17:23:33
|
#ls -l /var/spool/MD-Quarantine/
|
| /l3/users/clint/MIMEDefang-ASP/asp.linux.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 |
|
|
#chmod 750 /var/spool/MD-Quarantine/
|
|
#ls -l /var/spool/MD-Quarantine/
итого 0 |
|
#ls -l /var/spool/MIMEDefang/
y:Отправить q:Прервать t:To c:CC s:Subj a:Вложить файл d:Описание ?:Помощ
From: root <root@asp.linux.nt>
To: user@asp.linux.nt
Cc:
Bcc:
Subject: w
Reply-To:
Fcc:
Security: Не применять [applica/octet-stre, quoted, 0K]итого 8
srwxrwxrwx 1 defang defang 0 Окт 30 17:11 clamd.sock
-rw-r----- 1 defang defang 5 Окт 30 17:21 mimedefang-multiplexor.pid
srw------- 1 defang defang 0 Окт 30 17:21 mimedefang-multiplexor.sock
-rw-r----- 1 defang defang 5 Окт 30 17:21 mimedefang.pidit, us-ascii, 0,1K]
srwxr-x--- 1 defang defang 0 Окт 30 17:21 mimedefang.sock
-- Mutt: Compose [Approx. msg size: 0,1K Atts: 2]----------------------------
Сообщение отправить не удалось, процесс-потомок вернул 69 (Service unavailable
|
|
#vi /etc/mail/mimedefang-filter
186c186
< action_bounce("MIME type message/partial not accepted here");
---
> return action_bounce("MIME type message/partial not accepted here");
|
|
#tail -f /var/log/maillog
Oct 30 17:25:28 asp sendmail[7481]: k9UFPR5K007481: to=<postmaster@asp.linux.nt>, delay=00:00:00, pri=33888, stat=MIME type message/partial not accepted here Oct 30 17:25:28 asp sendmail[7480]: k9UFPQ2m007480: to=postmaster, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=32609, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable Oct 30 17:25:28 asp sendmail[7480]: k9UFPQ2l007480: Losing ./qfk9UFPQ2l007480: savemail panic Oct 30 17:25:28 asp sendmail[7480]: k9UFPQ2l007480: SYSERR(root): savemail: cannot save rejected email anywhere Oct 30 17:26:07 asp mimedefang[7464]: MIMEDefang-2.57: mi_stop=1 Oct 30 17:26:09 asp mimedefang-multiplexor[7450]: Received SIGTERM: Stopping slaves and terminating Oct 30 17:26:09 asp mimedefang-multiplexor[7450]: Reap: slave 1 (pid 7475) exited normally with status 0 Oct 30 17:26:09 asp mimedefang-multiplexor[7450]: Slave 1 resource usage: req=0, scans=0, user=0.700, sys=0.036, nswap=0, majflt=0, minflt=5053, maxrss=0, bi=0, bo=0 Oct 30 17:26:09 asp mimedefang-multiplexor[7450]: Reap: slave 0 (pid 7451) exited normally with status 0 Oct 30 17:26:09 asp mimedefang-multiplexor[7450]: Slave 0 resource usage: req=3, scans=3, user=0.744, sys=0.088, nswap=0, majflt=0, minflt=5139, maxrss=0, bi=0, bo=0 Oct 30 17:26:09 asp mimedefang-multiplexor[7548]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 Oct 30 17:26:09 asp mimedefang-multiplexor[7548]: Starting slave 0 (pid 7549) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:26:09 asp mimedefang[7562]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0 Oct 30 17:26:09 asp mimedefang[7562]: Multiplexor alive - entering main loop Oct 30 17:26:09 asp mimedefang-multiplexor[7548]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near ""MIME type message/partial not accepted here")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:26:09 asp mimedefang-multiplexor[7548]: Reap: slave 0 (pid 7549) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:26:09 asp mimedefang-multiplexor[7548]: Slave 0 resource usage: req=0, scans=0, user=0.300, sys=0.024, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0 Oct 30 17:26:12 asp mimedefang-multiplexor[7548]: Starting slave 0 (pid 7574) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:26:12 asp mimedefang-multiplexor[7548]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near ""MIME type message/partial not accepted here")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:26:12 asp mimedefang-multiplexor[7548]: Reap: slave 0 (pid 7574) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:26:12 asp mimedefang-multiplexor[7548]: Slave 0 resource usage: req=0, scans=0, user=0.296, sys=0.024, nswap=0, majflt=0, minflt=2487, maxrss=0, bi=0, bo=0 |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#mutt
d:Удалить u:Восстановить s:Сохранить m:Создать r:Ответить g:Вс
+asp.linux.nt 3:01
1 F Oct 27 To root@asp.lin ( 1) test
X-Virus-Status: Clean
2 F Oct 27 To root@asp.lin ( 2) test
Zn Fri, Oct 27, 2006 at 10:13:01PM +0300, root wrote:
> rerewr
> rwerwe
[-- Вложение #2: test.exe --]
[-- Тип: application/octet-stream, кодировка: quoted-printable, размер: 0K --]
[-- тип application/octet-stream не поддерживается (используйте 'v' для
+просмотра этой части) --]
Re: test -- (all)
F- 2 test
Почтовый ящик не изменился.
