Hi,
My mail server receiving many many Viagra spam mails
My qms-events.log including lines below
1265447695:27550:HEADER:"VIAGRA R Official Site" a.bb...@c.com
1265447695:27561:HEADER:"VIAGRA (c) Direct Distributor"
ylocyjuywy8...@airtelbroadband.in
How to quarantine these
Hello,
I've been using this php script as a cronjob each day. It will parse all
the mails in quarantine and will send a report to users each day.
Le 2010-01-19 23:41, Jason Haar a écrit :
On 01/20/2010 05:01 AM, Stephane MAGAND wrote:
Hi
I have installed QmailScanner and that's work very go
On 01/20/2010 05:01 AM, Stephane MAGAND wrote:
> Hi
>
> I have installed QmailScanner and that's work very good. But i am
> search a solution for:
>
> 1- Notify all user that he receive a email and this email are in
> quanrantine.
> 2- a solution for see by a web interface all emails in quarantine
Hi
I have installed QmailScanner and that's work very good. But i am search a
solution for:
1- Notify all user that he receive a email and this email are in
quanrantine.
2- a solution for see by a web interface all emails in quarantine and a
administor can unlock a quarantine msg.
He have a she
Arie Reynaldi Z wrote:
Just disable redundant scanning, edit
/var/qmail/bin/qmail-scanner-queue.pl and set:
my $redundant_scanning='0';
Still about quarantine-attachment.txt, is there any update for this
files ? I think right now i got more spam with email contains "V/agra
" in emails, I don
> Just disable redundant scanning, edit
> /var/qmail/bin/qmail-scanner-queue.pl and set:
>
> my $redundant_scanning='0';
>
>
Still about quarantine-attachment.txt, is there any update for this
files ? I think right now i got more spam with email contains "V/agra
" in emails, I dont know how to add
At 10:00 +0200 21-04-2006, Cristina Tanzi Tolenti wrote:
Hi,
I use qmail-scanner 1.25st, qmail 1.03 and clamav
I setup a quarantine-attachments.txt file to block people from
sending our users .exe, .pif, etc. files. .zip files are allowed
through, but apparently my system is even rejecting me
Hi,
I use qmail-scanner 1.25st, qmail 1.03 and clamav
I setup a quarantine-attachments.txt file to block people from sending our
users .exe, .pif, etc. files. .zip files are allowed through, but
apparently my system is even rejecting messages that contain .exe, .pif,
etc. files WITHIN .zip fi
Ok, will do it this way... thank you!
> -Oorspronkelijk bericht-
> Van: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Salvatore Toribio
> Verzonden: woensdag 20 juli 2005 8:53
> Aan: Tom De Puysseleyr; qmail-scanner-general@lists.sourceforge.net
> Onderwerp: Re: [
At 7:14 +0200 20-07-2005, Tom De Puysseleyr wrote:
Hi!
We use the quarantine-attachments.txt file to block a whole bunch of
file-extensions (like .ZIP). Now some company mails us accounting
information, which is in a .zip file. This is an automatic process so they
cannot change that only because
Hi!
We use the quarantine-attachments.txt file to block a whole bunch of
file-extensions (like .ZIP). Now some company mails us accounting
information, which is in a .zip file. This is an automatic process so they
cannot change that only because we want them to. Is there a way to put
exceptions in
Another question:
Regarding the "Philosophy behind Quarantining..." section of
the docs -
We are running Qmail with Courier-IMAP and Squirrelmail for several
virtual domains.
Since Q-S is already built for maildir, can it be configured
such that each email user can login to Squirrelmail (
Hello,
How I do for configure qmail-scanner for not save any email in
quarantine folder? I would to qmail-scanner delete all of emails with
viruses.
Thanks a lot.
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews
On Thu, Oct 14, 2004 at 08:08:04AM +1000, Michael Bellears wrote:
> We have a client that wants to be able to Quarantine specified
> attachments, but then wants to be able to view them, and either deliver
> to intended recipient, or delete.
You have just described what Q-S already does?!?
