Hi all, my internal mailserver is fully equipped with antivirus software, so i decided to declare it a noScanIP for assp (ASSP version 2.5.4(16294)). The outbound mail flow is: Exchange (192.168.12.241) -> ASSP (192.168.12.242:25) -> Postfix (127.0.0.1:125) -> internet
Here is an (anonymized) excerpt from the log which looks like assp ignores this setting and scans outgoing mails for virus regardless: 2016-10-25 19:59:53 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> info: found message size announcement: 13.09 kByte 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] [Plugin] calling plugin ASSP_AFC 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] IP 192.168.12.241 matches noScanIP - with 192.168.12.241/32 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] info: 1 attachment found for Level-0 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] 192.168.12.241 <[email protected]> to: [email protected] local (no bad attachments) 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] [MessageOK] 192.168.12.241 <[email protected]> to: [email protected] message ok [Interesting subject here] -> /opt/assp/notspam/11989.eml 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <[email protected]> to: [email protected] finished message - received DATA size: 11.92 kByte - sent DATA size: 12.55 kByte 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <[email protected]> to: [email protected] disconnected: session:7FF1A5AF63D0 192.168.12.241 - processing time 1 seconds 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <[email protected]> to: [email protected] ClamAV: scanned 12206 bytes in file /opt/assp/notspam/11989.eml - OK 2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241 <[email protected]> to: [email protected] FileScan: scanned 12206 bytes in file /opt/assp/notspam/11989.eml OK This is not a big deal at all, better scan twice than never. Id just like to know the wise guys explanation for this unexpected behaviour. Best regards Dirk ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