|
|
#mutt user -a test.exe
|
|
#vi /etc/mail/mimedefang-filter
186c186
< return action_bounce("MIME type message/partial not accepted here");
---
> return action_quarantine("MIME type message/partial not accepted here");
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
186c186,187
< return action_quarantine("MIME type message/partial not accepted here");
---
> return action_quarantine;
> ####("MIME type message/partial not accepted here");
|
|
#tail -f /var/log/maillog
Oct 30 17:32:41 asp mimedefang-multiplexor[7977]: Slave 0 stderr: syntax error at /etc/mail/mimedefang-filter line 24, near "/var/spool" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near "action_quarantine;" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:32:41 asp mimedefang-multiplexor[7977]: Reap: slave 0 (pid 8040) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:32:41 asp mimedefang-multiplexor[7977]: Slave 0 resource usage: req=0, scans=0, user=0.296, sys=0.024, nswap=0, majflt=0, minflt=2485, maxrss=0, bi=0, bo=0 Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Starting slave 0 (pid 8041) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Slave 0 stderr: Bareword found where operator expected at /etc/mail/mimedefang-filter line 24, near "/var/spool" Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Slave 0 stderr: (Missing operator before pool?) Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Slave 0 stderr: syntax error at /etc/mail/mimedefang-filter line 24, near "/var/spool" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near "action_quarantine;" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Reap: slave 0 (pid 8041) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:32:44 asp mimedefang-multiplexor[7977]: Slave 0 resource usage: req=0, scans=0, user=0.296, sys=0.028, nswap=0, majflt=0, minflt=2485, maxrss=0, bi=0, bo=0 Oct 30 17:32:47 asp mimedefang-multiplexor[7977]: Starting slave 0 (pid 8042) (1 running): Bringing slaves up to minSlaves (2) ... Oct 30 17:33:53 asp mimedefang-multiplexor[7977]: Starting slave 0 (pid 8085) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:33:54 asp mimedefang-multiplexor[7977]: Slave 0 stderr: Too many arguments for main::get_quarantine_dir at /etc/mail/mimedefang-filter line 185, near "'/var/spool/MD-Quarantine')" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near "action_quarantine;" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:33:54 asp mimedefang-multiplexor[7977]: Reap: slave 0 (pid 8085) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:33:54 asp mimedefang-multiplexor[7977]: Slave 0 resource usage: req=0, scans=0, user=0.264, sys=0.056, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0 Oct 30 17:33:56 asp mimedefang-multiplexor[7977]: Received SIGTERM: Stopping slaves and terminating Oct 30 17:33:56 asp mimedefang-multiplexor[8121]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 Oct 30 17:33:56 asp mimedefang-multiplexor[8121]: Starting slave 0 (pid 8122) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:33:56 asp mimedefang[8135]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0 Oct 30 17:33:56 asp mimedefang[8135]: Multiplexor alive - entering main loop Oct 30 17:33:56 asp mimedefang-multiplexor[8121]: Slave 0 stderr: Too many arguments for main::get_quarantine_dir at /etc/mail/mimedefang-filter line 185, near "'/var/spool/MD-Quarantine')" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 186, near "action_quarantine;" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. |
|
#man mime
|
|
#man mimedefang-filter
|
|
#vi /etc/mail/mimedefang-filter
24c24 < --- > get_quarantine_dir(/var/spool/MD-Quarantine |
|
#ls /var/spool/MD-Quarantine/q
|
|
#/etc/init.d/mimedefang resatrt
Usage: /etc/init.d/mimedefang {start|stop|restart|condrestart|reread|reload|status}
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
24d23
< get_quarantine_dir(/var/spool/MD-Quarantine
119c118
< action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
---
> action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
186c185,186
< return action_quarantine;
---
> get_quarantine_dir('/var/spool/MD-Quarantine');
> return action_quarantine;
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
186,187c186
< return action_quarantine;
< ####("MIME type message/partial not accepted here");
---
> return action_quarantine("Отправлено в карантин");
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
276c276 < send_quarantine_notifications(); --- > # send_quarantine_notifications(); |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
|
|
#mv /etc/mail/mimedefang-filter.rpm
