Anders Andersson, IT | 1 Oct 11:04 2014
Picon

Mailscanner ovf appliance

Hi

Just wondered if anyone know or tested any free mailscanner based virtual appliance. Tried to search but that didn’t work to good. I guess I could always make my own virtual machine but a  preinstalled ovf-file  with a basic web interface would be much easier J

 

Kind regards

 

Anders

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Boyd | 30 Sep 10:26 2014
Picon

Use mailscanner for content protection

Hi All,

Is there any sample configuration about using mailscanner for content protection?

Thanks a lot!

Boyd
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Chris Labatt-Simon | 29 Sep 20:40 2014

MailScanner starting new parent processes

Hi All –

 

I just went through a painful upgrade of an Ubuntu server from 10.04 to 14.04. In the process, MailScanner was removed and I had to re-install it. I copied over my old etc settings. My old version was 4.79.11. My new version is 4.84.6.

 

It seems as if MailScanner can’t tell whether it’s already running. I have “Restart Every” set to 7200. Every time the time passes, a new primary process of MailScanner starts. Over the period of a day, I’ll have a large number of parent processes running.

 

Help?

 

If this helps at all… the mailscanner script in /etc/init.d uses start-stop-daemon to start and stop the MailScanner process. It would start fine, but it wouldn’t stop as it didn’t recognize the MailScanner name in the process list. I had to modify the script to use the PID file to stop the processes.

 

Here’s the ps –edf output after the first 7200 seconds:

 

root     11829     1  0 12:31 ?        00:00:00 MailScanner: master waiting for children, sleeping

root     11830 11829  0 12:31 ?        00:00:11 MailScanner: waiting for messages

root     11839 11829  0 12:31 ?        00:00:13 MailScanner: waiting for messages

root     11857 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     11863 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     11871 11829  0 12:32 ?        00:00:14 MailScanner: waiting for messages

root     14269     1  0 13:17 ?        00:00:00 MailScanner: master waiting for children, sleeping

root     14270 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14278 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14284 14269  0 13:17 ?        00:00:10 MailScanner: waiting for messages

root     14290 14269  0 13:17 ?        00:00:07 MailScanner: waiting for messages

root     14298 14269  0 13:17 ?        00:00:08 MailScanner: waiting for messages

 

Thanks!

 

Chris

 

 

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Ryan Braganza | 29 Sep 12:23 2014
Picon

Mails get quarantined multiple times

I received a mail with queue id 9DECD35316. This mail was supposed to get quarantined due to a size restriction but instead of getting quarantined once it keeps getting quarantine  until we removed this email manually from queue

Mailscanner version is mailscanner-4.70.7-1


The logs show...  .. any idea what could be wrong ?

Sep 29 12:47:29 smtp MailScanner[31421]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.4515E
Sep 29 12:47:39 smtp MailScanner[31490]: Content Checks: Message 9DECD35316.4DCC2 is bigger than 13312000 bytes
Sep 29 12:47:39 smtp MailScanner[31490]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.4DCC2
Sep 29 12:47:46 smtp MailScanner[31411]: Content Checks: Message 9DECD35316.E2456 is bigger than 13312000 bytes
Sep 29 12:47:46 smtp MailScanner[31411]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.E2456
Sep 29 12:47:52 smtp MailScanner[31336]: Content Checks: Message 9DECD35316.21440 is bigger than 13312000 bytes
Sep 29 12:47:52 smtp MailScanner[31336]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.21440
Sep 29 12:47:59 smtp MailScanner[31513]: Content Checks: Message 9DECD35316.383FF is bigger than 13312000 bytes
Sep 29 12:47:59 smtp MailScanner[31513]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.383FF
Sep 29 12:48:05 smtp MailScanner[31553]: Content Checks: Message 9DECD35316.CDB95 is bigger than 13312000 bytes
Sep 29 12:48:05 smtp MailScanner[31553]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.CDB95
Sep 29 12:48:11 smtp MailScanner[31523]: Content Checks: Message 9DECD35316.F07D0 is bigger than 13312000 bytes
Sep 29 12:48:11 smtp MailScanner[31523]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.F07D0
Sep 29 12:48:18 smtp MailScanner[31582]: Content Checks: Message 9DECD35316.C9CE2 is bigger than 13312000 bytes
Sep 29 12:48:18 smtp MailScanner[31582]: Saved entire message to /usr/local/spool/MailScanner/quarantine/20140929/9DECD35316.C9CE2
Sep 29 12:48:24 smtp MailScanner[31499]: Content Checks: Message 9DECD35316.01EFE is bigger than 13312000 bytes



--
--------------------------------------------------------------------------------------------------------------------------------------
“Race the rain, Ride the wind & Chase the sunset.
Only a biker understands.”
--------------------------------------------------------------------------------------------------------------------------------------



--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Jan Johansson | 28 Sep 14:04 2014
Picon

New system, and "blank screen issues"-

I just reinstalled a box in Ubuntu 14.04 LTS and current versions of MailScanner (working nicely) and Mailwatch (Not working nicely).

