Infrastructure
  1. Infrastructure
  2. INFRA-222

anti-virus filtering overzealous for one specific list

    Details

      Description

      One of the subscribers to friends at SpamAssassin.apache.org just attempted to post a snippet of HTML code to the list, and received a bounce saying:

        From: Mail Delivery Subsystem <MAILER-DAEMON at feynman.cliq.com>
        Message-Id: <200502252119.j1PLJDql031950 at feynman.cliq.com>
        To: <spambouncer at feynman.cliq.com>
        MIME-Version: 1.0
        Content-Type: multipart/report; report-type=delivery-status;
                boundary="j1PLJDql031950.1109366353/feynman.cliq.com"
        Subject: Returned mail: see transcript for details
        Auto-Submitted: auto-generated (failure)

        This is a MIME-encapsulated message

        --j1PLJDql031950.1109366353/feynman.cliq.com

        The original message was received at Fri, 25 Feb 2005 13:19:04 -0800 (PST)
        from IDENT:spambouncer at localhost [127.0.0.1]

          ----- The following addresses had permanent fatal errors -----
        <friends at spamassassin.apache.org>
            (reason: 552 Virus Found: HTML.Phishing.Bank-1 )

          ----- Transcript of session follows -----
        ... while talking to mail.apache.org.:
        >>> DATA
        <<< 552 Virus Found: HTML.Phishing.Bank-1
        554 5.0.0 Service unavailable

        <snip rest>


      The HTML code was, indeed, a part of the code from a phish message. However, we need to be able to discuss these techniques on-list, if at all possible, because it's a form of spam and that's what the list is there for. ;)

      Is there any way to turn off clamav scanning for this list (and dev@SpamAssassin as well if possible)?

        Activity

        Hide
        Justin Mason added a comment -
        agreed. thanks Henri
        Show
        Justin Mason added a comment - agreed. thanks Henri
        Hide
        Henri Yandell added a comment -
        Nothing heard for 3 months - so considering fixed. Please re-open if still a problem.
        Show
        Henri Yandell added a comment - Nothing heard for 3 months - so considering fixed. Please re-open if still a problem.
        Hide
        Joe Schaefer added a comment -
        I turned off clamav for the spamassassin.apache.org domain.
        Keep an eye on it, and let me know if it helps or hurts.
        Show
        Joe Schaefer added a comment - I turned off clamav for the spamassassin.apache.org domain. Keep an eye on it, and let me know if it helps or hurts.
        Hide
        Justin Erenkrantz added a comment -
        This isn't a mailing list issue per se, but qmail/qpsmtpd instead.
        Show
        Justin Erenkrantz added a comment - This isn't a mailing list issue per se, but qmail/qpsmtpd instead.
        Hide
        Justin Erenkrantz added a comment -
        It's not currently possible for qpsmtpd to ignore these types of results from clam.

        However, I'll try to take a look at this during the infra-thon (mid-March) and talk with others there to see if we can come up with a creative way around this.
        Show
        Justin Erenkrantz added a comment - It's not currently possible for qpsmtpd to ignore these types of results from clam. However, I'll try to take a look at this during the infra-thon (mid-March) and talk with others there to see if we can come up with a creative way around this.
        Hide
        Daniel Quinlan added a comment -
        I suspect ignoring /^HTML\./ results from ClamAV would do the job. Anyone
        sending an executable/attachment virus can package it up.
        Show
        Daniel Quinlan added a comment - I suspect ignoring /^HTML\./ results from ClamAV would do the job. Anyone sending an executable/attachment virus can package it up.

          People

          • Assignee:
            Justin Erenkrantz
            Reporter:
            Justin Mason
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development