mimedefang-filter.rpmnew mimedefang-filter.rpmsave |
|
#mv /etc/mail/mimedefang-filter
mimedefang-filter mimedefang-filter.rpmsave mimedefang-filter.rpmnew |
|
#vi
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#/etc/init.d/mimedefang restart
|
|
#vi
|
|
#vi /etc/mail/mimedefang-filter
|
|
#yum remove mimedefang*
Setting up Remove Process Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package mimedefang-debuginfo.i386 0:2.57-1 set to be erased ---> Package mimedefang-contrib.i386 0:2.57-1 set to be erased ---> Package mimedefang.i386 0:2.57-1 set to be erased --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ... Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Removing : mimedefang-contrib ######################### [1/3] warning: /etc/sysconfig/mimedefang saved as /etc/sysconfig/mimedefang.rpmsave warning: /etc/mail/mimedefang-filter saved as /etc/mail/mimedefang-filter.rpmsave Removing : mimedefang ######################### [2/3] Removed: mimedefang.i386 0:2.57-1 mimedefang-contrib.i386 0:2.57-1 mimedefang-debuginfo.i386 0:2.57-1 Complete! |
|
#yum searcm mimedefang
usage: yum [options] < update | install | info | remove | list |
clean | provides | search | check-update | groupinstall |
groupupdate | grouplist | groupinfo | groupremove |
makecache | localinstall | erase | upgrade | whatprovides |
localupdate | resolvedep | shell | deplist >
options:
-h, --help show this help message and exit
-t, --tolerant be tolerant of errors
-C run entirely from cache, don't update cache
-c [config file] config file location
-R [minutes] maximum command wait time
-d [debug level] debugging output level
-e [error level] error output level
-y answer yes for all questions
--version show Yum version and exit
--installroot=[path] set install root
--enablerepo=[repo] enable one or more repositories (wildcards allowed)
--disablerepo=[repo] disable one or more repositories (wildcards allowed)
--exclude=[package] exclude package(s) by name or glob
--obsoletes enable obsoletes processing during updates
--noplugins disable Yum plugins
|
|
#yum search mimedefang
Searching Packages: Setting up repositories base 100% |=========================| 951 B 00:00 updates-released 100% |=========================| 951 B 00:00 Reading repository metadata in from local files No Matches found |
|
#rpm -i /usr/src/asplinux/RPMS/i386/mimedefang-*
ошибка: Неудовлетворенные зависимости:
perl(Unix::Syslog) нужен для mimedefang-2.57-1.i386
|
|
#rpm -i /usr/src/asplinux/RPMS/i386/mimedefang-* --no-deps
--no-deps: неизвестный параметр |
|
#rpm -i /usr/src/asplinux/RPMS/i386/mimedefang-* --nodeps
In order to complete the installation of mimedefang, you will need to add the following line to your sendmail mc file: INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m;E:5m') Use the sendmail-cf package to rebuild your /etc/mail/sendmail.cf file and restart your sendmail daemon. |
|
#/etc/init.d/mimedefang restart
Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
230c230,233
< return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
>
>
> #return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
> eturn action_quarantine("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
236,237c239,241
< return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
< }
---
> return action_quarantine("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
>
> }
|
|
#mutt
q:Выход c:Перейти в: m:Маска ?:Помощь 1 drwxr-xr-x 25 root root 4096 Oct 30 13:06 ../ 1 drwxr-xr-x 25 root root 16384 Oct 27 02:37 lost+found/ 2 drwx------ 2 root root 16384 Oct 27 02:37 lost+found/ 3 drwxr-xr-x 18 user user -- Mutt: Каталог [/home], маска файла: !^\.[^.] |
|
#/usr/lib/sendmail -bv -d0.1]
Version 8.13.7
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = asp
(canonical domain name) $j = asp.linux.nt
(subdomain name) $m = linux.nt
(node name) $k = asp.linux.nt
========================================================
Recipient names must be specified
|
|
#/usr/lib/sendmail -bv -d0.1
Version 8.13.7
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = asp
(canonical domain name) $j = asp.linux.nt
(subdomain name) $m = linux.nt
(node name) $k = asp.linux.nt
========================================================
Recipient names must be specified
|
|
#vi /etc/mail/mimedefang-filter
|
|
#q
bash: q: command not found |
|
#tail -f /var/log/maillog
