Re: [Qmail-scanner-general]suidperl

Jason Haar wrote: On Fri, 2003-12-19 at 14:58, Stephen Bosch wrote: Anyway, I'm not going to mess around with this anymore -- I'm using the C wrapper. The one comfort I can take from this discussion is that it will be archived, so that other people can be spared this grief. That's your choice

Re: [Qmail-scanner-general]suidperl

On Fri, 2003-12-19 at 14:58, Stephen Bosch wrote: > Anyway, I'm not going to mess around with this anymore -- I'm using the > C wrapper. The one comfort I can take from this discussion is that it > will be archived, so that other people can be spared this grief. That's your choice. Not only is

[Qmail-scanner-general]qmail-scanner as an auditing tool

Hi, Can someone give some info/hints on using qmail-scanner as an auditing tool? I am looking for something like this, all the mail's To:, From:, Subject: headers should be dumped in a text file (maybe if not asking for too much in a database). Is it possible? Any hints on this please? With warm

Re: [Qmail-scanner-general]More delightful permissions fun

Jason Haar wrote: On Thu, Dec 18, 2003 at 06:39:17PM -0700, Stephen Bosch wrote: I have just installed Qmail-Scanner for the first time on a RH9 system. After sorting out installing the extra perl modules (perl-suidperl,perl-Time-HiRes,perl-DB_File) Did you install them from CPAN? No - I said R

[Qmail-scanner-general]suidperl

From the current perl INSTALL file: "Because of the buggy history of suidperl, and the difficulty of properly security auditing as large and complex piece of software as Perl, we cannot recommend using suidperl and the feature should be considered deprecated. Instead use for example 'sudo': http:/

Re: [Qmail-scanner-general]More delightful permissions fun

On Thu, Dec 18, 2003 at 06:39:17PM -0700, Stephen Bosch wrote: > >I have just installed Qmail-Scanner for the first time on a RH9 system. > >After sorting out installing the extra perl modules > >(perl-suidperl,perl-Time-HiRes,perl-DB_File) > > Did you install them from CPAN? No - I said RPMs!

Re: [Qmail-scanner-general]More delightful permissions fun

Jason Haar wrote: On Thu, Dec 18, 2003 at 05:10:25PM -0700, Stephen Bosch wrote: The 5.8.0 packaged with Redhat 9 was a mess, I had to get rid of it (it does not play nice with CPAN). When I did the perl 5.8.2 install, I configured in suid support. I did the install three times so I know I did

Re: [Qmail-scanner-general]More delightful permissions fun

On Thu, Dec 18, 2003 at 05:10:25PM -0700, Stephen Bosch wrote: > The 5.8.0 packaged with Redhat 9 was a mess, I had to get rid of it (it > does not play nice with CPAN). When I did the perl 5.8.2 install, I > configured in suid support. I did the install three times so I know I > did it, and I d

Re: [Qmail-scanner-general]More delightful permissions fun

Jason Haar wrote: On Thu, Dec 18, 2003 at 09:17:14AM -0700, Stephen Bosch wrote: Stephen Bosch wrote: Why is /var/log/qmail/smtpd showing me this: 2003-12-17 18:14:36.443243500 X-Qmail-Scanner-1.20:[] cannot create /var/spool/qmailscan/tmp - Permission denied if (! -d "$scandir/tmp") { mkdir(

Re: [Qmail-scanner-general]Clamav /QmailScan 1.20/451 qq temporary problem

Could the answer be to *not* use clamuko, and just use straight clamscan instead? jamie Jared Seipel wrote: On Thu, 18 Dec 2003, Abraham Lincoln wrote: Hi, I just installed netqmail-1.04 and qmail-scanner 1.20 and Clamav 0.65 qmail works fine withouth Qmail-Scanner when i installed qmail sca

Re: [Qmail-scanner-general]More delightful permissions fun

On Thu, Dec 18, 2003 at 09:17:14AM -0700, Stephen Bosch wrote: > Stephen Bosch wrote: > >Why is /var/log/qmail/smtpd showing me this: > > > >2003-12-17 18:14:36.443243500 X-Qmail-Scanner-1.20:[] cannot create > >/var/spool/qmailscan/tmp - Permission denied > > > if (! -d "$scandir/tmp") { > mkdi