> Just
We have a client that wants to be able to Quarantine specified
attachments, but then wants to be able to view them, and either deliver
to intended recipient, or delete.
Just wondering if anyone has implemented something similar?
Regards,
MB
--
At 10:39 -0500 13-07-2004, Mark Matrafajlo wrote:
I have vpopmail, qmail, spamassassin, qmail-scanner v 1.22, and I have
quarantine set for 4.2, sam assassin is set to 4.0, but qmail-scanner still
doesn't quarantine, however it does rewrite the subject. Does anyone have
any insight into this ?
Thx
I have vpopmail, qmail, spamassassin, qmail-scanner v 1.22, and I have
quarantine set for 4.2, sam assassin is set to 4.0, but qmail-scanner still
doesn't quarantine, however it does rewrite the subject. Does anyone have
any insight into this ?
Thx,
Mark
Jesse Guardiani wrote:
Howdy list,
Before I re-invent the wheel: Does anyone have a cron
script that will go through the quarantine directory
removing items that are X days old?
Since implementing qmail-scanner in Sept of 2003 I have
4.8 gigs in my quarantine directory.
you'll likely need to firs
/bin/find {path_to_quarantine} -type f -mtime +30 -exec /bin/rm {} \;
where {path_to_quarantine} is the full path to the quarantine directory,
and I set it to older than 30 days. Change the mtime param to use
a different value for days.
Brian
> Howdy list,
>
> Before I re-invent the
Howdy list,
Before I re-invent the wheel: Does anyone have a cron
script that will go through the quarantine directory
removing items that are X days old?
Since implementing qmail-scanner in Sept of 2003 I have
4.8 gigs in my quarantine directory.
--
Jesse Guardiani, Systems Administrator
WingN
Jeff Koch wrote:
Has anybody come up with a way to quarantine spam that exceeds a
threshold like the scanner does for viruses?
Salvatore Toribio had.
Look at his page:
http://xoomer.virgilio.it/j.toribio/qmail-scanner/
It works great.
Best Regards,
Jeff Koch
-
Search the archives for the last three months there is a patch for q-s.pl
that will set limits for spam quar and del.
-Original Message-
From: Jeff Koch [mailto:[EMAIL PROTECTED]
Sent: Friday, February 20, 2004 9:54 AM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]quarantine spam
Has anybody come up with a way to quarantine spam that exceeds a threshold
like the scanner does for viruses?
Best Regards,
Jeff Koch
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Li
Hello,
I'm new to qmail-scanner and have a question about configuring
quarantine-attachments.txt. I have added extensions for the MyDoom
virus and it filters most out but some don't have extensions. Is there
a way to check the body of the email to filter them all or do I need to
configure this
Hi all.
I've built a little bit on the patch by Salvatore from the mail quoted
bellow.
Scenario:
Salvatore's patch to drop MyDoom's modifications does an "exit" after
detecting the virus, thus not doing any kind of logging. On our servers,
we're running MRTG and QSS for general trafic/virus/SPAM
El vie, 30-01-2004 a las 13:31, Salvatore Toribio escribió:
> 1) The lastest viruses/worms always use a faked sender. Notifications??
It doesn't make sense to send a notification to the sender if his
address has been faked, and sending a zillion notifications to the
recipients is a PITA for them.
At 0:42 +0100 31-01-2004, Erik Wasser wrote:
On Friday 30 January 2004 10:07, Salvatore Toribio wrote:
1) The lastest viruses/worms always use a faked sender.
Notifications??
The notifications on my site goes always to the "recipient". Because:
No notification at all is bad in case the mail is
myDoom is hiting our servers continuisly, so I've disabled
notifications, but it is also filling my HardDisk with all those
mails in quarantine.
I think that if I quarantine somenthing I need a notifications but if
I don`t have notifications, quarantining is a waste of time and hard
disk space
1/2004 15:49:50:5621: -- Process 5621 finished. Total of 0.187968 secs
Cheers
Salvatore
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Salvatore Toribio
Sent: Friday, 30 January 2004 7:08 PM
To: [EMAIL PROTECTED]
Subject: [Qmail-scanner-general]Quarantin
On Friday 30 January 2004 10:07, Salvatore Toribio wrote:
> 1) The lastest viruses/worms always use a faked sender.