 

When I try to log on to web interface I am (before login) redirected to status.php which is just blank (nothing I source code either).

 

If I manually go to login.php I get the login screen and am then redirected to status.php

 

I see nothing in the apache logs apart from what I expect (Yes, I know error.log shoiws that I goofed a path, that has been fixed)

 

I have E_ALL and display errors in apache config, and still just a blank page.

 

I found a few similar things on the mailing list archive but no real solution.

 

Any hints?

 

==> /var/log/apache2/access.log <==

213.114.166.188 - - [28/Sep/2014:13:53:24 +0200] "GET /phpmyadmin/index.php?ajax_request=1&recent_table=1&token=216c9c1960f6c815a0fa3630e40bcd05 HTTP/1.1" 200 844 "http://laundromat.kontinuitet.com/phpmyadmin/index.php?token=216c9c1960f6c815a0fa3630e40bcd05" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:55:57 +0200] "GET /mailscanner/status.php HTTP/1.1" 200 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:56:01 +0200] "GET /mailscanner/status.php HTTP/1.1" 200 222 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:56:29 +0200] "GET /mailscanner/login.php HTTP/1.1" 200 1285 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:56:29 +0200] "GET /mailscanner/images/mailwatch-logo-trans-307x84.png HTTP/1.1" 200 4021 "http://laundromat.kontinuitet.com/mailscanner/login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:56:29 +0200] "GET /mailscanner/images/favicon.png HTTP/1.1" 200 572 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:56:37 +0200] "POST /mailscanner/checklogin.php HTTP/1.1" 200 223 "http://laundromat.kontinuitet.com/mailscanner/login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:59:43 +0200] "POST /mailscanner/checklogin.php HTTP/1.1" 200 223 "http://laundromat.kontinuitet.com/mailscanner/login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:59:56 +0200] "GET /mailscanner/ HTTP/1.1" 302 248 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

213.114.166.188 - - [28/Sep/2014:13:59:56 +0200] "GET /mailscanner/status.php HTTP/1.1" 200 222 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

 

==> /var/log/apache2/error.log <==

[Sun Sep 28 13:48:04.633644 2014] [:error] [pid 31690] [client 213.114.166.188:16822] PHP Warning:  fopen(/opt/MailScanner/etc/MailScanner/etc/MailScanner.conf): failed to open stream: No such file or directory in /var/www/html/mailscanner/functions.php on line 1195

[Sun Sep 28 13:48:04.767978 2014] [:error] [pid 31690] [client 213.114.166.188:16822] PHP Warning:  fopen(/opt/MailScanner/etc/MailScanner/etc/MailScanner.conf): failed to open stream: No such file or directory in /var/www/html/mailscanner/functions.php on line 1195

[Sun Sep 28 13:48:04.880799 2014] [:error] [pid 31690] [client 213.114.166.188:16822] PHP Warning:  fopen(/opt/MailScanner/etc/MailScanner/etc/MailScanner.conf): failed to open stream: No such file or directory in /var/www/html/mailscanner/functions.php on line 1195

[Sun Sep 28 13:55:54.785721 2014] [mpm_prefork:notice] [pid 1503] AH00169: caught SIGTERM, shutting down

[Sun Sep 28 13:55:55.856671 2014] [mpm_prefork:notice] [pid 4960] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.4 configured -- resuming normal operations

[Sun Sep 28 13:55:55.857424 2014] [core:notice] [pid 4960] AH00094: Command line: '/usr/sbin/apache2'

[Sun Sep 28 13:59:36.853295 2014] [mpm_prefork:notice] [pid 4960] AH00169: caught SIGTERM, shutting down

PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php5/apache2/php.ini on line 462 in Unknown on line 0

[Sun Sep 28 13:59:37.913370 2014] [mpm_prefork:notice] [pid 5284] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.4 configured -- resuming normal operations

[Sun Sep 28 13:59:37.913419 2014] [core:notice] [pid 5284] AH00094: Command line: '/usr/sbin/apache2'

 

==> /var/log/apache2/other_vhosts_access.log <==

 


--
Meddelandet har kontrollerats mot virus
samt skadligt innehl av MailScanner
och förmodas vara säkert.
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Paul Welsh | 23 Sep 01:01 2014

ESET File Security

Just to share my findings of ESET File Security with MailScanner 4.84.5 in case anyone's interested in using it.

