[Mimedefang] Quarantine Salvage.
David F. Skoll
dfs at roaringpenguin.com
Wed Mar 13 16:30:03 EST 2002
On Wed, 13 Mar 2002, Matt Zimmerman wrote:
> There was a
> known quirk with our virus scanner that someone overlooked for something
> like 12 hours. So all messages during that time were flagged as infected
> with a virus due to a scanner error and were quarantined. I've sifted
> through the list and now have a heap of messages that need to get resent.
Oh, dear. I hope you used action_quarantine_entire_message(). If you
did not, you cannot reconstruct the message very easily.
If you DO have the ENTIRE_MESSAGE file, something like this should
work:
sendmail -f `cat SENDER` `cat RECIPIENTS` < ENTIRE_MESSAGE.
If you DO NOT have the ENTIRE_MESSAGE file, then you have to create a valid
MIME message from all the parts, and send it in the manner described above.
You can do it with some Perl hacking and MIME::Tools.
> HEADERS include headers for the entire message.
> PART.n.HEADERS is the header to part number 'n' of the message.
> PART.n.BODY is the content of the part number 'n'. If the header says that
> it's encoded, I'm guessing that MIMEDefang already decoded it and saved
> the final product to this file.
> RECIPIENTS list of intended recipients
> SENDER sender of the message.
All correct. :-)
> Also, in the logs I've been noticing some new messages. Do I need to worry
> about any of them?
Yes, they are all serious. It sounds like bad permissions on your
/var/spool/MIMEDefang directory, or a lack of disk space, or somehow
it got mounted read-only.
> Mar 12 13:18:44 cronus mimedefang.pl[19878]: g2CJIYl7006534: couldn't open INPUTMSG: No such file or directory
> Mar 12 13:18:44 cronus mimedefang[6542]: Error from multiplexor: error: g2CJIYl7006534: couldn't open INPUTMSG: No such file or directory
> Mar 12 13:18:47 cronus mimedefang.pl[19878]: Could not create NOTIFICATION file: Operation not permitted
> Mar 12 13:18:47 cronus mimedefang.pl[19878]: Could not create DISCARD file: Operation not permitted
> Another one that pops up quite a bit in the info log:
> Mar 12 05:05:15 cronus sendmail[15478]: g2CB5Al4015478: Milter: data, reject=451 4.7.1 Please try again later
This last one may be due to a milter bug; see the patch on the MIMEDefang
home page.
> Also, we made a work around our virus scanner's quirk since the big
> mishap. We no longer quarantine infected messages because evidently there
> are a lot of viruses that go through our server, and it tends to eat up
> space quickly. As far as we're concerned, viruses are trash anyhow. Since
> we've done that, we've missed all that wonderful information you get along
> with the quarantine(Headers and such). Is there a scalar that I can just
> insert into action_notify_administrator that will return the
> message/entity headers? That's mostly what we're missing.
There isn't, but take a look at mimedefang.pl -- you should be able to
replicate what you want pretty easily by using mimedefang.pl as an example.
Regards,
David.
More information about the MIMEDefang
mailing list