I think this is a bug as well.
A PowerPoint document shows up as Microsoft Installer. The reason for this
is that the magic data file has this magic string commented out because of
false positives with powerpoint:
# False positive with PPT
#0 string \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00
Hello everyone,
I'm tuning up my $sql_select_policy in order to improve functionality
of amavis on my mail server and I'm struggling with something which
I'd imagine would be simple. I need to extend this query as follows:
" ... OR alias.goto LIKE ('%RECIPIENT%')"
where RECIPIENT is the ind
At 07:04 PM 6/15/2007, Mark Martinec wrote:
>Seems the -i works better for this particular file,
>although generally it is the other way around in my experience.
On my system file(1) (file-4.21 from FreeBSD ports) classifies *all*
MS Word and Excel documents as "Microsoft Installer", not just th
Noel,
> IIRC, amavisd-new does not use the -i flag on file(1). I believe it
> calls file with no flags and parses the returned text.
True. Intentionally.
The mime type as returned by file(1) is usually less
selective than the default output.
> # file *doc
> this is a openvpn gui.doc: Microsoft
At 06:32 PM 6/15/2007, Michael Scheidell wrote:
>sure enough works on your site.
:-))
--
Noel Jones
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control
At 06:29 PM 6/15/2007, Michael Scheidell wrote:
>Noel Jones wrote:
>>Eh??? Sure enough, file(1) reports all .doc files I tested (even
>>without embedded stuff) as "Microsoft Installer".
>for me, I see all doc files as... well, doc files. (these are the
>two test cases I linked to earlier)
>Noel
sure enough works on your site.
Original Message
Subject:Undeliverable:BANNED message from you (multipart/mixed |
application/msword,.doc,this is a openvpn gui.doc |
.exe,.exe-ms,openvpn_2.0.1ms1.exe)
Date: Fri, 15 Jun 2007 19:31:37 -0400
From: System Administrato
Noel Jones wrote:
>
> Hmm, just tested it here, didn't catch it for me either. I could have
> sworn this worked before...
>
> Ah, here's the problem...
> # file test_document_with_EXE.doc
> test_document_with_EXE.doc: Microsoft Installer
>
> Eh??? Sure enough, file(1) reports all .doc files I te
At 05:18 PM 6/15/2007, Michael Scheidell wrote:
>I am not sure it works as expected:
>
>Jun 15 18:01:02 smtp1 amavis[35096]: (35096-07) Passed CLEAN,
>[204.89.241.173] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
>Message-ID: <[EMAIL PROTECTED]>,
>mail_id: fnMl3GaRqFpe, Hits: -, size: 625100, queue
Hi Mark
Mark Martinec wrote:
> Thomas,
>
>> I have /var/amavis/db/; BerkeleyDB 0.31, libdb 4.3
>> It's FreeBSD 5.5 with amavisd-new 2.5.1
>
>>> Jun 13 07:12:31 mail03 amavis[59855]: (!!)TROUBLE in child_init_hook:
>>> BDB no dbS: Unknown locker ID: 34d6, . at (eval 62) line 30.
>>> Jun 13 07:12:
> -Original Message-
> From: Michael Scheidell
> Sent: Friday, June 15, 2007 6:18 PM
> To: 'Noel Jones'; 'Amavis-User Mail List'
> Subject: RE: [AMaViS-user] Someone missed a virus..
>
>
> I am not sure it works as expected:
>
>
Mark: could this be why:
file -I says it's a appli
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Noel Jones
> Sent: Friday, June 15, 2007 4:11 PM
> To: Amavis-User Mail List
> Subject: Re: [AMaViS-user] Someone missed a virus..
>
> At 03:02 PM 6/15/2007, Bill Landry wrote:
> > >
> >I don't dis
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Mark Martinec
> Sent: Friday, June 15, 2007 5:09 PM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] Someone missed a virus..
>
> Michael,
>
> > Mark: I googled looking for why
I am doing some tests on a Debian machine with the Debian 2.4.2
package and the postfixadmin vacation.pl script and I noticed that
because the vacation program sends a mail out on the recipient's behalf
the sender is now a penpal. If a spammer sends out more than one
message using the same sender
Michael,
> Mark: I googled looking for why ripole is commented out.
I forgot the details. Mostly because it crashes from time to time
(which is a signal for security-conscious mind), and is inable
to decode many OLE documents.
