On 12/11/2019 3:45 pm, Kenneth Porter wrote:
--On Monday, November 11, 2019 9:55 PM -0500 "Kevin A. McGrail"
wrote:
MIMEDefang needs a new name. Got ideas? Shout em out!
It's a filter that works with Perl. What filter-feeder makes pearls?
How about Oyster?
That would go well with ClamAV
Hi
In recent times I have noticed that the quarantine directory name has been
generated incorrectly using the minute value instead of the month value.
The problem appears to be in mimedefang.pl subroutine hour_str where it returns
$min+1 instead of $mon+1
Cheers
Bill Maidment
-Original message-
> From:Richard Laager
> Sent: Thursday 11th February 2016 18:22
> To: mimedefang@lists.roaringpenguin.com
> Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang
>
> On 02/10/2016 11:01 PM, Bill Maidment wrote:
> > Hi
> > After y
.
Cheers
Bill Maidment
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang
-Original message-
To: mimedefang@lists.roaringpenguin.com;
From: David F. Skoll
Sent: Thu 28-07-2011 00:57
Subject:Re: [Mimedefang] MIMEDefang 2.72 is Released - md_syslog problem
> On Wed, 27 Jul 2011 22:26:44 +1000
> Bill Maidment wrote:
>
> > The chan
hdefang-0.9. The Queue-ID appears twice.
e.g.
Jul 27 04:04:57 stiles mimedefang.pl[7527]: p6QI4kQR018574:
MDLOG,p6QI4kQR018574,mail_in,194.109.142.194Re:
[clamav-users] Third Party web interface
^^^
-Original message-
To: mimedefang@lists.roaringpenguin.com;
From: David F. Skoll
Sent: Fri 25-02-2011 03:30
Subject:[Mimedefang] CentOS (was Re: MIME::Tools 5.501 has been
released)
> On Tue, 22 Feb 2011 17:36:26 -0600
> Ben Kamen wrote:
>
> > I've been running CentOS o
-Original message-
From: David F. Skoll
Sent: Sun 02-05-2010 23:46
To: mimedefang@lists.roaringpenguin.com;
Subject: Re: [Mimedefang] mimedefang-multiplexor keeps dying
> Bill Maidment wrote:
>
> > May 2 15:01:47 stiles mimedefang-multiplexor[20703]: Slave 3 stderr
-Original message-
From: Bill Maidment
Sent: Sun 02-05-2010 18:58
To: mimedefang@lists.roaringpenguin.com;
Subject: Re: [Mimedefang] mimedefang-multiplexor keeps dying
> -Original message-
> From: Bill Maidment
> Sent: Sun 02-05-2010 16:38
> To
-Original message-
From: Bill Maidment
Sent: Sun 02-05-2010 16:38
To: mimedefang@lists.roaringpenguin.com;
Subject: [Mimedefang] mimedefang-multiplexor keeps dying
> Hi guys
> I've been getting mimedefang-multiplexor dying for some time now on my
> external
>
MTA, relay=stiles.maidment.vu [192.168.2.12]
Any ideas what is causing this?
Any suggestions as to how to debug it?
Cheers
Bill Maidment
Consultant to Elgas Ltd
"It's important to keep your rough edges" - Neil Hannon
___
NOTE: If there is a disclaimer o
On Fri, 19 Jan 2007 11:21:33 +1000, Bill Maidment wrote
> 1. The busy slaves graph sometimes flat-lines, even though the other two
> graphs show activity. It seems to happen in the relatively quiet traffic
> periods.
>
Ooops. I read the intructions :-( I see the busy slaves is
On Thu, 18 Jan 2007 17:02:38 -0500, David F. Skoll wrote
> Bill Maidment wrote:
>
> > Can we also have a port number option for each server? Something
> > like servername:22
>
> Nope, we can't have that. The reason is you can do that in your
> ..ssh/config file:
ion for each server? Something like
servername:22
Thanks for this excellent tool.
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VO
Rob MacGregor wrote:
On 21/01/06, Dirk the Daring <[EMAIL PROTECTED]> wrote:
I've just stood up a Solaris 9 server with (all built from source)
sendmail v8.13.5, SA 3.1.0, MD 2.54 and ClamAV 0.88 with David's patch.
Its working fine.
