Re: Qmail-Scanner
On 14 Aug 2001 02:47:18 +0200, Craig Spiers <[EMAIL PROTECTED]> wrote: > is there any way to make qmail-scanner leave an email it has been scanned > allready? You do not want to do this, because between two runs of the qmail-scanner is one .qmail file, where it is very simple to add a virus... Greetings -- Robert Sander Computer Scientist Epigenomics AG Bioinformatics R&Dwww.epigenomics.com Kastanienallee 24 +493024345330 10435 Berlin
Qmail-Scanner
Hi All, Im using qmail-scanner etc.. I have one problem however, im using fastforward to do aliasing, and qmail- scanner scan's and print's headers on the email's twice .. is there any way to make qmail-scanner leave an email it has been scanned allready? Regards, Craig
Re: qmail scanner argument problem
On Mon, Jul 30, 2001 at 10:10:01AM +, Philipp Steinkrüger wrote: > Hi, > > i am having problems with qmail-scanner. Emails without viruses Please join the Qmail-Scanner mailing-list - this really isn't a Qmail problem. http://qmail-scanner.sourceforge.net/ > are delivered without problems, but emails containing viruses > are not. if i send a virus to my server my log file is flooded > with /bin/sh option lists. see this example: > > Jul 30 12:02:12 d smtpd: 996487332.723919 sh: - : unrecognized option Well, a guess would be that one of the executables called by Qmail-Scanner isn't what it appeared to be. As it only occurs when a virus is found, I'd guess it's either one of your virus scanners, or a bunged-up qmail-inject program. What does qmail-queue.log show when these occur? -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
qmail scanner argument problem
Hi, i am having problems with qmail-scanner. Emails without viruses are delivered without problems, but emails containing viruses are not. if i send a virus to my server my log file is flooded with /bin/sh option lists. see this example: Jul 30 12:02:12 d smtpd: 996487332.723919 sh: - : unrecognized option Jul 30 12:02:12 d smtpd: 996487332.725266 Usage:?sh [GNU long option] [option] ... Jul 30 12:02:12 d smtpd: 996487332.725451 ?sh [GNU long option] [option] script-file ... Jul 30 12:02:12 d smtpd: 996487332.726332 GNU long options: Jul 30 12:02:12 d smtpd: 996487332.726541 ?--debug Jul 30 12:02:12 d smtpd: 996487332.727823 ?--dump-po-strings Jul 30 12:02:12 d smtpd: 996487332.728720 ?--dump-strings Jul 30 12:02:12 d smtpd: 996487332.730062 ?--help Jul 30 12:02:12 d smtpd: 996487332.730956 ?--login Jul 30 12:02:12 d smtpd: 996487332.731152 ?--noediting Jul 30 12:02:12 d smtpd: 996487332.732205 ?--noprofile Jul 30 12:02:12 d smtpd: 996487332.733088 ?--norc Jul 30 12:02:12 d smtpd: 996487332.733281 ?--posix Jul 30 12:02:12 d smtpd: 996487332.734324 ?--rcfile Jul 30 12:02:12 d smtpd: 996487332.735210 ?--restricted Jul 30 12:02:12 d smtpd: 996487332.735406 ?--verbose Jul 30 12:02:12 d smtpd: 996487332.736698 ?--version Jul 30 12:02:12 d smtpd: 996487332.737591 ?--wordexp Jul 30 12:02:12 d smtpd: 996487332.737781 Shell options: Jul 30 12:02:12 d smtpd: 996487332.738884 ?-irsD or -c command??(invocation only) Jul 30 12:02:12 d smtpd: 996487332.739853 ?-abefhkmnptuvxBCHP or -o option I search qmail-scanner-queue.pl to see if there is /bin/sh execution with wrong paramteres, but there it seems there is none. Any help or ideas ? Regards, philipp Philipp Steinkrüger Technik Oberberg Online Tel.: +49 2261 814240 Fax: +49 2261 814919 www.oberberg.net [EMAIL PROTECTED]
Re: Regarding Qmail-scanner
"s.sunil" <[EMAIL PROTECTED]> writes: > on my server if i send one mail with virus throgh sqwebmail > to one of my domain it is working qmail-scanner give it report > perfectly but if somebody send mail from yahoo.com or any > other it will unable to scan it will allow the virus I think you didn't set the QMAILQUEUE environment variable for smtp connections. When using tcpserver it can be set in the access control file: :allow,QMAILQUEUE="..." Regards, Frank
Regarding Qmail-scanner
Dear Friend First let me introduce my self i am sunil from india and i am working as a trainee linux server administrator I am working on suse 7.1 I installed qmail-1.3 with vpopmail and sqwebmail sucessfullyt their are not 200 virtual domains on the mail server i also installed the qmail-scanner(0.96) it instlled the sucessfully but it works only with my domains meance which are hosted on my server if i send one mail with virus throgh sqwebmail to one of my domain it is working qmail-scanner give it report perfectly but if somebody send mail from yahoo.com or any other it will unable to scan it will allow the virus So where is the problem can you help to solve this or can you give some urls from there i can get solution for this problem thanku very much Warm Regards, Sunil Sharma Drushti Info-Networks Private Limited 214 Surya Plaza, LBS Road Navi Peth Pune - 411030. Phone : 9120 4007546 Email : [EMAIL PROTECTED] http://www.dinpl.com
Re: Qmail-scanner or spam problem??
Hi Chris, Seems to me, that the scanner reported the virus, that is running wild on the internet right now, it's called SirCam and is a worm. It uses a randomly chosen document attachments for its spreading out and disguises itself as a word document, but as you can see because of the .com extension it really is an executable. Check out http:[EMAIL PROTECTED] for further information. The last few days our Anti-Virus SMTP Gateway cleaned about 300 documents containing this beast. Regards Reto Inversini - Original Message - From: "Chris Moore" <[EMAIL PROTECTED]> To: "Qmail (E-mail)" <[EMAIL PROTECTED]> Sent: Thursday, July 26, 2001 7:34 PM Subject: Qmail-scanner or spam problem?? > Hi, in the last few days, I have been getting about 30-50 of the following > error messages daily related to qmail-scanner whereas I used to get only > about 10 a day: > > --- > Attention: System Anti-Virus Administrator. > > [This message was _not_ sent to the originator, as they appear to > be a mailing-list or other automated Email message] > > > A Illegal attachment type was found in an Email message you sent. > This Email scanner intercepted it and stopped the entire message > reaching it's destination. > > The Illegal attachment type was reported to be: > > Executables > > > Please contact your I.T support personnel with any queries regarding this > policy. > > > Your message was sent with the following envelope: > > MAIL FROM: > RCPT TO: [EMAIL PROTECTED] > > ... and with the following headers: > > From:System Administrator <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Undeliverable: New Microsoft Word Document > Message-ID: <89F778E18E64D511992900010276889622116C@MERCURY> > Date:Thu, 26 Jul 2001 13:20:52 -0400 > > > > The original message is kept in: > > xx.com:/var/spool/qmailscan/quarantine > > where the System Anti-Virus Administrator can further diagnose it. > > The Email scanner reported the following when it scanned that message: > > --- > > ---perlscanner results --- > Illegal attachment type 'Executables' found in file > /var/spool/qmailscan/xx.com9961680364862/_Microsoft_Word_Documen > t.doc.com > > > It appears to be relay spam, but could it be a problem with the > scanning?...or a message stuck in the queue? I don't know the originator, > but I assume they keep sending it periodically. It also looks like a way to > get DoS by filling my disk with attachments. > > Anyone have any ideas or a workaround or solution? > > Thanks! > ... > Chris
qmail-scanner fatal error
hey there everyone,
I'm running into a bit of a snag with the
installation of my qmail-scanner program. When I run ./configure
--install, I get the following error:
X-Qmail-Scanner-0.96: cannot open for write
/var/spool/qmailscan/quarantine-attachments.db.tmp - Permission
denied
Insecure $ENV{ENV} while running setuid @
/var/qmail/bin/qmail-scanner-queue.pl line 680
Anyone have any ideas what i can do to fix
it? I'm completely stumped as are the people that I've consulted to date
on this problem
Thanks!
Michel Rondeau
Re: qmail-queue-patch and qmail-scanner
On Sun, Jul 08, 2001 at 10:57:08AM +0200, Andreas Grip wrote: > Nope, I'm not misstaken. An infected mail is not rejected while my smtp > server is receiving the mail, it turn of the connection with an ok. No > bounce at this time. And then it sends an bounce to the sender with > virus warning message. Absolutely right. I cannot send a SMTP error back during the DATA phase otherwise the sending SMTP server just bounces the Email message with little or no reason. SMTP error messages aren't any good when you're wanting to convey an elaborate reason why it bounced (e.g. "it was the KAK worm virus") and in several languages :-) OTOH it is still real-time. An original design decisions behind Qmail-Scanner - which I am still happy with - was that I wasn't going to re-invent the wheel and do post-scanning, and I would then have to design my own queuing system, retries, etc. The way it is designed means all such issues are taken care of by standard SMTP. 10-20 minutes is the standard maximum time a SMTP server expects to be sitting in DATA phase, if a mail message takes longer than that to be scanned by whatever virus scanner you have chosen (that will be where the bottleneck is - not with Q-S), then you seriously have to look at: a> your choice of scanner b> upgrading your hardware. I have seen thrown around the "fact" that to run a real-time SMTP virus scanner requires around 10x the amount of hardware that not scanning would. Sounds about right. That isn't as bad as it sounds as we all over-spec SMTP relay servers these days anyway. We run two different virus scanners over each piece of Email entering and leaving our network via Qmail-Scanner. The load on these boxes has increased from a load average of 0.02 to 0.06, and climbs to 30+ when we have hour+ network outages. The sudden onslaught of mail after an outage is the killer. Always spec for outages... Also, don't forget, disk IO is most important for SMTP servers. When you start virus scanning, you must add CPU and RAM to that as well. i.e. Big AV mail servers need lots of RAM, lots of CPU as well as fast disks. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: qmail-queue-patch and qmail-scanner
Charles Cazabon wrote: > > Andreas Grip <[EMAIL PROTECTED]> wrote: > > > > > > I don't think this is a great idea; it means you have to accept every message, > > > then scan them, then generate late bounces, instead of rejecting them during > > > the initial SMTP conversation. > > > > qmail-scanner do not reject them, it just bounce them. > > I think you're mistaken, although I don't use qmail-scanner. Issuing a 4xx or > 5xx code after DATA _is_ rejecting a message -- it's also a bounce, although > if it's done during the SMTP conversation, the sending MTA is responsible for > generating the bounce message. Nope, I'm not misstaken. An infected mail is not rejected while my smtp server is receiving the mail, it turn of the connection with an ok. No bounce at this time. And then it sends an bounce to the sender with virus warning message. > > And what diffrent should that make if the bunce is a few minutes late? It > > will be late for the sender anyway because they use their ISP:s smtp server > > and the mail will be sended from that to my smtp server that scan the mail. > > There's a big difference. See above. Late bounces have to be generated by > your MTA and delivered; if the message is bounced during the initial SMTP > conversion, the bounce message is the responsibility of the sending MTA, not > the receiving one. Maybe there should be an idea to change the behavior of qmail-scanner so it reject the mail instead of accepting it. But then where can not be so much details in the virus report because the sending smtp do not know anything about the virus. > > > What problem are you trying to solve? Why do you think making the SMTP > > > client wait a minute or two is a bad idea? > > > > Well, a smtp-server receiving a lot of mail can reach the limit of maximum > > allowed simultanius connection. If the smtp server close the connection > > faster there will be more time over and the server is able to receive more > > mail. So I think a server, that are faster with closing the connection > > should be more efficient. > > Profile, don't speculate. You're trying to solve a problem that doesn't > exist. I'm not trying to solve a problem that dosen't exist. I'm just trying to make sure that there will not be any problems. > > Charles > -- > --- > Charles Cazabon<[EMAIL PROTECTED]> > GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ > ---
Re: qmail-queue-patch and qmail-scanner
On Sat, Jul 07, 2001 at 09:19:19PM +0200, Andreas Grip wrote: > Well, a smtp-server receiving a lot of mail can reach the limit of > maximum allowed simultanius connection. If the smtp server close the > connection faster there will be more time over and the server is able to > receive more mail. So I think a server, that are faster with closing the > connection should be more efficient. If scanning incoming mail takes that long, either upgrade your hardware or push the scanning problem to the end-users (ie. get them to buy an anti-virus package or something). Trying to accept even more mail, when you're already having trouble clearing the mail you've already received, is IMO A Really Bad Idea In A World Full Of Bad Ideas. - Adrian
