Re: Should I try the Qmail-scanner?
On Thu, Dec 21, 2000 at 09:45:41AM +0800, Paul Tan wrote: > Hi guys and gals, > > I can't compile qmail-scanner on solaris 8. > uudecode fails with an option error > broken uudecoder on your system - cannot use uudecode component > > Error msg: test-uudecode.tst: No such file or directory Please join the Qmail-Scanner mailing-list. The Qmail list is busy enough without everyone having to worry about all sundrey related packages... http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general BTW: The compile didn't fail: "cannot use uudecode component" is what happened. You have ended up with a Qmail-Scanner that just doesn't internally support uuencoded files. If the commercial scanner you are using in conjunction with Qmail-Scanner supports uuencode, then you have no problem anyway. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
Hi guys and gals, I can't compile qmail-scanner on solaris 8. uudecode fails with an option error __ bash-2.03# CC=gcc ./configure --admin postmaster --domain trevda.com --archive /var/spool/qmailscan --install This script will search your system for the virus scanners it knows about, and will ensure that all external programs qmail-scanner-queue.pl uses are explicitly pathed for performance reasons. It will then generate qmail-scanner-queue.pl - it is up to you to install it correctly. Continue? ([Y]/N) y Usage: grep -hblcnsviw pattern file . . . broken uudecoder on your system - cannot use uudecode component Error msg: test-uudecode.tst: No such file or directory Found tnef on your system! That means we'll be able to decode stupid M$ attachments :-) The following binaries and scanners were found on your system: reformime=/usr/local/bin/reformime unzip=/usr/bin/unzip tnef=/usr/local/bin/tnef If that looks correct, I will now generate qmail-scanner-queue.pl for your system... Continue? ([Y]/N) Is there a patch for it to work on solaris or do i have to edit the "configure" file myself? Thks Paul - Original Message - From: "Jason Haar" <[EMAIL PROTECTED]> To: "qmail list" <[EMAIL PROTECTED]> Sent: Wednesday, December 20, 2000 5:46 AM Subject: Re: Should I try the Qmail-scanner? > On Tue, Dec 19, 2000 at 09:00:38PM +0100, Ruprecht Helms wrote: > > Am Die, 19 Dez 2000 schrieb Eric Wang: > > > Hi, guys > > > > > > I am thinking to apply the Qmail-scanner to block the virus attachement, > > > > better you try Amavis Scanner. The qmail-scanner is buggy and there isn't > > a fix for the wanted patch qmailscanner is asking for. > > Please don't report FUD about my work! :-) > > Qmail-Scanner is NOT buggy. The patch referred to on the homepage DOES work > and works for (almost) everyone who tries it. I'd guess your system has a > broken patch program or you are just calling it incorrectly. > > Is there anyone out there with an altered distribution of qmail-1.03 that > contains the QMAILQUEUE patch? Pointing people to such a beast would > certainly allow some less experienced people to get going... > > http://qmail-scanner.sourceforge.net/ > > > -- > Cheers > > Jason Haar > > Unix/Special Projects, Trimble NZ > Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