Similarly I've been running it on FreeBSD 5.4 (sendmail
David F. Skoll wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
MIMEDefang 2.55-BETA-4 is available at http://www.mimedefang.org/node.php?id=1
Is it me? Or are all the links inactive on the download page?
Cheers
Bill
--
What's the difference between Linux and Windoze?
Linux - Th
Tomasz Ostrowski wrote:
On Mon, 16 Jan 2006, [EMAIL PROTECTED] wrote:
I already know what this means. But it is only because I did read
previous David's message. I'm just saying that this "INCOMPATIBILITY"
note should be more verbose and give an example for those, who do not
know perl very
Dave Helton wrote:
Please accept with no obligation, implied or implicit our best wishes
for an environmentally conscious, socially responsible, low stress, non-
addictive, gender neutral, celebration of the winter solstice holiday,
So you don't extend these best wishes to those in the southern
David F. Skoll wrote:
Yes, my usual mantra: "When a previously-working system starts misbehaving,
and you (really, honestly!) haven't changed anything, suspect a network
problem." Look for a DNSRBL host that's died, a datbase connection that's
acting up, or something similar.
Of course, if you *h
Tom Skotnicki wrote:
I have been running Mimedefang for a couple of years with great success.
Recently, I started having issues with dozens of slave processes
accumulating until the server stops responding. Reboot, all is well again
for a while. Looked all over and cannot seem to come up with a clu
Tom Skotnicki wrote:
I have been running Mimedefang for a couple of years with great success.
Recently, I started having issues with dozens of slave processes
accumulating until the server stops responding. Reboot, all is well again
for a while. Looked all over and cannot seem to come up with a clu
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
message above.
RBLs working again.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
message above. If you have violated that, then you hereby owe the sender
AU$10 for
heers.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
message above. If you hav
eases.
I've attached the patch again. It's against 2.45
Regards
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may rea
for the old modules and delete them.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word
Bill Maidment wrote:
I know. I am stupid. I installed razor-agents-sdk-2.03.tar.gz on my once
working mail server and it totally upset mimedefang.
I've re-installed the perl modules including MIME-Base64-3.05 (with
INSTALLDSIRS=site) and MIME-tools-5.414, but mimedefang won't con
mimedefang-2.45]#
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
Bill Maidment wrote:
Finally. I've fixed it. I switched off embedded perl and it's back to
normal. Now to test the bz2 file again.
One last email on this topic. bz2/gz/zip attachments still caused the
mail system to throw a fit, so I updated clamv to the latest development
versi
alan premselaar wrote:
Bill Maidment wrote:
I've had mimedefang-2.45 spamassassin-3.0.0 clamav-0.80rc2 running for
about a week OK on a dual opteron. Then yesterday a friendly bz2 file
came in as an attachment and clamav threw a fit. I upgraded to
clamav-0.80rc3 and still had the same pr
order of title, but I may be wrong.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered word
ay you've given me hope that it's something simple.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
message above. If you
fang.defang
What else should I check?
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman", you may read only the "odd
numbered words" (every other word beginning with the first) of the
message
Bill Maidment wrote:
Here is a patch to mimedefang-2.45 to support Command Anti-Virus (csav)
Rats. One small typo in mimedefang-filter.5.in
@@ -1749,6 +1754,9 @@
Bitdefender "bdc" - http://www.bitdefender.com/
.TP
.B fsav
+Command Anti-Virus - http://www.commandsoftware.com/
+.TP
+
Here is a patch to mimedefang-2.45 to support Command Anti-Virus (csav)
Regards
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman"
ed in
the UPGRADE notes. i.e. I avoid NFS where the error seems to come from.
Cheers
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alfred E. Newman"
ng/bayes_* R/W: lock
failed: No such file or directory
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/ _/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http:
lock
failed: No such file or directory
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/ _/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
___
Visit http://www.mimedefang.org and http://www.
David F. Skoll wrote:
On Sat, 18 Sep 2004, Bill Maidment wrote:
This looks like an old version 2.11 and I get the same result after
doing make realclean and re-installing MIME-Base-3.03
When you re-installed MIME-Base-3.03, did you remember to do:
perl Makefile.PL INSTALLDIRS=site
David
Bill Maidment wrote:
How about the permissions on the QuotedPrint.pm module under site_perl?
[EMAIL PROTECTED] bill]# la
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/MIME/QuotedPrint.pm
-r--r--r-- 1 root root 5870 Feb 20 2004
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
David F. Skoll wrote:
On Sat, 18 Sep 2004, Bill Maidment wrote:
INC = /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
How about the permissions on the QuotedPrint.pm module under site_perl?
