Jim Maul wrote:
Quoting Arvinn Løkkebakken <[EMAIL PROTECTED]>:
Hi. I have setup qmail-scanner on FreeBSD using the to ports installation. I put in my parameters and left the rest be default. From qmail-scanner-queue.pl I find that these are the parameters that has been used for my installation:
# ./configure --spooldir /usr/local/qmailscan --qmaildir /var/qmail --bindir /usr/local/bin --qmail-queue-binary /var/qmail/bin/qmail-queue --admin [EMAIL PROTECTED] --admin-realname "My Company Postmaster" --domain myfqdn --notify psender,recips --local-domains myfqdn --silent-viruses auto --lang en_GB --debug no --unzip 1 --block-password-protected 0 --add-dscr-hdrs yes --archive 0 --redundant yes --log-details syslog --log-crypto 0 --fix-mime 2 --ignore-eol-check 0 --scanners "auto"
To me this looks ok. This server is not a final destination for anybody and it does only accept smtp from our front-end MX's.
My problem is.. when I send the eicar test-virus qmail-scanner doesn't
generate a warning, it just quarantine the message. The server accept
the message with 250 and in the log qmail-scanner log three similar
lines and then a fourth line with a reference to my virus-scanner (clamav ).
Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] <>
virus_found_in_sent_message_"virusmail_med_eicar._denne_skal_trigge_warning"
cinet.newmedia.no1089980801497631-
[EMAIL PROTECTED] quarantine-event.txt:1000
Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] <>
virus_found_in_sent_message_"virusmail_med_eicar._denne_skal_trigge_warning"
cinet.newmedia.no1089980801497631-
[EMAIL PROTECTED] quarantine-event.txt:1000
Jul 16 14:26:41 cinet qmail-scanner[631]: Clear:RC:0(212.71.66.104): 0
1100 [EMAIL PROTECTED] [EMAIL PROTECTED]
virus_found_in_received_message_"virusmail_med_eicar._denne_skal_trigge_warning"
cinet.newmedi [EMAIL PROTECTED] quarantine-event.txt:1000 Jul 16 14:26:41 cinet qmail-scanner[631]: CLAMDSCAN:Eicar-Test-Signature:RC:0(212.71.66.104): 0.515384 1606 [EMAIL PROTECTED] [EMAIL PROTECTED] virusmail_med_eicar._denne_skal_trigge_warning <59656.212.71.64. [EMAIL PROTECTED]> eicar_com-1.zip:184
Neither [EMAIL PROTECTED], [EMAIL PROTECTED] or [EMAIL PROTECTED] receives a warning. What have I done wrong?
Is it possible to return error-code 5xx (permanent error) if the mail contains a virus instead of sending the warnings (which I currently don't get anyway)?
Last thing, I read the FAQ written by the author saying that you can't quarantine spam-messages, and that this is by design. Does anyone maintain patches that adds this feature?
The "--notify psender,recips" part is used to determine who to send the
notification to. This means sender (for policy blocks only (psender)) and
recipients. Youd do not have "admin" in there anywhere which is why you dont
receive the notification.
Also, check out http://xoomer.virgilio.it/j.toribio/qmail-scanner/ to be able to
(among other things) quarantine spam.
Jim
Thanks Jim.
I now understand that the admin doesn't get the warnings because of this.
However, when I have "--notify psender,recips" it means that the sender (mail from) and the recipient (rcpt to) should get the warnings, doesn't it?
As I allready mentioned, my q-s doesn't warn anybody..
Arvinn
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
