On Wed, 2003-08-20 at 14:09, [EMAIL PROTECTED] wrote:
> Hi Greg,
>
> I posted earlier about this and no response. The numbers received here per
> server have been on the order of ten times your reported 400 so I had to
> do something. Here is what I ended up doing (NOTE: if you installed
> somewhere other than default, change the path below to reflect your spool
> directory).
>
> 1. Edit /var/spool/qmailscan/quarantine-attachments.txt and remark out the
> two file extensions I have seen with this: .pif and .scr:
> i.e. change:
> .scr 0 SCR files not allowed per Company security policy
> .pif 0 PIF files not allowed per Company security policy
> to:
> # .scr 0 SCR files not allowed per Company security policy
> # .pif 0 PIF files not allowed per Company security policy
>
> 2. Rebuild the database:
> $ /var/qmail/bin/qmail-scanner-queue.pl -g
>
> This will allow any .scr and .pif files through.
>
> Depending upon the version of qmail-scanner you are using you might have to
> add sobig to the "silent" list in /var/qmail/bin/qmail-scanner-queue.pl
> (again change the path if non standard installation).
>
> Some of my servers were running 1.15, some 1.16. Seems 1.16 has sobig
> already but I had to add it to the 1.15 machines. I just put the apparently
> default 1.16 list in 1.15:
> my @silent_viruses_array=\
> ('klez','bugbear','hybris','yaha','braid','nimda','tanatos',\
> 'sobig','winevar');
Now, why do you have to run a virus scanner to catch those ?
Doesn't the 'sub valid_virus_to_report' run no matter what from
'sub email_quarantine_report' ?
excerpt:
&email_sender("sender") if \
(&valid_virus_to_report($quarantine_description));
&email_sender("admin");
So it'll always go to admin, but not always to sender based on
'valid_virus_to _report'...
or am I missing something? (I stuck 'pif','scr' in my 'silent' array)
Rick
> (Where "\" signifies line continuation)
>
> You should also (obviously) run freshclam or whatever to make sure that your
> virus def's are up to date.
>
> This seems a less than perfect solution (I would like to block all
> potentially dangerous attachments) but is at least not contributing to the
> considerable confusion by sending notices to innocents.
>
> Hope this helps. If anyone has a more elegant fix please let me know.
> -Tom
>
> Tom deLombarde
> [EMAIL PROTECTED]
> FTM Development
> PO Box 269
> Shelby, Ohio 44875
> http://www.blackflute.com/
>
> Greg Kelley writes:
>
> > Folks,
> >
> > So far today we have trapped over 400 infected emails with the Sobig.F
> > attachment. Because this is getting recognized first as a disallowed
> > attachment type, an email to the 'sender' is getting generated which just
> > adds to the millions of emails already out there flooding the net. I have
> > sobig in my silent-virus list, but it isn't getting processed (I think)
> > because it's getting picked up first by perlscan. Is there a way to get an
> > infected email with known attachment type to follow the silent-virus list?
> >
> > Rgds,
> >
> > __________________________
> > Greg Kelley, Technology Director
> > Britannic Aviation, US and UK
> > US Office:
> > Pease Int'l Tradeport
> > 68 New Hampshire Ave.
> > Portsmouth, NH 03801
> > 603.766.3005
> > http://www.britannicaviation.com
> > AOPA, EAA, SSA
> > CFII SEL, MEL; Comm Glider
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by Dice.com.
> > Did you know that Dice has over 25,000 tech jobs available today? From
> > careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
> > best hiring companies. http://www.dice.com/index.epl?rel_code=104
> > _______________________________________________
> > Qmail-scanner-general mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by Dice.com.
> Did you know that Dice has over 25,000 tech jobs available today? From
> careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
> best hiring companies. http://www.dice.com/index.epl?rel_code=104
> _______________________________________________
> Qmail-scanner-general mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
--
--
Rick Romero
IT Manager
Valeo, Inc. ph: 262.695.4841
Sussex, WI. fax: 262.695.4850
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
