Re: [Qmail-scanner-general]QS + SpamAssassin with DCC & Pyzor

2003-09-06 Thread Mark Simon Powell
On Fri, 5 Sep 2003, Matthew Edward Porter wrote: > Below are the logs for QS and SA for a test message I sent containing a PDF > file and some text. I will be posting the same information to the SA list. > Neither log says anything about pyzor or dcc. The softlimit for qmail-smtpd > is set to 50

Re: [Qmail-scanner-general]Anyone explain why QS would log the wrong uvscan version number?

2003-09-05 Thread Mark Simon Powell
On Thu, 4 Sep 2003, Nicki Messerschmidt, Linksystem Muenchen GmbH wrote: Thanks for the reply. > > I just can't work it out. Maybe it's too late here. > It uses the "uvscan --version" imho just to check if uvscan is working > the actual versionstring is taken from: It was too late :) The fun

[Qmail-scanner-general]Anyone explain why QS would log the wrong uvscan version number?

2003-09-03 Thread Mark Simon Powell
Hi, Something I noticed in our QS logs has been puzzling me. Hope someone can explain this. I noticed uvscan pick up a trojan I had not seen before: - 03/09/2003 22:49:29:44920: --output of uvscan was: Scanning /var/spool/qmailscan/iapetus.salford.ac.uk106262576942644920/* Scanning file /

RE: [Qmail-scanner-general]Unable to delete .pif virus

2003-09-01 Thread Mark Simon Powell
TED] > [mailto:[EMAIL PROTECTED] Behalf Of > Rick > Sent: Monday, September 01, 2003 11:12 PM > To: Mark Simon Powell > Cc: qmail-scanner > Subject: RE: [Qmail-scanner-general]Unable to delete .pif virus > > > Well... i did run /var/qmail/bin/qmail-scanner-queue.pl -g &g

RE: [Qmail-scanner-general]Unable to delete .pif virus

2003-09-01 Thread Mark Simon Powell
.pl" > 218.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" > > I hope it is correct. > > What could i be missing ? > > Regards, > Rick > > -

Re: [Qmail-scanner-general]Unable to delete .pif virus

2003-09-01 Thread Mark Simon Powell
On Mon, 1 Sep 2003, Rick wrote: > I am running qmail-scanner + clamv antivirus. However, when i do a > tail -f /var/spool/qmailscan/qmail-queue.log, it is not able to detect any > virus comming thought. > I have configured and launched everything properly (hopefully so). > I would need some assist

Re: [Qmail-scanner-general]Resource limits; zipofdeath and 42.zip

2003-08-28 Thread Mark Simon Powell
On Thu, 28 Aug 2003, Mark Simon Powell wrote: > 42.zip is 42K in size. It will consume vast amounts of cpu time, > bringing your relay to it's knees unless you apply some sort of cpu > resource limit. However, then it is simply soft failed and will keep > retrying and re

Re: [Qmail-scanner-general]Resource limits; zipofdeath and 42.zip

2003-08-28 Thread Mark Simon Powell
On Thu, 28 Aug 2003, D.Monroe wrote: > Mark Simon Powell wrote: > > > Hi, > > I managed to fill my disk quite easily with a test zip: > > > > $ mkfile -n 10g fileofdeath > > $ zip -9 zipofdeeath fileofdeath > > try /var/qmail/control/databytes ? 4

[Qmail-scanner-general]Resource limits; zipofdeath and 42.zip

2003-08-28 Thread Mark Simon Powell
Hi, I managed to fill my disk quite easily with a test zip: $ mkfile -n 10g fileofdeath $ zip -9 zipofdeeath fileofdeath I thought an easy fix would be a softlimit -f 5000 just before the smtpd is started. This however stops qmail-scanner logging anything if it's logs are over 5000. C

Re: [Qmail-scanner-general]Blocking all executable windows executables

2003-08-27 Thread Mark Simon Powell
On Sat, 27 Dec 2003, Josh Trutwin wrote: > > > > Is there a way qmail scanner can perform the above block of "TVqQAAMA" to > > > prevent anything that this list may miss? > > > AFAICT there doesn't seem to be. > > > Cheers. > > Russell Nelson's qmail-smtpd patch does exactly this. It's in the

Re: [Qmail-scanner-general]Not responding to forged sender addresses

2003-08-27 Thread Mark Simon Powell
On Wed, 27 Aug 2003, Salvatore Toribio wrote: > As you could read at > Sobig > usually send an attachment with one of these names: > > > > So you could add in your quarantine-attachments.txt file these lines > before the line that blocks

[Qmail-scanner-general]Not responding to forged sender addresses

2003-08-27 Thread Mark Simon Powell
Hi, We've had a raft of complaints about the quarantine notification emails that qmail-scanner 1.16 has been sending it out. These are to the innocents that have had their from address forged by the recent SoBig.F virus. I wondered before I waded in and started hacking, whether anyone else had

[Qmail-scanner-general]Blocking all executable windows executables

2003-08-27 Thread Mark Simon Powell
Hi, I saw this recent post on a UK security mailing list, regarding blocking any attachment that starts with "TVqQAAMA" i.e. anything executable by windows. I'm currently blocking the following extensions with qmail-scanner-1.16: .vbe .vbs .lnk .scr .wsh .hta .pif .exe .com .bat .cmd .cpl .mht