[EMAIL PROTECTED] bill]# la
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/MIME
David F. Skoll wrote:
On Fri, 17 Sep 2004, Bill Maidment wrote:
[EMAIL PROTECTED] bill]# find /usr/lib/perl5 -name 'QuotedPrint.pm'
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/MIME/QuotedPrint.pm
Weird. What's the output of this two-line test program:
use lib
David F. Skoll wrote:
On Fri, 17 Sep 2004, Bill Maidment wrote:
[EMAIL PROTECTED] bill]# fgrep 'use lib' /usr/local/bin/mimedefang.pl
use lib '/usr/lib/perl5/site_perl/5.8.3';
OK. How about:
find /usr/lib/perl5 -name 'QuotedPrint.pm'
[EMAIL PROTECTED] bi
site_perl/5.8.3';
[EMAIL PROTECTED] bill]#
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/ _/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
=0, scans=0, user=0.170, sys=0.020, nswap=0, majflt=465,
minflt=556, maxrss=0, bi=0, bo=0
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Just testing that I receive the list on this address.
Sorry for the noise.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
___
Visit
fully I will receive email through [EMAIL PROTECTED] Both these
domains publish SPF.
Cheers
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
__
Bill Maidment wrote:
Hi
I'm trying to use md_check_against_smtp_server to check the email
recipient against valid users on another mail server.
The problem I have is that invalid recipients cause the incoming email
to continually bounce between my two mail servers. Valid recipients work
Joseph Brennan wrote:
So, all we do is change all the mail servers on the net. :-)
Now you're getting the idea :-)
Revolution begins at home.
Cheers
Bill
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
Bill Maidment wrote:
Jan Pieter Cornet wrote:
You are testing here against the recipient given by the external
relay. I noticed in the headers below that you are actually forwarding
to [EMAIL PROTECTED] You might want to make the same translation
before checking, by adding:
$recip =~ s/\@(mail
Jan Pieter Cornet wrote:
You are testing here against the recipient given by the external
relay. I noticed in the headers below that you are actually forwarding
to [EMAIL PROTECTED] You might want to make the same translation
before checking, by adding:
$recip =~ s/\@(mail\.)?maidment\.com\.au/[
Jan Pieter Cornet wrote:
On Mon, Aug 02, 2004 at 05:41:19PM +1000, Bill Maidment wrote:
I'm trying to use md_check_against_smtp_server to check the email
recipient against valid users on another mail server.
Wild guess: have you enabled filter_recipient processing by running
mimedefang wit
Hi
I'm trying to use md_check_against_smtp_server to check the email
recipient against valid users on another mail server.
The problem I have is that invalid recipients cause the incoming email
to continually bounce between my two mail servers. Valid recipients work
fine!
Any clues as to what
David F. Skoll wrote:
On Thu, 29 Jul 2004, Bill Maidment wrote:
Some time ago there was mention of displaying the server name in
watch-mimedefang. Is this now possible?
No, but the "ssh ..." string in the Control Command box should make
it pretty obvious which server you're wat
David F. Skoll wrote:
Hi,
MIMEDefang 2.45-BETA-2 is at http://www.mimedefang.org/node.php?id=1
The main change is a greatly-improved "watch-mimedefang" script.
This is a Tcl/Tk script for monitoring a MIMEDefang server.
The new version features four graphs showing various aspects of
the server: Num
David F. Skoll wrote:
Did you install the Sendmail 8.13.0 libmilter.a? The error you see
happens if you compile against the 8.13.0 headers, but try to link
against an 8.12.x library.
Yes, that was the error. Funny, though, because I did
sh Build -c
sh Build install
in the senmail top directory and
David F. Skoll wrote:
Hi,
MIMEDefang 2.45 Beta 1 is at http://www.mimedefang.org/node.php?id=1
Hi
Compiling the new BETA I get:
gcc -g -O2 -Wall -Wstrict-prototypes -pthread -o mimedefang mimedefang.o
drop_privs_threaded.o utils.o rm_r.o syslog-fac.o /usr/lib/libmilter.a
-lpthread -lnsl
mimedefan
Doug Brott wrote:
I've been using SA-3.x for almost 3 months now with great success.