Oct 30 17:56:09 asp mimedefang[8636]: MIMEDefang-2.57: mi_stop=1 Oct 30 17:56:09 asp mimedefang-multiplexor[8622]: Received SIGTERM: Stopping slaves and terminating Oct 30 17:56:09 asp mimedefang-multiplexor[8622]: Reap: slave 1 (pid 8647) exited normally with status 0 Oct 30 17:56:09 asp mimedefang-multiplexor[8622]: Slave 1 resource usage: req=0, scans=0, user=0.660, sys=0.064, nswap=0, majflt=0, minflt=5052, maxrss=0, bi=0, bo=0 Oct 30 17:56:09 asp mimedefang-multiplexor[8622]: Reap: slave 0 (pid 8623) exited normally with status 0 Oct 30 17:56:09 asp mimedefang-multiplexor[8622]: Slave 0 resource usage: req=1, scans=1, user=1.280, sys=0.092, nswap=0, majflt=0, minflt=8068, maxrss=0, bi=0, bo=0 Oct 30 17:56:09 asp mimedefang-multiplexor[8954]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 Oct 30 17:56:09 asp mimedefang-multiplexor[8954]: Starting slave 0 (pid 8955) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:56:09 asp mimedefang[8968]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0 Oct 30 17:56:09 asp mimedefang[8968]: Multiplexor alive - entering main loop ... Oct 30 17:56:12 asp mimedefang-multiplexor[8954]: Slave 0 resource usage: req=0, scans=0, user=0.284, sys=0.036, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0 Oct 30 17:56:15 asp mimedefang-multiplexor[8954]: Starting slave 0 (pid 8981) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:56:15 asp mimedefang-multiplexor[8954]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 239, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:56:15 asp mimedefang-multiplexor[8954]: Reap: slave 0 (pid 8981) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:56:15 asp mimedefang-multiplexor[8954]: Slave 0 resource usage: req=0, scans=0, user=0.292, sys=0.028, nswap=0, majflt=0, minflt=2487, maxrss=0, bi=0, bo=0 Oct 30 17:56:18 asp mimedefang-multiplexor[8954]: Starting slave 0 (pid 8982) (1 running): Bringing slaves up to minSlaves (2) Oct 30 17:56:18 asp mimedefang-multiplexor[8954]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 239, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 17:56:18 asp mimedefang-multiplexor[8954]: Reap: slave 0 (pid 8982) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 17:56:18 asp mimedefang-multiplexor[8954]: Slave 0 resource usage: req=0, scans=0, user=0.296, sys=0.028, nswap=0, majflt=0, minflt=2494, maxrss=0, bi=0, bo=0 330 # Some viruses produce malformed MIME messages tha342,2 99% |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#tail -f /var/log/maillog
me was removed from this document as it\nconstituted a security hazard.
If you require this document, please contact\nthe sender and arrange ann
alternate means of receiving it.\n");
234 }
235
236 # eml is bad if it's not message/rfc822
$fname was removed from this document as it\nconstituted a security hazaa
rd. If you require this document, please contact\nthe sender and arrangg
e an alternate means of receiving it.\n");
238 md_graphdefang_log('non_rfc822',$fname);
...
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Starting slave 0 (pid 9098) (1 running): Bringing slaves up to minSlaves (2)
252
Oct 30 17:58:41 asp mimedefang[9111]: Multiplexor alive - entering main loop
253
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Slave 0 stderr: Bareword found where operator expected at /etc/mail/mimedefang-filter line 233, near "eturn action_quarantine"
254 #***********************************************************************
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Slave 0 stderr: 5 (Do you need to predeclare eturn?)
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Slave 0 stderr: syntax error at /etc/mail/mimedefang-filter line 233, near "eturn action_quarantine" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 239, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Reap: slave 0 (pid 9098) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
Oct 30 17:58:41 asp mimedefang-multiplexor[9097]: Slave 0 resource usage: req=0, scans=0, user=0.288, sys=0.040, nswap=0, majflt=0, minflt=2490, maxrss=0, bi=0, bo=0
|
|
#vi /etc/mail/mimedefang-filter
233c233
< eturn action_quarantine("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> return action_quarantine("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#tail -f /var/log/maillog
236 # eml is bad if it's not message/rfc822
$fname was removed from this document as it\nconstituted a security hazaa
rd. If you require this document, please contact\nthe sender and arrangg
e an alternate means of receiving it.\n");
238 md_graphdefang_log('non_rfc822',$fname);
240
239 Oct 30 17:58:59 asp mimedefang-multiplexor[9097]: Slave 0 resource usage: req=0, scans=0, user=0.268, sys=0.052, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0
241 }
Oct 30 17:59:01 asp mimedefang[9111]: MIMEDefang-2.57: mi_stop=1
242
...
