If a mail was not virus scanned for any reason, the file stored in the
corpus is scanned for security reasons.
You can see this, looking at the sequence
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain disconnected:
session:7FF1A5AF63D0 192.168.12.241 - processing time 1 seconds
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain ClamAV: scanned 12206 bytes
in
file /opt/assp/notspam/11989.eml - OK
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain FileScan: scanned 12206
bytes
in file /opt/assp/notspam/11989.eml OK
the connection was closed, the .eml file was stored - every thing
finished. But assp knows that ClamAV is enabled and the mail was not
checked - the .eml file is checked.
Thomas
Von: "Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'"
<assp-test@lists.sourceforge.net>
Datum: 26.10.2016 12:10
Betreff: [Assp-test] noScanIP ignored (outgoing mail)?
Hi all,
my internal mailserver is fully equipped with antivirus software, so i
decided to declare it a noScanIP for assp (ASSP version 2.5.4(16294))..
The outbound mail flow is: Exchange (192.168.12.241) -> ASSP
(192.168.12.242:25) -> Postfix (127.0.0.1:125) -> internet
Here is an (anonymized) excerpt from the log which looks like assp ignores
this setting and scans outgoing mails for virus regardless:
2016-10-25 19:59:53 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> info: found message size announcement:
13.09 kByte
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain [Plugin]
calling plugin ASSP_AFC
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain info: 1
attachment found for Level-0
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241 <sender@my.domain> to: recipient@other.domain local (no bad
attachments)
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
[MessageOK]
192.168.12.241 <sender@my.domain> to: recipient@other.domain message ok
[Interesting subject here] -> /opt/assp/notspam/11989.eml
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain finished message - received
DATA size: 11.92 kByte - sent DATA size: 12.55 kByte
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain disconnected:
session:7FF1A5AF63D0 192.168.12.241 - processing time 1 seconds
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain ClamAV: scanned 12206 bytes
in
file /opt/assp/notspam/11989.eml - OK
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
<sender@my.domain> to: recipient@other.domain FileScan: scanned 12206
bytes
in file /opt/assp/notspam/11989.eml OK
This is not a big deal at all, better scan twice than never. Id just like
to know the wise guys explanation for this unexpected behaviour.
Best regards
Dirk
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
