Discussion:
Difference in MailScanner behaviour between Ubuntu 10.04 LTS and 12.04 LTS
Martijn
2014-06-15 23:17:58 UTC
Permalink
I'm running tests for upgrading a system to a newer version of Ubuntu
LTS, and during my tests I found a difference in behaviour between the
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.

The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
repository, both before and after the upgrade.

The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.


I've found two seperate issues:

Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.

Deny Filenames list is configured as:
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$
\.scr$ \.dll$ \.reg$

And:
Notify Senders Of Blocked Filenames Or Filetypes = yes

On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
although the configuration would suggest it should. The logs say this:

New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230 (victim at testdomain.ext)
to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds

After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to notify of
a deleted attachment. The log now has this:

New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds

Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com)". This notice wasn't there on 10.04 LTS.

Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are the same?

Issue #2:
So, notifications are sent on 12.04, but:
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.

Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing something here ;-)

Thanks,
- Martijn
Jerry Benton
2014-06-15 23:58:29 UTC
Permalink
Did you add the -U option to your /usr/sbin/MailScanner?

#!/usr/bin/perl -U -I/usr/share/MailScanner/

-
Jerry Benton
www.mailborder.com
Post by Martijn
I'm running tests for upgrading a system to a newer version of Ubuntu
LTS, and during my tests I found a difference in behaviour between the
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
repository, both before and after the upgrade.
The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.
Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$
\.scr$ \.dll$ \.reg$
Notify Senders Of Blocked Filenames Or Filetypes = yes
On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230 (victim at testdomain.ext)
to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds
After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to notify of
New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds
Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com)". This notice wasn't there on 10.04 LTS.
Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are the same?
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.
Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing something here ;-)
Thanks,
- Martijn
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140616/9be0dab1/attachment.html
Martijn
2014-06-16 07:52:07 UTC
Permalink
I checked, and -U is not added to /usr/sbin/MailScanner. The file now
starts with:
#!/usr/bin/perl -I/usr/share/MailScanner/

Are you saying the -U is needed for MailScanner to work properly on
10.04, or for both 10.04 and 12.04?

Perl on 10.04 is version 5.10.x and on 12.04 it's 5.14.x.

I wasn't aware that the packages from the Baruwa repository needed
changes after installation.

Thanks,
- Martijn
Post by Jerry Benton
Did you add the -U option to your /usr/sbin/MailScanner?
#!/usr/bin/perl -U -I/usr/share/MailScanner/
-
Jerry Benton
www.mailborder.com <http://www.mailborder.com>
On Jun 16, 2014, at 1:17 AM, Martijn <mailinglist at mindconnect.nl
Post by Martijn
I'm running tests for upgrading a system to a newer version of Ubuntu
LTS, and during my tests I found a difference in behaviour between the
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
<http://apt.baruwa.org>
repository, both before and after the upgrade.
The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.
Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$
\.scr$ \.dll$ \.reg$
Notify Senders Of Blocked Filenames Or Filetypes = yes
On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230 (victim at testdomain.ext
<mailto:victim at testdomain.ext>)
to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds
After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to notify of
New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 eicar.com
<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com <http://eicar.com>" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext
<mailto:victim at testdomain.ext>) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds
Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com <http://eicar.com>)". This notice wasn't there on 10.04 LTS.
Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are the same?
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.
Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing something here ;-)
Thanks,
- Martijn
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Martijn
2014-06-16 09:45:10 UTC
Permalink
For the record:
This install of MailScanner on Ubuntu 10.04 LTS has been functioning
without any noticable problems (except for the notification mails) or
errors in the logs for about 2 years now, and that is without the perl
-U switch.

Should I've noticed anything else with this parameter missing? This may
lead to me writing more tests to ensure proper functioning.

Thanks,
- Martijn
Post by Jerry Benton
Did you add the -U option to your /usr/sbin/MailScanner?
#!/usr/bin/perl -U -I/usr/share/MailScanner/
-
Jerry Benton
www.mailborder.com <http://www.mailborder.com>
On Jun 16, 2014, at 1:17 AM, Martijn <mailinglist at mindconnect.nl
Post by Martijn
I'm running tests for upgrading a system to a newer version of Ubuntu
LTS, and during my tests I found a difference in behaviour between the
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
<http://apt.baruwa.org>
repository, both before and after the upgrade.
The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.
Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$
\.scr$ \.dll$ \.reg$
Notify Senders Of Blocked Filenames Or Filetypes = yes
On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230 (victim at testdomain.ext
<mailto:victim at testdomain.ext>)
to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds
After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to notify of
New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 eicar.com
<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com <http://eicar.com>" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext
<mailto:victim at testdomain.ext>) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds
Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com <http://eicar.com>)". This notice wasn't there on 10.04 LTS.
Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are the same?
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.
Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing something here ;-)
Thanks,
- Martijn
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Jerry Benton
2014-06-16 11:28:15 UTC
Permalink
It is after 5.10.