Oct 30 17:59:06 asp mimedefang-multiplexor[9186]: Slave 0 resource usage: req=0, scans=0, user=0.276, sys=0.044, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0
254 #*****************************************************233,1*********69%*
Oct 30 17:59:08 asp mimedefang-multiplexor[9186]: Starting slave 0 (pid 9213) (1 running): Bringing slaves up to minSlaves (2)
Oct 30 17:59:08 asp mimedefang-multiplexor[9186]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 239, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
Oct 30 17:59:08 asp mimedefang-multiplexor[9186]: Reap: slave 0 (pid 9213) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
Oct 30 17:59:08 asp mimedefang-multiplexor[9186]: Slave 0 resource usage: req=0, scans=0, user=0.312, sys=0.016, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0
Oct 30 17:59:11 asp mimedefang-multiplexor[9186]: Starting slave 0 (pid 9215) (1 running): Bringing slaves up to minSlaves (2)
Oct 30 17:59:11 asp mimedefang-multiplexor[9186]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 239, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
Oct 30 17:59:11 asp mimedefang-multiplexor[9186]: Reap: slave 0 (pid 9215) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
Oct 30 17:59:11 asp mimedefang-multiplexor[9186]: Slave 0 resource usage: req=0, scans=0, user=0.284, sys=0.040, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0
|
|
#vi /etc/mail/mimedefang-filter
239c239
< return action_quarantine("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> # return action_quarantine("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#Ãtail -f /var/log/maillog
Oct 30 17:59:41 asp mimedefang-multiplexor[9186]: Slave 0 resource usage: req=0, scans=0, user=0.288, sys=0.036, nswap=0, majflt=0, minflt=2488, maxrss=0, bi=0, bo=0
249
Oct 30 17:59:44 asp mimedefang-multiplexor[9186]: Starting slave 0 (pid 9248) (1 running): Bringing slaves up to minSlaves (2)
250 return action_accept();
Oct 30 17:59:44 asp mimedefang-multiplexor[9186]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
251 }
Oct 30 17:59:44 asp mimedefang-multiplexor[9186]: Reap: slave 0 (pid 9248) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
252
Oct 30 17:59:44 asp mimedefang-multiplexor[9186]: Slave 0 resource usage: req=0, scans=0, user=0.308, sys=0.016, nswap=0, majflt=0, minflt=2496, maxrss=0, bi=0, bo=0
253
...
Oct 30 17:59:52 asp mimedefang-multiplexor[9291]: Starting slave 0 (pid 9292) (1 running): Bringing slaves up to minSlaves (2)
Oct 30 17:59:52 asp mimedefang[9305]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0
Oct 30 17:59:52 asp mimedefang[9305]: Multiplexor alive - entering main loop
Oct 30 17:59:52 asp mimedefang-multiplexor[9291]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
Oct 30 17:59:52 asp mimedefang-multiplexor[9291]: Reap: slave 0 (pid 9292) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
Oct 30 17:59:52 asp mimedefang-multiplexor[9291]: Slave 0 resource usage: req=0, scans=0, user=0.304, sys=0.016, nswap=0, majflt=0, minflt=2490, maxrss=0, bi=0, bo=0
Oct 30 17:59:55 asp mimedefang-multiplexor[9291]: Starting slave 0 (pid 9316) (1 running): Bringing slaves up to minSlaves (2)
Oct 30 17:59:55 asp mimedefang-multiplexor[9291]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012.
Oct 30 17:59:55 asp mimedefang-multiplexor[9291]: Reap: slave 0 (pid 9316) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY)
Oct 30 17:59:55 asp mimedefang-multiplexor[9291]: Slave 0 resource usage: req=0, scans=0, user=0.296, sys=0.028, nswap=0, majflt=0, minflt=2487, maxrss=0, bi=0, bo=0
|
|
#vi /etc/mail/mimedefang-filter
230,233c230
<
<
< #return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
< return action_quarantine("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
239c236
< # return action_quarantine("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
|
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#tail -f /var/log/maillog
Oct 30 18:01:20 asp mimedefang-multiplexor[9453]: Starting slave 0 (pid 9487) (1 running): Bringing slaves up to minSlaves (2) Oct 30 18:01:21 asp mimedefang-multiplexor[9453]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 18:01:21 asp mimedefang-multiplexor[9453]: Reap: slave 0 (pid 9487) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 18:01:21 asp mimedefang-multiplexor[9453]: Slave 0 resource usage: req=0, scans=0, user=0.284, sys=0.036, nswap=0, majflt=0, minflt=2487, maxrss=0, bi=0, bo=0 Oct 30 18:01:23 asp mimedefang-multiplexor[9453]: Starting slave 0 (pid 9488) (1 running): Bringing slaves up to minSlaves (2) Oct 30 18:01:23 asp mimedefang-multiplexor[9453]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. Oct 30 18:01:23 asp mimedefang-multiplexor[9453]: Reap: slave 0 (pid 9488) exited normally with status 255 (SLAVE DIED UNEXPECTEDLY) Oct 30 18:01:23 asp mimedefang-multiplexor[9453]: Slave 0 resource usage: req=0, scans=0, user=0.280, sys=0.040, nswap=0, majflt=0, minflt=2487, maxrss=0, bi=0, bo=0 Oct 30 18:01:26 asp mimedefang-multiplexor[9453]: Starting slave 0 (pid 9490) (1 running): Bringing slaves up to minSlaves (2) Oct 30 18:01:26 asp mimedefang-multiplexor[9453]: Slave 0 stderr: Not enough arguments for main::action_quarantine at /etc/mail/mimedefang-filter line 233, near ")" Compilation failed in require at /usr/bin/mimedefang.pl line 5012. ... Oct 30 18:15:56 asp mimedefang.pl[9772]: MDLOG,k9UGFslK010056,bad_filename,Thunderbird Setup 1.5.0.4.exe,application/octet-stream,<root@asp.linux.nt>,<user@asp.linux.nt>,re Oct 30 18:15:56 asp mimedefang.pl[9772]: MDLOG,k9UGFslK010056,mail_in,,,<root@asp.linux.nt>,<user@asp.linux.nt>,re Oct 30 18:15:57 asp mimedefang.pl[9772]: filter: k9UGFslK010056: quarantine=1 Oct 30 18:15:57 asp sendmail[10056]: k9UGFslK010056: Milter change: header Content-Type: from multipart/mixed; boundary="fdj2RfSjLxBAspz7" to multipart/mixed; boundary="fdj2RfSjLxBAspz7" Oct 30 18:15:57 asp sendmail[10056]: k9UGFslK010056: Milter change: header MIME-Version: from 1.0 to 1.0 Oct 30 18:15:57 asp sendmail[10056]: k9UGFslK010056: Milter change: header Content-Disposition: from inline to inline Oct 30 18:15:57 asp sendmail[10056]: k9UGFslK010056: Milter message: body replaced Oct 30 18:15:58 asp sendmail[10056]: k9UGFslK010056: Milter add: header: X-Scanned-By: MIMEDefang 2.57 on 192.168.15.150 Oct 30 18:15:58 asp sendmail[10055]: k9UGFr4G010055: to=user@asp.linux.nt, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:04, mailer=relay, pri=8588821, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9UGFslK010056 Message accepted for delivery) Oct 30 18:15:59 asp sendmail[10059]: k9UGFslK010056: to=<user@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:05, xdelay=00:00:01, mailer=local, pri=8613319, dsn=2.0.0, stat=Sent |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#vi /etc/mail/mimedefang-filter
119c119
< # action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
---
> action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
135c135
< # $FoundVirus = ($action eq "quarantine");
---
> $FoundVirus = ($action eq "quarantine");
186c186,187
< return action_drop_with_warning("An attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> #return action_drop_with_warning("An attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
192c193,194
< return action_drop_with_warning("A non-multipart attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> #return action_drop_with_warning("A non-multipart attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
230c232,233
< return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> # return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
236c239,240
< return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
---
> action_quarantine($entity, "A known virus was discovered and deleted. Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
> # return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
|
|
#man mimedefang.pl
|
|
#mimedefang.pl -f /etc/mail/mimedefang-filter -test
Filter /etc/mail/mimedefang-filter seems syntactically correct. |
|
#mimedefang.pl -f /etc/mail/mimedefang-filter -test
Filter /etc/mail/mimedefang-filter seems syntactically correct. |
|
#mimedefang.pl -f /etc/mail/mimedefang-filter -test
Filter /etc/mail/mimedefang-filter seems syntactically correct. |
|
#mimedefang.pl -f /etc/mail/mimedefang-filter -test
Filter /etc/mail/mimedefang-filter seems syntactically correct. |
|
#mimedefang.pl -f /etc/mail/mimedefang-filter -test
Filter /etc/mail/mimedefang-filter seems syntactically correct. |
|
#/etc/init.d/mimedefang restart
Shutting down mimedefang: [ ОК ] Shutting down mimedefang-multiplexor: [ ОК ] Waiting for daemons to exit Starting mimedefang-multiplexor: [ ОК ] Starting mimedefang: [ ОК ] |
|
#ls -l /var/
account/ db/ local/ mail/ opt/ spool/ cache/ empty/ lock/ MIMEDefang/ preserve/ tmp/ clamav/ gdm/ log/ named/ racoon/ www/ cvs/ lib/ lost+found/ nis/ run/ yp/ |
|
#ls -l /var/MIMEDefang/
итого 0 |
|
#ls -l /var/spool/MD-Quarantine/
итого 4 drwxr-x--- 2 defang defang 4096 Окт 30 18:11 qdir-2006-10-30-18.11.04-001 |
|
#ls -l /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/
HEADERS PART.1.BODY RECIPIENTS SENDMAIL-QID MSG.1 PART.1.HEADERS SENDER |
|
#ls -l /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/
итого 24 -rw-r----- 1 defang defang 432 Окт 30 18:11 HEADERS -rw-r----- 1 defang defang 76 Окт 30 18:11 MSG.1 -rw-r----- 1 defang defang 0 Окт 30 18:11 PART.1.BODY -rw-r----- 1 defang defang 136 Окт 30 18:11 PART.1.HEADERS -rw-r----- 1 defang defang 20 Окт 30 18:11 RECIPIENTS -rw-r----- 1 defang defang 20 Окт 30 18:11 SENDER -rw-r----- 1 defang defang 15 Окт 30 18:11 SENDMAIL-QID |
|
#vi /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/HEADERS
|
|
#vi /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/PART.1.