Re: qmail-queue-patch and qmail-scanner
Andreas Grip <[EMAIL PROTECTED]> wrote: > > > > I don't think this is a great idea; it means you have to accept every message, > > then scan them, then generate late bounces, instead of rejecting them during > > the initial SMTP conversation. > > qmail-scanner do not reject them, it just bounce them. I think you're mistaken, although I don't use qmail-scanner. Issuing a 4xx or 5xx code after DATA _is_ rejecting a message -- it's also a bounce, although if it's done during the SMTP conversation, the sending MTA is responsible for generating the bounce message. > And what diffrent should that make if the bunce is a few minutes late? It > will be late for the sender anyway because they use their ISP:s smtp server > and the mail will be sended from that to my smtp server that scan the mail. There's a big difference. See above. Late bounces have to be generated by your MTA and delivered; if the message is bounced during the initial SMTP conversion, the bounce message is the responsibility of the sending MTA, not the receiving one. > > What problem are you trying to solve? Why do you think making the SMTP > > client wait a minute or two is a bad idea? > > Well, a smtp-server receiving a lot of mail can reach the limit of maximum > allowed simultanius connection. If the smtp server close the connection > faster there will be more time over and the server is able to receive more > mail. So I think a server, that are faster with closing the connection > should be more efficient. Profile, don't speculate. You're trying to solve a problem that doesn't exist. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: qmail-queue-patch and qmail-scanner
Andreas Grip <[EMAIL PROTECTED]> writes: > connection faster there will be more time over and the server is able to > receive more mail. So I think a server, that are faster with closing the > connection should be more efficient. Then the backlog is on your server. You still have to scan the mails and this is the time consuming thing. Additionally you get the overhead of two queues. Regards, Frank
Re: qmail-queue-patch and qmail-scanner
Charles Cazabon wrote: > > Andreas Grip <[EMAIL PROTECTED]> wrote: > > > > I'm using the qmail-queue-patch together with the qmail-scanner and I'm also > > thinking about to put some spamfilters before or after the antivirus > > scanning. > [...] > > Is it ok to let the sending smtp server to wait so long time before > > [qmail-scanner] has processed the mail? For me it sounds like a bad idea to > > let them wait. > > No, a few minutes wait is perfectly fine. > > > So I'm thinking about to create another queue that the mail can be placed in > > first so qmail can tell the sender that it has ben received and then start > > to scan and filtering the mail in that queue before it deliver it to the > > original queue. > > I don't think this is a great idea; it means you have to accept every message, > then scan them, then generate late bounces, instead of rejecting them during > the initial SMTP conversation. qmail-scanner do not reject them, it just bounce them. And what diffrent should that make if the bunce is a few minutes late? It will be late for the sender anyway because they use their ISP:s smtp server and the mail will be sended from that to my smtp server that scan the mail. > What problem are you trying to solve? Why do you think making the SMTP client > wait a minute or two is a bad idea? Well, a smtp-server receiving a lot of mail can reach the limit of maximum allowed simultanius connection. If the smtp server close the connection faster there will be more time over and the server is able to receive more mail. So I think a server, that are faster with closing the connection should be more efficient. > > Charles > -- > --- > Charles Cazabon<[EMAIL PROTECTED]> > GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ > ---
Re: qmail-queue-patch and qmail-scanner
Lukas Beeler <[EMAIL PROTECTED]> wrote: > At 12:27 07.07.2001 -0600, you wrote: > >Andreas Grip <[EMAIL PROTECTED]> wrote: > > > > > So I'm thinking about to create another queue that the mail can be > > > placed in first so qmail can tell the sender that it has ben received > > > and then start to scan and filtering the mail in that queue before it > > > deliver it to the original queue. > > > >What problem are you trying to solve? Why do you think making the SMTP > >client wait a minute or two is a bad idea? > hmm iam not sure, but what is, if the connected mta thinks that the remote > has gone offline, closes the connection and sets the message deferred, and > retries later.. getting the same problem again.. > iam not if there exist's a such mta, but its possible that this will cause > problems like that If there's such an MTA, it's broken. RFC2821 states that the absolute minimum timeout the sending MTA can use while waiting for the response to the end of the DATA phase is 10 minutes: DATA Termination: 10 minutes. This is while awaiting the "250 OK" reply. When the receiver gets the final period terminating the message data, it typically performs processing to deliver the message to a user mailbox. A spurious timeout at this point would be very wasteful and would typically result in delivery of multiple copies of the message, since it has been successfully sent and the server has accepted responsibility for delivery. See section 6.1 for additional discussion. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: qmail-queue-patch and qmail-scanner
At 12:27 07.07.2001 -0600, you wrote: >Andreas Grip <[EMAIL PROTECTED]> wrote: > > > So I'm thinking about to create another queue that the mail can be > placed in > > first so qmail can tell the sender that it has ben received and then start > > to scan and filtering the mail in that queue before it deliver it to the > > original queue. > > >What problem are you trying to solve? Why do you think making the SMTP client >wait a minute or two is a bad idea? hmm iam not sure, but what is, if the connected mta thinks that the remote has gone offline, closes the connection and sets the message deferred, and retries later.. getting the same problem again.. iam not if there exist's a such mta, but its possible that this will cause problems like that -- Lukas "Maverick" Beeler / Telematiker Project: D.R.E.A.M / every.de - Your Community Web: http://www.projectdream.org Mail: [EMAIL PROTECTED]
Re: qmail-queue-patch and qmail-scanner
Andreas Grip <[EMAIL PROTECTED]> wrote: > > I'm using the qmail-queue-patch together with the qmail-scanner and I'm also > thinking about to put some spamfilters before or after the antivirus > scanning. [...] > Is it ok to let the sending smtp server to wait so long time before > [qmail-scanner] has processed the mail? For me it sounds like a bad idea to > let them wait. No, a few minutes wait is perfectly fine. > So I'm thinking about to create another queue that the mail can be placed in > first so qmail can tell the sender that it has ben received and then start > to scan and filtering the mail in that queue before it deliver it to the > original queue. I don't think this is a great idea; it means you have to accept every message, then scan them, then generate late bounces, instead of rejecting them during the initial SMTP conversation. What problem are you trying to solve? Why do you think making the SMTP client wait a minute or two is a bad idea? Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
qmail-queue-patch and qmail-scanner
Hi I'm using the qmail-queue-patch together with the qmail-scanner and I'm also thinking about to put some spamfilters before or after the antivirus scanning. Then qmail receives a mail through smtp it wait with the response to the sender that the mail was completly delivered until it has scanned the mail for virus. If the attachments are big it can take a long time before it release the connection. And if I add some filters that examine the mail for unwanted words etc it will take much more time. Is it ok to let the sending smtp server to wait so long time before it has processed the mail? For me it sounds like a bad idea to let them wait. So I'm thinking about to create another queue that the mail can be placed in first so qmail can tell the sender that it has ben received and then start to scan and filtering the mail in that queue before it deliver it to the original queue. Someone who have any thoughts about a qmail setup like this? Is it a good idea to queue the message twice or to let the sending server wait? Andreas
Re: qmail-scanner
On Wed, Jul 04, 2001 at 02:38:18PM +0800, Brett Leeder wrote: > I, as postmaster, get a LOT of these bounces and because of the > formatting characters in the subject line etc (this is my assumption > anyway), my mail client (Netscape), falls in a heap and is unable to > process the received mail, leaving a mess on the server and in my local > folders. I am having a lot of customers suffering from the same issue. Well this is either a Netscape bug OR a IMAP/POP bug (I assume that's how Netscape gets the mail). You know the drill. Are you running the most up-to-date versions of your IMAP/POP server - does it really just affect Netscape (i.e. does M$ Outlook work?), etc. If it is a Netscape/POP/IMAP bug - with the latest release - please report it - they can't be expected to fix problems they don't know about. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
qmail-scanner
Reworded re-post after off-list discussions. I guess this is really a netscape issue rather than qmail, but related to the qmail server at least. I'm running qmail-scanner and get into problem areas when the scanner detects a virus in a message and sends the bounce message to the originator and to postmaster. The bounce message has a copy of the original headers etc, which it obviously must have to be informative. Some virii, grab a random piece of another email message and use it as subject and body filler to pad out the message before attaching the virus executable to the message. I have noticed that quite often these random grabs of another message have formatting characters (^M, \223, \233 etc) embedded in them. I, as postmaster, get a LOT of these bounces and because of the formatting characters in the subject line etc (this is my assumption anyway), my mail client (Netscape), falls in a heap and is unable to process the received mail, leaving a mess on the server and in my local folders. I am having a lot of customers suffering from the same issue. Would it be appropriate to modify qmail-scanner to detect formatting in the subject line and if present try to remove it, or discard the subject line all together? Has anyone else encountered this issue? Brett
Re: qmail-inject and Qmail-scanner on local message
Unfortunately no, as you can see from the header both our servers scanned
your last message, only locally messages from (IMP 2.2.4 and Pine) don't get
scanned, unless they touch a SMTP connection. It does appear I am on an old
version though, maybe that is the problem.
Sorry for replying straight to you and not the list.
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 29436 invoked by uid 94); 12 Jun 2001 20:39:14 -
Received: from [EMAIL PROTECTED] by ella with qmail-scanner-0.95 (uvscan:
v4.0.50/v4099. . Clean. Processed in 0.487353 secs); 12 Jun 2001
20:39:14 -
Received: from hades.trimble.co.nz (203.167.239.194)
by ella.mills.edu with DES-CBC3-SHA encrypted SMTP; 12 Jun 2001
20:39:13 -
Received: (qmail 16518 invoked from network); 13 Jun 2001 08:38:58 +1200
Received: from unknown (HELO thoth.trimble.co.nz) (155.63.248.21)
by hades.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 13 Jun 2001
08:38:58 +1200
Received: (qmail 5344 invoked by uid 403); 13 Jun 2001 08:38:57 +1200
Received: from [EMAIL PROTECTED] by thoth.trimble.co.nz with
qmail-scanner-0.97 (iscan: v3.1/v5.110-0214/899/34815. sweep: 2.3/3.45. .
Clean. Processed in 1.177193 secs); 12 Jun 2001 20:38:57 -
Received: from crom.trimble.co.nz (155.63.248.24)
by thoth.trimble.co.nz with SMTP; 13 Jun 2001 08:38:56 +1200
Received: (qmail 4176 invoked by uid 500); 13 Jun 2001 08:38:59 +1200
- Original Message -
From: "Jason Haar" <[EMAIL PROTECTED]>
To: "John McCoy" <[EMAIL PROTECTED]>
Sent: Tuesday, June 12, 2001 1:38 PM
Subject: Re: qmail-inject and Qmail-scanner on local message
> On Tue, Jun 12, 2001 at 10:49:46AM -0700, John McCoy wrote:
> > Truss shows that QMAILQUEUE is set when qmail-queue is called.
> >
> > 27424: execve("bin/qmail-queue", 0x0002B2E8, 0xFFBEFB48) argc = 1
> > 27424: *** SUID: ruid/euid/suid = 0 / 94 / 94 ***
> > 27424: envp: DISPLAY=ella:11.0 EDITOR=/bin/pico HOME=/acct/J/jmccoy
> > 27424:HOSTNAME=ella HOSTTYPE=sparc LOGNAME=jmccoy
> > 27424:MACHTYPE=sparc-sun-solaris2.7 MAIL=/acct/J/jmccoy/INBOX
>
> Well that would mean you don't have qmail patched correctly?
