[Mimedefang] Some virus rejected, some temp failed?
Scott Oertel
freebsd at scottevil.com
Thu Jan 25 12:25:12 EST 2007
I have this situation where most all emails with virus attachments are
getting rejected, as they should, and now recently emails with this
certain virus attached are getting temp failed, "please try again
later". I've checked our greylist, they've already passed the greylist
so for some reason they're getting temp failed and i'm not sure why.
here is some log info:
### example of what it SHOULD normally do, and does:
[root at host log]# grep l0PFvdOe069418 spamlog
Jan 25 07:57:42 host mimedefang.pl[20624]:
MDLOG,l0PFvdOe069418,virus,Trojan.Postcard-eml-2,68***0,<jim at mail.l********.com>,<social@******>,
You've received a greeting from a family member!
[root at host log]# grep l0PFvdOe069418 maillog
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418:
from=<jim at mail.l********.com>, size=2673, class=0, nrcpts=1,
msgid=<20070125061057.B7CDF36E300F at mail.l********.com>, proto=ESMTP,
daemon=MTA, relay=a****n13.pacbell.net [****70]
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418: Milter: data,
reject=554 5.7.1 Virus Trojan.Postcard-eml-2 found in mail - rejected
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418: to=<social@******>,
delay=00:00:00, pri=32673, stat=Virus Trojan.Postcard-eml-2 found in
mail - rejected
### example of a temp fail with virus:
Jan 25 08:45:27 host mimedefang.pl[20624]:
MDLOG,l0PGj6i6003318,virus,Trojan.Downloader-656,2***.76,<p**pinfo at ha********net>,<brid**t at ra****en****m>,Warning:
could not send message for past 4 hours
[root at host log]# grep l0PGj6i6003318 maillog
Jan 25 08:45:15 host sm-mta[3318]: l0PGj6i6003318:
from=<p**pinfo at ha********net>, size=813352, class=0, nrcpts=1,
msgid=<200701211939.l0LJTJIx023035 at ha********net>, proto=ESMTP,
daemon=MTA, relay=ha********net [20****6]
Jan 25 08:47:15 host sm-mta[3318]: l0PGj6i6003318: Milter: data,
reject=451 4.3.2 Please try again later
Jan 25 08:47:15 host sm-mta[3318]: l0PGj6i6003318:
to=<brid**t at ra****en****m>, delay=00:02:06, pri=843352, stat=Please try
again later
Here is my mimedefang config related to the virus scanner:
sub filter_begin {
my($entity) = @_;
if ($SuspiciousCharsInHeaders) {
md_graphdefang_log('suspicious_chars');
return action_bounce("Message rejected because of suspicious
characters in headers");
}
# Copy original message into work directory as an "mbox" file for
virus-scanning
# md_copy_orig_msg_to_work_dir_as_mbox_file();
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
return action_bounce("Virus $VirusName found in mail - rejected");
}
if ($action eq "tempfail") {
action_tempfail("Problem running virus-scanner");
md_syslog('warning', "Problem running virus scanner: code=$code,
category=$category, action=$action");
}
}
Anybody have any ideas why this could be happening?
Thanks,
Scott Oertel
More information about the MIMEDefang
mailing list