Elric Pedder wrote:I don't think TMPDIR is used very widely, so it would depend on how many systems you are using. I've been looking at controlling the environment variable as you suggested and it should be viable.
Well, I got another phishing e-mail caught by the interactive a/v over the weekend. First time in three months. It patiently waited there until I got in to work and didn't seem to bother MTQ.
sa doesn't seem to complain about the deleted file, in fact, it seemed to correctly decide that the message was spam.
00000008 0000025B 18/07/2008 23:39:40 RETR 1 ---> +OK 5365 octets
00000800 00000000 18/07/2008 23:39:56 SpamAssassin: "*****SPAM***** Capital One Bank Customer Service: Important Message. -Fri, 18 Jul 2008 16:38:51 +0200" from <a href="mailto:support@capitalone.com">support@capitalone.com</a> "Capital One bank" <support@capitalone.com> (spam=yes, score=19.20/6.30, symbols=HTML_FONT_LOW_CONTRAST;HTML_MESSAGE;MIME_HTML_ONLY;MIME_HTML_ONLY_MULTI;MPART_ALT_DIFF;RCVD_IN_PSBL;RDNS_NONE;SPF_SOFTFAIL;SPOOF_COM2COM;SPOOF_COM2OTH;URIBL_BLACK;URIBL_JP_SURBL;URIBL_PH_SURBL;URIBL_SC_SURBL;URIBL_WS_SURBL)
00000800 00000000 18/07/2008 23:39:56 Anti-Spam Receipt: SpamAssassin From (<a href="mailto:support@capitalone.com">support@capitalone.com</a> "Capital One bank" <support@capitalone.com>) To (hallvs) Subject (*****SPAM***** Capital One Bank Customer Service: Important Message. -Fri, 18 Jul 2008 16:38:51 +0200) Score (19.2/6.3) Symbols (HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF,RCVD_IN_PSBL,RDNS_NONE,SPF_SOFTFAIL,SPOOF_COM2COM,SPOOF_COM2OTH,URIBL_BLACK,URIBL_JP_SURBL,URIBL_PH_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL)
00000008 0000025B 18/07/2008 23:39:56 DELE 1 ---> +OK
00000008 0000025B 18/07/2008 23:39:56 QUIT ---> +OK <a href="mailto:hallvs@ourbigspammedemailaddress.com">hallvs@ourbigspammedemailaddress.com</a> POP3 server signing off.
- 0000025B
00000080 00000000 18/07/2008 23:40:02 Routing (Inbound) HLLV84FFBDAA (0 locked, 0 queued)
00000080 00000000 18/07/2008 23:40:02 Router: (Depth 0) HLLV84FFBDAC from <a href="mailto:support@capitalone.com">support@capitalone.com</a> for andrew
00000800 00000000 18/07/2008 23:40:02 Anti-Spam: Mailslot andrew, Score 0.99, Message HLLV84FFBDAC ("*****SPAM***** Capital One Bank Customer Service: Important Message. -Fri, 18 Jul 2008 16:38:51 +0200" from <a href="mailto:support@capitalone.com">support@capitalone.com</a>)
So SA seems pretty robust w.r.t. having its own files deleted, but I still don't like it, so I've created a
TMPDIR system wide environment variable pointing to C:\Program Files\Mailtraq\TMP.
We'll see what happens, but if this is only going to occur every three months, I'm not going to spend much more time on it.
Everything above still happens, btw.
Is there a configuration of spamassassin to use a temp folder in the mailtraq folder (which has monitoring turned off) ?
This raises an important question. Is mailtraq testing for spam before testing for virulence?
Are we able to do things the other way round? Or does that negate some of the efficacy of the spam filtering?
Also, I'd strongly urge mailtraq to withdraw its recommendation of Command antivirus, as each signature update is like installing a new version of the program (complete with obligatory reboot). How server-non-friendly can you get?
Can someone confirm whether mailtraq does the antivirus test before or after the antispam test?
It may also be that Command Antivirus is not picking up phishbank e-mails. (sigh)
Just wanting to bump this question up, since I'm still in need of this info.