http://lists.mailscanner.info/pipermail/mailscanner/2011-May/097870.html




On Mon, Jun 16, 2014 at 11:45 AM, Martijn <mailinglist at mindconnect.nl>
Post by Martijn
This install of MailScanner on Ubuntu 10.04 LTS has been functioning
without any noticable problems (except for the notification mails) or
errors in the logs for about 2 years now, and that is without the perl
-U switch.
Should I've noticed anything else with this parameter missing? This may
lead to me writing more tests to ensure proper functioning.
Thanks,
- Martijn
Post by Jerry Benton
Did you add the -U option to your /usr/sbin/MailScanner?
#!/usr/bin/perl -U -I/usr/share/MailScanner/
-
Jerry Benton
www.mailborder.com <http://www.mailborder.com>
On Jun 16, 2014, at 1:17 AM, Martijn <mailinglist at mindconnect.nl
Post by Martijn
I'm running tests for upgrading a system to a newer version of Ubuntu
LTS, and during my tests I found a difference in behaviour between the
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
The 12.04 LTS system is an upgraded install of a copy of the 10.04 LTS
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
<http://apt.baruwa.org>
repository, both before and after the upgrade.
The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.
Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$ \.vbs$ \.vb$
\.scr$ \.dll$ \.reg$
Notify Senders Of Blocked Filenames Or Filetypes = yes
On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230 (victim at testdomain.ext
<mailto:victim at testdomain.ext>)
to testdomain.ext is not spam, SpamAssassin (not cached, score=-3.228,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33, BAYES_00
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds
After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to notify of
New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34 eicar.com
<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com <http://eicar.com>" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext
<mailto:victim at testdomain.ext>) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds
Notice the "Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com <http://eicar.com>)". This notice wasn't there on 10.04 LTS.
Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are the same?
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.
Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing something here
;-)
Post by Jerry Benton
Post by Martijn
Thanks,
- Martijn
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140616/58ade3e9/attachment.html
Martijn
2014-06-16 19:43:15 UTC
Permalink
Thank you for your suggestion.

The MailScanner running on 12.04 LTS doesn't seem to need the -U for the
notifications to work, but it may need it for other things to work, so I
guess it's best to add it in there as well.

Adding -U on the MailScanner running on 10.04 LTS does make both
installs behave the same, so that seems like good news. However...

On second thought, the behaviour now displayed by both installs seems
faulty as well, looking at these comments in the configuration file:

Notify Senders = no

[...]

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages [...]
Notify Senders Of Blocked Filenames Or Filetypes = yes

Summing this all up would mean that even though the second option is set
to yes, the notification shouldn't be send at all, since Notify Senders
is set to no.
I'll have a look at the bug tracker to see if this is a known issue.


Can you (or anyone else) shed some light on my second question?:

The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the notification to
the _receiver_ of the message.

If this is expected, shouldn't those options actually be called 'Notify
Recipient *'? Am I interpreting this option the wrong way?