The only real SA/Mimedefang issue that I had was a change in the SA
Application Interface. I received failures in the sendmail log due to
the fact that mimedefang quit unexpectedly due to this API change. O
Doug Brott wrote:
If you are using a MIMEdefang version < 2.42 then you will have
problems. Since you seemed to have run an earlier version of 3.0
then I am curious as to why you either (1) got the earlier version to
work or (2) didn't get the pre2 to work. So, I guess the first thing t
Kenneth Porter wrote:
Subject: SpamAssassin 3.0.0-pre2 is released!
I've just tried it out and I get the following messages when receiving email
Jul 11 15:08:10 mail sendmail[17457]: i6B52dxM017457: syd4.elgas.com.au
[203.222.154.44] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I
Joseph Brennan wrote:
I don't know of a single
system in the world that does the sender rewrite needed for
forwarding and relaying. I think you're seeing an example of the
problem right there-- rejecting mail from your own relay host.
Ooops. SRS wasn't installed on the relay. Thanks for the clue
[EMAIL PROTECTED] wrote:
Third way and one that I am work slowly on implementing:
Use sendmail to call an LDAP directory to verify addresses. I'm still
working on the LDAP directory, so don't ask me how to configure sendmail!
Since we filter for over 20 domains not under our control, I want the
Ashley M. Kirchner wrote:
I have MX_RECICPIENT_CHECK set to yes in /etc/sysconfig/mimedefang.
However, I just checked the running processes, and I don't see -t in the
argument line (wrapped for legibility):
# ps auxww | grep mimedefang
Well I did (see below), but it still doesn't seem t
ed
Status: 5.7.1
Remote-MTA: DNS; mail.maidment.com.au
Diagnostic-Code: SMTP; 550 5.7.1 <[EMAIL PROTECTED]>... [RCPT
TO: <[EMAIL PROTECTED]>] Please see
http://spf.pobox.com/[EMAIL PROTECTED]&ip=192.168.2.5&receiver=mail.maidment.com.au
Last-Attempt-Date: Wed, 7 Jul 2004 13:55:16 +1000
Stewart James wrote:
OK.
It's .72, I remeber reading somewhere it was an issue in 0.70 but had
been fixed. (and osrry to all for not inluding version numbers.
Hmmm.. it was supposed to have been fixed in 0.72, we couldn't use 0.72
because of a Proxy issue, so I can't confirm if it actually did ge
Stewart James wrote:
OK here is the situation.
I have clamav-daemon which is run before trend micro's vscan.
The majority of viruses are found by clamav with no problems. One or two
slip past and are picked up by trend.
Which version of clamav. We had this issue before we installed 0.73.
Still ch
Stephen Smoogen wrote:
My advice is to log your hours, time, and the emails and then let the
company lawyers that you are worried that the company is setting itself
up for a lawsuit for allowing harrassing and abusive email in. Send them
some of the emails, the amount of time it is costing, and
Patrick Morris wrote:
SOCKS with MIMEDefang? Nope, not gonna work.
I assume you're talking about accessing external POP and/or IMAP
servers? I assume so because I can't think of *any* good reason to
not force outgoing mail through your own SMTP servers -- it's just too
easy, and should have ne
Hi
Our site is well protected by mimedefang/spamassassin/clamav/file-scan
etc, but unfortunately the powers-that-be insist on allowing people to
access other external mail servers via socks. The result is that we get
all sorts of undesireable email completely bypassing the mail server. Is
there
Use the sendmail access file to define accepted users and then reject
anything else for that domain.
Bill
Larry Guest wrote:
I would like to filter mail and bounce anything that is not for a local
user.
I assume I will have to setup a file on the server and list all the
valid users in this fi
Bill Maidment wrote:
Hi
Is it possible that since moving the call to the virus scanners from
the mimedefang-filter perl script to the C code, that somehow the
virus scanners are not always being called?
Oops. Forget that comment about the C code. It was moved to the
mimedefang.pl perl
Hi
My set up is RedHat 9, sendmail-8.12.8-9.90, MimeDefang-2.42,
File-Scan-1.02, and ClamAV-0.70 (with freshclam updating).
Because File-Scan identifies the NetSky virus and variants with that
name and ClamAV identifies the same viruses as SomeFool, I would have
expected the first virus scanne
Use md_graphdefang_log()
Bill
Bryce Rogers wrote:
I have justed installed Mimedefang 2.39 and Clamav on a RedHat 9 server.
