Problem with blocking an attachments

[JIM]

Hello,
I made a fresh installation of mail server on freeBSD 4.10 with Mail-toaster 4.01.
The mail server doesn't block mails with specific attachments.
I have default settings in toaster-watcher.conf:

simscan_block_attachments   = 1
simscan_block_types   = mp3,exe,com,vbs...
But email with some mp3 file go through.


Regards.
JIM

[LogicX]

JIM

simscan_block_attachments   = 1 simscan_block_types   = mp3,exe,com,vbs... But email with some mp3 file go through.

I believe the toaster utility may not be accurately updating the /var/qmail/control/simcontrol file

I've edited mine, to now contain:
:clamav=yes,spam=yes,trophie=no,spam_hits=10,attach=yes,ripemime=/usr/bin/ripmime

I've bolded my additions.

Then run /var/qmail/bin/simscanmk to build the simcontrol.cdb file.
You can rebuild this files at any time. The simscanmk program can safely
update the cdb files while the system is running.


I'm also not sure if its accurately updating:
/var/qmail/control/ssattach with the extension lists

The simscan docs seem to be rather sparse, anyone who understands better, feel free to critique.

Maybe sometime soon I'll get a chance to read through the simscan and toaster_watcher code and review whats happening.

[JIM]

Thank you for your advice.
I changed the settings (with using simscanmk):
/var/qmail/control/simcontrol
clamav=yes,spam=yes,trophie=no,spam_hits=10,attach=yes,ripmime=/usr/local/bin/ripmime
(I tested too)
clamav=yes,spam=yes,trophie=no,spam_hits=10,attach=yes,ripemime=/usr/local/bin/ripmime

/var/qmail/control/ssattach
.mp3
.com
.exe
...

But behavior of server is still the same.
It blocks a mail with eicar virus, but a mail wih mp3 attachment not.

[LogicX]

simscan 1.0.8 is out today ---

I modded matt's setup.pm to add in a few of the new options (and enable the ripmime support)

after reading over code, I now understand that simscan gets compiled with the various options, and simcontrol is only for setting some of those per-domain settings --

if you change the settings back to:
:clam=yes,spam=yes,trophie=no,spam_hits=10
(clam, not clamav)

ls -ld /var/log/clamav/clamd.log
then tail -f /var/log/clamav/clamd.log

hopefully this should prove to you virus scanning is working.

If not -- it may be that you've modified the toaster_watcher.conf settings for simscan since you installed it -- as I said above, simcontrol is ONLY for some per-domain settings, and so if you modify any other settings, you'll have to recompile simscan (toaster_setup.pl -s simscan) (try setting your toaster_watcher.conf install_simscan version to 1.0.

/usr/local/lib/perl5/site_perl/5.8.5/Mail/Toaster/Setup.pm

I modded some of the settings:

      $confcmd .= "--enable-user=$user ";
      $confcmd .= "--enable-ripmime ";     # don't enable until simscan 1.0.8 is released
       $confcmd .= "--enable-dropmsg=y ";
       $confcmd .= "--enable-clamdscan=/usr/local/bin/clamdscan ";


the dropmsg seems priceless -- no doubt we'll see it as an option in toaster_watcher in the next version of the toaster.

Enjoy.

-Mike