[Mimedefang] Filter not working (properly)

Alan Premselaar alien at 12inch.com
Thu Apr 13 02:17:20 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Ashley M. Kirchner wrote:
> 
>    Anyone have any idea why this piece of my mimedefang filter suddenly
> quit working?
> 
>    if ($FoundVirus) {
>        md_graphdefang_log('virus', $VirusName, $RelayAddr);
>        md_syslog('warning', "Discarding because of virus $VirusName");
>        $QuarantineDir = '/var/spool/MD-Quarantine/virus';
>        action_quarantine_entire_message("Message quarantined because of
> virus: $VirusName.");
>        $QuarantineDir = '/var/spool/MD-Quarantine';
>        return action_discard();
>    }
> 
>    It's logging the virus message just fine, and I get the quarantined
> e-mails as well, and clamav is also reporting the virus as it should in
> its log file, but MD is not saving the data in
> /var/spool/MD-Quarantine/virus anymore, it just stopped.  Any ideas as
> to why?  The last two items that got updated were clamav (0.88.1) and
> sendmail (8.13.6).  Haven't touched MD just yet, though it also needs an
> update.
> 

Ashley,

  here are the obvious questions:

have the permissions on the directory changed at all?
do you have any files in /var/spool/MD-Quarantine? (as opposed to
/var/spool/MD-Quarantine/virus)

I'm not sure why you set $QuarantineDir twice, and theoretically it
shouldn't have any impact, but maybe somehow it is and it's writing the
files in the wrong place. (really reaching here)

I'm assuming you've restarted sendmail and MIMEDefang as well during the
upgrade process for sendmail but, just in case you haven't, you should.

I would be tempted to question the clamav upgrade as a number of people
have apparently been having problems with 0.88.1 (although I haven't had
any at all), but it appears that it's returning the virus name properly
so unlikely to be the cause.

that pretty much leaves sendmail ... if you downgrade back to 8.13.5 (or
whichever version you were using previously) does it work again?

alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEPezwE2gsBSKjZHQRAvYWAKDqgoRu5msEHLeeMzvgVof3sW1uDgCg5lE/
p0f1K3XwphZVhjMcfSg0hV4=
=JVcK
-----END PGP SIGNATURE-----



More information about the MIMEDefang mailing list