I don't know about any of you, but I have gotten that stupid microsoft
"install this security patch" about 20 times this past weekend.
Spamassassin seems to be catching some of them on its own, but even with
razor I'm getting them. I got curious and decided to start investigating.
I turned on the debugging (level 14) and this is what it produced for the
last one that it let through...
Any ideas on this one?
--
Oct 13 10:15:49.297325 check[31341]: [ 1] [bootup] Logging initiated LogDebugLevel=14
to file:/home/brw/.razor/razor-agent.log
Oct 13 10:15:49.298521 check[31341]: [ 5] computed razorhome=/home/brw/.razor,
conf=/home/brw/.razor/razor-agent.conf, ident=/home/brw/.razor/[EMAIL PROTECTED]
Oct 13 10:15:49.300074 check[31341]: [ 8] Client supported_engines: 1 2 3 4
Oct 13 10:15:49.328868 check[31341]: [ 8] prep_mail done: mail 1 headers=960,
mime0=1734, mime1=5525, mime2=5032, mime3=603, mime4=61633
Oct 13 10:15:49.335179 check[31341]: [14] prepared objs:
ARRAY - ARRAY(0x8637a70),1 items
HASH - HASH(0x92998f8),5 keys
e1 => HASH - HASH(0x9298500),2 keys
body => SCALAR - SCALAR(0x889a320)
[length=158017] From [EMAIL PROTECTED] Mon Oct 13 10:15:42 200
id => 1.e1
headers => SCALAR - SCALAR(0x86d1a68)
[length=960] From [EMAIL PROTECTED] Mon Oct 13 10:15:42 2003
id => 1
orig_mail => SCALAR - SCALAR(0x889a320)
[length=158017] From [EMAIL PROTECTED] Mon Oct 13 10:15:42 2003
p => ARRAY - ARRAY(0x92984dc),5 items
HASH - HASH(0x9298944),2 keys
body => SCALAR - SCALAR(0x9297dd4)
[length=1734] X-Razor2-Agent: Razor-Agents v2.36
id => 1.0
HASH - HASH(0x9298638),2 keys
body => SCALAR - SCALAR(0x92988d8)
[length=5525] X-Razor2-Agent: Razor-Agents v2.36
id => 1.1
HASH - HASH(0x9298680),2 keys
body => SCALAR - SCALAR(0x9299df0)
[length=5032] X-Razor2-Agent: Razor-Agents v2.36
id => 1.2
HASH - HASH(0x92986c8),2 keys
body => SCALAR - SCALAR(0x929a0fc)
[length=603] X-Razor2-Agent: Razor-Agents v2.36
id => 1.3
HASH - HASH(0x9298710),2 keys
body => SCALAR - SCALAR(0x86c937c)
[length=61633] X-Razor2-Origlen-Body: 143865
id => 1.4
Oct 13 10:15:49.336123 check[31341]: [ 5] read_file: 1 items read from
/home/brw/.razor/servers.discovery.lst
Oct 13 10:15:49.336519 check[31341]: [11] Read 1 from server listfile:
/home/brw/.razor/servers.discovery.lst
Oct 13 10:15:49.337041 check[31341]: [ 5] read_file: 2 items read from
/home/brw/.razor/servers.nomination.lst
Oct 13 10:15:49.337404 check[31341]: [11] Read 2 from server listfile:
/home/brw/.razor/servers.nomination.lst
Oct 13 10:15:49.337897 check[31341]: [ 5] read_file: 2 items read from
/home/brw/.razor/servers.catalogue.lst
Oct 13 10:15:49.338255 check[31341]: [11] Read 2 from server listfile:
/home/brw/.razor/servers.catalogue.lst
Oct 13 10:15:49.338972 check[31341]: [ 9] Assigning defaults to joy.cloudmark.com
Oct 13 10:15:49.339443 check[31341]: [ 9] Assigning defaults to folly.cloudmark.com