> Notifications??
The notifications on my site goes always to the "recipient". Because:
No notification at all is bad in case the mail is a 'false positive'.
Notification the send
myDoom is hiting our servers continuisly, so I've disabled
notifications, but it is also filling my HardDisk with all those
mails in quarantine.
I think that if I quarantine somenthing I need a notifications but if
I don`t have notifications, quarantining is a waste of time and hard
disk space
Hello folks
I'm struggling with a problem that I brought to the list a few days ago, and
got no response. I have reinstalled and the same problem has come up. Here's
the situation:
(This is rather detailed. My apologies up front...)
I'm running a Fedora Core 1 server. It comes with perl 5.8.1. I
file
Sorry for sending the details in bits and pieces.
Thanks for any suggestions
--Micha
> -Original Message-
> From: Micha Silver [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 15, 2003 6:04 PM
> To: ([EMAIL PROTECTED])
> Subject: [Qmail-scanner-general]Quarantine-at
I have qmail installed and running on a new Fedora Core server, and I'm
trying to work out the installation of Q-S (clamav antivirus). I've gotten
thru the perl-suidperl business by installing an rpm for perl 5.8.1, and the
./configure script runs successfully. I ran the test_installation.sh and
re
Jamie Pratt wrote:
Hi - I just upgraded from clamav 60 to 65, and qmail-scanner 1.20rc3 to
1.20... However after following the instructions in
quarantine-attachments.txt, and trying to disallow a few different file
extensions like this:
.cmd0Disallowed by System security policy
(yes,
Hi - I just upgraded from clamav 60 to 65, and qmail-scanner 1.20rc3 to
1.20... However after following the instructions in
quarantine-attachments.txt, and trying to disallow a few different file
extensions like this:
.cmd 0 Disallowed by System security policy
(yes, i used tabs)
with this s
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> Michael Menefee
> Sent: Wednesday, November 12, 2003 10:27 AM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]Quarantine Question
>
>
> All:
> Wondering
How did your configure SA to delete the messages ?
The only way i know is to mark them ..
Really cool will be a way to move them in a seperate Mailfolder.
You can do both of these by processing in a .qmail file. Just run a
program that looks for X-Spam-Flag: YES and takes appropriate action.
W
Michael Menefee, wrote
All:
Wondering if there's a way to modify qmail-scanner-queue.pl to quarantine
messages that SpamAssasin has marked at a certain threshold, rather than
delete the message. Running an email gateway with Qmail, Qmail-scanner 1.16
and Spamassassin 2.55. Any thoughts are appreci
: [Qmail-scanner-general]Quarantine Question
Hi.
How did your configure SA to delete the messages ?
The only way i know is to mark them ..
Really cool will be a way to move them in a seperate Mailfolder.
regards Mandy
Michael Menefee wrote:
>All:
>Wondering if there's a way to m
Hi.
How did your configure SA to delete the messages ?
The only way i know is to mark them ..
Really cool will be a way to move them in a seperate Mailfolder.
regards Mandy
Michael Menefee wrote:
All:
Wondering if there's a way to modify qmail-scanner-queue.pl to quarantine
messages that SpamAss
All:
Wondering if there's a way to modify qmail-scanner-queue.pl to quarantine
messages that SpamAssasin has marked at a certain threshold, rather than
delete the message. Running an email gateway with Qmail, Qmail-scanner 1.16
and Spamassassin 2.55. Any thoughts are appreciated
Thanks
--
Michae
On Wed, Oct 15, 2003 at 10:09:49AM -0400, Ryan Pavely wrote:
> Well that's certainly nice of it. I'll have to thoroughly look over the
> debug file because currently I see way
> too many messages generated in the last hour, From: "System Anti-Virus
> Administrator" <[EMAIL PROTECTED]>
Can you c
It's ALWAYS supported that! See the README:
"Auto-detects email from "postmaster"-style and mailing-list addresses - and
doesn't send virus reports to them (i.e. attempts to act more like a
responsible net citizen)"
If you were to run grep over your debug file as:
grep "sending quar" /var/spool/
On Tue, Oct 14, 2003 at 05:49:59PM -0400, Ryan Pavely wrote:
> It Sure would be nice if I could totally drop those that match. If I
> were to notify 'sender' in these cases I would be notifying a
> mailer-daemon / bounce / etc.
