Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Corrupt messages after Spamfilter caused by ??
  FAQ FAQ  Forum Search   Register Register  Login Login

Corrupt messages after Spamfilter caused by ??
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
MartinC View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinC Quote  Post ReplyReply Direct Link To This Post Topic: Corrupt messages after Spamfilter caused by ??
    Posted: 18 June 2003 at 4:48am

hi,

we are using spamfilter on our main mail host and then passing off to nai webshield smtp for virus checking.

we've had no problems with this setup previously but now find we are getting some external users blocked with an "unable to scan" (corrupt email) message on the webshield server.

Am I correct in saying that spamfilter doesn't alter the message headers at all? (and shouldn't be the cause of the problem.)

we've done no upgrades on the webshield server, and only the minor updates on spamfilter upto 124.

our firewall has recently been replaced so could be a possible culprit also...

anyone had any similar experiences like this?
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 18 June 2003 at 8:06pm

NAI's WebShield (which we also use) does have trouble scanning some messages.  However, we have seen no increase in this with the use of SpamFilter ISP.  If a header has severe Non RFC conditions, this causes the "can not be scanned" message.  Also, PGI encrypted messages do the same thing because they CAN'T be scanned. Our strategy is to set the "Notify Only" option under the Corrupt E-Mail setting in the "Action" tab of the "Scanning" menu.  This way the customer knows that a message MAY have a problem and let him use some caution when opening it.

Our stats show that for every 100,000 scanned messages, about 1500 fall into the can't be scanned group.  Our big complaint it the nasty mess it leaves in the event log.  NAI is releasing a new version (so they say) in the next day or so.  Perhaps, they will have cleaned this up a bit.

Dan S.
Back to Top
MartinC View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinC Quote  Post ReplyReply Direct Link To This Post Posted: 19 June 2003 at 6:04am

thanks dan.

yes, was looking at these settings yesterday in case it was a badly formatted message screwup. ticking that box fixes our problem but the warning still goes out to the user... good but not perfect.

the odd thing is we have 2 external users who have never had this problem before about a month ago but its now happening to them regularly.. all the blocked messages are base 64 type and look okay afaik.

the firewall has been upgraded to Checkpoint NG and we've done a couple of minor upgrades on spamfilter to the latest versions but didn't see these as significant enough to break this...

anyone know a good interactive website for verifying email messages and their formats (inc base64 format)?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 June 2003 at 12:50am
Martin,
 
We have made aware today of a bug where under certain specific conditions some bytes in an attachemt are changed, thus corrupting it. We were able to reproduce the problem and are testing the fix internally.
 
This weekend we will release the new v1.2 release of SpamFilter featuring the database-enabled quarantine and end user web access to it. It will include the patch for the attachement corruption.
 
Are you going to be upgrading to this new release (it's a free upgrade)? If not, we will try to go back and patch the oder .124 build as well for users who will not upgrade to the new version.
 
Roberto Franceschetti
LogSat Software
Back to Top
MartinC View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinC Quote  Post ReplyReply Direct Link To This Post Posted: 21 June 2003 at 7:37am
Hi Roberto
 
thanks for the info - not sure if this is the exact bug we are having but sounds promising.
 
our messages do not necessarily contain attachments - is this the only time the bug happens?
 
looking at our messages, they all seem to be base 64 and with a single finishing "." full stop... pretty sure I read this may actually be invalid and should be a double full stop ".."
 
our spamfilter messages get passed off to a webshield smtp server for virus checking which is where they first get listed as corrupt, previously never any corrupt messages of this type before about 4 weeks ago... (approx when we upgraded to ~121 or 124).
 
this could be a webshield bug with it incorrect reading some slightly odd base64 message format OR it could be caused by the sending email systems themselves..
(we noticed that all our example messages have come through virus firewalls or mailers that append disclaimers for example).
 
yes, we will be upgrading to the new version of 1.2 but not immediately... need to test it internally first with the new quaranting features. the RegEx stuff does sound very useful.
 
if you think our problem maybe happening because of a spamfilter bug, it would be handy if you could patch version .124 for us to then test.
 
we have 2 external people we can contact so the tests would only have to run for an hour or so.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.250 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us