>
> Here is the list of Qmail binaries on my system that have QMAILQUEUE
access:
>
> /var/qmail/bin/condredirect
> /var/qmail/bin/forward
> /var/qmail/bin/qmail-inject
> /var/qmail/bin/qmail-qmqpd
> /var/qmail/bin/qmail-qmtpd
> /var/qmail/bin/qmail-smtpd
> /var/qmail/bin/qreceipt
>
>
> Here's the script I run that told me this:
>
> for i in /var/qmail/bin/*; do DD=strings $i 2>/dev/null|grep QMAILQUEUE;
if [ "$DD" != "" ]; then echo $i; fi; done
>
> --
> Cheers
>
> Jason Haar
>
> Unix/Special Projects, Trimble NZ
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
>
Re: qmail-inject and Qmail-scanner on local message
On Mon, Jun 11, 2001 at 11:24:49AM -0700, John McCoy, Jr. wrote: > Our web mail (IMP 2.2.4) program injects all mail using qmail-inject, when > the email is totally local (i.e. never travels through SMTP) it is never > scanned. I've tried adding the QMAILQUEUE variable into Apache to try to > trigger the scan but I think it is to far down the loop. Any one have any > ideas on this, I am using the qmailqueue.patch maybe if I replaced > qmail-queue instead? Well replacing qmail-queue with Q-S would certainly fix that particular problem, but it does sound like it's just an environment variable issue. What does IMP call? As far as I remember - it calls /usr/sbin/sendmail. That is a link to the Qmail version I assume? Try calling it from a shell with QMAILQUEUE set accordingly - does Q-S get invoked? If not, strace/truss it as root and see what happens... -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
RE: qmail-inject and Qmail-scanner on local message
I can see it set in phpinfo() output, but do not know if this is a good test for that. Thanks. -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Monday, June 11, 2001 12:18 PM To: qmail@list. cr. yp. to Subject: Re: qmail-inject and Qmail-scanner on local message John McCoy, Jr. <[EMAIL PROTECTED]> wrote: > Our web mail (IMP 2.2.4) program injects all mail using qmail-inject, when > the email is totally local (i.e. never travels through SMTP) it is never > scanned. I've tried adding the QMAILQUEUE variable into Apache to try to > trigger the scan but I think it is to far down the loop. No -- qmail-inject calls qmail-queue and therefore should be affected by Bruce's QMAILQUEUE patch. Are you sure your web mail program isn't running qmail-inject in a scrubbed environment? Or that Apache isn't doing that? Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: qmail-inject and Qmail-scanner on local message
John McCoy, Jr. <[EMAIL PROTECTED]> wrote: > Our web mail (IMP 2.2.4) program injects all mail using qmail-inject, when > the email is totally local (i.e. never travels through SMTP) it is never > scanned. I've tried adding the QMAILQUEUE variable into Apache to try to > trigger the scan but I think it is to far down the loop. No -- qmail-inject calls qmail-queue and therefore should be affected by Bruce's QMAILQUEUE patch. Are you sure your web mail program isn't running qmail-inject in a scrubbed environment? Or that Apache isn't doing that? Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
qmail-inject and Qmail-scanner on local message
Our web mail (IMP 2.2.4) program injects all mail using qmail-inject, when the email is totally local (i.e. never travels through SMTP) it is never scanned. I've tried adding the QMAILQUEUE variable into Apache to try to trigger the scan but I think it is to far down the loop. Any one have any ideas on this, I am using the qmailqueue.patch maybe if I replaced qmail-queue instead? Thanks for anything. John McCoy, Jr Central Systems Administrator Mills College, Oakland, CA 510-430-3321 [EMAIL PROTECTED]
RE: Qmail Scanner
hi Jason, Have you tested qmail-scanner with the Command Antivirus Linux scanner? I am trying it out at the moment...any tips? Thanks, Ross
RE: Qmail Scanner
Hi Brett,
I suppose I can answer most of your questions...
The qmail-scanner tar file contains a few files with the prefix "sub-" these
contain stuff you needI used the one "sub-iscan.pl" for the Trend micro
scanner, but you have to choose the one that suits you and your AV scanner.
Apend this code to the end of your "qmail-scanner-queue.pl" file.
I made a few changes to this codeI added the following lines:
$ENV{'SAV_IDE'} = '';
delete $ENV{'SAV_IDE'} if ($ENV{'SAV_IDE'} eq "");
and I also edited the following line:
$DD=`$iscan_binary -za -a -u -nl $iscan_verbose $scandir/$file_id
$extra_file 2>&1`;
I have listed the fill addition at the end of this email [1].
Then in the "qmail-scanner-queue.pl" file edit some of the variablessuch
as the path to the scanner [2] and also the scanner array variable[3].
Then run the "tail -f qmail-queue.log" command and debug till your heart is
broken!
As a newby I was very happy with the results!
Ross
[1]
**START**
sub iscan_scanner {
local($start_iscan_time)=[gettimeofday];
&debug("iscanner: starting scan of directory \"$scandir/$file_id\"...");
$ENV{'SAV_IDE'} = '';
delete $ENV{'SAV_IDE'} if ($ENV{'SAV_IDE'} eq "");
local($iscan_verbose)="-v" if ($DEBUG);
&debug("run $iscan_binary /etc/iscan/vscan -za -a -u $iscan_verbose
$scandir/$file_id $extra_file 2>&1");
$DD=`$iscan_binary -za -a -u -nl $iscan_verbose $scandir/$file_id
$extra_file 2>&1`;
$iscan_status=($? >> 8);
&debug("--output of iscan was:\n$DD--");
if ( $DD =~ /\*\*\*\s+Found(.*) in file/ ) {
$virus_description=$1;
&debug("There be a virus! ($virus_description)");
$virus_found++;
#$DD =~ s/\n//g;
$description .= "\n---iscan results ---\n$DD";
$section=$apptype=$save_filename=$filename="";
} elsif ( $iscan_status > 0 ) {
#This implies a corrupt set of DAT files or resource problems...
&tempfail("corrupt scanner/resource problems - exit status
$iscan_status");
}
local($stop_iscan_time)=[gettimeofday];
$iscan_time = tv_interval ($start_iscan_time, $stop_iscan_time);
&debug("iscaner: finished scan of dir \"$scandir/$file_id\" in $iscan_time
secs");
}
******END**
[2]I added
$iscan_binary='/etc/iscan/vscan';
[3]I added
@scanner_array=("sweep_scanner", "iscan_scanner");)
-Original Message-
From: Brett Randall [mailto:[EMAIL PROTECTED]]
Sent: 20 March 2001 23:12
To: Jason Haar
Cc: 'Qmail Mailing List'
Subject: Re: Qmail Scanner
>>>>> "Jason" == Jason Haar <[EMAIL PROTECTED]> writes:
> You will need to reinstall Q-S. I specifically wrote Q-S so that it
> only contains code specific to your system. You have added another
> virus scanner, so you'll need to do another "./configure etc" to
> rebuild the app with support for Trend.
Hey Jason
We are looking at running a second virus scanner with our Q-S soon as
well. The only thing is that we have MAJORLY modified Q-S to work in
our environment (changed the messages that go out to people, depending
on the extensions of the files and who specifically is sending the
e-mail). We can't really just `reinstall' Q-S since it would require
hours of work to make it work again the way we want it to. Are you
able to quickly outline the variables and commands that change? I
guess I could read the configure script, but if you could tell us that
would be great! TIA
--
"I'm not dumb. I just have a command of throughly useless
information."
- Calvin, of Calvin and Hobbes
Re: Qmail Scanner
> "Jason" == Jason Haar <[EMAIL PROTECTED]> writes: > You will need to reinstall Q-S. I specifically wrote Q-S so that it > only contains code specific to your system. You have added another > virus scanner, so you'll need to do another "./configure etc" to > rebuild the app with support for Trend. Hey Jason We are looking at running a second virus scanner with our Q-S soon as well. The only thing is that we have MAJORLY modified Q-S to work in our environment (changed the messages that go out to people, depending on the extensions of the files and who specifically is sending the e-mail). We can't really just `reinstall' Q-S since it would require hours of work to make it work again the way we want it to. Are you able to quickly outline the variables and commands that change? I guess I could read the configure script, but if you could tell us that would be great! TIA -- "I'm not dumb. I just have a command of throughly useless information." - Calvin, of Calvin and Hobbes
Re: Qmail Scanner
On Tue, Mar 20, 2001 at 06:53:10PM -, Ross Cooney wrote: > Hi List! > > We have been using the qmail-scanner patch for a few weeks and we are very > happy with it. Great to hear :-) > > Currently our system only uses one AV scanner the sophos product, and I want > to use a second AV scanner in parrallel. The second scanner I want to use is > the Trend Micro scanner. You will need to reinstall Q-S. I specifically wrote Q-S so that it only contains code specific to your system. You have added another virus scanner, so you'll need to do another "./configure etc" to rebuild the app with support for Trend. Simply read the first few lines of your existing /var/qmail/bin/qmail-scanner-queue.pl. It contains the "./configure..." call you did to build it in the first place. Just run it again :-) -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
RE: Qmail Scanner
Ross,
I dont write in perl, but in PHP and others,
i believe you should be using...
@scanner_array=("sweep_scanner", "iscan_scanner");
Here's a link for a perl syntax tutorial.
http://www.comp.leeds.ac.uk/Perl/
And i find your answer here...
http://www.comp.leeds.ac.uk/Perl/arrays.html
Best Regards,
Ben Murphy,
Technical Director,
murphx Innovative Solutions
tel:+44 (0) 870 757 1650
fax:+44 (0) 870 757 1651
e-mail: [EMAIL PROTECTED]
This e-mail is confidential and may contain legally privileged information.
If you are not named above as an addressee it may be unlawful for you to
read,
copy, distribute, disclose or otherwise use the information contained within
this e-mail.
Any views or opinions presented are solely those of the author,
and may not represent those of murphx Innovative Solutions.
> -Original Message-
> From: Ross Cooney [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 20, 2001 6:53 PM
> To: 'Qmail Mailing List'
> Subject: Qmail Scanner
>
>
> Hi List!
>
> We have been using the qmail-scanner patch for a few weeks
> and we are very
> happy with it.
>
> Currently our system only uses one AV scanner the sophos
> product, and I want
> to use a second AV scanner in parrallel. The second scanner I
> want to use is
> the Trend Micro scanner.
>
> The "qmail-scanner-queue.pl" file has a the following line:
> @scanner_array=("sweep_scanner");
> This is where it calls another function which actually calls
> the scanner.
>
>
> Does anybody know how to edit this so that two scanners are used?
>
> Is it:
> @scanner_array=("sweep_scanner & iscan_scanner");
>
> or
> @scanner_array=("sweep_scanner" & "iscan_scanner");
>
> Etc...
>
> I can get them to scan independently...but cant get them to
> scan together!
>
>
> Thanks,
>
> Ross Cooney
>
> __
> ___
> Technical Director
> Cyber Sentry Ltd, 101 Johnstown Road, Dun Laoghaire, Co
> Dublin, Ireland.
>
> Email:[EMAIL PROTECTED]
> Telephone:+ 353 1 2352546
> Fax: + 353 1 2847263
>
>
> This communication contains information which is confidential and
> may also be privileged. It is for the exclusive use of the
> intended recipient(s). If you are not the intended recipient(s),
> please note that any distribution, copying or use of this
> communication or the information in it is strictly prohibited.
> If you have received this communication in error, please notify
> the sender immediately and then destroy any copies of it.
> __
> ___
>
>
>
>
>
> **
> This email has been scanned by Pro-Web for all known Viruses
> For more information please visit our web site at www.pro-web.ie
> **
>
>
RE: Qmail Scanner
This still depends on how the @scanner_array is used to determine the
name of the scanner. If all it is looking for is a list of names of
scanners, then you are correct Charles. The single & is used as a
bitwise operator - probably not what Ross wants!
.mark
>--
>From: Charles Cazabon[SMTP:[EMAIL PROTECTED]]
>Sent: Tuesday, March 20, 2001 10:45 AM
>To:'Qmail Mailing List'
>Subject: Re: Qmail Scanner
>
>Ross Cooney <[EMAIL PROTECTED]> wrote:
>>
>> The "qmail-scanner-queue.pl" file has a the following line:
>> @scanner_array=("sweep_scanner");
>> This is where it calls another function which actually calls the scanner.
