Hi there,
I'm receiving a MailScanner virus alert every 5' or so (there are only a few clients on this server) Also, most of the emails sent by my server are MailScanner virus alerts, most of them about SomeFool virus (any variant)
This virus (and many other new viruses) has a particularly annoying behavior, it doesn't sends the emails using the email address of the infected user, instead, it uses others email addresses found in the address book. Then, the MailSanner alerts are not going to the infected users but to any other people, most of them not infected.
I think that having in mind this situation, may be the best way to avoid side effects (specially server overload) from this grippe would be just ignore it not sending any virus alert.
What do you think?
Regards,
Pablo
Full Version: MailScanner and the virus alerts, a crossroads
Imagine to be the Invisible Man... Sounds great, but don't you think it should be as frustrating as not getting any answer to a post in a popular forum like this? 
Stop sending virus alerts to sender, 99.9% it is FALSE. I have the nasty habit of blacklisting anyone who does that to me. It also sends my users into a frenzy. For the better of the net community, just bit bucket the damn viruses and leave it at that.
Weird... I never saw this thread before 
Just disable email alerts in the mailscanner config. We don't send any alerts, the virus just gets binned and the email sent on to it's recepiant with an attachment saying the virus has been removed.
As you said, most from headers are forged, so you end up spamming innocent users, who could report you to the planet.
Just disable email alerts in the mailscanner config. We don't send any alerts, the virus just gets binned and the email sent on to it's recepiant with an attachment saying the virus has been removed.
As you said, most from headers are forged, so you end up spamming innocent users, who could report you to the planet.
Thank you friends 
I don't know if this is similar problem but after mailscanner is installed Iam receiving lots of notifications from mailscanner of infected e-mails. This notifications are coming to e-mail postmaster@host.mydomain.com . Acunett guys installed this and they told me that they disabled this notifications to be send but Iam still receiving this notifications.
I went to mailscanner.conf on my own and there is almost nothing in there. There is certanly not any line related to sending notification e-mails.
What can i do to stop this notifications to come ? I know that I can disable or change e-mail in Server setup in WHM but this will stop sending important e-mails from server so there must be another way. If it is not possible to disable this sending notification, how can i choose which e-mail address to be addressed with this notifications ?
I went to mailscanner.conf on my own and there is almost nothing in there. There is certanly not any line related to sending notification e-mails.
What can i do to stop this notifications to come ? I know that I can disable or change e-mail in Server setup in WHM but this will stop sending important e-mails from server so there must be another way. If it is not possible to disable this sending notification, how can i choose which e-mail address to be addressed with this notifications ?
You're probably getting the administrator alerts. If they installed the layer1 MailScanner the config file should be in:
/usr/mailscanner/etc/MailScanner.conf
The section you're looking for is:
Change that last one to no. Then stop and restart MailScanner:
/usr/mailscanner/etc/MailScanner.conf
The section you're looking for is:
CODE
#
# Notices to System Administrators
# --------------------------------
#
# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes
# Notices to System Administrators
# --------------------------------
#
# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes
Change that last one to no. Then stop and restart MailScanner:
CODE
killall MailScanner
sleep 8
/usr/mailscanner/bin/check_mailscanner
sleep 8
/usr/mailscanner/bin/check_mailscanner
This has already been set like this but it seems it is still sending.
I was told that I could change "postmaster" mail in WHM but I can not find anything there where I could change it.
Someone knows under what section in WHM is this ?
I was told that I could change "postmaster" mail in WHM but I can not find anything there where I could change it.
Someone knows under what section in WHM is this ?
There's one more thing:
I'd like to send a warning to users who send badly-named filenames, but don't want to send virus warnings. The problem is that there's only one option for this:
It's all or nothing... unless you use a ruleset file, no idea how to do it...
Regards!
I'd like to send a warning to users who send badly-named filenames, but don't want to send virus warnings. The problem is that there's only one option for this:
QUOTE
# Do you want to notify the people who sent you messages containing
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = yes
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = yes
It's all or nothing... unless you use a ruleset file, no idea how to do it...
Regards!
QUOTE (chirpy)
Change that last one to no. Then stop and restart MailScanner:
CODE
killall MailScanner
sleep 8
/usr/mailscanner/bin/check_mailscanner
sleep 8
/usr/mailscanner/bin/check_mailscanner
Acunett told me that for restert of Mailscanner I should do following but this result as "Unrecognized service":
/sbin/service MailScanner stop
/sbin/service MailScanner start
This did not worked so they told me to restert Exim or server.
So this appears to be many ways to restart mailscanner but can someone tell me what could be for sure the right way.
QUOTE (unamigo)
There's one more thing:
I'd like to send a warning to users who send badly-named filenames, but don't want to send virus warnings. The problem is that there's only one option for this:!
One problem there though, most virii are sent using 'bad filenames' so you'll end up sending mail to innocent users again.
I'd like to send a warning to users who send badly-named filenames, but don't want to send virus warnings. The problem is that there's only one option for this:!
(I'd say about 98% of the 'bad filename' emails you'll send out will be going to innocent users due to forged headers from a virus.)
QUOTE (dxer)
This did not worked so they told me to restert Exim or server.
So this appears to be many ways to restart mailscanner but can someone tell me what could be for sure the right way.
It all depends how they installed it, they should beable to tell you how to restart it. Personally mine is setup so that a restart of exim (either via whm or shell) will also restart mailscanner.
So this appears to be many ways to restart mailscanner but can someone tell me what could be for sure the right way.
A reboot of the server would be a sure way to restart it
You're right Paul. I won't send no alert message.
Thanx!
Thanx!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.