[Mimedefang] Missed Viruses
Hi all, I seem to be having an issue with MD and clamAV. I am now running clamAV and Trends vscan - ClamAV first. Some viruses are slipping past ClamAV, but are being picked up by Trend. I have started to quarantine the ones picked up by Trend - and when I submit the entire message to the clamAV online scanner the virus is found. When I scan the entire message locally the virus is not found (which I thought was OK as I did not think clamAV would unpack it's own mime messages anyway.) Looking at the missed viruses they are all bounces from other systems that have attached in some way or form the entire virus. I am thinking that for some reason MD is not unpacking all the possible mime parts and thus clamAV never gets to see a binary file to check. I have thrown a sample at: http://lists.vu.edu.au/MD/ENTIRE_MESSAGE Has anyone else come accross this? Any ideas on what I may be doing wrong? Thanks, Stewart ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] OT: problem with helo
Hi, Thank you for the reply's, for now then I'll just take it that the telnet client is having issues and that this will not affect mail transfer when it is sent through email client/server's. Thanks for the help andrew -Original Message- From: Andrew Jayes Sent: 17 May 2004 15:55 To: [EMAIL PROTECTED] Subject: [Mimedefang] OT: problem with helo Hi, Sorry it's off topic, but I thought someone may know the answer. When I telnet to my mimedefang box on port 25. I get the standard greeting just fine. But if I type 'helo' it returns 'needs a domain' so I then put 'helo domain.com' and I am allowed to continue with the mail. What I have just found on a fresh telnet is, after the greeting if I put 'helo domain.com' I get 'command unrecognised' so I then have to put 'helo' and get the error and then 'helo domain.com'. Basically is this just how it is, or is something wrong? Many thanks Andrew ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] multiplexor problems
on an rh9.0 + sendmail installed from rpm In sendmail.mc have added INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang-multiplexor.sock, F=T, T=S:360s;R:360s;E:15m')dnl also multiplexor is started started with ./init-script from examples dir May 18 13:20:14 example.com sendmail[1630]: starting daemon (8.12.8): [EMAIL PROTECTED]:00:00 May 18 13:20:14 example.com sm-msp-queue[1639]: starting daemon (8.12.8): [EMAIL PROTECTED]:00:00 May 18 13:20:24 example.com mimedefang-multiplexor[1594]: handleCommand: Timeout or error: Flag = 3 May 18 13:20:24 example.com sendmail[1643]: i4IAKEAR001643: milter_read(mimedefang): cmd read returned 0, expecting 5 May 18 13:20:24 example.com sendmail[1643]: i4IAKEAR001643: Milter (mimedefang): to error state May 18 13:20:24 example.com sendmail[1643]: i4IAKEAR001643: Milter (mimedefang): init failed to open May 18 13:20:24 example.com sendmail[1643]: i4IAKEAR001643: Milter (mimedefang): to error state May 18 13:20:24 example.com sendmail[1643]: i4IAKEAR001643: Milter: initialization failed, temp failing commands May 18 13:20:24 example.com sm-msp-queue[1642]: i4I9wG64000886: to=auser, ctladdr=root (0/0), delay=00:22:08, xdelay=00:00:10, mailer=relay, pri=480025, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later May 18 13:20:24 example.com sm-msp-queue[1642]: i4IBQtq6000438: to=auser, ctladdr=root (0/0), delay=-1:-6:-31, xdelay=00:00:00, mailer=relay, pri=840026, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] multiplexor problems
Marius, In sendmail.mc have added INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang-multiplexor.sock, F=T, T=S:360s;R:360s;E:15m')dnl The milter config needs to point at the main MIMEdefang socket, not the multiplexor socket. Use: INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=C:15m;S:5m;R:5m;E:15m') ...and adjust the timeout values to something appropriate for your connection and requirements. The values shown here are as recommended on this list several times. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Missed Viruses
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stewart James I seem to be having an issue with MD and clamAV. Version of MD? If you're not running 2.42 or later then you'll have problems with clamav. Version of clamav? You need to be on either 0.70 or a similarly recent devel snapshot. Are you running clamd or clamscan with MD? I have started to quarantine the ones picked up by Trend - and when I submit the entire message to the clamAV online scanner the virus is found. When I scan the entire message locally the virus is not found (which I thought was OK as I did not think clamAV would unpack it's own mime messages anyway.) Maybe your signatures aren't current. Maybe you've not enabled the mailbox option. I have thrown a sample at: http://lists.vu.edu.au/MD/ENTIRE_MESSAGE Unfortunately you may have thrown it, but you forgot to allow anybody access to it: Forbidden You don't have permission to access /MD/ENTIRE_MESSAGE on this server. Apache/1.3.26 Server at lists.vu.edu.au Port 80 PLEASE - keep list traffic on the list. Email sent directly to me may be ignored utterly. -- Rob | What part of no was it you didn't understand? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Recovering Quarantined Message
Ok, I tried the FAQ item and since I don't have a ENTIRE_MESSAGE file, I'm out of luck? I just want the PART.1.BODY (.chm file) Where can I find the fang.pl? It says contrib/fang.pl but what's the rest of the path on that? Thanks, -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Quarantined message
Nevermind on the path.. ;) I thought it was a web URL reference.. -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Hardware Recommendation for MD
Dear all i have 2 mail server running Mimedefang , ClamAv , Openwebmail , The machines have following specs Compaq Proliant 1600 Sun Ultra Sparc E250 Pentium II RAM 1 GB RAM 1 GB OS: Solaris 9 OS : Linux Mail Volume 35 message/minute 25 message/minute i want to make Single Mail Gateway Machine for Filtering i have following spec machine avaible for that Entry Level Server Dual Processor BoardPreferred Software 1 Processor Pentitium III 1200 MHZ OS : Linux RAM 1 GB Mimedefang,Clamav, Spamassassin , vipul Razor , openwebmail 2 SCSI Disks Mailing clients are increasing not too fast. Should the above is enough or i should another Processor and more RAM Plz comment and recommend Regards Muhammad Talha ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RBL's
On Mon, 17 May 2004, Ben Kamen wrote: I agree on SpamHaus. They have rational methodology for entries in the list. I use them and ORDB. Between those 2 and my own access list for sendmail - I have great success at this point. Yea, maybe I get 5 SPAMs a day - but I can live with that. Based on everyone's feed back, i put Spamhaus as my first sendmail dnsbl. It blocked 27,283 connections since 10:33am today. Sweet. No complaints yet. Do these rejects show up in the mailstats command? I am graphing with rrdtool the esmtp msgsrej data, but i'm guessing the dnsbl is showing up under C (TCP connections) row msgsrej. What's the difference between the esmtp msgsrej and the tcp msgsrej? [EMAIL PROTECTED] 2004]# grep -c 'see http://www.spamhaus.org' /sendmail/logs/maillog; mailstats 1009 Statistics from Wed May 19 00:00:23 2004 M msgsfr bytes_from msgstobytes_to msgsrej msgsdis Mailer 4 445 23072K 471 1746K 46 33 esmtp 9 97442K0 0K0 0 local = T 542 23514K 471 1746K 46 33 C 1655 516 1186 ray ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
