Hi all, my internal mailserver is fully equipped with antivirus software, so i decided to declare it a noScanIP for assp (ASSP version 2.5.4(16294)). The outbound mail flow is: Exchange (192.168.12.241) -> ASSP (192.168.12.242:25) -> Postfix (127.0.0.1:125) -> internet
Here is an (anonymized) excerpt from the log which looks like assp ignores this setting and scans outgoing mails for virus regardless: 2016-10-25 19:59:53 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> info: found message size announcement: 13.09 kByte 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain [Plugin] calling plugin ASSP_AFC 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain info: 1 attachment found for Level-0 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <sender@my.domain> to: recipient@other.domain local (no bad attachments) 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] [MessageOK] 192.168.12.241 <sender@my.domain> to: recipient@other.domain message ok [Interesting subject here] -> /opt/assp/notspam/11989.eml 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <sender@my.domain> to: recipient@other.domain finished message - received DATA size: 11.92 kByte - sent DATA size: 12.55 kByte 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <sender@my.domain> to: recipient@other.domain disconnected: session:7FF1A5AF63D0 192.168.12.241 - processing time 1 seconds 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <sender@my.domain> to: recipient@other.domain ClamAV: scanned 12206 bytes in file /opt/assp/notspam/11989.eml - OK 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <sender@my.domain> to: recipient@other.domain FileScan: scanned 12206 bytes in file /opt/assp/notspam/11989.eml OK This is not a big deal at all, better scan twice than never. Id just like to know the wise guys explanation for this unexpected behaviour. Best regards Dirk ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test