So, do u use the external viru scan software? or only the qmail-scan defaut? Which external viru scanner r u using? how big is the difference both on speed and secutiy? On Wed, 20 Dec 2000 00:34:35 +0100 "Einar Bordewich" <[EMAIL PROTECTED]> wrote: > We have been using qmail-scanner several months now, I can highly recomend > this solution. We are splitting the load on two dual PIII 700 proc. servers > with 512MB each. > Also running the QMAILQUEUE patch with no problems. > > Here are the viruses trapped since 23/08/2000 15:30:48, and I must say that > this solution is doing it's job. > > 230virus TROJ_NAVIDAD.A > 202virus VBS_LOVELETTR.AS > 58virus TROJ_MTX.A > 53virus VBS_KAKWORM.A > 33virus TROJ_HYBRIS.B > 23virus VBS_LOVELETTER-O > 22virus VBS_COLOMBIA > 21virus TROJ_PRETTY_PARK > 19virus PE_CIH > 18virus TROJ_SKA > 15virus PE_MTX.A > 13virus W97M_ETHAN.A > 13Possibly a misdisinfected virus > 12 Love Letter Virus/Trojan > 12virus VBS_STAGES.A > 10Joke program > 7virus W97M_THUS > 6virus JOKE_WOW > 6virus JOKE_FLIPPED > 5virus JOKE_RABBIT > 5virus JOKE_CURSOR.A > 5the W97M/Thus.gen virus !!! > 4virus JOKE_GESCHENK > 4virus JOKE_BUTTONS > 4the WScript/Kak.worm virus !!! > 3virus WM_CAP > 3virus W97M_MARKER > 3virus TROJ_HYBRIS.D > 3the JS/Kak@M virus !!! > 2 Joke/Win-Wobble > 2 Joke/Cokegift > 2virus W97M_WRENCH.E > 2virus W97M_OCARD.A > 2virus W97M_CLASS.Q > 2virus TROJ_SHOCKWAVE.A > 2virus O97M_TRISTATE > 2virus JOKE_SMALLPEN > 2virus JOKE_POINTER.A > 2virus JOKE_KNIJPME > 2virus JOKE_32 > 2the JS/Kak.worm virus !!! > 1 Happy99 Trojan > 1virus X97M_LAROUX.JH > 1virus X97M_LAROUX.BU > 1virus WM_MENTAL.A > 1virus W97M_TITCH.A > 1virus W97M_THUS.I > 1virus W97M_SELIUQ.B > 1virus W97M_SATELLITE > 1virus W97M_PRI.B > 1virus W97M_Generic > 1virus W97M_CLASS.QA > 1virus W97M_CHACK > 1virus W97M_BDOC2X > 1virus W97M_A_OPEY_03 > 1virus TROJ_COCED.240 > 1virus JOKE_FREIBIER.B > 1virus JOKE_DEL_WINDOWS > 1the W97M/Nalp.gen virus !!! > 1the W95/MTX@M virus !!! > 1the W32/Pretty.worm.gen virus !!! > 1the W32/MTX@M virus !!! > 1the BackDoor-HO.cli trojan !!! > > > > -- > > IDG New MediaEinar Bordewich > Development Manager Phone: +47 2336 1420 > E-Mail: eibo(at)newmedia.no > >
Re: Should I try the Qmail-scanner?
Yes they do. But they can also be misused, by for instance the zip file you provided the link for. My servers did'nt take harm of this file, but I'm sure that if I did'nt have the free disk space I have on my servers, they would. I'm not sure what qmail-scanner does if the process running out of disk space. If it removes the uncompressed files, or if it leaves it there. I'll better test that ;-) Of course the server would have problems when several instances would connect sending this file, and this will happen with qmail-scanner since qmail-scanner-queue.pl don't terminate the smtp session until the mail is finnished scanned. This would make the other server timeout, resending the mail. Then again, qmail-scanner/perlscan_scanner provides the ability to deny the mail based on the attachement being of type .zip and of size 42374 bytes solving that problem. I guess both of us can agree on the fact that there is a lot of different ways to make malicious damage to mailservers. -- IDG New MediaEinar Bordewich Development Manager Phone: +47 2336 1420 E-Mail: eibo(at)newmedia.no - Original Message - From: "Felix von Leitner" <[EMAIL PROTECTED]> To: "qmail list" <[EMAIL PROTECTED]> Sent: Wednesday, December 20, 2000 7:54 PM Subject: Re: Should I try the Qmail-scanner? > Thus spake Einar Bordewich ([EMAIL PROTECTED]): > > We have been using qmail-scanner several months now, I can highly recomend > > this solution. We are splitting the load on two dual PIII 700 proc. servers > > with 512MB each. > > Virus scanners don't solve the problem. > > http://www.fefe.de/antivirus/42.zip > > Felix >
Re: Should I try the Qmail-scanner?