>>
>> Does anybody know how to edit this so that two scanners are used?
>>
>> Is it:
>> @scanner_array=("sweep_scanner & iscan_scanner");
>>
>> or
>> @scanner_array=("sweep_scanner" & "iscan_scanner");
>
>I'm not a Perl coder, but neither of those look right. I would guess it
>is something closer to:
>
>@scanner_array=("sweep_scanner", "iscan_scanner");
>
>Charles
>--
>---
>Charles Cazabon<[EMAIL PROTECTED]>
>GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
>Any opinions expressed are just that -- my opinions.
>---
>
>
>
Re: Qmail Scanner
Ross Cooney <[EMAIL PROTECTED]> wrote:
>
> The "qmail-scanner-queue.pl" file has a the following line:
> @scanner_array=("sweep_scanner");
> This is where it calls another function which actually calls the scanner.
>
> Does anybody know how to edit this so that two scanners are used?
>
> Is it:
> @scanner_array=("sweep_scanner & iscan_scanner");
>
> or
> @scanner_array=("sweep_scanner" & "iscan_scanner");
I'm not a Perl coder, but neither of those look right. I would guess it
is something closer to:
@scanner_array=("sweep_scanner", "iscan_scanner");
Charles
--
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---
Qmail Scanner
Hi List!
We have been using the qmail-scanner patch for a few weeks and we are very
happy with it.
Currently our system only uses one AV scanner the sophos product, and I want
to use a second AV scanner in parrallel. The second scanner I want to use is
the Trend Micro scanner.
The "qmail-scanner-queue.pl" file has a the following line:
@scanner_array=("sweep_scanner");
This is where it calls another function which actually calls the scanner.
Does anybody know how to edit this so that two scanners are used?
Is it:
@scanner_array=("sweep_scanner & iscan_scanner");
or
@scanner_array=("sweep_scanner" & "iscan_scanner");
Etc...
I can get them to scan independently...but cant get them to scan together!
Thanks,
Ross Cooney
_
Technical Director
Cyber Sentry Ltd, 101 Johnstown Road, Dun Laoghaire, Co Dublin, Ireland.
Email: [EMAIL PROTECTED]
Telephone: + 353 1 2352546
Fax:+ 353 1 2847263
This communication contains information which is confidential and
may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s),
please note that any distribution, copying or use of this
communication or the information in it is strictly prohibited.
If you have received this communication in error, please notify
the sender immediately and then destroy any copies of it.
_
**
This email has been scanned by Pro-Web for all known Viruses
For more information please visit our web site at www.pro-web.ie
**
1) qmail-scanner -- 2) QSBMF format messages
hi ! 2 in 1 :) 1) qmail-scanner about Qmail virus protection. Are you using the qmail-scanner tool ? :) witch antivirus works best with it ? i have about 6 msg/day local/remote traffic, will this patch affect on queue i/o performance ? 2) i want to translate to french the QSBMF error messages from mailer-daemon. do you know where those files are located ? or got to do it at compilation time ? thx a lot José.
Re: help in qmail-scanner
Hi, there is a list on qmail-scanner, see [EMAIL PROTECTED] BTW, see your quarantine-attachments.txt file to get instructions on attachment filtering and/or download latest virus definition files for your scanner. Csaba >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 2001.03.14, 5:50:21, KIM <[EMAIL PROTECTED]> wrote regarding help in qmail-scanner: > hello, > i set up the qmail-scanner and it works. but my problem is when i test it > and tried to send a mail with an attach virus like the snow white nad the > seven dwarf(joke.exe) it still accept it. i used kasperskys AVPLinux Scanner. > thanks in advance!
help in qmail-scanner
hello, i set up the qmail-scanner and it works. but my problem is when i test it and tried to send a mail with an attach virus like the snow white nad the seven dwarf(joke.exe) it still accept it. i used kasperskys AVPLinux Scanner. thanks in advance!
qmail-scanner handoff to qmail-queue not going well
One of my users has observed that mail addressed to him late at night seems to frequently get delayed. for very long periods of time. He sent me headers which look like this: Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 19114 invoked from network); 9 Mar 2001 11:20:54 - Received: from hydepark-jump.vircio.com (qmailr@[10.1.1.1]) (envelope-sender <[EMAIL PROTECTED]>) by hackberry.vircio.com (qmail-ldap-1.03) with SMTP for <[EMAIL PROTECTED]>; 9 Mar 2001 11:20:54 - Received: (qmail 32510 invoked by uid 84); 9 Mar 2001 02:59:42 - Received: from [EMAIL PROTECTED] by hydepark-jump.vircio.com with qmail-scanner-0.90 (uvscan: v4.0.50/v4115. . Clean. Processed in 0.328525 secs); 08/03/2001 20:59:42 Received: from mailgate.1starnet.com (HELO mail.1starnet.com) ([207.243.104.248]) (envelope-sender <[EMAIL PROTECTED]>)by cust-46-98.customer.jump.net (qmail-ldap-1.03) with SMTPfor <[EMAIL PROTECTED]>; 9 Mar 2001 02:59:41 - Received: from sweep2 [207.243.105.243] by mail.1starnet.com (SMTPD32-6.05) id A71C11570140; Thu, 08 Mar 2001 20:59:40 -0600 Received: (from default [12.41.197.55]) by sweep2 (NAVIEG 2.1 bld 63) with SMTP id M2001030820593623359for <[EMAIL PROTECTED]>; Thu, 08 Mar 2001 20:59:37 -0600 From: "Joan Heuston" <[EMAIL PROTECTED]> To: "David" <[EMAIL PROTECTED]> Subject: Trip Date: Thu, 8 Mar 2001 21:08:39 -0600 Message-ID: <01c0a846$3d8e7fe0$37c5290c@default> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0004_01C0A813.F2F40FE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 X-UID: 14 I ran them through a slightly modified version of the mailroute.pl script to see this: Thu Mar 8 2001 20:59:37 (from default [12.41.197.55]) by sweep2 (NAVIEG 2.1 bld 63) with SMTP id M2001030820593623359 for <[EMAIL PROTECTED]> 20:59:40 from sweep2 [207.243.105.243] by mail.1starnet.com (SMTPD32-6.05) id A71C11570140 20:59:41 from mailgate.1starnet.com (HELO mail.1starnet.com) ([207.243.104.248]) (envelope-sender <[EMAIL PROTECTED]>) by cust-46-98.customer.jump.net (qmail-ldap-1.03) with SMTP for <[EMAIL PROTECTED]> 20:59:42 from [EMAIL PROTECTED] by hydepark-jump.vircio.com with qmail-scanner-0.90 (uvscan: v4.0.50/v4115. . Clean. Processed in 0.328525 secs) 20:59:42 (qmail 32510 invoked by uid 84) Fri 9 05:20:54 from hydepark-jump.vircio.com (qmailr@[10.1.1.1]) (envelope-sender <[EMAIL PROTECTED]>) by hackberry.vircio.com (qmail-ldap-1.03) with SMTP for <[EMAIL PROTECTED]> 05:20:54 (qmail 19114 invoked from network) 2001-03-09 05:18:35.339952500 HydePark-Jump.virCIO.Com: new msg 50506 2001-03-09 05:18:35.475620500 HydePark-Jump.virCIO.Com: info msg 50506: bytes 4620 from <[EMAIL PROTECTED]> qp 32510 uid 84 2001-03-09 05:18:54.574282500 HydePark-Jump.virCIO.Com: starting delivery 542: msg 50506 to local [EMAIL PROTECTED] 2001-03-09 05:18:54.685686500 HydePark-Jump.virCIO.Com: delivery 542: success: did_0+0+0/ 2001-03-09 05:20:53.589986500 HydePark-Jump.virCIO.Com: starting delivery 895: msg 50506 to remote [EMAIL PROTECTED] 2001-03-09 05:20:54.606229500 HydePark-Jump.virCIO.Com: delivery 895: success: 10.1.1.5_accepted_message./Remote_host_said:_250_ok_984136854_qp_19114/ 2001-03-09 05:20:54.608846500 HydePark-Jump.virCIO.Com: end msg 50506 2001-03-09 05:20:59.447298500 Hackberry.virCIO.Com: new msg 22132 2001-03-09 05:20:59.447644500 Hackberry.virCIO.Com: info msg 22132: bytes 4911 from <[EMAIL PROTECTED]> qp 19114 uid 101 2001-03-09 05:21:02.173139500 Hackberry.virCIO.Com: starting delivery 644: msg 22132 to local [EMAIL PROTECTED] 2001-03-09 05:21:02.210565500 Hackberry.virCIO.Com: starting delivery 645: msg 22132 to local [EMAIL PROTECTED] 2001-03-09 05:21:03.041980500 Hackberry.virCIO.Com: delivery 644: success: did_0+0+0/ 2001-03-09 05:21:03.098023500 Hackberry.virCIO.Com: delivery 645: success: did_1+0+0/ 2001-03-09 05:21:03.437875500 Hackberry.virCIO.Com: end msg 22132 This afternoon's hackery was to extract my hostname from the headers and grovel through the logs to find the info you see at the bottom. Anyway, as you can see, qmail-scanner appears to have handed the message off to qmail-queue at Thu Mar 8 2001 20:59:42 according to the headers, but it doesn't show up in the logs until 2001-03-09 05:18:35.339952500. I'm very confused here. It is true that qmail-queu
Re: amavis or qmail-scanner ?
Jérémy Cluzel wrote: > 1) as virus-scanner ? amavis or qmail-scanner ? both seem to work > fine... I've replied to you directly and added Jason Haar into CC, so he can correct me if I made a wrong assumption. :-) Hopefully I do not need a dozen of bodyguards ;-))) > 2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee > ViruScan ? I used avp for a while (and I find it very efficient), but > doesn't know the other ones... Well, Kaspersky Labs ships Kaspersky AntiVirus (AVP) for qmail. For a product comparison please visit www.av-test.org - they do comparisons of Linux products, too. HTH best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | OpenAntiVirus Project (www.openantivirus.org)
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
I have a lot of trigger-happy users who seem to enjoy double clicking attachments. Most of the time, a few hours after a major virus is discovered, we have an update made, but in the meanwhile we could have had hundreds of e-mails come in with the virus. Our environment runs Windows, and we find that by stripping any attachments that could be double-clicked on and contain a virus (ie vbs, scr, exe soon when I can convince management). I use qmail-scanner for this. It also helps us to monitor e-mail usage and see who are the people wasting all our bandwidth sending MPGs, AVIs, MP3s, etc, and take the necessary disciplinary action. Since neither amavis nor qmail-scanner are REALLY virii scanners (they just spawn scanners), I prefer qmail-scanner since it offers the ability to block attachment types as well. Of course, we also run Norton Antivirus across all our desktops. With the corporate edition, its really easy to install. Open up your MMC, go Tools...Client Install, select the 100 workstations in the building, hit Go, and it installs the virii scanning software across all of our workstations, and they all pull the latest updates off our central NAV server whenever new ones arrive. Of course I've moved OT now... Brett. -- "I'm not dumb. I just have a command of throughly useless information." - Calvin, of Calvin and Hobbes
Re: Time::HiRes for Qmail-Scanner on RH7 ?
On Tue, Feb 27, 2001 at 02:04:18PM +1100, [EMAIL PROTECTED] wrote: > Hi all... > > Has anyone installed "Time::HiRes" for Qmail-Scanner yes. install the cpan module, and then run cpan, and type "install Time::HiRes". Other questions ? :) Regards, Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
Re: amavis or qmail-scanner ?
On Wed, Feb 28, 2001 at 09:34:57AM -0800, [EMAIL PROTECTED] wrote: > Jeremy, > > I tried installing qmai-scanner and had some difficulty with the setuid > root issues. qmail-scanner was wanting a new kernel built, which I can't Err - I can emphatically state that neither Qmail-Scanner or AmaVis require "new kernels" to work. Your problem was with perl - not with the OS > way is one is better. Also, keep in mind that amavis/qmail-scanner are > NOT virus scanners, but are essentially 'wrappers' to run a regular > virus scanner like NAI, Sophos, etc. Absolutely correct :-) -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
RE: amavis or qmail-scanner ?