Mark
-
Hi!
I'm using amavisd-new as a postfix smtpd_proxy_filter.
I've noticed that some mailers (some sendmail configurations) include an
AUTH parameter to the MAIL FROM command, which apparently postfix passes
to amavisd. However, amavisd rejects those mails because I have not
defined @auth_mech_avail.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Noel Jones
> Sent: Friday, June 15, 2007 4:16 PM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] Someone missed a virus..
>
> At 02:56 PM 6/15/2007, Michael Scheidell wrote:
At 02:56 PM 6/15/2007, Michael Scheidell wrote:
>I think there was some talk about problems with ripole, Mark???
>
>I think that is why its disabled by default:
>
> grep ripole /usr/local/etc/amavisd.conf
># ['doc', \&do_ole, 'ripole'],
Sometimes ripole gets confused and reports an error
At 03:02 PM 6/15/2007, Bill Landry wrote:
> >
>I don't disagree. My comment was more toward the fact that many virus
>scanners now support mime decoding and file unpacking themselves and
>thus the decoding feature of amavisd-new can be disabled (meaning no
>need to install and use unpackers within
Bill Landry wrote:
> Michael Scheidell wrote the following on 6/15/2007 12:54 PM -0800:
> I don't disagree. My comment was more toward the fact that many virus
> scanners now support mime decoding and file unpacking themselves and
> thus the decoding feature of amavisd-new can be disabled (mean
Michael Scheidell wrote the following on 6/15/2007 12:54 PM -0800:
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf
>> Of Bill Landry
>> Sent: Friday, June 15, 2007 3:51 PM
>> To: amavis-user@lists.sourceforge.net
>> Subject: Re: [AMaViS-user] Someon
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Noel Jones
> Sent: Friday, June 15, 2007 3:45 PM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] Someone missed a virus..
>
> At 02:27 PM 6/15/2007, Michael Scheidell wrote:
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Bill Landry
> Sent: Friday, June 15, 2007 3:51 PM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] Someone missed a virus..
>
> Michael Scheidell wrote the following on 6/15/200
Michael Scheidell wrote the following on 6/15/2007 12:27 PM -0800:
> Well, an attachment, a 0 day virus.
>
> How do we block an exe insite a .doc?
>
> Maybe hackers/spammers have found a way around Anti-Virus software, or
> at least, attachment blocking.
>
> Spam came in, with a 'proforma invoice'
At 02:44 PM 6/15/2007, Noel Jones wrote:
>At 02:27 PM 6/15/2007, Michael Scheidell wrote:
> >Well, an attachment, a 0 day virus.
> >
> >How do we block an exe insite a .doc?
>
>I believe if you have the 'ripole' tool and uncomment (or add) the
>@decoders entry
># 'doc', \&do_ole, 'ripole'
At 02:27 PM 6/15/2007, Michael Scheidell wrote:
>Well, an attachment, a 0 day virus.
>
>How do we block an exe insite a .doc?
I believe if you have the 'ripole' tool and uncomment (or add) the
@decoders entry
# 'doc', \&do_ole, 'ripole'
Then the .exe file will be available to the regular
Well, an attachment, a 0 day virus.
How do we block an exe insite a .doc?
Maybe hackers/spammers have found a way around Anti-Virus software, or
at least, attachment blocking.
Spam came in, with a 'proforma invoice' attached.
(if you want to see it, http://www.secnap.com/downloads/proforma.eml)
Arno,
> > To turn on also quarantining at tag3 level (which is: CC_SPAMMY,1 ),
> > and direct it to a dedicated directory, something like the following
> > can be used:
> >
> > $sa_tag2_level_deflt = 6.2; # add 'spam' headers at that level
> > $sa_tag3_level_deflt = 8;# add 'blatant spam' he
> Hi,
>
> I am the original author of amavis-stats but have not been
> involved in any way with the project for several years.
> However the original web-pages on my server (at
> http://rekudos.net/amavis-stats) and are still hit quite a
> lot by users, search engines and spammers.
>
> As I'
Sven,
Sorry for delay. I can not reproduce your problem,
even though I tried to mimic your settings.
