> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of David F. Skoll
>
> Except that you have to pass the message back to Sendmail,
> and Sendmail
> replaces the "df" file with the new message body. That consumes
> real disk I/O.
I'll have to admit
Lucas Albers wrote to [EMAIL PROTECTED]:
> > Since moving to MIMEDefang, I'm getting "oops! still tied to Bayes
> > DBs, untie'ing" quite frequently (a few hundred times a day or so).
> > It occurs fairly predictably when MIMEDefang is restarted, but also
> > occurs during normal use.
>
> For a bet
I think I got over this problem by doing bayes learn to journal.
Original Message
Subject: Re: Bayes.pm: oops! still tied to Bayes DBs, untie'ing
From:"Ryan Thompson" <[EMAIL PROTECTED]>
Date:Fri, July 30, 2004 12:36 am
To: [EM
On Fri, 30 Jul 2004, Kelson Vibber wrote:
> This would be done in the MD working directory, though, right? So if
> you're running that on a ramdisk, it shouldn't be too much of a difference.
Except that you have to pass the message back to Sendmail, and Sendmail
replaces the "df" file with the n
On Fri, 30 Jul 2004 [EMAIL PROTECTED] wrote:
> Am I correct in beleiving the CanIT voting links would also cause an
> action_rebuild as well?
Yes, they do.
Regards,
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing
At 09:24 AM 7/30/2004, David F. Skoll wrote:
On Fri, 30 Jul 2004 [EMAIL PROTECTED] wrote:
> How bad would the performance hit be to do the action_rebuild on every
> message?
Not that bad. If you add boilerplate, for example, you're doing that
anyway. However, if you're short on disk I/O, it will
At 09:55 AM 7/30/2004, J.D. Bronson wrote:
Could you kindly post exactly what you did?
OK:
Take a cue from the current example filter and call
md_copy_orig_msg_to_work_dir_as_mbox_file() just before calling
message_contains_virus.
That's it. I just placed "md_copy_orig_msg_to_work_dir_as_mbox_file
At 09:40 AM 7/30/2004, Royce Williams wrote:
What's everyone else doing with reference to the example filter?
Well, I used to go through the example filter on each upgrade and copy bits
over, but ours has gotten extremely complicated over time, so now I just go
through the changelog and look for
[EMAIL PROTECTED] wrote on 07/30/2004 12:24:15
PM:
> Not that bad. If you add boilerplate, for example, you're doing that
> anyway. However, if you're short on disk I/O, it will cause problems,
> because it essentially doubles your Sendmail queue I/O usage.
Am I correct in beleiving the CanIT
On Friday 30 July 2004 03:03 am, Martin Blapp wrote:
> Clamav is not catching 5 tests, and viri are slipping throuh ! At least
> test 8 and 23 are very important to catch I think:
There's timing... I was just looking at this stuff yesterday. I got the same
results initially (except for #25, which
On 7/30/2004 8:22 AM, Kelson Vibber wrote:
On Friday 30 July 2004 03:03 am, Martin Blapp wrote:
There's timing... I was just looking at this stuff yesterday. I got the same
results initially (except for #25, which had been defanged), but after
investigation was able to easily block the rest by c
On Fri, 30 Jul 2004 [EMAIL PROTECTED] wrote:
> How bad would the performance hit be to do the action_rebuild on every
> message?