Re: [Qmail-scanner-general]More delightful permissions fun

On Wed, Dec 17, 2003 at 09:11:11PM -0700, Stephen Bosch wrote: > Also, as this is perl 5.8.2, there is no suidperl. Suid support was > built into perl. ?? News to me. I think you'll find you just don't have the siudperl module installed... Actually I've just checked. RH9 uses 5.8.0 - where did y

Re: [Qmail-scanner-general]Re: Quarantine-attachments revisited

On Thu, Dec 18, 2003 at 03:59:46PM +, [EMAIL PROTECTED] wrote: > >Do you mean the whole qmailscan directory? I tried changing the owner of > >quarantine-attachments.db to qmailq, but that didn't make any difference. > > Yes (and there are most likely others here who know better than I) ... in

Re: [Qmail-scanner-general]Illegal Breakage in Headers

On Thu, Dec 18, 2003 at 04:29:38PM +0100, Salvatore Toribio wrote: > It seems that there is an "\r" after '...(209.239.41.230)' and > another one after '...userid 65534)'. > > I don't understand yet why the header must not have CR/NULL. Maybe > Jason can give us an explanation and how to work ar

Re: [Qmail-scanner-general]Processing time... ?

Have you checked your Spam Assassin Black Hole lists? Some of the BH Lists are off line and can cause delays in processing mail as the time outs are waded through. On SA 2.61 ?? In which rule file (f you rememeber) ? Regards, /Brian On SpamAssassin 2.55, if you run grep -i rbl /usr/

[Qmail-scanner-general]Qmail-scanner on FreeBSD?

Hi all, After messing arround with qmail-scanner, the patch upgrade and trying to configure it all - im now turning to you. Im using FreeBSD 5.1 and have installed qmail, spamassassing and misc perl modules. Currently im patching the qmail-1.03 with patch 19 (downloaded in tar.gz file, from

Re: [Qmail-scanner-general]Clamav /QmailScan 1.20/451 qq temporary problem

On Thu, 18 Dec 2003, Abraham Lincoln wrote: > Hi, > I just installed netqmail-1.04 and qmail-scanner 1.20 and Clamav 0.65 > > qmail works fine withouth Qmail-Scanner when i installed qmail scanner and using > clamav every time my Email clients sending an email we're getting "451 qq Temporary

RE: [Qmail-scanner-general]Processing time... ?

Hi, > >I wonder what makes the scanning take so much time ? This might > >be a single incident, but I now, that it is from a small > >base64-encoded email (spam) ... but 92 seconds ?? Is it the > >mcafee scanner, that takes up too much time ? It would be nice, > >if an option could be specified t

Re: [Qmail-scanner-general]Processing time... ?

At 11:12 AM 12/18/2003, Brian Ipsen wrote: I wonder what makes the scanning take so much time ? This might be a single incident, but I now, that it is from a small base64-encoded email (spam) ... but 92 seconds ?? Is it the mcafee scanner, that takes up too much time ? It would be nice, if an opti

[Qmail-scanner-general]Processing time... ?

Hi! I just checked the header of one the incoming mails: Received: from [EMAIL PROTECTED] by worf.andebakken.dk by uid 81 with qmail-scanner-1.20 (clamscan: 20030806. uvscan: v4.1.60/v4308. f-prot: 4.1.2/3.13.4. spamassassin: 2.61. Clear:RC:0(80.230.226.207):SA:1(14.1/5.0):. Processed in 92

[Qmail-scanner-general]RE: Quarantine-attachments revisited

Thanks for your help Tom, but no joy yet. > > A couple of tests: > (quick and dirty): > $ chmod 666 /var/spool/qmailscan/quarantine-attachments.db > > Then run and look at the log again. > > (more complicated): > around line 998 of q-s.pl add: > my ($idd); > $idd=`id -a`; > &debug("ID is:

Re: [Qmail-scanner-general]More delightful permissions fun

Stephen Bosch wrote: Why is /var/log/qmail/smtpd showing me this: 2003-12-17 18:14:36.443243500 X-Qmail-Scanner-1.20:[] cannot create /var/spool/qmailscan/tmp - Permission denied When the contents of /var/spool/qmailscan are: total 48 400883 drwxrwx---5 qscand qscand 4096 Dec 17 18

[Qmail-scanner-general]Re: Quarantine-attachments revisited

Hmmm ... maybe I am muddying the waters then, I will shut up on this subject ... and I think that on the one 1.20 installation I may have manually made qmail-scanner-queue.pl be suid qmailq. Sorry if I have caused confusion. [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] qmail-scanner-1.20]# ll /va

[Qmail-scanner-general]Re: Quarantine-attachments revisited

Do you mean the whole qmailscan directory? I tried changing the owner of quarantine-attachments.db to qmailq, but that didn't make any difference. Yes (and there are most likely others here who know better than I) ... in all of my installations including 1.15 version, the whole /var/spool/qmailsca

[Qmail-scanner-general]setuid must be working

Okay -- I tried deleting the quarantine-attachments.db file, and then executing qmail-scanner-queue.pl as qscand using setuidgid: [EMAIL PROTECTED] qmailscan]# rm quarantine-attachments.db rm: remove regular file `quarantine-attachments.db'? yes [EMAIL PROTECTED] qmailscan]# setuidgid qscand /va

Re: [Qmail-scanner-general]Re: Quarantine-attachments revisited

[EMAIL PROTECTED] wrote: [EMAIL PROTECTED] qmail-scanner-1.20]# ll /var/spool/qmailscan/quarantine-attachments.* -rw-r-1 qscand nofiles 12288 Dec 18 10:33 /var/spool/qmailscan/quarantine-attachments.db -rw-rw1 qscand qscand 4361 Dec 17 14:28 /var/spool/qmailscan/quara

[Qmail-scanner-general]RE: Quarantine-attachments revisited

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 18, 2003 3:21 PM > To: Micha Silver > Cc: ([EMAIL PROTECTED]) > Subject: Re: Quarantine-attachments revisited > > > > [EMAIL PROTECTED] qmail-scanner-1.20]# ll > > /var/spool/qmailscan/q

Re: [Qmail-scanner-general]Illegal Breakage in Headers

Rick Macdougall , wrote Hi, I'm just investigating some emails that were quarantined possibly incorrectly. They were bouces from spammers forging the from address but I'm not quite sure why the Illegal breakage in headers was matched. Is it because of the X-Mailer: IronMail(TM) v3.1.2 header?

Re: [Qmail-scanner-general]Illegal Breakage in Headers

Hi, I'm going to have to disable those checks myself as well, just looking through the log files I see ordb relay tests being marked a Disallowed breakage and this was with a stock QS 1.20. I don't have the message anymore but the log file reports Fri, 12 Dec 2003 05:02:30 -0500 [EMAIL PROTEC

[Qmail-scanner-general]Re: Quarantine-attachments revisited

[EMAIL PROTECTED] qmail-scanner-1.20]# ll /var/spool/qmailscan/quarantine-attachments.* -rw-r-1 qscand nofiles 12288 Dec 18 10:33 /var/spool/qmailscan/quarantine-attachments.db -rw-rw1 qscand qscand 4361 Dec 17 14:28 /var/spool/qmailscan/quarantine-attachments.txt Shou

[Qmail-scanner-general]Quarantine-attachments revisited

Hello folks I'm struggling with a problem that I brought to the list a few days ago, and got no response. I have reinstalled and the same problem has come up. Here's the situation: (This is rather detailed. My apologies up front...) I'm running a Fedora Core 1 server. It comes with perl 5.8.1. I

[Qmail-scanner-general]Clamav /QmailScan 1.20/451 qq temporary problem

Hi, I just installed netqmail-1.04 and qmail-scanner 1.20 and Clamav 0.65 qmail works fine withouth Qmail-Scanner when i installed qmail scanner and using clamav every time my Email clients sending an email we're getting "451 qq Temporary problem" ive encountered this before and increasing s