I got hold of a 30 day trial from http://www.eset.co.uk/Trial/Business?Product=LFS and have only installed it tonight so early days but was a breeze to install and appears to work fine.

It appears to be licensed per server for £83 per year with a good discount for 2 and 3 year licences - see https://shop.eset.co.uk/Store/File-Security

Installed it by downloading the software and manual from http://www.eset.co.uk/Download/Software/Product/LFS 

Installation on my CentOS 6.5 x64 box was simply a case of:
sh ./esets.x86_64.rpm.bin
then registering it with the licence file they sent:
/opt/eset/esets/sbin/esets_lic --import /home/admin/NOD32.lic
and editing the file /etc/opt/eset/esets/esets.cfg to add my username and password:
av_update_username =
av_update_password = 

At this point I could scan a directory:
/opt/eset/esets/sbin/esets_scan /root

I manually updated it, though not needed as it happened:
/opt/eset/esets/sbin/esets_update

The /etc/MailScanner/virus.scanners.conf file needed a small tweak:
esets           /usr/lib/MailScanner/esets-wrapper      /opt/eset/esets/sbin

I then tested without a problem:
/usr/lib/MailScanner/esets-wrapper /opt/eset/esets/sbin /root

I scanned another directory and got the following results.  Very quick:
Scan started at:   Mon 22 Sep 2014 10:32:17 PM BST
Scan completed at: Mon 22 Sep 2014 10:32:17 PM BST
Scan time:         0 sec (0:00:00)
Total:             files - 39, objects 39
Infected:          files - 0, objects 0
Cleaned:           files - 0, objects 0

Bitdefender took 25 seconds.  OK, no daemon with bitdefender but a startling difference.  Clamscan with clamd running took 7.5 seconds, f-prot took 1.25 seconds.

I sent the eicar test file within the body of a message and eset captured it.  The message wasn't delivered and instead the recipient got the text file with:
esets: Found virus Eicar test file in msg-2635-1.txt

I tried MailScanner.conf with the following and it worked each time:
Virus Scanners = esets
Virus Scanners = esets f-prot-6
Virus Scanners = esets f-prot-6 clamd

MailScanner's esets updater seems to work:
Sep 22 23:09:32 mail update.virus.scanners: Found esets installed
Sep 22 23:09:32 mail update.virus.scanners: Running autoupdate for esets
Sep 22 23:09:55 mail esets-autoupdate[4734]: esets updated

As per previous messages, I've found that the clamd daemon starts falling over after a few weeks with only a reboot resetting it.  Memory leak?

AVG, I found, looks like it works but delivers infected messages.

I've 30 days to see if eset is more reliable.  

Oh, one other thing.  ESET has 2 daemons:
# ps -C esets_daemon
  PID TTY          TIME CMD
  669 ?        00:00:00 esets_daemon
  671 ?        00:01:04 esets_daemon

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Paul Welsh | 21 Sep 23:40 2014

Re: Clamd error messages since last week

Following on from my issues with clamd, I rebooted the server and the errors stopped for several weeks, then came back again.  I rebooted again today.

I restart the daemon each time it fails but once it starts failing, restarts don't have any long lasting effect.  When I say long lasting, the errors start again within the hour.

Anyone else getting this?  I'm running version 0.98.4.

On 30 August 2014 12:00, <mailscanner-request <at> lists.mailscanner.info> wrote:

---------- Forwarded message ----------
From: Paul Welsh <paul <at> welshfamily.com>
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Cc: 
Date: Fri, 29 Aug 2014 19:13:31 +0100
Subject: Re: Clamd error messages since last week
If the clamd daemon is local to the mailscanner machine I would recommend switching to a unix socket instead of tcp. Set it in your clamd.conf and then mirror the path and filename in the MailScanner.config such as
Clamd Socket = /tmp/clamd
 
Also I attached a small perl script that will check clamd and make sure it's both up and running and capable of responding (the PING/PONG)
anything you can use to monitor program result codes can use this as it returns 0 for OK and 1 for any issues, you can also have it log to mail|info if you want to use a log file analizer and just call it from cron ever min or so, there is very, very little overhead
 
Rick Cooper


Thanks for responding, Rick.  Seems to be setup that way already though:

# grep 'Clamd Socket' /etc/MailScanner/MailScanner.conf
Clamd Socket = /var/run/clamav/clamd.sock

# grep LocalSocket /etc/clamd.conf
LocalSocket /var/run/clamav/clamd.sock

Suppose a reboot is the next step.  Upgrading to ClamAV 0.98.4 made no difference.

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Paul Welsh | 21 Sep 23:07 2014

Re: Antivirus performance, AVG

Hi Michael

Thanks for the info about AVG you provided back in May.

