Re: [toaster] Mailing List

2005-04-07 Thread Dan Scrimpsher 


I have version 0.7.9 of the toaster installed on a RedHat EL3AS server and things are working great. I even have simscan moving SPAM mail to a quarantine directory. 
This is a great product. 
 
I have one question: Is it possible to have simscan move virus infected mail to a quarantine directory also? Right now the infected mail is just deleted.
 
TIA
 
Dan

Re: [toaster] Mailing List

2005-04-07 Thread Jason 'XenoPhage' Frisvold 
Dan Scrimpsher wrote:
I have version 0.7.9 of the toaster installed on a RedHat EL3AS server 
and things are working great. I even have simscan moving SPAM mail to 
a quarantine directory.
This is a great product.
 
I have one question: Is it possible to have simscan move virus 
infected mail to a quarantine directory also? Right now the infected 
mail is just deleted.

Absolutely!  :)  Add in --enable-quarantinedir=/your/dir when you 
configure simscan.


TIA
 
Dan

--
---
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
[EMAIL PROTECTED]
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---
"Something mysterious is formed, born in the silent void. Waiting alone
and unmoving, it is at once still and yet in constant motion. It is the
source of all programs. I do not know its name, so I will call it the
Tao of Programming."

Re: [toaster] Mailing List

2005-04-07 Thread Dan Scrimpsher 


This is my simscan config:
 
./configure --enable-user=clamav 
--enable-clamav=y 
--enable-spam=y 
--enable-spam-passthru=n 
--enable-per-domain=y 
--enable-ripmime 
--enable-attach=y 
--enable-received=y 
--enable-quarantinedir=/var/spool/quarantine  
--enable-spamc-args="-u vpopmail"
I added SIMSCAN_DEBUG="2" to my tcp.smtp file. 
This is what the log shows when an infected msg comes in:
 
2005-04-07 10:48:49.879269500 tcpserver: status: 1/302005-04-07 10:48:49.879426500 tcpserver: pid 29478 from 140.186.45.142005-04-07 10:48:49.879514500 tcpserver: ok 29478 0:204.134.224.2:25 :140.186.45.14::546812005-04-07 10:48:50.418011500 CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote  rcpt <[EMAIL PROTECTED]> : found existing recipient2005-04-07 10:48:50.418570500 simscan: cdb looking up 2005-04-07 10:48:50.418635500 simscan: cdb for  found clam=yes,spam=yes,spam_passthru=no,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd2005-04-07 10:48:50.418682500 simscan: pelookup clam = yes2005-04-07 10:48:50.418683500 simscan: pelookup spam = yes2005-04-07 10:48:50.418684500 simscan: pelookup spam_passthru = no2005-04-07 10:48:50.418685500 simscan: spampassthru = no/02005-04-07 10:48:50.418685500 simscan: pelookup attach = .vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd2005-04-07 10:48:50.418686500 simscan: attachment flag attach = .vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd2005-04-07 10:48:50.418687500 simscan: .vbs is attachment number 02005-04-07 10:48:50.418688500 simscan: .lnk is attachment number 12005-04-07 10:48:50.418694500 simscan: .scr is attachment number 22005-04-07 10:48:50.418695500 simscan: .wsh is attachment number 32005-04-07 10:48:50.418696500 simscan: .hta is attachment number 42005-04-07 10:48:50.418696500 simscan: .pif is attachment number 52005-04-07 10:48:50.418697500 simscan: .bat is attachment number 62005-04-07 10:48:50.418698500 simscan: .cmd is attachment number 72005-04-07 10:48:50.418708500 simscan: starting: work dir: /var/qmail/simscan/1112892530.418675.294792005-04-07 10:48:50.581803500 simscan: pelookup: called with [EMAIL PROTECTED]2005-04-07 10:48:50.581804500 simscan: pelookup: domain is aleph-tec.com2005-04-07 10:48:50.581816500 simscan: cdb looking up aleph-tec.com2005-04-07 10:48:50.581829500 simscan: pelookup: local part is eicar2005-04-07 10:48:50.581837500 simscan: cdb looking up [EMAIL PROTECTED]2005-04-07 10:48:50.581852500 simscan: pelookup: called with [EMAIL PROTECTED]2005-04-07 10:48:50.581853500 simscan: pelookup: domain is filter.csi.edu2005-04-07 10:48:50.581854500 simscan: cdb looking up filter.csi.edu2005-04-07 10:48:50.581866500 simscan: pelookup: local part is dan2005-04-07 10:48:50.581874500 simscan: cdb looking up [EMAIL PROTECTED]2005-04-07 10:48:50.583048500 simscan: cdb looking up version attach2005-04-07 10:48:50.583080500 simscan: calling clamdscan2005-04-07 10:48:50.588034500 simscan: cdb looking up version clamav2005-04-07 10:48:50.588068500 simscan: clamdscan detected a virus2005-04-07 10:48:50.588082500 simscan: 140.186.45.14 pid 29478: virus: Eicar-Test-Signature from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] time: 0.1696s2005-04-07 10:48:50.588339500 simscan: exit error code: 312005-04-07 10:48:50.588657500 tcpserver: end 29478 status 02005-04-07 10:48:50.588658500 tcpserver: status: 0/30
I noticed the line 'simscan: exit error code: 31'. I imagine that is a problem.
 
Mail that is SPAM gets put in the quarantine directory fine.
 
Thanks
Dan
>>> [EMAIL PROTECTED] 4/7/2005 8:52:34 AM >>>
Dan Scrimpsher wrote:> I have version 0.7.9 of the toaster installed on a RedHat EL3AS server > and things are working great. I even have simscan moving SPAM mail to > a quarantine directory.> This is a great product.>  > I have one question: Is it possible to have simscan move virus > infected mail to a quarantine directory also? Right now the infected > mail is just deleted.Absolutely!  :)  Add in --enable-quarantinedir=/your/dir when you configure simscan.-- ---Jason 'XenoPhage' FrisvoldEngine / Technology Programmer[EMAIL PROTECTED]RedHat Certified - RHCE # 803004140609871MySQL Pro Certified - ID# 207171862MySQL Core Certified - ID# 205982910---"Something mysterious is formed, born in the silent void. Waiting aloneand unmoving, it is at once still and yet in constant motion. It is thesource of all programs. I do not know its name, so I will call it theTao of Programming."