|
|
#vi /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/SENDER
|
|
#vi /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/RECIPIEN
|
|
#vi /var/spool/MD-Quarantine/qdir-2006-10-30-18.11.04-001/PART.1.B
|
|
#ls -l /var/MD
ls: /var/MD: Нет такого файла или каталога |
|
#ls -l /var/spool/MD-Quarantine/
итого 8 drwxr-x--- 2 defang defang 4096 Окт 30 18:13 qdir-2006-10-30-18.11.04-001 drwxr-x--- 2 defang defang 4096 Окт 30 18:11 qdir-2006-10-30-18.11.57-001 |
|
#ls -l /var/spool/MD-Quarantine/
|
|
#tree /var/spool/MD-Quarantine/
bash: tree: command not found |
|
#yum install tree
Setting up Install Process Setting up repositories base 100% |=========================| 951 B 00:00 updates-released 100% |=========================| 951 B 00:00 Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for tree to pack into transaction set. tree-1.5.0-3.i386.rpm 100% |=========================| 4.8 kB 00:00 ... Is this ok [y/N]: y Downloading Packages: (1/1): tree-1.5.0-3.i386. 100% |=========================| 26 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: tree ######################### [1/1] Installed: tree.i386 0:1.5.0-3 Complete! |
|
#tree /var/spool/MD-Quarantine/
/var/spool/MD-Quarantine/
|-- qdir-2006-10-30-18.11.04-001
| |-- HEADERS
| |-- MSG.1
| |-- PART.1.BODY
| |-- PART.1.HEADERS
| |-- RECIPIENTS
| |-- SENDER
| `-- SENDMAIL-QID
`-- qdir-2006-10-30-18.11.57-001
|-- HEADERS
|-- MSG.1
|-- PART.1.BODY
|-- PART.1.HEADERS
|-- RECIPIENTS
|-- SENDER
`-- SENDMAIL-QID
2 directories, 14 files
|
|
#tree /var/spool/MD-Quarantine/
/var/spool/MD-Quarantine/
|-- qdir-2006-10-30-18.11.04-001
| |-- HEADERS
| |-- MSG.1
| |-- PART.1.BODY
| |-- PART.1.HEADERS
| |-- RECIPIENTS
| |-- SENDER
| `-- SENDMAIL-QID
`-- qdir-2006-10-30-18.11.57-001
|-- HEADERS
|-- MSG.1
|-- PART.1.BODY
|-- PART.1.HEADERS
|-- RECIPIENTS
|-- SENDER
`-- SENDMAIL-QID
2 directories, 14 files
|
|
#tree /var/spool/MD-Quarantine/
/var/spool/MD-Quarantine/ |-- qdir-2006-10-30-18.11.04-001 | |-- HEADERS | |-- MSG.1 | |-- PART.1.BODY | |-- PART.1.HEADERS | |-- RECIPIENTS | |-- SENDER | `-- SENDMAIL-QID |-- qdir-2006-10-30-18.11.57-001 ... | `-- SENDMAIL-QID `-- qdir-2006-10-30-18.15.56-001 |-- HEADERS |-- MSG.1 |-- PART.1.BODY |-- PART.1.HEADERS |-- RECIPIENTS |-- SENDER `-- SENDMAIL-QID 3 directories, 21 files |
|
#mutt
Bcc:
3 r F Oct 27 To root@asp.lin ( 16) Re: test
Subject: re
4 F Oct 28 To root@asp.lin ( 33) Re: test
Reply-To:
Fcc:
Security: Ðе пÑименÑÑÑ
-- ÐложениÑ
- I 1 /tmp/mutt-asp-0-10051-0 [text/plain, 7bit, us-ascii, 0,1K]
СообÑениÐено.
