Re: [Qmail-scanner-general]the warning messages

Fri, 16 Jul 2004 06:31:14 -0700 

Quoting Arvinn Løkkebakken <[EMAIL PROTECTED]>:

Hi.
I have setup qmail-scanner on FreeBSD using the to ports installation. I
put in my parameters and left the rest be default.
 From qmail-scanner-queue.pl I find that these are the parameters that
has been used for my installation:

# ./configure --spooldir /usr/local/qmailscan --qmaildir /var/qmail
--bindir /usr/local/bin --qmail-queue-binary /var/qmail/bin/qmail-queue
--admin [EMAIL PROTECTED] --admin-realname "My Company Postmaster"
--domain myfqdn --notify psender,recips --local-domains myfqdn
--silent-viruses auto --lang en_GB --debug no --unzip 1
--block-password-protected 0 --add-dscr-hdrs yes --archive 0 --redundant
yes --log-details syslog --log-crypto 0 --fix-mime 2  --ignore-eol-check
0 --scanners "auto"

To me this looks ok. This server is not a final destination for anybody
and it does only accept smtp from our front-end MX's.

My problem is.. when I send the eicar test-virus qmail-scanner doesn't
generate a warning, it just quarantine the message. The server accept
the message with 250 and in the log qmail-scanner log three similar
lines and then a fourth line with a reference to my virus-scanner (clamav
). 

Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] <>
virus_found_in_sent_message_"virusmail_med_eicar._denne_skal_trigge_warni
ng" 
cinet.newmedia.no1089980801497631-
[EMAIL PROTECTED] quarantine-event.txt:1000
Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] <>
virus_found_in_sent_message_"virusmail_med_eicar._denne_skal_trigge_warni
ng" 
cinet.newmedia.no1089980801497631-
[EMAIL PROTECTED] quarantine-event.txt:1000
Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] [EMAIL PROTECTED]
virus_found_in_received_message_"virusmail_med_eicar._denne_skal_trigge_w
arning" 
cinet.newmedi
[EMAIL PROTECTED] quarantine-event.txt:1000
Jul 16 14:26:41 cinet qmail-scanner[631]:
CLAMDSCAN:Eicar-Test-Signature:RC:0(212.71.66.104): 0.515384 1606
[EMAIL PROTECTED] [EMAIL PROTECTED]
virusmail_med_eicar._denne_skal_trigge_warning <59656.212.71.64.
[EMAIL PROTECTED]> eicar_com-1.zip:184

Neither [EMAIL PROTECTED], [EMAIL PROTECTED] or [EMAIL PROTECTED]
receives a warning. What have I done wrong?

Is it possible to return  error-code 5xx (permanent error) if the mail
contains a virus instead of sending the warnings (which I currently
don't get anyway)?

Last thing, I read the FAQ written by the author saying that you can't
quarantine spam-messages, and that this is by design.
Does anyone maintain patches that adds this feature?



The "--notify psender,recips" part is used to determine who to send the
notification to.  This means sender (for policy blocks only (psender)) and
recipients.  Youd do not have "admin" in there anywhere which is why you do
nt
receive the notification.

Also, check out http://xoomer.virgilio.it/j.toribio/qmail-scanner/ to
be able to
(among other things) quarantine spam.

Jim



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to