Jeremy, I tried installing qmai-scanner and had some difficulty with the setuid root issues. qmail-scanner was wanting a new kernel built, which I can't easily do as it's a remote server. I switched to amavis and think that's a better solution. It's easy to install and essentially works by 'slipping' into the process of qmail operation. Plus, you don't need to patch qmail for the queue as well. I don't understand all the internals of qmail, I've been using it for about a month so I can't arque which way is one is better. Also, keep in mind that amavis/qmail-scanner are NOT virus scanners, but are essentially 'wrappers' to run a regular virus scanner like NAI, Sophos, etc. I use AMaVis with Sophos and have been happy with the performance. HTH .mark >-- >From: Jérémy Cluzel[SMTP:[EMAIL PROTECTED]] >Sent: Wednesday, February 28, 2001 7:58 AM >To:qmail >Subject: amavis or qmail-scanner ? > >Hi, > >I was using Red Hat 6.2, and qmail as Mta. >My goal is to take virus aware from my mail server, so, what's the >best choice ? > >1) as virus-scanner ? amavis or qmail-scanner ? both seem to work >fine... > >2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee >ViruScan ? I used avp for a while (and I find it very efficient), but >doesn't know the other ones... > >thanks in advance... > >Regards > >Jeremy Cluzel > >-- >Votre email partout et gratuit ! http://www.alinto.com >
Re: amavis or qmail-scanner ?
On Wed, Feb 28, 2001 at 03:58:51PM -, Jérémy Cluzel wrote: > My goal is to take virus aware from my mail server, so, what's the > best choice ? there are no "best choice" : there are just different solutions :) All that I can tell you is that qmail-scanner + f-sav is a very good working solution. But I never tried anything elso, so YMMV :) Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
amavis or qmail-scanner ?
Hi, I was using Red Hat 6.2, and qmail as Mta. My goal is to take virus aware from my mail server, so, what's the best choice ? 1) as virus-scanner ? amavis or qmail-scanner ? both seem to work fine... 2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp for a while (and I find it very efficient), but doesn't know the other ones... thanks in advance... Regards Jeremy Cluzel -- Votre email partout et gratuit ! http://www.alinto.com
RE: [Qmail-scanner-general]amavis or qmail-scanner ?
Well, I agree wholeheartedly, it's a must to have the desktop covered, but if you don't try to catch the virii coming in, you'll never have any idea about what comes in by mail, as most users will soon not tell you about it anymore. I use amavis on the internet connected systems, and inflex on the inside where I still run sendmail due to the way we distribute the mail to different servers. Both use mcafee, and I get a warning the moment something suspicious is sent by email. If there's a wave of virii coming in, which has happened, I know what's going on, I can block that site even, if I want to. On the other hand, if something happens on a machine that isn't protected, and something bad gets sent, it'll quite likely get caught before it goes out onto the 'net. Currently there is no liability on that, but what if there is ? A mailicious user is all it takes. How many companies will be happy about being the source of a new virus ? It doesn't cost me anything extra, we're not that large, it's all automated and well within the machines' capabilities. If you can do it, it'll save you lots of worries and work. especially if your users barely know how to work their machines, let alone handle a virus warning message :-) I get at least 2 or more warnings a day on stuff that gets caught, I think that's been worth the trouble of setting things up. Marc
RE: [Qmail-scanner-general]amavis or qmail-scanner ?
I absolutely disagree. You guys remember those Outlook bugs a few months ago? We didn't have one get in here, although I was returning dozens of rejected mails to other companies that got hit. Given how hard it is to arrange timely upgrading of desktop antivirus software over an enterprise on every computer, I'm not terribly surprised that the other companies got hit. I am not saying that desktop virus detectors are not important, they are very important *too. The operative word is too. Use both, but check the statistics on how many viruses are getting sent by email first - just to check my reasoning out. A good mail checker that gets updated multi-daily will keep bugs out extremely effectively. With windoze you take your chances with viruses, if you just use a desktop scanner - face it the operating system is riddled with holes that have to be filled almost hourly :) (My favorite is Sophos with-in qmail, I LIKE IT, but this letter isn't meant to be a plug.) Cheers -Mike -Original Message- From: Bruno Wolff III [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 8:59 AM To: Jérémy Cluzel Cc: Qmail cr.yp.to Subject: Re: [Qmail-scanner-general]amavis or qmail-scanner ? On Wed, Feb 28, 2001 at 11:23:20AM +0100, Jérémy Cluzel <[EMAIL PROTECTED]> wrote: > and wath about scanners ? which is the best one ? and why ? > are they really needed for such antivirus ? > I've heard that some AV (live avp) have their own scanner (which tends to > replace amavis or qmail scanner). I my opinion, doing the virus scanning on the mail server is a waste of resources. It doesn't fully protect the people/systems that need protection and it wastes resources protecting people/systems that don't need protection. For people/systems that need antivirus protection, get something on their desktop that can guard (as well as antvivirus stuff can) against files entering the system by email, web downloads, portable media and file sharing. Have something in place to automatically do updates (availability of updates should be checked daily) from a local mirror. (You don't want to get stuff directly from the antivirus people as they screw up once in a while and the updates should be tested for your environment before being used.)
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
On Wed, Feb 28, 2001 at 11:23:20AM +0100, Jérémy Cluzel <[EMAIL PROTECTED]> wrote: > and wath about scanners ? which is the best one ? and why ? > are they really needed for such antivirus ? > I've heard that some AV (live avp) have their own scanner (which tends to > replace amavis or qmail scanner). I my opinion, doing the virus scanning on the mail server is a waste of resources. It doesn't fully protect the people/systems that need protection and it wastes resources protecting people/systems that don't need protection. For people/systems that need antivirus protection, get something on their desktop that can guard (as well as antvivirus stuff can) against files entering the system by email, web downloads, portable media and file sharing. Have something in place to automatically do updates (availability of updates should be checked daily) from a local mirror. (You don't want to get stuff directly from the antivirus people as they screw up once in a while and the updates should be tested for your environment before being used.)
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
and wath about scanners ? which is the best one ? and why ? are they really needed for such antivirus ? I've heard that some AV (live avp) have their own scanner (which tends to replace amavis or qmail scanner). - Original Message - From: "Alex at messagelabs" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 28, 2001 11:08 AM Subject: Re: [Qmail-scanner-general]amavis or qmail-scanner ? > >2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp for a while > >(and I find it very efficient), but doesn't know the other ones... > > Don't know about H+BEDV AntiVir > > McAfee is currently best for detecting new viruses, and has been for a while > AVP is also good at this > > McAfee, AVP and Sweep are all good at detecting known viruses > McAfee, AVP and Sweep all have few false positives > > Consider issues also like support and ability to update easily, which I can't > help you with. > > Alex > ~ > Alex Shipp > Imagineer > E: [EMAIL PROTECTED] > T: +44 1285 884496 > M: 07899 937132 > T: 01285 884496 > > > ___ > This message has been checked for all known viruses by the > MessageLabs Virus Control Centre. For further information visit > http://www.messagelabs.com/stats.asp
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
>2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp >for a while >(and I find it very efficient), but doesn't know the other ones... Don't know about H+BEDV AntiVir McAfee is currently best for detecting new viruses, and has been for a while AVP is also good at this McAfee, AVP and Sweep are all good at detecting known viruses McAfee, AVP and Sweep all have few false positives Consider issues also like support and ability to update easily, which I can't help you with. Alex ~ Alex Shipp Imagineer E: [EMAIL PROTECTED] T: +44 1285 884496 M: 07899 937132 T: 01285 884496 ___ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp
amavis or qmail-scanner ?
Hi,I was using Red Hat 6.2, and qmail as Mta.My goal is to take virus aware from my mail server, so, what's the best choice ? 1) as virus-scanner ? amavis or qmail-scanner ? both seem to work fine...2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp for a while (and I find it very efficient), but doesn't know the other ones...thanks in advance... RegardsJeremy Cluzel
Re: Time::HiRes for Qmail-Scanner on RH7 ?
On Mon, 26 Feb 2001, dennis wrote: >Hi all... > >Has anyone installed "Time::HiRes" for Qmail-Scanner >(http://qmail-scanner.sourceforge.net/) on Redhat7.0 ? I'm finding that if I >try and install the modual as an rpm it wants an older version of perl. If >manually install "Time::HiRes" the ./configure can't find the modual > >Any suggestions ? > >Regards >Dennis `perl -MCPAN -e "install Time::HiRes"` -- *** Matthew H Patterson Unix Systems Administrator National Support Center, LLC Naperville, Illinois, USA ***
Re: Starting qmail-scanner and "Life with qmail"
On Tue, 27 Feb 2001, [EMAIL PROTECTED] wrote: > Hi all... > > I've worked out all the little problems I was having with > qmail-scanner, thanks to who helped. I have one last question... > I'd like to start qmail-scanner safely as per "life with qmail" > "Life with qmail" starts qmail with > /var/qmail/supervise/qmail-smtp/run If you have installed the QMAILQUEUE patch that qmail-scanner requires, and followed all its installation instructions, then just add the line to the following file before tcpserver is called: QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE Brett. -- "Windows 95 /n./ 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition."
Starting qmail-scanner and "Life with qmail"
Hi all... I've worked out all the little problems I was having with qmail-scanner, thanks to who helped. I have one last question... I'd like to start qmail-scanner safely as per "life with qmail" "Life with qmail" starts qmail with /var/qmail/supervise/qmail-smtp/run --- #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 ---- Anyone have any suggestions on where/how I can start qmail-scanner with the above script ? Regards Dennis
Time::HiRes for Qmail-Scanner on RH7 ?
Hi all... Has anyone installed "Time::HiRes" for Qmail-Scanner (http://qmail-scanner.sourceforge.net/) on Redhat7.0 ? I'm finding that if I try and install the modual as an rpm it wants an older version of perl. If manually install "Time::HiRes" the ./configure can't find the modual Any suggestions ? Regards Dennis
amavis or qmail-scanner ?
Hi, I was using Red Hat 6.2, and qmail as Mta. My goal is to take virus aware from my mail server, so, what's the best choice ? 1) as virus-scanner ? amavis or qmail-scanner ? both seem to work fine... 2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp for a while (and I find it very efficient), but doesn't know the other ones... thanks in advance... Regards Jeremy Cluzel -- Votre email partout et gratuit ! http://www.alinto.com
Re: qmail-scanner wrapper
On Thursday 22 February 2001 11:20, Brett Randall wrote: > On Thu, 22 Feb 2001, [EMAIL PROTECTED] wrote: > > ns1:/usr/src/qmail-scanner-0.95# ./qmail-scanner-queue.pl -g > > Script is not setuid/setgid in suidperl > > ns1:/usr/src/qmail-scanner-0.95# > > > > Trying the test script gives: > > > > ns1:/usr/src/qmail-scanner-0.95/contrib# ./test_installation.sh -doit > > setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this > > test... > > > > Sending eicar test virus - should be caught by perlscanner module... > > Script is not setuid/setgid in suidperl > > qmail-inject: fatal: qq temporary problem (#4.3.0) > > done! > > What is this qq error? I can't use qmail-scanner and I REALLY need > to, but every message that I receive gets lost to this error. Any > body know why/how to fix? It might be that suidperl and qmail-scanner...pl are not suid (4755) or that you're not giving enough memory so qmail can start perl. Take a look at your softlimit. It must be about 4 times the value specified in LWQ []s Davi
Qmail-Scanner for each user
Hi, people... Someone knows if there is a way to enable qmail-scanner to act for just some users ? I use .qmail file for redirection and i want that qmail-scanner takes out all attachment of some users... Thanks, Alan R.