Felix von Leitner <[EMAIL PROTECTED]> writes on 20 December 2000 at 19:54:33 +0100 > Thus spake Einar Bordewich ([EMAIL PROTECTED]): > > We have been using qmail-scanner several months now, I can highly recomend > > this solution. We are splitting the load on two dual PIII 700 proc. servers > > with 512MB each. > > Virus scanners don't solve the problem. And police don't solve the problem of crime, and schools don't solve the problem of ignorance, and locks don't solve the problem of burglars. I still think it's stupid not to have locks on the doors to your house, even though they (and the police) don't completely solve the problem. Possibly virus scanners don't solve the problem, and are still useful? -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: Should I try the Qmail-scanner?
Thus spake Einar Bordewich ([EMAIL PROTECTED]): > We have been using qmail-scanner several months now, I can highly recomend > this solution. We are splitting the load on two dual PIII 700 proc. servers > with 512MB each. Virus scanners don't solve the problem. http://www.fefe.de/antivirus/42.zip Felix
Re: Should I try the Qmail-scanner?
We have been using qmail-scanner several months now, I can highly recomend this solution. We are splitting the load on two dual PIII 700 proc. servers with 512MB each. Also running the QMAILQUEUE patch with no problems. Here are the viruses trapped since 23/08/2000 15:30:48, and I must say that this solution is doing it's job. 230 virus TROJ_NAVIDAD.A 202 virus VBS_LOVELETTR.AS 58 virus TROJ_MTX.A 53 virus VBS_KAKWORM.A 33 virus TROJ_HYBRIS.B 23 virus VBS_LOVELETTER-O 22 virus VBS_COLOMBIA 21 virus TROJ_PRETTY_PARK 19 virus PE_CIH 18 virus TROJ_SKA 15 virus PE_MTX.A 13 virus W97M_ETHAN.A 13 Possibly a misdisinfected virus 12 Love Letter Virus/Trojan 12 virus VBS_STAGES.A 10 Joke program 7 virus W97M_THUS 6 virus JOKE_WOW 6 virus JOKE_FLIPPED 5 virus JOKE_RABBIT 5 virus JOKE_CURSOR.A 5 the W97M/Thus.gen virus !!! 4 virus JOKE_GESCHENK 4 virus JOKE_BUTTONS 4 the WScript/Kak.worm virus !!! 3 virus WM_CAP 3 virus W97M_MARKER 3 virus TROJ_HYBRIS.D 3 the JS/Kak@M virus !!! 2 Joke/Win-Wobble 2 Joke/Cokegift 2 virus W97M_WRENCH.E 2 virus W97M_OCARD.A 2 virus W97M_CLASS.Q 2 virus TROJ_SHOCKWAVE.A 2 virus O97M_TRISTATE 2 virus JOKE_SMALLPEN 2 virus JOKE_POINTER.A 2 virus JOKE_KNIJPME 2 virus JOKE_32 2 the JS/Kak.worm virus !!! 1 Happy99 Trojan 1 virus X97M_LAROUX.JH 1 virus X97M_LAROUX.BU 1 virus WM_MENTAL.A 1 virus W97M_TITCH.A 1 virus W97M_THUS.I 1 virus W97M_SELIUQ.B 1 virus W97M_SATELLITE 1 virus W97M_PRI.B 1 virus W97M_Generic 1 virus W97M_CLASS.QA 1 virus W97M_CHACK 1 virus W97M_BDOC2X 1 virus W97M_A_OPEY_03 1 virus TROJ_COCED.240 1 virus JOKE_FREIBIER.B 1 virus JOKE_DEL_WINDOWS 1 the W97M/Nalp.gen virus !!! 1 the W95/MTX@M virus !!! 1 the W32/Pretty.worm.gen virus !!! 1 the W32/MTX@M virus !!! 1 the BackDoor-HO.cli trojan !!! -- IDG New MediaEinar Bordewich Development Manager Phone: +47 2336 1420 E-Mail: eibo(at)newmedia.no
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > I am thinking to apply the Qmail-scanner to block the virus attachement, > but I am wondering if this thing is a stable and efficient add-on and > worth to have a try, because for our production mail and mail list > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. we're using qmail-scanner + f-secure since a few weeks, and it seems to work really well : already trapped some mails with word macro viruses. Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
Re: Should I try the Qmail-scanner?
