Re: [toaster] Mailing List

[Dan Scrimpsher]

This is my simscan config:   ./configure --enable-user=clamav --enable-clamav=y --enable-spam=y --enable-spam-passthru=n --enable-per-domain=y --enable-ripmime --enable-attach=y --enable-received=y --enable-quarantinedir=/var/spool/quarantine  --enable-spamc-args="-u vpopmail" I added SIMSCAN_DEBUG="2" to my tcp.smtp file. This is what the log shows when an infected msg comes in:   2005-04-07 10:48:49.879269500 tcpserver: status: 1/30 2005-04-07 10:48:49.879426500 tcpserver: pid 29478 from 140.186.45.14 2005-04-07 10:48:49.879514500 tcpserver: ok 29478 0:204.134.224.2:25 :140.186.45.14::54681 2005-04-07 10:48:50.418011500 CHKUSER accepted rcpt: from <[EMAIL PROTECTED]::> remote <europa.your-site.com:unknown:140.186.45.14> rcpt <[EMAIL PROTECTED]> : found existing recipient 2005-04-07 10:48:50.418570500 simscan: cdb looking up 2005-04-07 10:48:50.418635500 simscan: cdb for  found clam=yes,spam=yes,spam_passthru=no,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd 2005-04-07 10:48:50.418682500 simscan: pelookup clam = yes 2005-04-07 10:48:50.418683500 simscan: pelookup spam = yes 2005-04-07 10:48:50.418684500 simscan: pelookup spam_passthru = no 2005-04-07 10:48:50.418685500 simscan: spampassthru = no/0 2005-04-07 10:48:50.418685500 simscan: pelookup attach = .vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd 2005-04-07 10:48:50.418686500 simscan: attachment flag attach = .vbs:.lnk:.scr:.wsh:.hta:.pif:.bat:.cmd 2005-04-07 10:48:50.418687500 simscan: .vbs is attachment number 0 2005-04-07 10:48:50.418688500 simscan: .lnk is attachment number 1 2005-04-07 10:48:50.418694500 simscan: .scr is attachment number 2 2005-04-07 10:48:50.418695500 simscan: .wsh is attachment number 3 2005-04-07 10:48:50.418696500 simscan: .hta is attachment number 4 2005-04-07 10:48:50.418696500 simscan: .pif is attachment number 5 2005-04-07 10:48:50.418697500 simscan: .bat is attachment number 6 2005-04-07 10:48:50.418698500 simscan: .cmd is attachment number 7 2005-04-07 10:48:50.418708500 simscan: starting: work dir: /var/qmail/simscan/1112892530.418675.29479 2005-04-07 10:48:50.581803500 simscan: pelookup: called with [EMAIL PROTECTED] 2005-04-07 10:48:50.581804500 simscan: pelookup: domain is aleph-tec.com 2005-04-07 10:48:50.581816500 simscan: cdb looking up aleph-tec.com 2005-04-07 10:48:50.581829500 simscan: pelookup: local part is eicar 2005-04-07 10:48:50.581837500 simscan: cdb looking up [EMAIL PROTECTED] 2005-04-07 10:48:50.581852500 simscan: pelookup: called with [EMAIL PROTECTED] 2005-04-07 10:48:50.581853500 simscan: pelookup: domain is filter.csi.edu 2005-04-07 10:48:50.581854500 simscan: cdb looking up filter.csi.edu 2005-04-07 10:48:50.581866500 simscan: pelookup: local part is dan 2005-04-07 10:48:50.581874500 simscan: cdb looking up [EMAIL PROTECTED] 2005-04-07 10:48:50.583048500 simscan: cdb looking up version attach 2005-04-07 10:48:50.583080500 simscan: calling clamdscan 2005-04-07 10:48:50.588034500 simscan: cdb looking up version clamav 2005-04-07 10:48:50.588068500 simscan: clamdscan detected a virus 2005-04-07 10:48:50.588082500 simscan: 140.186.45.14 pid 29478: virus: Eicar-Test-Signature from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] time: 0.1696s 2005-04-07 10:48:50.588339500 simscan: exit error code: 31 2005-04-07 10:48:50.588657500 tcpserver: end 29478 status 0 2005-04-07 10:48:50.588658500 tcpserver: status: 0/30 I noticed the line 'simscan: exit error code: 31'. I imagine that is a problem.   Mail that is SPAM gets put in the quarantine directory fine.   Thanks Dan >>> [EMAIL PROTECTED] 4/7/2005 8:52:34 AM >>> Dan Scrimpsher wrote: > I have version 0.7.9 of the toaster installed on a RedHat EL3AS server > and things are working great. I even have simscan moving SPAM mail to > a quarantine directory. > This is a great product. >  > I have one question: Is it possible to have simscan move virus > infected mail to a quarantine directory also? Right now the infected > mail is just deleted. Absolutely!  :)  Add in --enable-quarantinedir=/your/dir when you configure simscan. -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."