DB Quarantine beta 282 problem ? |
Post Reply 
|
| Author | |
Lee 
Groupie 
Joined: 04 February 2005 Location: United States Status: Offline Points: 50 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: DB Quarantine beta 282 problem ?Posted: 06 February 2004 at 5:00pm |
|
Is anyone having a problem with the db in the beta release ? It was working after installing over the previous release but now when I select Refresh I no longer get a listing of the quarantined files. I am wondering if this is a size issue because I am holding files for 4 days and the db is pretty big in size. Lee |
|
 |
|
|
George
Guest Group 
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 5:23pm |
|
I have also had this problem since the new beta up. I had not bothered to look at the db until yesterday and noticed that it had grown to three times the size that it was before I put the attachment blocking on. I have stopped quarantining keywords and attachments but the database has not dropped in size yet.
|
|
|
|
|
George
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 6:04pm |
|
The problem is worst then I thought at first. Come to find out, now no email is quarantine. I have rebuilt the database and still no email goes to the database. Roberto, help!!! |
|
|
|
|
George
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 7:07pm |
|
Well, I ended up dumping the database on the server and went back to 281. Now everything is working again. If someone plans on dumping the quarantine database make sure you backup the login names to an access table so you can restore it after you have everything working again. I didn't bother with the emails since most of them were either junk or Mydoom attachments. Too bad we can't drop attachments and keep keyword blocked emails. I also wish that I didn't have quaratine max recipient blocked emails. (wish list item "Do not quarantine" option to go with existing setting section. g
|
|
|
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 7:41pm |
|
Guys, When I was running the 282, I did not have the same issue you are having. However, you may want to try the 285. Dan S.
|
|
|
|
|
George
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 8:56pm |
|
Well I have found a bug I think. In 281 if you select do not quaratine keyword rejections then noting get quaratined but if you uncheck it then quarantined emails go to the database. I found this after reinstalling SF when I discovered that no emails were getting sent to the DB server. I would say this is strange but given how things have been going all week due to Mydoom I am not surprised.
Murphy's law and all.
|
|
|
|
|
Lee
Groupie
Joined: 04 February 2005 Location: United States Status: Offline Points: 50 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 9:08pm |
|
George, Good Call !!!! It looks like the same problem in .282. As soon as I unchecked "Do not quarantine..." in the keyword filter section, boom the quarantine started working. I am very impressed with the 282 beta. I am sure I have not run into all the bugs but I can't believe how much spam and viruses it catching. In fact my virus server has not seen a single virus because spamfilter is catching all of the attachments. Lee |
|
|
|
|
George
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 9:31pm |
|
Same quarantine problem in 285 too. If I want anything quarantined I have to allow keyword flagged emails to be quarantined other wise nothing gets through. With current email borne worms and virus's going around i'd rather dump all in favor of storing infected emails. It is such a waste of drive space and overall system performance. Once I got a good list of subjects and attachment names I have not have any infected files hit my address and given that my first name is one of the seed names in the mydoom virus I would offer a thumbs up on how well the filter part on the new subject and attachment options. Hopefully SF will get this issue fixed soon.
|
|
|
|
|
JimMeredith
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 February 2004 at 10:31pm |
|
Just to throw out another idea... I have put a separate (outside of SpamFilter) process in place to purge the MyDoom generated emails (at least most of them) on an hourly basis. The following query will purge viral messages only, reducing the size of your quarantine database dramatically, while leaving "legitimate" quarantined items alone.
(Note: HTML truncates whitespace... there are TWO spaces between the words "elkern" and "removal" above.) After running this query, the messages will be deleted from the database the next time SpamFilter runs it's "deleting expired items" cycle. This query text is conservative. It doesn't purge ALL of the MyDoom messages, just 95%+ of them, enough to effect a BIG reduction in quarantine size without being too aggressive. It could easily be adjusted to be more aggressive, if you wish. By deleting all of the query text starting with the word "and" you've got an aggressive, take-no-prisoners, "I'm not going to allow ANY attachments to be quarantined on my mail system!" query... that will probably delete some legitimate quarantined messages with attachments if you're not very careful. You can manually run this query periodically, or use your favorite method of query scheduling to run it on a routine basis. I run it hourly on our mid-volume mail system, but you high-volume guys routing 10,000 messages an hour will probably need to run it a little more often than this. This query works for a default Microsoft SQL Server (case-insensitive) installation. Syntax and methods will differ for other database platforms. |
|
|
|
|
George
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 February 2004 at 1:08am |
|
X E LENT idea! Works like a charm. I even added a few more decrips to delete and have them all go at once. Thanks,
g |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 09 February 2004 at 12:05am |
|
Indeed good call George. We confirm the bug you found. We still haven't verified 100%, but so far it seems to be present in all previous builds, including v1.2.x. We should have it fixed in the next build. Roberto F. |
|
|
|
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 09 February 2004 at 12:35am |
|
Hey GREAT Idea. Glad someone is using their noodle until Roberto gets a chance to update the software! I ran with your idea and created this script. It's alot easier to follow, you can copy and paste each line and it will remove by keyword or subject line. update tblquarantine set expire=1 where RejectDetails = 'found keywords: [found prohibited attachment]' |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.123 seconds.