Jason Haar <[EMAIL PROTECTED]> wrote: > > Is there anyone out there with an altered distribution of qmail-1.03 that > contains the QMAILQUEUE patch? Pointing people to such a beast would > certainly allow some less experienced people to get going... Bruce Guenter's qmail SRPM might contain the patch, considering that he wrote it: http://em.ca/~bruceg/ Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 09:00:38PM +0100, Ruprecht Helms wrote: > Am Die, 19 Dez 2000 schrieb Eric Wang: > > Hi, guys > > > > I am thinking to apply the Qmail-scanner to block the virus attachement, > > better you try Amavis Scanner. The qmail-scanner is buggy and there isn't > a fix for the wanted patch qmailscanner is asking for. Please don't report FUD about my work! :-) Qmail-Scanner is NOT buggy. The patch referred to on the homepage DOES work and works for (almost) everyone who tries it. I'd guess your system has a broken patch program or you are just calling it incorrectly. Is there anyone out there with an altered distribution of qmail-1.03 that contains the QMAILQUEUE patch? Pointing people to such a beast would certainly allow some less experienced people to get going... http://qmail-scanner.sourceforge.net/ -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
Markus Stumpf wrote: > > On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > > server the stability and efficiency is extremely high demand. > > Any suggestion and experience are highly appreciated. > > First I have to say that we don't use the scanner. > > Some month ago someone posted to this list that plugging a virus scanner > in at a busy mail server demands a magnitude of 300-400% more cpu > power as compared to running without one. > So, if efficiency is a extremely high demand for you check your ressources. > > I don't think that the qmail-scanner alone will have any effect on the > stability tho. > > \Maex > > -- > SpaceNet AG | http://www.Space.Net/ | Stress is when you wake > Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you > Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't Consider this scenario for incoming mail: mail.company.com on one side of firewall - firewall.internal.company.com on inside running sendmail forwarding to scanningbox.internal.company.com that is aliased in dns to smtp.internal.company.com forwards everything to imap.internal.company.com (this is your main qmail server) Consider this scenario for outgoing mail: smtp in clients configured to use scanningbox.internal.company.com scanningox forwards everything to imap.internal.company.com imap.internal.company.com forwards all outgoing mail to firewall.internal.company.com Configuration: smtp.internal.company.com (scanningbox) is the highest mx record in the company. This way, scanningbox scans all incoming and outgoing messages and doesn't put a load on the mail server. Mike
RE: Should I try the Qmail-scanner?
I run the scanner to block vbs attachments. I'm only handling mail for 35 people (with very light/moderate mail traffic) so it doesn't make any noticeable dent in performance. Keep in mind that it is written in perl and on the page they tell you what to expect in terms of getting hardware to compensate for using the scanner on a production machine. -Original Message- From: Markus Stumpf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 12:46 PM To: qmail list Subject: Re: Should I try the Qmail-scanner? On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. First I have to say that we don't use the scanner. Some month ago someone posted to this list that plugging a virus scanner in at a busy mail server demands a magnitude of 300-400% more cpu power as compared to running without one. So, if efficiency is a extremely high demand for you check your ressources. I don't think that the qmail-scanner alone will have any effect on the stability tho. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Should I try the Qmail-scanner?
Am Die, 19 Dez 2000 schrieb Eric Wang: > Hi, guys > > I am thinking to apply the Qmail-scanner to block the virus attachement, better you try Amavis Scanner. The qmail-scanner is buggy and there isn't a fix for the wanted patch qmailscanner is asking for. If someone has fixed the problem, please post a file in this list that all members of the list can use it. Regards, Ruprecht
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. First I have to say that we don't use the scanner. Some month ago someone posted to this list that plugging a virus scanner in at a busy mail server demands a magnitude of 300-400% more cpu power as compared to running without one. So, if efficiency is a extremely high demand for you check your ressources. I don't think that the qmail-scanner alone will have any effect on the stability tho. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Should I try the Qmail-scanner?
Hi, guys I am thinking to apply the Qmail-scanner to block the virus attachement, but I am wondering if this thing is a stable and efficient add-on and worth to have a try, because for our production mail and mail list server the stability and efficiency is extremely high demand. Any suggestion and experience are highly appreciated. Thanks!