>
> This means I have to either notify 'none', or simply allow 70%
I currently have an array of machines serving as our outbound-smtp server's.
Those servers run Qmail-Scanner and are currently configured to notify
the 'sender' of are any virus's, mime problems, or
quarantine-attachments matches, etc.
I was curious if there is any work in progress, or even tho
I wanna now WHY, when I upgrade the version of my qmail-scanner.pl I import
the old quarantine-attachments.txt-
doing qmail-scanner-queue.pl -g:
[EMAIL PROTECTED] smtpd]# /usr/local/bin/setuidgid qmaild
/var/qmail/bin/qmail-scanner-queue.pl -g
perlscanner: generate new DB file from
/var/spool/q
Can I just deleted what ends up in the quarantine directory, or is there
more I need to be doing? Are those messages also somewhere in the Qmail
quueue still?
(Sorry, I'm new to this...out of necessity to stop ~1000 Sobig
messages/day!).
Thanks,
-marc
--
> What's the point? If the scanner runs against it and declares it safe,
> then it is a harmless attachment type.
Besides... What I want to do is more like catching attachments that are
reported to be safe by the virusscanner, because the scanner doesn't know
about this new virus. Like with this
> > Is there any way to have q-s run the scanners first, and if
> > they report 'safe', then check against the attachment type?
>
> What's the point? If the scanner runs against it and declares it safe,
> then it is a harmless attachment type. It serves as a blanket method of
> getting rid of atta
Cream[DONut] wrote:
For me atleast,
I have alot of spare cpu on my relay & scanner server, and it would be
nice to show the people i work for, that we are not just blocking
attachments, we are blocking attachments that contains vira.
so its not really for fighting vira, as much as its fighting
For me atleast,
I have alot of spare cpu on my relay & scanner server, and it would be nice
to show the people i work for, that we are not just blocking attachments,
we are blocking attachments that contains vira.
so its not really for fighting vira, as much as its fighting beancounters.
Cream
tom de puysseleyr wrote:
Hi!
I'm using qmail-scanner 1.16 now, and just enabled the blocking of .pif
files in quarantine-attachments.txt. Now when a virus arrives as a .pif
file, it is reported as a 'disallowed attachment type', instead of 'virus
X'. Is there any way to have q-s run the scanners f
Sorry for the duplicate... It won't happen again.
> -Oorspronkelijk bericht-
> Van: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] tom de
> puysseleyr
> Verzonden: woensdag 20 augustus 2003 10:47
> Aan: [EMAIL PROTECTED]
> Onderwerp: [Qmail-scanner-general]
Hi!
I'm using qmail-scanner 1.16 now, and just enabled the blocking of .pif
files in quarantine-attachments.txt. Now when a virus arrives as a .pif
file, it is reported as a 'disallowed attachment type', instead of 'virus
X'. Is there any way to have q-s run the scanners first, and if they report
Hi!
I'm using qmail-scanner 1.16 now, and just enabled the blocking of .pif
files in quarantine-attachments.txt. Now when a virus arrives as a .pif
file, it is reported as a 'disallowed attachment type', instead of 'virus
X'. Is there any way to have q-s run the scanners first, and if they report
Hello,
I'm not certain if this is in the archives, but the search feature seemed to
be broken today, so I apologize if it's a repeat.
Does anybody have a sample cron task that could be used to cleanup
quarantine files that are X days old?
Thank you,
-ben
---
I'm submitting this patch just in case someone else finds it useful.