Oct 13 10:15:49.339913 check[31341]: [ 9] Assigning defaults to truth.cloudmark.com
Oct 13 10:15:49.340367 check[31341]: [ 9] Assigning defaults to stress.cloudmark.com
Oct 13 10:15:49.342369 check[31341]: [ 5] read_file: 11 items read from
/home/brw/.razor/server.joy.cloudmark.com.conf
Oct 13 10:15:49.344225 check[31341]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.truth.cloudmark.com.conf
Oct 13 10:15:49.346060 check[31341]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.stress.cloudmark.com.conf
Oct 13 10:15:49.347881 check[31341]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.folly.cloudmark.com.conf
Oct 13 10:15:49.348570 check[31341]: [ 5] 137291 seconds before closest server
discovery
Oct 13 10:15:49.349190 check[31341]: [ 6] truth.cloudmark.com is a Catalogue Server
srl 72; computed min_cf=6, Server se: 58
Oct 13 10:15:49.349722 check[31341]: [ 8] Computed supported_engines: 4
Oct 13 10:15:49.349995 check[31341]: [11] No bootstrap_discovery (DNS) recently, not
recording .lst files
Oct 13 10:15:49.350276 check[31341]: [ 8] Using next closest server
truth.cloudmark.com:2703, cached info srl 72
Oct 13 10:15:49.351587 check[31341]: [ 8] mail 1 has no subject
Oct 13 10:15:49.403175 check[31341]: [11] engine 1 computing on 157055,
sig=6f3kRw4IWZESpHZzC7KCbWhhLgIA
Oct 13 10:15:49.404476 check[31341]: [ 6] preproc: mail 1.0 went from 1734 bytes to
1616
Oct 13 10:15:49.408144 check[31341]: [ 6] preproc: mail 1.1 went from 5525 bytes to
1812
Oct 13 10:15:49.412968 check[31341]: [ 6] preproc: mail 1.2 went from 5032 bytes to
3639
Oct 13 10:15:49.414151 check[31341]: [ 6] preproc: mail 1.3 went from 603 bytes to 359
Oct 13 10:15:49.602929 check[31341]: [ 6] preproc: mail 1.4 went from 61633 bytes to
45482
Oct 13 10:15:49.603497 check[31341]: [ 6] computing sigs for mail 1.0, len 1616
Oct 13 10:15:49.607927 check[31341]: [11] engine 4 computing on 1616,
sig=hmqJ6wDP93aUwz03L88TPAe8SncA
Oct 13 10:15:49.608493 check[31341]: [ 6] computing sigs for mail 1.1, len 1812
Oct 13 10:15:49.613761 check[31341]: [11] engine 4 computing on 1812,
sig=p1tFHFjBXW0jwSJYLxEJQY4T298A
Oct 13 10:15:49.614322 check[31341]: [ 6] computing sigs for mail 1.2, len 3639
Oct 13 10:15:49.618011 check[31341]: [11] engine 4 computing on 3639,
sig=2H5j8KeSHbxSVBT-e4n8qCVEuxEA
Oct 13 10:15:49.618428 check[31341]: [ 6] computing sigs for mail 1.3, len 359
Oct 13 10:15:49.621572 check[31341]: [11] engine 4 computing on 359,
sig=3VdpVX5_c8CYNNZmRf7jLwdi7VUA
Oct 13 10:15:49.622885 check[31341]: [ 6] computing sigs for mail 1.4, len 45482
Oct 13 10:15:49.630957 check[31341]: [11] engine 4 computing on 45482,
sig=6VnXTFeS8UDX8iF7ejSa8kf3gc8A
Oct 13 10:15:49.638785 check[31341]: [14] computed sigs for obj:
HASH - HASH(0x92998f8),6 keys
e1 => HASH - HASH(0x9298500),4 keys
body => SCALAR - SCALAR(0x874b6b0)
[length=157056] --qoeckvyxlhwswmyak
cleaned => SCALAR - SCALAR(0x874b7b8)
