Hello John,
JS> Abigail, JS> If a user puts this recipe into their .procmail file, JS> where would the log entries be collected. (Sorry, but JS> I'm a procmail newbie) Thanks for the recipe. A log file is specified in the procmailrc file. Here are some tutorials: http://www.devshed.com/Server_Side/Administration/Procmail/page9.html http://system.cs.fsu.edu/info/unix/procmail.html http://pegasus.rutgers.edu/~elflord/unix/procmail.html You can set up multiple log files for different sections of procmail - for example, I have a general procmail.log, but a separate virus.log for the virus recipes, and a spam.log for the spam recipes. It is not necessary to specify a log entry as I did with my recipe - you could send the virus directly to /dev/null or a quarantine file - but obviously a specific log entry such as "SwenA", "Klez", etc. makes it easier to generate reports or to debug recipes. (A grep of my virus.log now shows 570 instances of the Swen worm blocked with the recipe I am using). -Abigail JS> Regards, JS> John Schneider JS> Information Systems Manager, JS> DAUM Commercial Real Estate Services JS> -----Original Message----- JS> From: [EMAIL PROTECTED] JS> [mailto:[EMAIL PROTECTED] On Behalf Of Abigail JS> Marshall JS> Sent: Tuesday, September 23, 2003 5:10 PM JS> To: Stephen Reese; [EMAIL PROTECTED] JS> Subject: Re[2]: [SAtalk] why is sa not catching the microsoft emails ? JS> Hello Stephen, JS> Tuesday, September 23, 2003, 3:09:51 PM, you wrote: SR>> hmmmm, i still don't understand why SA is not even looking at them SR>> though see's everything else? JS> Because the 150K attachment that comes with Swen is either JS> too big to be sent to SA (depending on how you have JS> configured SA), or else it is so big that though SA tries to process it, it JS> is failing due to an out-of-memory problem. (When SA fails, it aborts, and JS> the message simply goes through). JS> If you use procmail to call SA, you should prefilter for viruses. I have JS> caught 105 instances of Swen today alone, 411 total, with this procmail JS> recipe: JS> #Win32.Swen.A - KILL JS> :0B * >>140000 JS> * <190000 JS> * BTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4ga JS> { LOG="SwenA" JS> :0 h JS> /dev/null JS> } JS> If you have a high volume of email coming in, a virus with a large JS> attachment like Swen can end up causing a lot of performance and memory JS> problems with Spamassassin in any case -- so basically it's best to JS> prefilter this by whatever tools are at your disposal. JS> -Abigail JS> ------------------------------------------------------- JS> This sf.net email is sponsored by:ThinkGeek JS> Welcome to geek heaven. JS> http://thinkgeek.com/sf _______________________________________________ JS> Spamassassin-talk mailing list [EMAIL PROTECTED] JS> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