Basically what it does is extend the spam checking, so that if a message
exceeds a certain configurable spam threshold, the message is quarantined as
though it had a virus.
There is a new configure option (sa-quarantine) which is
In qmail-scanner-queue.pl replace this:
} else {
$tag_score .= "SA:1($sa_score/$sa_max):";
$sa_comment = "Yes, hits=$sa_score required=$sa_max" if ($spamc_options
=~ /\-c/);
&debug("SA: yup, this smells like SPAM");
}
$stop_spamassassin_time=[gettimeofday];
With this:
}
I'm running qmail-scanner 1.15,Clamscan 0.54, and Spamassassin 2.43.
Does anyone have a patch or know of a way to send Spam to the quarantine
directory?
Regards,
Luke
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
ht
Ron Culler wrote:
[snip]
> What I am looking for is a good list/description of the header fields
> that are matched when using the Quarantine-attachments file.
> (virus-subject,virus-to,) I need this to build arrays based on those
> matches. I believe that there is currently a limited number o
I am working on a CGI/Perl based web interface to modify the
quarantine-attachments.txt file as well as provide controls for
(starting, stopping, Qmail Queue stats , Process stats, Queue flush)
basically everything that you can do from the qmailctl file.
The ability to create a backup of the quara
D]
Subject: RE: [Qmail-scanner-general]quarantine based on spamassassin
rating
I think it would be a useful option. Specifically I'd like it to look at
the
hits= spamassassin header and if it matches (or is larger than) a
configurable value, have qmail-scanner change the envelope informat
avoid legal
implications?
--Jeremy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Jason Haar
Sent: Thursday, September 05, 2002 5:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]quarantine based on spamassassin
rating
On Thu, Sep 05,
On Thu, Sep 05, 2002 at 10:51:18AM -0700, [EMAIL PROTECTED] wrote:
> Hi,
>
> Is there a way to make qmail-scanner quarantine a message based on spamassassin
> ratings? I didn't see anything like that in the configure options.
No. In fact the documentation explicitly states this is not an option
Hi,
Is there a way to make qmail-scanner quarantine a message based on spamassassin
ratings? I didn't see anything like that in the configure options.
thanks,
Russ
---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell p
> -Original Message-
> From: Trey Nolen [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 16, 2002 10:08 AM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]quarantine
>
>
>
> This is probably an easy question that has been answered before, so be
>
This is probably an easy question that has been answered before, so be
gentle.
Is there a way to have the quarantined messages just go to null? We've
stopped over 10,000 Klez this month, and quarantine keeps filling up our
var partition. I tried putting a .qmail file in the folder, but that
did
MAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]'
> = 'Virus-To' = 'BadTr
> ans Trojan exploit!'
> 11/06/2002 12:11:37:10398: p_s: type is a header!
>
> All seems to be ok here.
>
> Any ideas?
>
> - Original Message -
> From: "
From: "Indra Kusuma" <[EMAIL PROTECTED]>
To: "Daniel Czarnecki" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, June 11, 2002 1:19 PM
Subject: Re: [Qmail-scanner-general]quarantine-attachments
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 11 Jun 2002, Daniel Czarnecki wrote:
# Pickles.*BreakfastVirus-Subject: Fake Example Pickles virus
# .vbs 0 VBS attachments disallowed
Did you use instead of ?
Cheers,
- --
/
I have enabled
the following line in quarantine-attachments.txt to test the subject
filter:# e.g.# Pickles.*Breakfast
Virus-Subject: Fake Example Pickles virus## will match "Subject:
Pickles for Breakfast" - and# not "Subject: Pickles - where did you
go?"I run /var/qmail/qmail-scanner
I have enabled
the following line in quarantine-attachments.txt to test the subject
filter:# e.g.# Pickles.*Breakfast
Virus-Subject: Fake Example Pickles virus## will match "Subject:
Pickles for Breakfast" - and# not "Subject: Pickles - where did you
go?"I run /var/qmail/qmail-scanner.p
73 matches
Mail list logo