I just need to know the flow of mail messages if I'm using POP3 to retrieve from an ISP (POP3 A/V is turned OFF),
and have Bayesian turned on,
and have SAWin32 set up with spamd server address of C:\Program Files\Mailtraq\SpamAssassinForMailtraq\spamd.exe
and have Command Antivirus ticked and Operational.
Is it RETRIEVE -> SA -> Bayesian -> A/V?
The thing is, I'm still occasionally getting virus files (normally phishing emails) picked up by my normal interactive a/v (Computer Associates) whilst SA is doing its thing.
I'm not sure what this does to the flow of mail through MTQ. Nothing has hung yet.
Just want to get the order right before asking the sourceforge forum about how to set SA's temp folder to something other than \windows\temp (which I really want to keep monitoring for viruses, as it is the most likely place to get a virus turning up).
I assume they're using TEMP or TMP environment variables. Which might mean there's a way MTQ could tell it to use somewhere else?
That's assuming MTQ is piping the message to it - or is MTQ creating an MBOX file and asking spamd to scan it?
The sequence is Retrieve -> DBL -> EAP -> Bayesian -> SpamAssassin -> A/V
I hope this helps. I wouldn't be surprised if the SpamAssassin temp directory is being monitored. I would guess, since Mailtraq launches SA, that it is using the system temporary directory which is specified in the System properties of the control panel.
Interesting, Bayesian before spamassassin, but that explains some curious spam/ham decisions I had seen.
Indeed, sa uses either the TMP or TEMP variable.
Only I can't really change that. I just want SA to have a different TMP (or TEMP), which would be somewhere in the mailtraq folder heirarchy so that it wouldn't be monitored.
There is no way I'm turning off monitoring of C:\WINDOWS\TEMP !!
I'll ask the SAWin32 crowd if there is a setting.
I guess I could always make my own version (sigh).
Otherwise I'd need MTQ to launch SA with a new environment variable.
On the small chance that there is an undocumented command line switch for launching spamd, is there a way for MTQ to pass that? (Say, if it's in the spamd path line?)
Elric, I've been giving this further thought, and wonder whether it wouldn't be better for MTQ to check the file for viruses first.
Thus change the pre-processing order from Retrieve -> DBL -> EAP -> Bayesian -> SpamAssassin -> A/V to
Retrieve -> A/V -> DBL -> EAP -> Bayesian -> SpamAssassin
(what's EAP, btw?)
Alternately, if I can get SpamAssassin to unload to a different TMP folder (one that I'm happy to turn off real-time A/V for) the I can avoid the potential of files getting deleted beneath SA's feet. There is no run-time setting like -T or such.
From what I could read of SAWin's source, it uses File::Spec->tmpdir for creating/using temporary folders and files.
tmpdir uses $ENV{TMPDIR}, $ENV{TEMP} or $ENV{TMP} in that order.
It seems that TMPDIR is not set on my system (it may be on others, I s'pose). So could MTQ set the TMPDIR environment variable to MTQ's temporary folder (I'm sure you must have one, and hopefully it is in the c:\program files\mailtraq tree somewhere, and I have a/v turned off for that area) before spawning the SA job?
I'm not sure what would happen if I set this variable system-wide, as other software may use it, it would be best if MTQ did it only for SA.
Do either of those solutions sound sensible/feasible/worthwhile? I figure it would fix a potential problem for all systems that have a/v monitoring on windows\temp.
You should be able to set TMPDIR in the Environment Variables by going to System in your Control Panel. Is that possible?
So that the A/V check would be done in a controlled space (I presume MTQ unpacks the file somewhere within the MTQ folder tree which has a/v turned off) and caught before my system-wide a/v finds it in the less controlled spamassassin setting.
Yes, possible. Just not sure of side effects. I don't know what other software which is on my system would use the TMPDIR environment variable if I set it. 'cos then they'd be using the mailtraq folder that I would set up for sa.
I guess I can suck it and see.
What we need is a specific temporary directory for Mailtraq, within its directory structure, that it is responsible for cleaning too. But if you do try the TMPDIR change please let me know if it helps.