Abigail, Thank you very much for the help. I really appreciate it. Take care. :)
Regards, John Schneider Information Systems Manager, DAUM Commercial Real Estate Services -----Original Message----- From: Abigail Marshall [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2003 10:35 AM To: John Schneider; [EMAIL PROTECTED] Subject: Re: FW: Re[2]: [SAtalk] why is sa not catching the microsoft emails ? Hello John, JS> Abigail, JS> If a user puts this recipe into their .procmail file, JS> where would the log entries be collected. (Sorry, but JS> I'm a procmail newbie) Thanks for the recipe. A log file is specified in the procmailrc file. Here are some tutorials: http://www.devshed.com/Server_Side/Administration/Procmail/page9.html http://system.cs.fsu.edu/info/unix/procmail.html http://pegasus.rutgers.edu/~elflord/unix/procmail.html You can set up multiple log files for different sections of procmail - for example, I have a general procmail.log, but a separate virus.log for the virus recipes, and a spam.log for the spam recipes. It is not necessary to specify a log entry as I did with my recipe - you could send the virus directly to /dev/null or a quarantine file - but obviously a specific log entry such as "SwenA", "Klez", etc. makes it easier to generate reports or to debug recipes. (A grep of my virus.log now shows 570 instances of the Swen worm blocked with the recipe I am using). -Abigail JS> Regards, JS> John Schneider JS> Information Systems Manager, JS> DAUM Commercial Real Estate Services JS> -----Original Message----- JS> From: [EMAIL PROTECTED] JS> [mailto:[EMAIL PROTECTED] On Behalf Of JS> Abigail Marshall JS> Sent: Tuesday, September 23, 2003 5:10 PM JS> To: Stephen Reese; [EMAIL PROTECTED] JS> Subject: Re[2]: [SAtalk] why is sa not catching the microsoft emails JS> ? JS> Hello Stephen, JS> Tuesday, September 23, 2003, 3:09:51 PM, you wrote: SR>> hmmmm, i still don't understand why SA is not even looking at them SR>> though see's everything else? JS> Because the 150K attachment that comes with Swen is either too big JS> to be sent to SA (depending on how you have configured SA), or else JS> it is so big that though SA tries to process it, it is failing due JS> to an out-of-memory problem. (When SA fails, it aborts, and the JS> message simply goes through). JS> If you use procmail to call SA, you should prefilter for viruses. I JS> have caught 105 instances of Swen today alone, 411 total, with this JS> procmail JS> recipe: JS> #Win32.Swen.A - KILL JS> :0B * >>140000 JS> * <190000 JS> * BTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4ga JS> { LOG="SwenA" JS> :0 h JS> /dev/null JS> } JS> If you have a high volume of email coming in, a virus with a large JS> attachment like Swen can end up causing a lot of performance and JS> memory problems with Spamassassin in any case -- so basically it's JS> best to prefilter this by whatever tools are at your disposal. JS> -Abigail JS> ------------------------------------------------------- JS> This sf.net email is sponsored by:ThinkGeek JS> Welcome to geek heaven. JS> http://thinkgeek.com/sf JS> _______________________________________________ JS> Spamassassin-talk mailing list [EMAIL PROTECTED] JS> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