Not that bad. If you add boilerplate, for example, you're doing that
anyway. However, if you're short on disk I/O, it will cause problems,
because it essentially doub
On Friday 30 July 2004 03:03 am, Martin Blapp wrote:
> Clamav is not catching 5 tests, and viri are slipping throuh ! At least
> test 8 and 23 are very important to catch I think:
There's timing... I was just looking at this stuff yesterday. I got the same
results initially (except for #25, whic
--On Friday, July 30, 2004 10:50 AM -0400 "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
As I wrote before many times, I have no intention of making MIMEDefang
"bug-for-bug" compatible with various buggy MUAs. If you're really
concerned about this thing, the *ONLY* sane response is to canonicalize
I know I did this once, a long time ago, and I've lost that snippet
of code since then. There are a few e-mails we'd like to receive in
HTML, and let them come through clean. Right now MD is stripping HTML
(and defang-ing everything) in every incoming piece of mail, which is
fine. How do
[EMAIL PROTECTED] wrote on 07/30/2004 10:50:50
AM:
> As I wrote before many times, I have no intention of making MIMEDefang
> "bug-for-bug" compatible with various buggy MUAs. If you're really
> concerned about this thing, the *ONLY* sane response is to canonicalize
> every single message coming
Hi all,
> Is it just me, or is Mimedefang embedded reload broken again
> with the recent published perl upgrade ?
> The compile options where the same as for perl 5.8.4, so
> something must have been changed.
Now this is REALLY funny ! Perl 5.8.5 is fine !
I remembered that I've installed also
>The MIME continuation vulnerability exploits a bug in Outlook.
>MIMEDefang interprets the message correctly according to the MIME
>RFCs.
I just checked up on that and found you are right David. One of the reasons I'm not
using Outhouse is because of all it's bugs and vulnerabilities. Unfortunat
On Fri, 30 Jul 2004, Chris Gauch wrote:
> I also ran the test last night -- the only one that got through our server
> is #24,
24 can be zapped by bouncing the "message/partial" MIME type. That's
something I strongly recommend anyway; message/partial is a security
nightmare. What the h*ll were
I also ran the test last night -- the only one that got through our server
is #24, and there supposedly wasn't even a virus attached to that one.
We're running ClamAV 0.74, SA 2.63.
- Chris
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:mimedefang-
> [EMAIL PROTECTED] On Behalf
On Fri, 30 Jul 2004, Paul wrote:
> I just ran it here with MD 2.41 + SA 2.60 + ClamAV 0.67. #5, #8, #23
> and #25 got through.
The MIME continuation vulnerability exploits a bug in Outlook.
MIMEDefang interprets the message correctly according to the MIME
RFCs.
As I wrote before many times, I ha
I just ran it here with MD 2.41 + SA 2.60 + ClamAV 0.67. #5, #8, #23 and #25 got
through. However, #8 and #25 had the offending attachment removed by MD and a warning
attached to the email. So basically only #5 and #23 really got through unscathed. But
yes, efforts should be made to plug up thes
On Fri, 30 Jul 2004, Martin Blapp wrote:
> Is it just me, or is Mimedefang embedded reload broken again
> with the recent published perl upgrade ?
Could be.
Perl internals are a nightmare. :-(
--
David.
___
Visit http://www.mimedefang.org and http://w
Hi all,
Is it just me, or is Mimedefang embedded reload broken again
with the recent published perl upgrade ?
Jul 30 15:22:56 mx2 kernel: pid 92090 (mimedefang-multiple), uid 1001: exited on
signal 6 (core dumped)
Jul 30 15:22:58 mx2 kernel: pid 93632 (mimedefang-multiple), uid 1001: exited on
s
Hi,
Have also just run these tests:
Test #22, & #23 failed here using MD 2.43, and SA only. No AV
configured. All mails from this system are forwarded to separate AV
system running Trend's InterScan VirusWall which picked up #5 and #8 no
problem.
My client picked up #23 afterwards once it got t
Test #5,8,22,23
all failed here using MIMEDefang 2.42b2
and f-prot 4.4.3 ...
Test #5: Eicar virus sent using BinHex encoding
Test #8: Eicar virus sent using BinHex encoding within a MIME segment
Test #22: Eicar virus within zip file hidden using the "MIME Continuation
Vulnerability"
Test #23: Eica
Hi,
Just did the test for mimedefang and clamav:
Clamav is not catching 5 tests, and viri are slipping throuh ! At least test 8
and 23 are very important to catch I think:
Test #5: Eicar virus sent using BinHex encoding (this is a rarely used Macintosh
mail format)
Test #8: Eicar viru
27 matches
Mail list logo