[Mimedefang] Quarantine Salvage.

Wed Mar 13 16:04:01 EST 2002

Hello,
	MIMEDefang is the coolest. I have a few questions. We use
MIMEDefang to scan for viruses. I was able to easily modify it for use
with CA InoculateIT thanks to the expert advice on this list. There was a
known quirk with our virus scanner that someone overlooked for something
like 12 hours. So all messages during that time were flagged as infected
with a virus due to a scanner error and were quarantined. I've sifted
through the list and now have a heap of messages that need to get resent.
So I want to make sure that I know what each of the parts in the each
quarantine directory are. This is what I assume, so please correct me if
I'm wrong. 

HEADERS include headers for the entire message.
PART.n.HEADERS is the header to part number 'n' of the message.
PART.n.BODY is the content of the part number 'n'. If the header says that
it's encoded, I'm guessing that MIMEDefang already decoded it and saved
the final product to this file.
RECIPIENTS list of intended recipients
SENDER sender of the message.

Please let me know where I'm not on track.

Also, in the logs I've been noticing some new messages. Do I need to worry
about any of them? If so, any suggestions on going about remedying them?
Here they are straight from the err log:

Mar 12 13:18:44 cronus mimedefang.pl[19878]: g2CJIYl7006534: couldn't open INPUTMSG: No such file or directory
Mar 12 13:18:44 cronus mimedefang[6542]: Error from multiplexor: error: g2CJIYl7006534: couldn't open INPUTMSG: No such file or directory
Mar 12 13:18:44 cronus mimedefang[6540]: Error from multiplexor: ok 1
Mar 12 13:18:45 cronus mimedefang.pl[19878]: g2CJI3lG006219: couldn't open INPUTMSG: No such file or directory
Mar 12 13:18:45 cronus mimedefang[6538]: Error from multiplexor: error: g2CJI3lG006219: couldn't open INPUTMSG: No such file or directory
Mar 12 13:18:46 cronus mimedefang[7032]: Error from multiplexor: ok 1
Mar 12 13:18:47 cronus mimedefang.pl[19878]: Could not create NOTIFICATION file: Operation not permitted
Mar 12 13:18:47 cronus mimedefang.pl[19878]: Could not create DISCARD file: Operation not permitted
Mar 12 13:18:47 cronus mimedefang.pl[19878]: Could not create NOTIFICATION file: Operation not permitted
Mar 12 13:18:47 cronus mimedefang[6539]: Error from multiplexor: error: g2CJIkl4007031: Can't open NEWBODY: Operation not permitted
Mar 12 13:18:47 cronus mimedefang.pl[19878]: g2CJIkl4007031: Can't open NEWBODY: Operation not permitted
Mar 12 13:18:47 cronus mimedefang[6360]: Error from multiplexor: ERR Filter timed out
Mar 12 13:18:53 cronus mimedefang[6412]: Error from multiplexor: ERR Filter timed out
Mar 12 13:18:59 cronus mimedefang[6479]: Error from multiplexor: ERR Filter timed out
Mar 12 13:18:59 cronus mimedefang[7156]: Error from multiplexor: error: Error talking to slave process

Mar 12 14:44:45 cronus mimedefang[28672]: Error from multiplexor: ERR Filter timed out

Mar 12 23:31:33 cronus sendmail[13558]: g2D1C0ME013558: Milter (mimedefang): write(L) returned -1, expected 5: Broken pipe

Mar 13 11:06:47 cronus sendmail[20308]: g2DH6aMG020308: Milter (mimedefang): select(read): Interrupted system call

Another one that pops up quite a bit in the info log:
Mar 12 05:05:15 cronus sendmail[15478]: g2CB5Al4015478: Milter: data, reject=451 4.7.1 Please try again later

Also, we made a work around our virus scanner's quirk since the big
mishap. We no longer quarantine infected messages because evidently there
are a lot of viruses that go through our server, and it tends to eat up
space quickly. As far as we're concerned, viruses are trash anyhow. Since
we've done that, we've missed all that wonderful information you get along
with the quarantine(Headers and such). Is there a scalar that I can just
insert into action_notify_administrator that will return the
message/entity headers? That's mostly what we're missing.

Thank you very much in advance for all your help!

Thanks,
Matt Zimmerman
mzimmerm at angelo.edu