[length=157055] --qoeckvyxlhwswmyak
e1 => 6f3kRw4IWZESpHZzC7KCbWhhLgIA
id => 1.e1
ep4 => 7542-10
headers => SCALAR - SCALAR(0x86d1a68)
[length=960] From [EMAIL PROTECTED] Mon Oct 13 10:15:42 2003
id => 1
orig_mail => SCALAR - SCALAR(0x889a320)
[length=158017] From [EMAIL PROTECTED] Mon Oct 13 10:15:42 2003
p => ARRAY - ARRAY(0x92984dc),5 items
HASH - HASH(0x9298944),4 keys
body => SCALAR - SCALAR(0x9297dd4)
[length=1734] X-Razor2-Agent: Razor-Agents v2.36
cleaned => SCALAR - SCALAR(0x874e80c)
[length=1616] Microsoft Customer
e4 => hmqJ6wDP93aUwz03L88TPAe8SncA
id => 1.0
HASH - HASH(0x9298638),4 keys
body => SCALAR - SCALAR(0x92988d8)
[length=5525] X-Razor2-Agent: Razor-Agents v2.36
cleaned => SCALAR - SCALAR(0x929b05c)
[length=1812]
e4 => p1tFHFjBXW0jwSJYLxEJQY4T298A
id => 1.1
HASH - HASH(0x9298680),4 keys
body => SCALAR - SCALAR(0x9299df0)
[length=5032] X-Razor2-Agent: Razor-Agents v2.36
cleaned => SCALAR - SCALAR(0x929b074)
[length=3639] GIF89ah^@;[EMAIL PROTECTED]@[EMAIL
PROTECTED]<9B><92>§¡<99>¬5#QG:f~w<98>RLu±¯½[W<87>lk{ÆÅ×^_
e4 => 2H5j8KeSHbxSVBT-e4n8qCVEuxEA
id => 1.2
HASH - HASH(0x92986c8),4 keys
body => SCALAR - SCALAR(0x929a0fc)
[length=603] X-Razor2-Agent: Razor-Agents v2.36
cleaned => SCALAR - SCALAR(0x929b098)
[length=359] [EMAIL PROTECTED]@[EMAIL
PROTECTED]@ÿÿÿ÷÷ÿ÷÷÷ïï÷ïïïÞæ÷ÎÖïÎÖæÅÖæµÅï½æ¥½ï<9C>
e4 => 3VdpVX5_c8CYNNZmRf7jLwdi7VUA
id => 1.3
HASH - HASH(0x9298710),4 keys
body => SCALAR - SCALAR(0x86c937c)
[length=61633] X-Razor2-Origlen-Body: 143865
cleaned => SCALAR - SCALAR(0x929b0b0)
[length=45482] MZ<90>[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@^@
e4 => 6VnXTFeS8UDX8iF7ejSa8kf3gc8A
id => 1.4
Oct 13 10:15:49.641926 check[31341]: [ 6] skipping whitelist file (empty?):
/home/brw/.razor/razor-whitelist
Oct 13 10:15:49.642442 check[31341]: [ 5] Connecting to trumark.com is a Catalogue
Server srl 72; computed min_cf=6, Server se: 58
Oct 13 10:15:49.872810 check[31341]: [ 8] Computed supported_engines: 4
Oct 13 10:15:49.873206 check[31341]: [ 8] mail 1.0 e4 sig: hmqJ6wDP93aUwz03L88TPAe8SncA
Oct 13 10:15:49.873590 check[31341]: [ 8] mail 1.1 e4 sig: p1tFHFjBXW0jwSJYLxEJQY4T298A
Oct 13 10:15:49.873928 check[31341]: [ 8] mail 1.2 e4 sig: 2H5j8KeSHbxSVBT-e4n8qCVEuxEA
Oct 13 10:15:49.874261 check[31341]: [ 8] mail 1.3 e4 sig: 3VdpVX5_c8CYNNZmRf7jLwdi7VUA
Oct 13 10:15:49.874592 check[31341]: [ 8] mail 1.4 e4 sig: 6VnXTFeS8UDX8iF7ejSa8kf3gc8A
Oct 13 10:15:49.875013 check[31341]: [ 8] preparing 5 queries
Oct 13 10:15:49.876291 check[31341]: [ 8] sending 1 batches
Oct 13 10:15:49.876789 check[31341]: [ 4] truth.cloudmark.com << 264
Oct 13 10:15:49.877019 check[31341]: [ 6]
-a=c&e=4&ep4=7542-10&s=hmqJ6wDP93aUwz03L88TPAe8SncA
a=c&e=4&ep4=7542-10&s=p1tFHFjBXW0jwSJYLxEJQY4T298A
a=c&e=4&ep4=7542-10&s=2H5j8KeSHbxSVBT-e4n8qCVEuxEA
a=c&e=4&ep4=7542-10&s=3VdpVX5_c8CYNNZmRf7jLwdi7VUA
a=c&e=4&ep4=7542-10&s=6VnXTFeS8UDX8iF7ejSa8kf3gc8A
.