My problem is the server is not logging when a virus has been detected.
Right now it will just delete the email and not logged it anywhere.
I have checked my "mimedefang
Use
md_graphdefang_log('virus', $VirusName,
$RelayAddr);
Bill
Bryce Rogers wrote:
if ($category eq "virus") {
md_graphdefang('virus',$VirusName, $RelayAddr);
___
Visit http://www.mimedefang.org and
Doug
I've been on holiday for 4 weeks. What happened to SA 2.70 ?
Cheers
Bill
Doug Brott wrote:
I have started using MIMEDefang 2.42-BETA-1 with SpamAssassin Version
3.0.0. My initial reaction is that things are working exactly as
expected. I'll update if I notice any problems.
Please be ad
Hi
I previously reported a bug in freshclam/manager.c at line 362. My fix
was incorrect and the problem is also at line 460.
Both lines 362 and 460 need to be changed from:
char* buf = mmalloc(strlen(user)*2+4);
to:
char *buf = mmalloc((strlen(user) + strlen(pass)) * 2 + 3);
Th
Just letting you guys know that I have found a bug in clamav-0.66 when
you are using the HTTPProxyUsername and HTTPProxyPassword parameters.
The fix is:
In freshclam/manager.c line 362
changed
char* buf = mmalloc(strlen(user)*2+4);
to
char* buf = mmalloc(strlen(user)*2+5);
2004-02-03 at 19:14, Bill Maidment wrote:
Guys
We came across a problem using virus scanners on .zip files with the
--unzip etc on clamav. One of our users decided to send a 127MB
attachment zipped to 5MB. To cut a long story short, the mail server
timed out/ran out of disk space.
Off the
Guys
We came across a problem using virus scanners on .zip files with the
--unzip etc on clamav. One of our users decided to send a 127MB
attachment zipped to 5MB. To cut a long story short, the mail server
timed out/ran out of disk space.
We overcame the problem with a file size limit on viru
We've had a couple like this and it turned out that the message.zip file
didn't contain the virus Maybe there's a hoax virus going around or
someone has sanitised it along the way. We've also had malformed .zip
files get through until we changed the clamav call to specifically do
--unzip as
Kelson Vibber wrote:
OK, I think most people here would agree that just about all modern
viruses generate their own messages rather than piggybacking on
existing mail, so for anything like Klez, Sobig, and Mydoom, the
obvious choice is to just discard the entire message (possibly placing
it in
I'm trying this change now to see if it really makes a difference. But
shouldn't clamav be unzipping by default?
Bill
[EMAIL PROTECTED] wrote:
I think for clamav checks it's better to change command line options for
archived files:
in
sub message_contains_virus_clamav ()
sub entity_contains_vi
I was thinking of the Archive Support parameters in clamav.conf
We had 3 of these virii slip by the first server, but were caught by a
second server with identical setup (i.e. MD 2.39/File-Scan 0.79/ClamAV
0.65) but they had slightly different freshclam update times. We're safe
so far, but now
H...
Maybe it wasn't really a .zip but ".zip__" or something. I'll be
interested in your finding.
Cheers
Bill
Elders Real Estate Ballina wrote:
I'll have a closer look later to see if there's something I've
missed.. I thought MD died but after checking the log , MD passed it
through.
Make sure you have the settings on to scan through zip files, and you
are running freshclam frequently.
Elders Real Estate Ballina wrote:
I just had one in my Inbox as well...except mine was body.zip. It
wasn't blocked or detected by clam av & mimedefang.
What would cause the file to drop t
ClamAV now recognises Worm.SCO.A and Trojan.SCO.A
I've not seen a new File-Scan yet
So there are at least 2 variants...
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.c
Hi
ClamAV is picking it up as the Worm.SCO.A virus
Cheers
Bill
Ashley M. Kirchner wrote:
David F. Skoll wrote:
I'm seeing bounces from messages I supposedly sent containing a .zip
file.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDe
Hi
I'm using mimedefang-2.39 spamassassin-2.63 clamav-0.65 file-scan-0.79
and the following tests slip through
5, 17, 18, 19 and 20
Tests 8 and 22 get through, but the attachment gets dropped because of
the extension.
Cheers
Bill
Cormack, Ken wrote:
The ones that slipped by for me were #17,#
88 matches
Mail list logo