Just to clarify; the variables were set as specified
below rather than with the envelop sender/recipient
and the sendmail allocated qid.
This happened with:
mimedefang-2.43
sendmail-8.13.0
Thanks, Chris
--- Chris Masters [EMAIL PROTECTED] wrote:
Hi All,
We had an occurrence recently
Hi All,
Tried to search for the answer to this but the
archives don't reveal the answer but I know I've read
some similar posts this year ;)
If I use Net::LDAP at the top of mimedefang-filter I
see the file descriptor WARNING message: Something in
your Perl filter appears to have opened a file
Hi All,
We've recently had a problem with W32/Mytob-Z getting
through our filter and I think this may be a MIME
related issue.
The mimedefang-filter filter function was only called
once for the main body text/plain part, however a
secondary commercial email virus scanner layer picked
up the
--- David F. Skoll [EMAIL PROTECTED] wrote:
Chris Masters wrote:
The mimedefang-filter filter function was only
called
once for the main body text/plain part, however a
secondary commercial email virus scanner layer
picked
up the virus in 'MIME part 2'. The email was 50kB
in
size
--- David F. Skoll [EMAIL PROTECTED] wrote:
Chris Masters wrote:
So is it true to say that virus scanning on a per
entity basis does not maximise virus detection
safety?
Should we always use MIME::Tools (via filter)
*and*
the virus scanners own mime decoding functionality
(via
Hi All,
Another one of these - just trying to find out more
info. It's another version issue and as such I know I
should be on the latest version - this is just a
double check.
The problem:
2 servers each running slightly different versions of
sendmail and mimedefang with exactly the same
Thanks David Aleksandar.
--- David F. Skoll [EMAIL PROTECTED] wrote:
On Thu, 11 Nov 2004, Chris Masters wrote:
We're using mimedefang-2.43 and *old*
MIME-tools-5.411a-RP-Patched-02.
Upgrade to MIME-tools-5.415 ASAP.
Is this an issue because we're using an old
MIME::Tools?
Yes
Hi All,
We've just had an incident where 2 or more viruses
have got through our scanners. The virus was
[EMAIL PROTECTED] and was packaged with the following
Content-Type header:
Content-Type: multipart/mixed; boundary=
We're using mimedefang-2.43 and *old*
MIME-tools-5.411a-RP-Patched-02.
I've never seen the behavior you describe. Can you
strace
the milter to see what's happening?
Good idea.
Looks as though it hasn't even handed control over to
'int main()' yet.
I guess this isn't a mimedefang issue.
Chris
[EMAIL PROTECTED] root]# gdb /usr/local/bin/mimedefang
20691
Hi All,
I know I've asked more general questions about this
before, so I'll try and be more specific.
It sometimes takes up to 3 min+ for mimedefang.sock to
intialise and exist (in the -S sense) on an already
loaded system.
sendmail starts and 'mimedefang.sock unsafe' milter
errors ensue - this
Why is it a problem to do this outside of
filter_initialize?
Because after we fork a child, we close() all
unneeded file
descriptors (see mimedefang-multiplexor.c, around
line 2193. This
will most likely close the file descriptor out from
under Perl --
that is, Perl will think the
The problem is not a permissions issue - it's
intermittently failing to create mimedefang.sock when
restarted under load (LA above 1) or after it's been
'running for a while'.
I'd suggest upping the logging of MD and seeing
what's going on.
Knowledge of the OS and MD versions here would be
* embperl.c: Detect if user opens file descriptors
inside his/her filter. If so, log a loud and nasty
warning that such code should be moved to
filter_initialize.
Why is it a problem to do this outside of
filter_initialize?
I guess this would affect database failover
reconnection code
Hi All,
We're getting these when under load:
Oct 21 16:26:37 filter mimedefang-multiplexor[20662]:
handleSlaveReceivedCommand(44): Timeout or error: Flag
= 3
Oct 21 16:26:36 filter mimedefang[21436]: mfconnect:
Error communicating with multiplexor
Oct 21 16:26:37 filter sendmail[21433]:
We have genuine mail generated by buggy client or
sent
through buggy servers that needs to be quarantined
rather than dropped but would like to filter out
obvious spam (by far the majority as you would
expect)from this lot prior to quarantining.
In over 219,000 messages, I have only
Hi All,
Is there any reason why MIMEDefang shouldn't process
mails that have SuspiciousCharsInHeaders or
SuspiciousCharsInBody seeing that it uses MIME parsing
tools?
We have genuine mail generated by buggy client or sent
through buggy servers that needs to be quarantined
rather than dropped but
Hi All,
I think the following re-write is breaking the X509
compliant PKI certificate on an outbound email that
has a boilerplate attached:
Aug 17 08:14:38 filter mimedefang.pl[12050]: filter:
i7H8EZ4k026531: append_text_boilerplate=1
Aug 17 08:14:38 filter sendmail[26531]:
i7H8EZ4k026531:
--- David F. Skoll [EMAIL PROTECTED] wrote:
On Tue, 27 Jul 2004, Chris Masters wrote:
Is it safe to ditch calls to
message_contains_virus_*
from filter_begin and *only* use
entity_contains_virus_* from filter.
For now.
However, the entity_contains_virus_* functions
Hi All,
Is it safe to ditch calls to message_contains_virus_*
from filter_begin and *only* use
entity_contains_virus_* from filter.
After all the message_contains_virus functions just
recurse through the 'Work' directory anyway.
Just checking I'm not missing something here.
Thanks, Chris
No; slaves are single-threaded in separate
processes.
Yes by using fork(2).
I was thinking that dup(2) may have been copying the
file descriptor [that I was
As I say - putting dummy connects within the
filter_initialize (would have though it would be
*ise*
in Canada too ;) )
Apologies about last mail - been along weekend.