- /var/spool/mail/root [Msgs:4 4,6K]---(date/date) (all)
ÐоÑÑовÑй ÑÑик не изменилÑÑ.
|
|
#tree /var/spool/MIMEDefang/
clamd.sock mimedefang.pid mimedefang-multiplexor.pid mimedefang.sock mimedefang-multiplexor.sock |
|
#tree /var/spool/MD-Quarantine/
/var/spool/MD-Quarantine/ |-- qdir-2006-10-30-18.11.04-001 | |-- HEADERS | |-- MSG.1 | |-- PART.1.BODY | |-- PART.1.HEADERS | |-- RECIPIENTS | |-- SENDER | `-- SENDMAIL-QID |-- qdir-2006-10-30-18.11.57-001 ... | `-- SENDMAIL-QID `-- qdir-2006-10-30-18.15.56-001 |-- HEADERS |-- MSG.1 |-- PART.1.BODY |-- PART.1.HEADERS |-- RECIPIENTS |-- SENDER `-- SENDMAIL-QID 3 directories, 21 files |
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/
cat: /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/: Это каталог |
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/*
mí¼òÿÿÿÿðíìêë m®®µµ ݵµ®® mïððòÿÿÿÿÿÿÿÿó¼÷ìm®µÝÝÝÝóôò®® ì¼ð¼¼òÿÿÿÿÿÿÿÿÿÜÜÜ´®ìÖÝÝÝÝÝÝóôôÿï® ÷ð÷¼òÿÿÿÿÿÿÿÿÿÜÜÜ ®µÖÖÝÝÝÝÝÝÝóôÿÿò® ÷ï÷¼ðòÿÿÿqôÿÜÜÜ®µÖÖÖÖÝÝÝÝÝÝÝôÿÿÿò® ÷¼¼ïò----Uq´´®ÖÖÖÖÖÖÝÝÝÝÝÝÝÿÿÿÿÿñ® ÷¼íïðò--------®ÖÖÖÖÖÖÖÖÝÝÝÝÝÝÿÿÿÿÿÿï® ÷¼ðñðñ....---lìÝÖÖÖÖÖÖÖÖÝÝÝÝÝôÿÿÿÿÿÿÿ® ÷ñññññUUUU---® ÝÝÖÖÖÖÖÖÖÖÝÝÝÝÿÿÿÿÿÿÿÿ¼® ... ïòòòòòÝÝÝ}}}}ySëµÝÝÝÝÝÝÝôÿÝ®Ý ®ÝÿÝÝÝÝÝÝÝÝìì ïòòòòòÝÝÝ}ySSSSLµÝÝÝÝÝÝÝôÿÿ¼®ì®µÝÿÝÖÝÝÝÝÝÝìì ïóòòòòÜÜÜSSSSSSLìÝÝÝÝôÿÿÿÞÿݵÖÝÿÿÖÖÖÝÝÝÝÝ® ïóóòòòÜÜÜSSSSSSL®ÝÝôÿÿÿÿÿÿÿÞÞÞÞÞÿÝÖÖÖÖÝÝÝ ® ïóÔ òÜÜÜSSSSSSëÿÿÿÿÿÿÿÿÿÞÞÞÞÞÝÖÖÖÖÖÖÝݵ®ì ïÜÓÓ òÜÜÜÜÜܼLL®ÿÿÿÿÿÿÿÿÿÝÝÝÝÝÖÖÖÖÖÖÖÖÝì ÛÓÓ òÜÜÜÜÜÜÜÜÜÜÖ®¼ÿÿÿÿÿÿÿÿÝÝÝÝÝÝÖÖÖÖÖÖÖÖ®m ÛÓ¬ òÜÜÜÜÜÜÜÜÜÜܵ®ôÿÿÿÿÿÿóÝÝÝÝÝÝÝÖÖÖÖÖÖµ Û¬¬ òÜÜÜÜÜÜÜÜÜÜÜÜ®µÿÿÿÿÿÿÝÝÝÝÝÝÝÝÖÖÖÖÖ®ì Û¬¬ ÛÛÛÛÛÛÛÛÛÛÛÛ ®µÿÿÿÿÿóÝÝÝÝÝÝÝÝÖÖÖ®® |
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/
HEADERS PART.1.BODY RECIPIENTS SENDMAIL-QID MSG.1 PART.1.HEADERS SENDER |
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/HEADERS
|
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/MSG.1
A known virus was discovered and deleted. Virus-scanner messages follow: |
|
#file /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/PART.1
|
|
#file /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/PART.1.
HEADERS /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/PART.1.HEADERS: application/octet-stream |
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/PART.1.
|
|
#cat /var/spool/MD-Quarantine/qdir-2006-10-30-18.15.56-001/PART.1.
PART.1.BODY PART.1.HEADERS |
HEADERS PART.1.BODY RECIPIENTS SENDMAIL-QID MSG.1 PART.1.HEADERS SENDER
A known virus was discovered and deleted. Virus-scanner messages follow:
PART.1.BODY PART.1.HEADERS
| Время первой команды журнала | 17:23:33 2006-10-30 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 18:17:41 2006-10-30 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 14.85 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 1.98 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 0.90 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 1.87 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008