I didn't get any luck with this.  When I run avg with f-prot6 or clamd it appears to work.  I get this in maillog:
Clamd::INFECTED::Eicar-Test-Signature
Avg: Virus identified EICAR_Test; deleted in msg-9254-1.txt

and I get this in the attachment-warning.txt in the received message:
Clamd: msg-9254-1.txt was infected: Eicar-Test-Signature
Avg: Found virus deleted in file msg-9254-1.txt

So looks promising.

However, if I use AVG on its own I see this in the log:
Avg: Virus identified EICAR_Test; deleted in msg-12519-1.txt
Virus Scanning: Avg found 1 infections
Virus Scanning: Found 1 viruses
Delivery of nonspam

The message is delivered intact.

To test I'm including the eicar text in the body of a message.  Using MailScanner 4.84.5.





On 23 May 2014 12:00, <mailscanner-request <at> lists.mailscanner.info> wrote:
---------- Forwarded message ----------
From: Michael Huntley <michael <at> huntley.net>
To: MailScanner discussion <mailscanner <at> lists.mailscanner.info>
Cc: 
Date: Thu, 22 May 2014 23:00:28 -0700
Subject: Re: Antivirus performance, AVG
I got AVG to work.

I changed this line in virus.scanners.conf:
avg             /usr/lib/MailScanner/avg-wrapper        /opt/avg/av

Save a copy just-in-case someone blows the dust off this project and releases an update......

Then I edited the wrapper:
/usr/lib/MailScanner/avg-wrapper:

#Add the t option to delete infected object.  MailScanner doesn't remove it otherwise...
#probably a code issue.  Don't care, throw the beastie away.
ScanOptions="-at"
PackageDir=$1
shift
Prog=avgscan

if [ "x$1" = "x-IsItInstalled" ]; then
  [ -x ${PackageDir}/bin/$Prog ] && exit 0
  exit 1
fi

# Force output into English
LANG=EN
export LANG
# update AVGs library reference

#Needed For Proper Use Of New AVG
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/avg/av/lib
export AVGINSTDIR=/opt/avg/av
export HOME=/opt/avg/av

exec $PackageDir/bin/$Prog $ScanOptions "$ <at> " 2>&1
exit 1

...

Save a backup of the wrapper in case (highly UNLIKELY at this time) MailScanner has an update.  HA!

Cheers!

mph
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Edward Dam | 17 Sep 22:28 2014
Picon

Moving Servers

Hi All,

I spent the day setting up a new MailScanner server as the old one's days were numbered from a hardware perspective.

I've got the new server up and running, and MailScanner installed and working.

What I *can't* get working, is the custom rules I have, specifically a file called deliver.rules that contains a bunch of forwards.

First off, new server info.

CentOS 6.5
MailScanner Version = 4.84.6
PHP Version = 5.3.3

MailScanner.conf applicable lines:

%rules-dir% = /etc/MailScanner/rules

Non Spam Actions = %rules-dir%/deliver.rules


So in /etc/MailScanner/rules I have my deliver.rules file, copied from the old working system.

For some reason, MailScanner completely ignores the file. I've been banging my head against the desk for a couple hours now - and this is the last "issue" left before pushing this into production.

Any thoughts?



--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Mahirrudin Alkhoir | 17 Sep 11:34 2014
Picon

Custom header for whitelist message

Hello,

i have a question about tagging messages, in mailscanner configuration there are configuration about blacklist and whitelist rules perdomain. 

Is Definitely Not Spam = &ByDomainSpamWhitelist
Is Definitely Spam = &ByDomainSpamBlacklist

For blacklist ( spam messages ), i can custom header or subject using spam action. 

Spam Actions = deliver header "X-Spam-Status: Yes"
Non Spam Actions = deliver header "X-Spam-Status: No"

if i am using thats configuration, all clean messages, include whitelist messages have same "X-Spam-Status" header. 
There's another way to modified header email for whitelist rules only ?

X-Spam-Status: Whitelist


Best Regards,

mahirrudin

When there's a Will there's a Smith
http://blog.mahirrudin.com
--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
Jorge Barosa | 15 Sep 11:11 2014

pfSense virtualized with mailscanner doesn't run

Hello,

I'm a new in your list, can someone please help me?

I've got an pfSense in a virtulized system (vmWare vSphere Hypervisor 5.5 ESXi), every thing works just fine except the mailscanner!! it gives this errors:

mailscanner: Process did not exit cleanly, returned 2 with signal 0
root: /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner: WARNING: failed to start mailscanner

Can someone giv me an hint ?

best regards,
Jorge Barosa

--

-- 
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Gmane