Re: qmail-scanner wrapper
On Thu, Feb 22, 2001 at 02:16:50PM -, John P wrote: > I'm hopeful I did the right thing, but I chmod'ed both /usr/bin/suidperl and > qmail-scanner-queue.pl to 4755, and made them both owned by root. That fixed > the problem. Agh! Absolutely not!!! Do NOT run qmail-scanner-queue.pl as setuid root!! BAD BAD BAD No known security holes that I know of - but there is ABSOLUTELY NOT REASON to run is setuid root. It's supposed to be setuid qmailq - make it so and I'll sleep better at night ;-) Also, this is all off-topic. You should all be subscribed to the Qmail-Scanner mailing-list and be having this discussion there :-) http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: qmail-scanner wrapper
- Original Message - From: Brett Randall <[EMAIL PROTECTED]> To: Chris Hellberg <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 22, 2001 1:20 PM Subject: Re: qmail-scanner wrapper > > Sending eicar test virus - should be caught by perlscanner module... > > Script is not setuid/setgid in suidperl > > qmail-inject: fatal: qq temporary problem (#4.3.0) > > done! > > What is this qq error? I can't use qmail-scanner and I REALLY need > to, but every message that I receive gets lost to this error. Any > body know why/how to fix? I'm hopeful I did the right thing, but I chmod'ed both /usr/bin/suidperl and qmail-scanner-queue.pl to 4755, and made them both owned by root. That fixed the problem. Cheers John
Re: qmail-scanner wrapper
On Thu, 22 Feb 2001, [EMAIL PROTECTED] wrote: > ns1:/usr/src/qmail-scanner-0.95# ./qmail-scanner-queue.pl -g > Script is not setuid/setgid in suidperl > ns1:/usr/src/qmail-scanner-0.95# > > Trying the test script gives: > > ns1:/usr/src/qmail-scanner-0.95/contrib# ./test_installation.sh -doit > setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this > test... > > Sending eicar test virus - should be caught by perlscanner module... > Script is not setuid/setgid in suidperl > qmail-inject: fatal: qq temporary problem (#4.3.0) > done! What is this qq error? I can't use qmail-scanner and I REALLY need to, but every message that I receive gets lost to this error. Any body know why/how to fix? -- "Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now ? [OK]"
Re: qmail-scanner wrapper
>>> "Davi" <[EMAIL PROTECTED]> 02/22/01 12:02p.m. >>> On Wednesday 21 February 2001 19:19, you wrote: > I've tried getting qmail-scanner to work and don't seem to have much > luck as the suidperl binary won't allow the perl qmail scanner script to > run under suid root. Anyone written a suitable wrapper that the > qmail-scanner docos describe that I could pilfer? > > Cheers > > Chris You must chmod 4755 both /usr/bin/suidperl and qmail-scanner-queue.pl Some distros, as SuSE, automatically (well, almost) chmod 755 /usr/bin/suidperl back. Take a look at it. Also take a look at the last suidperl exploit at bugtraq. []s Davi Good stuff. Cheers Davi, seems to have worked. Although now I've discovered that I've got my Time::HiRes module all bad so I spose I'm making progress though. Chris
Re: qmail-scanner wrapper
When running the qmail script with the test flag: ns1:/usr/src/qmail-scanner-0.95# ./qmail-scanner-queue.pl -g Script is not setuid/setgid in suidperl ns1:/usr/src/qmail-scanner-0.95# Cool, I've seen a solution for this in the FAQ: Can't do suid some perl distributions have decided that as running suid perl scripts is a rare event, they won't enable it by default. On these systems this package won't work. Typically the fix is: chown root /usr/bin/suidperl chmod 4711 /usr/bin/suidperl But the permissions look correct: chown root /usr/bin/suidperl-5.004 chmod 4711 /usr/bin/suidperl-5.004 ls -l /usr/bin/suidperl-5.004 -rws--x--x2 root root 499916 Mar 8 2000 suidperl-5.004 Now retrying gives: ns1:/usr/src/qmail-scanner-0.95# ./qmail-scanner-queue.pl -g Script is not setuid/setgid in suidperl ns1:/usr/src/qmail-scanner-0.95# Trying the test script gives: ns1:/usr/src/qmail-scanner-0.95/contrib# ./test_installation.sh -doit setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test... Sending eicar test virus - should be caught by perlscanner module... Script is not setuid/setgid in suidperl qmail-inject: fatal: qq temporary problem (#4.3.0) done! Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... Script is not setuid/setgid in suidperl qmail-inject: fatal: qq temporary problem (#4.3.0) Done! I've also recompiled the latest stable perl 5.6.0 from source and it's got setuid support in it, but still same errors. Cheers Chris >>> "Olivier M." <[EMAIL PROTECTED]> 02/22/01 10:38a.m. >>> On Thu, Feb 22, 2001 at 10:19:28AM +1300, Chris Hellberg wrote: > I've tried getting qmail-scanner to work and don't seem to have much > luck as the suidperl binary won't allow the perl qmail scanner script to > run under suid root. Anyone written a suitable wrapper that the > qmail-scanner docos describe that I could pilfer? what exactely is the problem ? qmail-scanner is running here on different servers without any problem. Is suidperl a+rxs ? What is the error message ? Have you checked the faq? Good luck Olivier PS: there is also a qmail-scanner ML... -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
Re: qmail-scanner wrapper
On Thu, Feb 22, 2001 at 10:19:28AM +1300, Chris Hellberg wrote: > I've tried getting qmail-scanner to work and don't seem to have much > luck as the suidperl binary won't allow the perl qmail scanner script to > run under suid root. Anyone written a suitable wrapper that the > qmail-scanner docos describe that I could pilfer? what exactely is the problem ? qmail-scanner is running here on different servers without any problem. Is suidperl a+rxs ? What is the error message ? Have you checked the faq? Good luck Olivier PS: there is also a qmail-scanner ML... -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
qmail-scanner wrapper
I've tried getting qmail-scanner to work and don't seem to have much luck as the suidperl binary won't allow the perl qmail scanner script to run under suid root. Anyone written a suitable wrapper that the qmail-scanner docos describe that I could pilfer? Cheers Chris
Re: qmail-scanner question
I'm using AMaVis, which works as replacing the original qmail-local and qmail-remote. I think that you could try to put the scanner script in the delivery instruction of the domains you want scanned, instead of replacing qmail-remote and local Regards, Milen > Asked earlier here about virus scanning and qmail, regarding how to set it > up so that i can define in some way which of the domains that should be > scanned. People said that i could use the qmail-scanner (with some > modifications..). The problem is that im not really that good in perl so i > wont risk bringing down our mail system testing it. > > So i wonder, is there anyone out there who has made a system for selective > virus scanning with qmail? So you dont have to scan all of the mail going > trough.. only the domains you specify..? > > Regards > Tore > >
qmail-scanner question
Asked earlier here about virus scanning and qmail, regarding how to set it up so that i can define in some way which of the domains that should be scanned. People said that i could use the qmail-scanner (with some modifications..). The problem is that im not really that good in perl so i wont risk bringing down our mail system testing it. So i wonder, is there anyone out there who has made a system for selective virus scanning with qmail? So you dont have to scan all of the mail going trough.. only the domains you specify..? Regards Tore
Re: Qmail-Scanner
On Mon, Feb 12, 2001 at 09:44:13AM -0700, Dan Egli wrote: > Ok. 2 Questions. I've seen a lot of people mention Qmail-scanner, so > 1) What is Qmail-scanner? a great interface to use antiviruses with qmail. http://qmail-scanner.sourceforge.net > 2) How does one enable it (I'm assuming it's some kind of virus scan system) rtfm :) (it's very well explained). good luck, Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
Qmail-Scanner
Ok. 2 Questions. I've seen a lot of people mention Qmail-scanner, so 1) What is Qmail-scanner? 2) How does one enable it (I'm assuming it's some kind of virus scan system) Thanks! -- Dan
qmail-scanner + qmail-rewrite
Hi ! I've installed qmail-scanner, and I want it now to forward email to qmail-rewrite. How I've to set correctly QMAILQUEUE variable to do this. Thanks ... Cordialement, Michel Boucey Administrateur Système > Société Norm@net +33 2 31 27 13 45 <
i only want act like yahoo mail do?have there a safe method to solve this problem--qmail-scanner or qtools?
i think there is no necessary to go to a lawer! - Original Message - From: Uwe Ohse <[EMAIL PROTECTED]> To: dick <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 08, 2001 12:22 AM Subject: Re: thanks for you answer my question!but it is none used. > On Wed, Feb 07, 2001 at 10:51:48AM +0800, dick wrote: > > > i add these codes in the end of qmail-smtpd.c.but it won't work. > > can't you tell me how can i do it! > > (by the way, i don't know how to patch the qmail-queue.c or qmail-smtpd.c.only add >these code into blast?) > > Yes, at the end of the blast function. > Note: if you don't know how to do that then please look for an > experienced C programmer. You'll most possibly want to change the > text, and doing that correctly isn't a task for a C beginner. > > You'll want to add this to qmail-smtpd.c if you want to attach > a text to all messages coming in through SMTP. If you want to > do that to really all messages, even messages generated on your > system, then i'd change qmail-queue.c (somewhere in the middle > of the main function). In that case you'll possibly end up needing > some more changes to make sure that the text is added only once > (a single mail might pass through qmail-remote many times). > > In any case i think that you possibly should talk to a lawyer. You > should do that in case you corrupt some message i send to someone > on or behind your system, that someone tells me about it and i'm > in bad mood. > What do you want to achieve? > > Regards, Uwe >
Re: Problem with qmail-scanner
Hi, Thanks & sorry > malloc() failed; you're low on memory/swap. Kill some processes and try > It's not a qmail issue, > so it's not appropriate to continue the discussion here.
Re: Problem with qmail-scanner
Charles Cazabon <[EMAIL PROTECTED]> wrote: >Andres Rusconi <[EMAIL PROTECTED]> wrote: > >> suidperl: error while loading shared libraries: libc.so.6: failed to map >> segment from shared object: Cannot allocate memory >[...] >> Can somebody help with this ? > >malloc() failed; you're low on memory/swap. Or you've configured a memory limit on qmail-smtpd that's too low. E.g., if you installed using LWQ, you have something like: exec /usr/local/bin/softlimit -m 200 \ In /var/qmail/supervise/qmail-smtpd/run. Try making the 200 larger until the error goes away. You'll need to restart the qmail-smtpd supervise, too, if you're using it. Again, with LWQ this would be: svc -k /var/qmail/supervise/qmail-qmtpd -Dave
Re: Problem with qmail-scanner
Andres Rusconi <[EMAIL PROTECTED]> wrote: > suidperl: error while loading shared libraries: libc.so.6: failed to map > segment from shared object: Cannot allocate memory [...] > Can somebody help with this ? malloc() failed; you're low on memory/swap. Kill some processes and try again, or add memory or swapspace to your system. It's not a qmail issue, so it's not appropriate to continue the discussion here. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Problem with qmail-scanner
Hi, Sorry my English, please. I'm happy with qmail and the users too. When i can add antivirus support with qmail-scanner, i fall in trouble. The QMAILQUEUE patch work fine, the installation its ok, but fetchmail ( i have a dial-up connection ) log the following to '/var/log/qmail/smtpd/current' --- suidperl: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory --- Can somebody help with this ? Thanks in advance
Qmail-Scanner
http://qmail-scanner.sourceforge.net
Hi,
Can you send me a sample of /etc/rc.d/init.d/qmail ?
My file
*TOP*
#!/bin/sh
# Qmail Startup
# Source function library.
. /etc/rc.d/init.d/functions
# See how we were called.
case "$1" in
start)
echo -n "Starting: "
env - PATH="/var/qmail/bin:/usr/local/bin" \
/var/qmail/bin/qmail-start ./Maildir/ /usr/local/bin/tai64n \
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog /var/log/qmail
&
echo -n "qmail "
env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver -H -R -c100 0 pop-3 /var/qmail/bin/qmail-popup \
ns207.ovh.net \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir &
echo -n "pop "
env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver -H -R -x /etc/tcp.smtp.cdb -c100 -u503 -g503 0 smtp \
/var/qmail/bin/qmail-smtpd 2>&1 > /dev/null &
echo "smtp"
;;
stop)
echo -n "stopping qmail"
killproc qmail-send
killproc tcpserver
echo
;;
restart)
$0 stop
$0 start
;;
status)
status qmail
;;
*)
echo "Usage: qmail {start|stop|restart|status}"
exit 1
esac
exit 0
*END*
At this stage the Qmail startup script(s) (e.g. /etc/rc.d/init.d/qmail )
will need to be updated so that Qmail knows to use qmail-scanner-queue.pl
instead of qmail-queue.
echo -n "qmail-smtpd, "
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
(ulimit -d 5120 -m 2048 && tcpserver -l`hostname -f` -c20 -b30 -P -h -R -t10
\
-O -Q -v -x/var/qmail/control/tcprules.cdb \
-gQMAILDUSER -uQMAILDGROUP 0 25 qmail-smtpd 2>&1) | splogger tcpserver &
How i add it ?