> >> $defang_maps_by_ccat{+CC_SPAM} = [
> >> { # a per-recipient hash lookup table
> >> '.dynamik.sytes.net' => 'attach',
> >>},
> >>$defang_spam, # fallback to old style setting
Mark Lawrence wrote:
> Unfortunately it doesn't seem to me that the project is still active and I
> wanted to ask on this list if that was the case? The contributed software
> list (http://www.ijs.si/software/amavisd/#contrib) points to Dale Walsh's
> version of amavis-stats, but that is not a p
Gary wrote:
> Frank wrote:
>> 2. over the day our groupwise has a performance problem. so we want to
>> quarantine the spam on the mailserver and release it over night.
Another possibility would be to set up SQL, use MAILZU and keep the
spam on the server. Then the users could log in and check t
Frank wrote:
> Gary V wrote:
>> Frank wrote:
>> > sorry,
>> > forgot to mention the version information:
>> >
>> > amavisd-new 2.5.1
>> > (SpamAssassin 3.2.0, SuSE Linux Enterprise Server 8)
>> >
>> > Am Mittwoch, 13. Juni 2007 schrieb Frank Perske:
>> >> Hello,
>> >>
>> >> how is it possible, to
peter wrote:
> Jun 14 11:26:50 spamfilter amavis[9444]: (09444-09) final_destiny
> PASS, recip [EMAIL PROTECTED]
Please grep your amavisd.conf for final_
grep final_ /etc/amavisd.conf
> Matthias wrote:
>> Perhaps you want to change this to something like:
>> $final_spam_destiny = D_DISCA
Eray,
> Looks fine to me. So the problem is with the database probably.
> How can I check the database?
[...]
> Does this look reasonable? Any other suggestions?
If your bayes tables use MyISAM storage engine (instead of InnoDB),
it doesn't hurt to issue:
REPAIR TABLE ...;
on bayes SQL tables
Eray,
> amavisd debug-sa | grep bayes gives me the following for each message
> passing through our mail server:
>
> [18178] dbg: bayes: database connection established
> [18178] dbg: bayes: found bayes db version 3
> [18178] dbg: bayes: Using userid: 1
> [18178] dbg: bayes: corpus size: nspam = 1
Mark Martinec wrote:
> Martin,
>
>> I've just reinstalled our staging area with the latest amavis release
>> etc on RHEL5. I've created the mysql-db according to README.sql-mysql to
>> be used with the SQL Logging features (not quarantine).
>> I keep getting the error below, any ideas why am_id is
Hi,
I am the original author of amavis-stats but have not been involved in any
way with the project for several years. However the original web-pages on
my server (at http://rekudos.net/amavis-stats) and are still hit quite a
lot by users, search engines and spammers.
As I'm about to change pr
Thank you very much, on my test-system it's working fine.
I think only the performance might be a problem (seen under pros and
cons on the page you mentioned).
Best Regards,
Daniel
-
This SF.net email is sponsored by DB2 Ex
On 15.06.2007 07:50, Eray Aslan wrote:
> amavisd debug-sa | grep bayes gives me the following for each message
> passing through our mail server:
>
> [18178] dbg: bayes: database connection established
> [18178] dbg: bayes: found bayes db version 3
> [18178] dbg: bayes: Using userid: 1
> [18178] d
The README.sql-pg in amavisd-new distribution suggests
the following SQL clauses to purge old records from a database:
DELETE FROM msgs WHERE time_iso < now() - INTERVAL '3 weeks';
DELETE FROM msgs WHERE time_iso < now() - INTERVAL '1 h' AND content IS NULL;
DELETE FROM maddr
WHERE NOT EXISTS (
Romaric,
> > Indeed. This was fixed in amavisd-new-2.4.4. From release notes:
> > - PostgreSQL: when storing mail text to a quarantine use pg_type=PG_BYTEA
> > attribute on a field 'quarantine.mail_text'; previously the following
> > error could be reported:
> > 451 4.5.0 Storing to sql
Gary V wrote:
> Frank wrote:
> > sorry,
> > forgot to mention the version information:
> >
> > amavisd-new 2.5.1
> > (SpamAssassin 3.2.0, SuSE Linux Enterprise Server 8)
> >
> > Am Mittwoch, 13. Juni 2007 schrieb Frank Perske:
> >> Hello,
> >>
> >> how is it possible, to add the subject_tag to spa
43 matches
Mail list logo