Thanks,
- Martijn
Post by Jerry Benton
It is after 5.10.
http://lists.mailscanner.info/pipermail/mailscanner/2011-May/097870.html
On Mon, Jun 16, 2014 at 11:45 AM, Martijn <mailinglist at mindconnect.nl
This install of MailScanner on Ubuntu 10.04 LTS has been functioning
without any noticable problems (except for the notification mails) or
errors in the logs for about 2 years now, and that is without the perl
-U switch.
Should I've noticed anything else with this parameter missing? This may
lead to me writing more tests to ensure proper functioning.
Thanks,
- Martijn
Post by Jerry Benton
Did you add the -U option to your /usr/sbin/MailScanner?
#!/usr/bin/perl -U -I/usr/share/MailScanner/
-
Jerry Benton
www.mailborder.com <http://www.mailborder.com>
<http://www.mailborder.com>
Post by Jerry Benton
On Jun 16, 2014, at 1:17 AM, Martijn <mailinglist at mindconnect.nl
<mailto:mailinglist at mindconnect.nl>
Post by Jerry Benton
<mailto:mailinglist at mindconnect.nl
Post by Martijn
I'm running tests for upgrading a system to a newer version of
Ubuntu
Post by Jerry Benton
Post by Martijn
LTS, and during my tests I found a difference in behaviour
between the
Post by Jerry Benton
Post by Martijn
MailScanner I have on 10.04 LTS and the one that's on 12.04 LTS.
The 12.04 LTS system is an upgraded install of a copy of the
10.04 LTS
Post by Jerry Benton
Post by Martijn
install. MailScanner version is: 4.84.5 from the apt.baruwa.org
<http://apt.baruwa.org>
Post by Jerry Benton
Post by Martijn
<http://apt.baruwa.org>
repository, both before and after the upgrade.
The MailScanner configuration between the two systems is completely
identical. MailScanner --debug --lint shows no issues.
Issue #1: The install on 10.04 doesn't send blocked filename
notifications but the install on 12.04 does.
Deny Filenames = \.com$ \.exe$ \.msi$ \.pif$ \.bat$ \.cpl$
\.vbs$ \.vb$
Post by Jerry Benton
Post by Martijn
\.scr$ \.dll$ \.reg$
Notify Senders Of Blocked Filenames Or Filetypes = yes
On 10.04, when sending an eicar test file, the mail is considered to
contain a virus and therefor deleted. No notification mail is sent,
although the configuration would suggest it should. The logs say
New Batch: Scanning 1 messages, 1965 bytes
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./DECEF36C443.ACC6F/
Virus Scanning: Clamd found 1 infections
Infected message DECEF36C443.ACC6F came from 195.241.145.230
Virus Scanning: Found 1 viruses
Virus Scanning completed at 10980 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/DECEF36C443.ACC6F
Spam Checks: Starting
Message DECEF36C443.ACC6F from 195.241.145.230
(victim at testdomain.ext
Post by Jerry Benton
Post by Martijn
<mailto:victim at testdomain.ext <mailto:victim at testdomain.ext>>)
to testdomain.ext is not spam, SpamAssassin (not cached,
score=-3.228,
Post by Jerry Benton
Post by Martijn
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL -0.33,
BAYES_00
Post by Jerry Benton
Post by Martijn
-1.90)
Spam Checks completed at 271 bytes per second
Cleaned: Delivered 1 cleaned messages
Deleted 1 messages from processing-database
Batch completed at 264 bytes per second (1965 / 7)
Batch (1 message) processed in 7.42 seconds
After upgrading to 12.04, the difference in behaviour is that
MailScanner now suddenly DOES sends a notification message to
notify of
Post by Jerry Benton
Post by Martijn
New Batch: Scanning 1 messages, 1841 bytes
Filename Checks: Blocked Filename Detected (7CE27442AE.AFD34
eicar.com <http://eicar.com>
Post by Jerry Benton
Post by Martijn
<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./7CE27442AE.AFD34/
Virus Scanning: Clamd found 1 infections
Infected message 7CE27442AE.AFD34 came from 10.0.3.2
Virus Scanning: Found 1 viruses
Virus Scanning completed at 2784 bytes per second
Saved entire message to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Saved infected "eicar.com <http://eicar.com> <http://eicar.com>" to
/var/spool/MailScanner/quarantine/20140616/7CE27442AE.AFD34
Spam Checks: Starting
Expired 1 records from the SpamAssassin cache
Message 7CE27442AE.AFD34 from 10.0.3.2 (victim at testdomain.ext
<mailto:victim at testdomain.ext <mailto:victim at testdomain.ext>>) to
testdomain.ext is not spam, SpamAssassin (not cached, score=-0.879,
required 3, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.12)
Spam Checks completed at 209 bytes per second
Requeue: 7CE27442AE.AFD34 to 0BD61442B7
Cleaned: Delivered 1 cleaned messages
Virus Processing completed at 3872 bytes per second
Deleted 1 messages from processing-database
Batch completed at 185 bytes per second (1841 / 9)
Batch (1 message) processed in 9.92 seconds
Notice the "Filename Checks: Blocked Filename Detected
(7CE27442AE.AFD34
Post by Jerry Benton
Post by Martijn
eicar.com <http://eicar.com> <http://eicar.com>)". This notice
wasn't there on 10.04 LTS.
Post by Jerry Benton
Post by Martijn
Question: does anyone know what the cause of this difference in
behaviour is, as the MailScanner version and configuration are
the same?
Post by Jerry Benton
Post by Martijn
The option called "Notify Senders Of Blocked Filenames Or Filetypes"
doesn't send a notification to the sender. It sends the
notification to
Post by Jerry Benton
Post by Martijn
the _receiver_ of the message.
Questions: Is this expected behaviour and should all those options
actually be called 'Notify Recipient *' or am I missing
something here ;-)
Post by Jerry Benton
Post by Martijn
Thanks,
- Martijn
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
Post by Jerry Benton
Post by Martijn
<mailto:mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>>
Post by Jerry Benton
Post by Martijn
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com <http://www.mailborder.com>
Loading...