Help me please !
Thanks
Nicolas DEFFAYET, NDSoftware
http://www.ndsoftware.net - [EMAIL PROTECTED]
France: Tel +33 671887502 - Fax N/A
UK: Tel +44 8453348750 - Fax +44 8453348751
USA: Tel N/A - Fax N/A
Re: qmail-scanner (was RE: spam filter)
On Mon, Jan 08, 2001 at 04:27:45PM +0300, Brian Longwe wrote: > > OK, I'm looking at the qmail-scanner option and installing all the > prerequisite applications. From what I see in the documentation, it looks > like there might be significant increase in my memory/cpu overhead. I'm a > bit worried about this does anyone have experience with qmail-scanner in a > production environment? Qmail-Scanner can do what you want - but it is intended for bigger/more general things than blocking Emails with a certain From: header/etc... There are already other anti-spam patches referred to on www.qmail.org that can do what you want - with much less overhead that perl-based solutions like Qmail-Scanner. However, if you think you may soon want more than just header blocks - e.g. header regex matching, attachment blocking and anti-virus scanning, then Qmail-Scanner may be more for you.. http://qmail-scanner.sourceforge.net/ -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
qmail-scanner (was RE: spam filter)
OK, I'm looking at the qmail-scanner option and installing all the prerequisite applications. From what I see in the documentation, it looks like there might be significant increase in my memory/cpu overhead. I'm a bit worried about this does anyone have experience with qmail-scanner in a production environment? Brian > -Original Message- > From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 08, 2001 3:10 PM > To: Brian Longwe > Cc: Jenny Holmberg; [EMAIL PROTECTED] > Subject: RE: spam filter > > > On Mon, 8 Jan 2001, Brian Longwe wrote: > > > OK Vince, what will work? > > I've been letting them come in then contacting the user and pointing > them to the fix. I've heard that qmail-scanner will detect this tho. > There's a link to it on www.qmail.org. > > Vince. > > > > > > Brian > > > > > -Original Message- > > > From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, January 08, 2001 2:10 PM > > > To: Jenny Holmberg > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: spam filter > > > > > > > > > On 8 Jan 2001, Jenny Holmberg wrote: > > > > > > > "Brian Longwe" <[EMAIL PROTECTED]> writes: > > > > > > > > > Harald > > > > > > > > > > I'm not running an open relay. I am using tcpserver and > > > allowing relaying > > > > > only for IP addresses that belong to my network > > > (RELAYCLIENT). The problem > > > > > here is that it's one of my customers who has an application > > > that is sending > > > > > out all this junk mail. How do I set up a filter to block > > > until I can get > > > > > them to disable the application? > > > > > > > > > > > > echo "[EMAIL PROTECTED]" >> /var/qmail/control/badmailfrom > > > > > > > > > > > > > > This won't work. The envelope sender for hahaha is empty. > The address > > > you see in the From line is part of the data. > > > > > > Vince. > > > -- > > > > == > > > Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED] http://www.pop4.net > > 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking > > Online Campground Directoryhttp://www.camping-usa.com > >Online Giftshop Superstorehttp://www.cloudninegifts.com > > == > > > > > > > > > > -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: qmail-scanner
KIM <[EMAIL PROTECTED]> writes: > anybody here installed the qmail-scanner without problem? Yes. With AvpDaemon it works well. Martin
Re: qmail-scanner
Yes. On Thu, Jan 04, 2001 at 05:14:36PM +0800, KIM wrote: > > anybody here installed the qmail-scanner without problem? > -- Albert Hopkins Sr. Systems Specialist Dynacare Laboratories [EMAIL PROTECTED]
qmail-scanner
anybody here installed the qmail-scanner without problem?
Re: Should I try the Qmail-scanner?
On Thu, Dec 21, 2000 at 09:45:41AM +0800, Paul Tan wrote: > Hi guys and gals, > > I can't compile qmail-scanner on solaris 8. > uudecode fails with an option error > broken uudecoder on your system - cannot use uudecode component > > Error msg: test-uudecode.tst: No such file or directory Please join the Qmail-Scanner mailing-list. The Qmail list is busy enough without everyone having to worry about all sundrey related packages... http://lists.sourceforge.net/mailman/listinfo/qmail-scanner-general BTW: The compile didn't fail: "cannot use uudecode component" is what happened. You have ended up with a Qmail-Scanner that just doesn't internally support uuencoded files. If the commercial scanner you are using in conjunction with Qmail-Scanner supports uuencode, then you have no problem anyway. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
Hi guys and gals, I can't compile qmail-scanner on solaris 8. uudecode fails with an option error __ bash-2.03# CC=gcc ./configure --admin postmaster --domain trevda.com --archive /var/spool/qmailscan --install This script will search your system for the virus scanners it knows about, and will ensure that all external programs qmail-scanner-queue.pl uses are explicitly pathed for performance reasons. It will then generate qmail-scanner-queue.pl - it is up to you to install it correctly. Continue? ([Y]/N) y Usage: grep -hblcnsviw pattern file . . . broken uudecoder on your system - cannot use uudecode component Error msg: test-uudecode.tst: No such file or directory Found tnef on your system! That means we'll be able to decode stupid M$ attachments :-) The following binaries and scanners were found on your system: reformime=/usr/local/bin/reformime unzip=/usr/bin/unzip tnef=/usr/local/bin/tnef If that looks correct, I will now generate qmail-scanner-queue.pl for your system... Continue? ([Y]/N) Is there a patch for it to work on solaris or do i have to edit the "configure" file myself? Thks Paul - Original Message - From: "Jason Haar" <[EMAIL PROTECTED]> To: "qmail list" <[EMAIL PROTECTED]> Sent: Wednesday, December 20, 2000 5:46 AM Subject: Re: Should I try the Qmail-scanner? > On Tue, Dec 19, 2000 at 09:00:38PM +0100, Ruprecht Helms wrote: > > Am Die, 19 Dez 2000 schrieb Eric Wang: > > > Hi, guys > > > > > > I am thinking to apply the Qmail-scanner to block the virus attachement, > > > > better you try Amavis Scanner. The qmail-scanner is buggy and there isn't > > a fix for the wanted patch qmailscanner is asking for. > > Please don't report FUD about my work! :-) > > Qmail-Scanner is NOT buggy. The patch referred to on the homepage DOES work > and works for (almost) everyone who tries it. I'd guess your system has a > broken patch program or you are just calling it incorrectly. > > Is there anyone out there with an altered distribution of qmail-1.03 that > contains the QMAILQUEUE patch? Pointing people to such a beast would > certainly allow some less experienced people to get going... > > http://qmail-scanner.sourceforge.net/ > > > -- > Cheers > > Jason Haar > > Unix/Special Projects, Trimble NZ > Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
So, do u use the external viru scan software? or only the qmail-scan defaut? Which external viru scanner r u using? how big is the difference both on speed and secutiy? On Wed, 20 Dec 2000 00:34:35 +0100 "Einar Bordewich" <[EMAIL PROTECTED]> wrote: > We have been using qmail-scanner several months now, I can highly recomend > this solution. We are splitting the load on two dual PIII 700 proc. servers > with 512MB each. > Also running the QMAILQUEUE patch with no problems. > > Here are the viruses trapped since 23/08/2000 15:30:48, and I must say that > this solution is doing it's job. > > 230virus TROJ_NAVIDAD.A > 202virus VBS_LOVELETTR.AS > 58virus TROJ_MTX.A > 53virus VBS_KAKWORM.A > 33virus TROJ_HYBRIS.B > 23virus VBS_LOVELETTER-O > 22virus VBS_COLOMBIA > 21virus TROJ_PRETTY_PARK > 19virus PE_CIH > 18virus TROJ_SKA > 15virus PE_MTX.A > 13virus W97M_ETHAN.A > 13Possibly a misdisinfected virus > 12 Love Letter Virus/Trojan > 12virus VBS_STAGES.A > 10Joke program > 7virus W97M_THUS > 6virus JOKE_WOW > 6virus JOKE_FLIPPED > 5virus JOKE_RABBIT > 5virus JOKE_CURSOR.A > 5the W97M/Thus.gen virus !!! > 4virus JOKE_GESCHENK > 4virus JOKE_BUTTONS > 4the WScript/Kak.worm virus !!! > 3virus WM_CAP > 3virus W97M_MARKER > 3virus TROJ_HYBRIS.D > 3the JS/Kak@M virus !!! > 2 Joke/Win-Wobble > 2 Joke/Cokegift > 2virus W97M_WRENCH.E > 2virus W97M_OCARD.A > 2virus W97M_CLASS.Q > 2virus TROJ_SHOCKWAVE.A > 2virus O97M_TRISTATE > 2virus JOKE_SMALLPEN > 2virus JOKE_POINTER.A > 2virus JOKE_KNIJPME > 2virus JOKE_32 > 2the JS/Kak.worm virus !!! > 1 Happy99 Trojan > 1virus X97M_LAROUX.JH > 1virus X97M_LAROUX.BU > 1virus WM_MENTAL.A > 1virus W97M_TITCH.A > 1virus W97M_THUS.I > 1virus W97M_SELIUQ.B > 1virus W97M_SATELLITE > 1virus W97M_PRI.B > 1virus W97M_Generic > 1virus W97M_CLASS.QA > 1virus W97M_CHACK > 1virus W97M_BDOC2X > 1virus W97M_A_OPEY_03 > 1virus TROJ_COCED.240 > 1virus JOKE_FREIBIER.B > 1virus JOKE_DEL_WINDOWS > 1the W97M/Nalp.gen virus !!! > 1the W95/MTX@M virus !!! > 1the W32/Pretty.worm.gen virus !!! > 1the W32/MTX@M virus !!! > 1the BackDoor-HO.cli trojan !!! > > > > -- > > IDG New MediaEinar Bordewich > Development Manager Phone: +47 2336 1420 > E-Mail: eibo(at)newmedia.no > >
Re: Should I try the Qmail-scanner?
Yes they do. But they can also be misused, by for instance the zip file you provided the link for. My servers did'nt take harm of this file, but I'm sure that if I did'nt have the free disk space I have on my servers, they would. I'm not sure what qmail-scanner does if the process running out of disk space. If it removes the uncompressed files, or if it leaves it there. I'll better test that ;-) Of course the server would have problems when several instances would connect sending this file, and this will happen with qmail-scanner since qmail-scanner-queue.pl don't terminate the smtp session until the mail is finnished scanned. This would make the other server timeout, resending the mail. Then again, qmail-scanner/perlscan_scanner provides the ability to deny the mail based on the attachement being of type .zip and of size 42374 bytes solving that problem. I guess both of us can agree on the fact that there is a lot of different ways to make malicious damage to mailservers. -- IDG New MediaEinar Bordewich Development Manager Phone: +47 2336 1420 E-Mail: eibo(at)newmedia.no - Original Message - From: "Felix von Leitner" <[EMAIL PROTECTED]> To: "qmail list" <[EMAIL PROTECTED]> Sent: Wednesday, December 20, 2000 7:54 PM Subject: Re: Should I try the Qmail-scanner? > Thus spake Einar Bordewich ([EMAIL PROTECTED]): > > We have been using qmail-scanner several months now, I can highly recomend > > this solution. We are splitting the load on two dual PIII 700 proc. servers > > with 512MB each. > > Virus scanners don't solve the problem. > > http://www.fefe.de/antivirus/42.zip > > Felix >
Re: Should I try the Qmail-scanner?