Oct 13 10:15:53.446015 check[31345]: [ 1] [bootup] Logging initiated LogDebugLevel=14
to file:/home/brw/.razor/razor-agent.log
Oct 13 10:15:53.447224 check[31345]: [ 5] computed razorhome=/home/brw/.razor,
conf=/home/brw/.razor/razor-agent.conf, ident=/home/brw/.razor/[EMAIL PROTECTED]
Oct 13 10:15:53.447829 check[31345]: [ 8] Client supported_engines: 1 2 3 4
Oct 13 10:15:53.450294 check[31345]: [ 8] prep_mail done: mail 1 headers=778,
mime0=4339
Oct 13 10:15:53.452541 check[31345]: [14] prepared objs:
ARRAY - ARRAY(0x8637a70),1 items
HASH - HASH(0x92211b4),5 keys
e1 => HASH - HASH(0x9220adc),2 keys
body => SCALAR - SCALAR(0x889a320)
[length=5134] From [EMAIL PROTECTED] Mon Oct 13 10:15:49 2003
id => 1.e1
headers => SCALAR - SCALAR(0x86d1a68)
[length=778] From [EMAIL PROTECTED] Mon Oct 13 10:15:49 2003
id => 1
orig_mail => SCALAR - SCALAR(0x889a320)
[length=5134] From 67h
Oct 13 10:15:53.453301 check[31345]: [5] read_file: 1 items read from
/home/brw/.razor/servers.discovery.lst
Oct 13 10:15:53.453683 check[31345]: [11] Read 1 from server listfile:
/home/brw/.razor/servers.discovery.lst
Oct 13 10:15:53.454194 check[31345]: [ 5] read_file: 2 items read from
/home/brw/.razor/servers.nomination.lst
Oct 13 10:15:53.454561 check[31345]: [11] Read 2 from server listfile:
/home/brw/.razor/servers.nomination.lst
Oct 13 10:15:53.455062 check[31345]: [ 5] read_file: 2 items read from
/home/brw/.razor/servers.catalogue.lst
Oct 13 10:15:53.455424 check[31345]: [11] Read 2 from server listfile:
/home/brw/.razor/servers.catalogue.lst
Oct 13 10:15:53.456151 check[31345]: [ 9] Assigning defaults to joy.cloudmark.com
Oct 13 10:15:53.456629 check[31345]: [ 9] Assigning defaults to folly.cloudmark.com
Oct 13 10:15:53.457105 check[31345]: [ 9] Assigning defaults to truth.cloudmark.com
Oct 13 10:15:53.457564 check[31345]: [ 9] Assigning defaults to stress.cloudmark.com
Oct 13 10:15:53.459552 check[31345]: [ 5] read_file: 11 items read from
/home/brw/.razor/server.joy.cloudmark.com.conf
Oct 13 10:15:53.461494 check[31345]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.truth.cloudmark.com.conf
Oct 13 10:15:53.463356 check[31345]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.stress.cloudmark.com.conf
Oct 13 10:15:53.465183 check[31345]: [ 5] read_file: 13 items read from
/home/brw/.razor/server.folly.cloudmark.com.conf
Oct 13 10:15:53.465872 check[31345]: [ 5] 148920 seconds before closest server
discovery
Oct 13 10:15:53.466492 check[31345]: [ 6] truth.cloudmark.com is a Catalogue Server
srl 72; computed min_cf=6, Server se: 58
Oct 13 10:15:53.467034 check[31345]: [ 8] Computed supported_engines: 4
Oct 13 10:15:53.467308 check[31345]: [11] No bootstrap_discovery (DNS) recently, not
recording .lst files
Oct 13 10:15:53.467585 check[31345]: [ 8] Using next closest server
truth.cloudmark.com:2703, cached info srl 72
Oct 13 10:15:53.467969 check[31345]: [ 8] mail 1 Subject: bqet complscent
Oct 13 10:15:53.472326 check[31345]: [11] computed min_cf=6, Server se: 58
Oct 13 10:15:53.649073 check[31345]: [ 8] Computed supported_engines: 4
Oct 13 10:15:53.649468 check[31345]: [ 8] mail 1.0 e4 sig: OR2NiaOaYHS-mFEUaMBcPS_xgeQA
Oct 13 10:15:53.649949 check[31345]: [ 8] preparing 1 queries
Oct 13 10:15:53.650554 check[31345]: [ 8] sending 1 batches
Oct 13 10:15:53.651047 check[31345]: [ 4] truth.cloudmark.com << 52
Oct 13 10:15:53.651276 check[31345]: [ 6]
a=c&e=4&ep4=7542-10&s=OR2NiaOaYHS-mFEUaMBcPS_xgeQA
Fair Winds and Following Seas,
Branden R. Williams, CISSP
<[EMAIL PROTECTED]>
http://www.brw.net/
--
Public Key ID: 0x442E9483 | PGP Keyserver: pgp.mit.edu
Public Key Fingerprint: 6B44 B798 934F 043D C34D 219F D628 FC0E 442E 9483
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Razor-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/razor-users