No; slaves are single-threaded in separate
processes.
Yes by using fork(2).
I was thinking that dup(2) may have been copying the
file descriptor [that I wasn't declaring/initialising
properly int he filter script] between slave processes
Does it happen all the time, or only after you do
something (eg after
you do an md-mx-ctrl reread)?
I don't use md-mx-ctrl reread.
It seems to happen when a slave is reaped after
processing n number of mails. Somehow this must be
affecting other slaves by closing their file
descriptors
I still have the problem of bad file descriptors:
What's the actual log message? Does the database
server log anything
funny?
The test_query functions are failing for both MySQL
and LDAP connections. This started happening directly
after upgrading from 2.39 t 2.43.
Jul 6 15:55:16
Hi All,
Since upgrading to the latest MIMEDefang today I have
bad file descriptor errors - I assume this is an
embedded perl scope issue.
So, I currently do the following:
1) I do *not* use filer_initialise
2) The file descriptor are global and are declared
*outside* of any function.
3) valid
Hi All,
I know the default extension regex does not allow open
curly brackets ('{'). I assume this is a security
feature.
What about filenames? I know they're legal in both
unix and windoze, but do they pose a security risk?
Thanks, Chris
__
Do
Apologies if this is a stupid question or OT but:
We curently do not compile_now SA but just call
spam_assassin_check per mail:
spam_assassin_init()-compile_now(1) if
defined(spam_assassin_init());
What kind of performance benefit would we get from
this?
I'm using MIMEDefang in emdebbed perl
Hi All,
I managed to solve my original external perl module
issues by explicitly using all Net::LDAP related
modules.
So, we changed to embedded mode - not sure about how
much we're getting out of it yet - not a great deal.
However, we have the SA module issues:
mimedefang-multiplexor: Slave
OK, just one question then:
If I call append_html_boilerplate (with 0 as second
parameter) will it append the disclaimer to the first
text/html part regardless of whether it's the main
body or an attachment?
--- Chris Masters [EMAIL PROTECTED] wrote:
Hi All,
I did a search but couldn't find
Hi All,
I did a search but couldn't find anything relevant.
I'm calling the boilertext functions like:
[code]
append_text_boilerplate($entity,\n\n . $disclaimer,
0);
append_html_boilerplate($entity,brbrfont
size=2 . $disclaimer . /font, 0);
[/code]
The problem is that append_html_boilerplate
Hi All,
Appologies if this is too far OT.
I'm 'use'ing some perl modules from within my
mimedefang-filter script.
I've just tested the embedded perl option and they
don't seem to be functioning properly. The first
module (Net::LDAP) that gets used doesn't function
properly (cannot establish
--- Michael Sims [EMAIL PROTECTED] wrote:
Chris Masters wrote:
I've just tested the embedded perl option and they
don't seem to be functioning properly. The first
module (Net::LDAP) that gets used doesn't function
properly (cannot establish connections).
If I change back to normal
--- David F. Skoll [EMAIL PROTECTED] wrote:
On Wed, 5 May 2004, Chris Masters wrote:
Hmmm. I initialise all connection handles in a
getConnection function that checks the connection
and
opens one if necessary (because there never used
to be
a filter_initialize function and it's very
Hi All,
I have black white lists in a mysql database that we
check using our own code instead of SpamAssassins
built-in functionality (so that they are not
constrained by size limitations like
spam_assassin_check is and because I don't run
SpamAssassin in spamd mode).
However our own
Hi All,
We had a legitimate attachment blocked last week
called something.com and something.xls.
I tested with the following code:
$guess = www.mimedefang.com and test.xls;
$bad_exts = '(dll|exe|com|\{)';
$regexp = '\.' . $bad_exts .
'\.*([^-A-Za-z0-9_.,]|$)';
if($guess =~ /$regexp/i)
{
Slightly OT!
I've been doing some research into having a look
inside the rar much like the way a lot of people on
here scan inside zips for banned file types.
It seems rar isn't supported on Linux that well.
Winrar have a Linux executable. Redhat don't provide
an rpm.
The Archive::Rar perl
://www.rarsoft.com/rar_add.htm
Anybody scannin inside rars?
Not yet -- they just get blocked.
I've attempted to write a rar filter (that can scan
files like I currently do zip -
recursively/passwordprotected/size restraints etc) and
have come up against a couple obstacles:
- seems
Hi All,
I'm trying to debug some of my filter code and I'm
getting a lot of warnings to stderr that are
redirected to syslog - which is fine.
The main errors I'm getting are to do with bitwise
operators and byte arrays. I can't reproduce these
errors when running the same code outside of
help,
Chris
--- Chris Masters [EMAIL PROTECTED] wrote:
Hi All,
I'm trying to debug some of my filter code and I'm
getting a lot of warnings to stderr that are
redirected to syslog - which is fine.
The main errors I'm getting are to do with bitwise
operators and byte arrays. I can't
Thanks for your comments Paul.
All good points.
--- Paul Murphy [EMAIL PROTECTED] wrote:
Chris,
Some observations:
1. You don't check the size of Zip members before
uncompressing them, which can
lead to denial of service attacks.
I've added more size checking!!
2. There are
Hi All,
I'm using perl-xs to wrap a C library in my filter
script. Much like a database connection, a handle (in
the form of a pointer to a struct) is initialised at
the start of the slave's lifecycle and passed back to
C library for each mail and then freed when the slave
terminates.
The
Thanks for your response David.
So, is there an easy way to share this handle
between
slaves (the library is thread-safe)?
Nope.
Didn't think so.
You might need to write a daemon that the Perl
slaves talk to using IPC,
and have the daemon maintain a single handle.
I think the best
41 matches
Mail list logo