Felix von Leitner <[EMAIL PROTECTED]> writes on 20 December 2000 at 19:54:33 +0100 > Thus spake Einar Bordewich ([EMAIL PROTECTED]): > > We have been using qmail-scanner several months now, I can highly recomend > > this solution. We are splitting the load on two dual PIII 700 proc. servers > > with 512MB each. > > Virus scanners don't solve the problem. And police don't solve the problem of crime, and schools don't solve the problem of ignorance, and locks don't solve the problem of burglars. I still think it's stupid not to have locks on the doors to your house, even though they (and the police) don't completely solve the problem. Possibly virus scanners don't solve the problem, and are still useful? -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: Should I try the Qmail-scanner?
Thus spake Einar Bordewich ([EMAIL PROTECTED]): > We have been using qmail-scanner several months now, I can highly recomend > this solution. We are splitting the load on two dual PIII 700 proc. servers > with 512MB each. Virus scanners don't solve the problem. http://www.fefe.de/antivirus/42.zip Felix
Re: Should I try the Qmail-scanner?
We have been using qmail-scanner several months now, I can highly recomend this solution. We are splitting the load on two dual PIII 700 proc. servers with 512MB each. Also running the QMAILQUEUE patch with no problems. Here are the viruses trapped since 23/08/2000 15:30:48, and I must say that this solution is doing it's job. 230 virus TROJ_NAVIDAD.A 202 virus VBS_LOVELETTR.AS 58 virus TROJ_MTX.A 53 virus VBS_KAKWORM.A 33 virus TROJ_HYBRIS.B 23 virus VBS_LOVELETTER-O 22 virus VBS_COLOMBIA 21 virus TROJ_PRETTY_PARK 19 virus PE_CIH 18 virus TROJ_SKA 15 virus PE_MTX.A 13 virus W97M_ETHAN.A 13 Possibly a misdisinfected virus 12 Love Letter Virus/Trojan 12 virus VBS_STAGES.A 10 Joke program 7 virus W97M_THUS 6 virus JOKE_WOW 6 virus JOKE_FLIPPED 5 virus JOKE_RABBIT 5 virus JOKE_CURSOR.A 5 the W97M/Thus.gen virus !!! 4 virus JOKE_GESCHENK 4 virus JOKE_BUTTONS 4 the WScript/Kak.worm virus !!! 3 virus WM_CAP 3 virus W97M_MARKER 3 virus TROJ_HYBRIS.D 3 the JS/Kak@M virus !!! 2 Joke/Win-Wobble 2 Joke/Cokegift 2 virus W97M_WRENCH.E 2 virus W97M_OCARD.A 2 virus W97M_CLASS.Q 2 virus TROJ_SHOCKWAVE.A 2 virus O97M_TRISTATE 2 virus JOKE_SMALLPEN 2 virus JOKE_POINTER.A 2 virus JOKE_KNIJPME 2 virus JOKE_32 2 the JS/Kak.worm virus !!! 1 Happy99 Trojan 1 virus X97M_LAROUX.JH 1 virus X97M_LAROUX.BU 1 virus WM_MENTAL.A 1 virus W97M_TITCH.A 1 virus W97M_THUS.I 1 virus W97M_SELIUQ.B 1 virus W97M_SATELLITE 1 virus W97M_PRI.B 1 virus W97M_Generic 1 virus W97M_CLASS.QA 1 virus W97M_CHACK 1 virus W97M_BDOC2X 1 virus W97M_A_OPEY_03 1 virus TROJ_COCED.240 1 virus JOKE_FREIBIER.B 1 virus JOKE_DEL_WINDOWS 1 the W97M/Nalp.gen virus !!! 1 the W95/MTX@M virus !!! 1 the W32/Pretty.worm.gen virus !!! 1 the W32/MTX@M virus !!! 1 the BackDoor-HO.cli trojan !!! -- IDG New MediaEinar Bordewich Development Manager Phone: +47 2336 1420 E-Mail: eibo(at)newmedia.no
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > I am thinking to apply the Qmail-scanner to block the virus attachement, > but I am wondering if this thing is a stable and efficient add-on and > worth to have a try, because for our production mail and mail list > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. we're using qmail-scanner + f-secure since a few weeks, and it seems to work really well : already trapped some mails with word macro viruses. Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
Re: Should I try the Qmail-scanner?
Jason Haar <[EMAIL PROTECTED]> wrote: > > Is there anyone out there with an altered distribution of qmail-1.03 that > contains the QMAILQUEUE patch? Pointing people to such a beast would > certainly allow some less experienced people to get going... Bruce Guenter's qmail SRPM might contain the patch, considering that he wrote it: http://em.ca/~bruceg/ Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 09:00:38PM +0100, Ruprecht Helms wrote: > Am Die, 19 Dez 2000 schrieb Eric Wang: > > Hi, guys > > > > I am thinking to apply the Qmail-scanner to block the virus attachement, > > better you try Amavis Scanner. The qmail-scanner is buggy and there isn't > a fix for the wanted patch qmailscanner is asking for. Please don't report FUD about my work! :-) Qmail-Scanner is NOT buggy. The patch referred to on the homepage DOES work and works for (almost) everyone who tries it. I'd guess your system has a broken patch program or you are just calling it incorrectly. Is there anyone out there with an altered distribution of qmail-1.03 that contains the QMAILQUEUE patch? Pointing people to such a beast would certainly allow some less experienced people to get going... http://qmail-scanner.sourceforge.net/ -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Should I try the Qmail-scanner?
Markus Stumpf wrote: > > On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > > server the stability and efficiency is extremely high demand. > > Any suggestion and experience are highly appreciated. > > First I have to say that we don't use the scanner. > > Some month ago someone posted to this list that plugging a virus scanner > in at a busy mail server demands a magnitude of 300-400% more cpu > power as compared to running without one. > So, if efficiency is a extremely high demand for you check your ressources. > > I don't think that the qmail-scanner alone will have any effect on the > stability tho. > > \Maex > > -- > SpaceNet AG | http://www.Space.Net/ | Stress is when you wake > Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you > Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't Consider this scenario for incoming mail: mail.company.com on one side of firewall - firewall.internal.company.com on inside running sendmail forwarding to scanningbox.internal.company.com that is aliased in dns to smtp.internal.company.com forwards everything to imap.internal.company.com (this is your main qmail server) Consider this scenario for outgoing mail: smtp in clients configured to use scanningbox.internal.company.com scanningox forwards everything to imap.internal.company.com imap.internal.company.com forwards all outgoing mail to firewall.internal.company.com Configuration: smtp.internal.company.com (scanningbox) is the highest mx record in the company. This way, scanningbox scans all incoming and outgoing messages and doesn't put a load on the mail server. Mike
RE: Should I try the Qmail-scanner?
I run the scanner to block vbs attachments. I'm only handling mail for 35 people (with very light/moderate mail traffic) so it doesn't make any noticeable dent in performance. Keep in mind that it is written in perl and on the page they tell you what to expect in terms of getting hardware to compensate for using the scanner on a production machine. -Original Message- From: Markus Stumpf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 12:46 PM To: qmail list Subject: Re: Should I try the Qmail-scanner? On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. First I have to say that we don't use the scanner. Some month ago someone posted to this list that plugging a virus scanner in at a busy mail server demands a magnitude of 300-400% more cpu power as compared to running without one. So, if efficiency is a extremely high demand for you check your ressources. I don't think that the qmail-scanner alone will have any effect on the stability tho. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Should I try the Qmail-scanner?
Am Die, 19 Dez 2000 schrieb Eric Wang: > Hi, guys > > I am thinking to apply the Qmail-scanner to block the virus attachement, better you try Amavis Scanner. The qmail-scanner is buggy and there isn't a fix for the wanted patch qmailscanner is asking for. If someone has fixed the problem, please post a file in this list that all members of the list can use it. Regards, Ruprecht
Re: Should I try the Qmail-scanner?
On Tue, Dec 19, 2000 at 12:30:18PM -0800, Eric Wang wrote: > server the stability and efficiency is extremely high demand. > Any suggestion and experience are highly appreciated. First I have to say that we don't use the scanner. Some month ago someone posted to this list that plugging a virus scanner in at a busy mail server demands a magnitude of 300-400% more cpu power as compared to running without one. So, if efficiency is a extremely high demand for you check your ressources. I don't think that the qmail-scanner alone will have any effect on the stability tho. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Should I try the Qmail-scanner?
Hi, guys I am thinking to apply the Qmail-scanner to block the virus attachement, but I am wondering if this thing is a stable and efficient add-on and worth to have a try, because for our production mail and mail list server the stability and efficiency is extremely high demand. Any suggestion and experience are highly appreciated. Thanks!
Re: qmail scanner
Alan Chung wrote: Hi! Hehe, I'm sure Jason "triggers" on this $subject :) > I have just installed the following packages for qmail virus scanning. > > * maildrop (MIME Handlers) > * tnef > * amavis > > I had the following ten processes running before I installed it. [cut] > I even tried to reinstalled from source again but it is not coming back. I > can send/receive mail without any problem but does anyone see this problem > before? Hum, can you give me some more details? Which version of AMaViS do you use? Btw, in general I would recommend to use AMaViS-Perl instead. And, well, please post AMaViS-releaded questions to our amavis-user mailing list, thanks. best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | OpenAntiVirus Project (www.openantivirus.org)
qmail scanner
I have just installed the following packages for qmail virus scanning. * maildrop (MIME Handlers) * tnef * amavis I had the following ten processes running before I installed it. supervise qmail-send supervise qmail-smtpd /usr/local/bin/multilog t s250 /var/log/qmail/qmail-send /usr/local/bin/multilog t s250 /var/log/qmail/qmail-smtpd /usr/local/bin/tcpserver -v -p -/etc/tcp.smtp.cdb -u 531 -g 1001 0 smtp /var/qmail/bin/qmail-smtpd qmail-send splogger qmail qmail-lspawn ./Mailbox qmail-rspawn qmail-clean But only three are left after that /usr/local/bin/multilog t s250 /var/log/qmail/qmail-send /usr/local/bin/multilog t s250 /var/log/qmail/qmail-smtpd qmail-clean I even tried to reinstalled from source again but it is not coming back. I can send/receive mail without any problem but does anyone see this problem before? Thanks in advance. Alan
Re: qmail-scanner + which antivirus ?
"Olivier M." <[EMAIL PROTECTED]> writes: > > Unfortunately avp is not free, the license-fee for a (linux) > > mail-server is about 100$/year. > > this would be acceptable. Are the updates automatic, or do they > have to be done manualy ? (wget something, for example). How should the updates be done automatic? I use a cron-job starting wget each night and restart AvpDaemon after successful download. I would not use win-like programs where I don't have the source and which would do something automatic... Or do you mean the license-file itself? Don't have experience with that cause the license-files of the servers I administrate run until Sep 2001. And then I will contact AVP and buy some new licenses. HTH, Martin
Re: qmail-scanner + which antivirus ?
Thanks Martin for your answer. On Mon, Sep 25, 2000 at 10:47:33AM +0200, Martin Lesser wrote: > Your problems seem to result of a perhaps misconfigured AvpLinux or > AvpDaemon. If you use the trial-version of avp you may run into problems > due to the "semi"-automatic tests done by avp. > > Unfortunately avp is not free, the license-fee for a (linux) mail-server > is about 100$/year. this would be acceptable. Are the updates automatic, or do they have to be done manualy ? (wget something, for example). Regards, Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch PGP signature
Re: Problem with sqwebmail + qmail-scanner
[EMAIL PROTECTED] writes: > > I have noticed that it is possible to send infected messages > with sqwebmail running qmail-scanner. > I guess sqwebmail put messages directly in the queue, so it > no qmail-smptd is called and no antivirus is used. > > The only solution I could find is reverting to Amavis. > Amavis is bit harder to setup and maintain, and I always > prefered qmail-scanner, even being a lot slower and more resource > consuming. Now Amavis is the only option. > > Some ideia? Sqwebmail uses a script called sendit.sh, that calls qmail-inject for sending the mail. If you have applied the QMAILQUEUE patch, than you have to tell qmail-inject to use that. In the sendit.sh: Apply export QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" before qmail-inject. Or you could also do as I've done, applied the QMAILQUEUE variable in the httpd.conf file. SetEnv QMAILQUEUE /var/qmail/bin/qmail-scanner-queue.pl regards, eibo
