[EMAIL PROTECTED]::> remote <doris.shubes.net:unknown:130.13.157.174> rcpt
<[EMAIL PROTECTED]> : found existing recipient
2006-09-05 12:08:22.026868500 simscan:[26519]:CLEAN
(4.00/12.00):3.5269s:test virus:130.13.157.174::
2006-09-05 12:08:22.632250500 tcpserver: end 26519 status 0
clamd log:
2006-09-05 12:08:19.227883500
/home/qmail/simscan/1157483298.501702.26521/msg.1157483298.501702.26521:
OK
2006-09-05 12:08:19.229089500
/home/qmail/simscan/1157483298.501702.26521/addr.1157483298.501702.26521:
OK
2006-09-05 12:08:19.230662500
/home/qmail/simscan/1157483298.501702.26521/textfile0: OK
2006-09-05 12:08:19.233147500
/home/qmail/simscan/1157483298.501702.26521/textfile1: OK
2006-09-05 12:08:19.234642500
/home/qmail/simscan/1157483298.501702.26521/eicar_com.zip: OK
Looks like the message was accepted. However, it bounced with this
message:
Remote host said: 554 invalid message content (#5.3.2)
I suppose that this might be considered proper behavior, but it falls
short
of what I'd expect.
1) simscan gives no indication of a virus rejection. I understand that
simscan logging improvements are being considered by inter7
2) clamd's log says that eicar_com.zip is OK??? I'd certainly expect
to see
something other than OK.
3) According to the simscan README file, it is possible to configure
simscan
(at compile time) to return the name of the virus in the rejection
message.
Any idea why the toaster isn't doing this?
I'm a little surprised (and disappointed) by this behavior.
--
-Eric 'shubes'
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
