Different dangerous content management in cluster

Discuss here all what concerns the MailCleaner anti-spam efficiency, share your rulesets and tips for SpamAssassin !

Moderators: Pascal, mentor, FlorianB, bourgeois

cglmicro
Posts: 291
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Different dangerous content management in cluster

Postby cglmicro » Fri Feb 27, 2015 2:01 am

I have 2 nodes in my cluster, the second one (#4) is a new slave. Both nodes are given an equal MX value to do a load balancing.

It looks like the new node block way more dangerous content than the first one.

How can I diagnose this ? For instance, can I run a MySQL request on both server to compare settings ?

I've tried these request, but I don't know what are the settings only managed by the master and what to look for:

Code: Select all

HOST #2: mysql> select * from dangerouscontent;
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+
| set_id | block_encrypt | block_unencrypt | allow_passwd_archives | allow_partial | allow_external_bodies | allow_iframe | silent_iframe | allow_form | silent_form | allow_script | silent_script | allow_webbugs | silent_webbugs | allow_codebase | silent_codebase | notify_sender |
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+
|      1 | no            | no              | yes                   | yes           | no                    | no           | yes           | yes        | no          | yes          | no            | disarm        | no             | no             | no              | no            |
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+

HOST #4: mysql> select * from dangerouscontent;
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+
| set_id | block_encrypt | block_unencrypt | allow_passwd_archives | allow_partial | allow_external_bodies | allow_iframe | silent_iframe | allow_form | silent_form | allow_script | silent_script | allow_webbugs | silent_webbugs | allow_codebase | silent_codebase | notify_sender |
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+
|      1 | no            | no              | no                    | no            | no                    | no           | yes           | yes        | no          | yes          | no            | disarm        | no             | no             | no              | no            |
+--------+---------------+-----------------+-----------------------+---------------+-----------------------+--------------+---------------+------------+-------------+--------------+---------------+---------------+----------------+----------------+-----------------+---------------+


Code: Select all

HOST #2: mysql> select * from antivirus;
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------------+
| set_id | scanners | scanner_timeout | silent | file_timeout | expand_tnef | deliver_bad_tnef | tnef_timeout | usetnefcontent | max_message_size | max_attach_size | max_archive_depth | max_attachments_per_message | send_notices | notices_to       |
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------------+
|      1 | clamav   |             300 | yes    |           20 | yes         | yes              |          120 | no             |                0 |              -1 |                 3 |                         200 | no           | info@cglmicro.ca |
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------------+

HOST #4: mysql> select * from antivirus;
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------+
| set_id | scanners | scanner_timeout | silent | file_timeout | expand_tnef | deliver_bad_tnef | tnef_timeout | usetnefcontent | max_message_size | max_attach_size | max_archive_depth | max_attachments_per_message | send_notices | notices_to |
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------+
|      1 | clamav   |             300 | yes    |           20 | yes         | yes              |          120 | no             |                0 |              -1 |                 3 |                         200 | no           | root       |
+--------+----------+-----------------+--------+--------------+-------------+------------------+--------------+----------------+------------------+-----------------+-------------------+-----------------------------+--------------+------------+


And it's strange that ANTIVIRUS table doesn't show the BitDefender installed and activated in the SCANNER table; is it normal ?

Code: Select all

HOST #2: mysql> select * from scanner;
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+
| id | name         | comm_name       | active | path                     | installed | version | sig_version |
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+
|  1 | clamd        | ClamAV (daemon) |      1 | /opt/clamav              |         1 |         |             |
|  2 | clamavmodule | ClamAV (module) |      0 | /tmp                     |         1 |         |             |
|  3 | clamav       | ClamAV          |      0 | /opt/clamav              |         1 |         |             |
|  4 | etrust       | eTrust          |      0 | /usr/etrust              |         0 |         |             |
|  5 | trend        | TrendMicro      |      0 | /pack/trend              |         0 |         |             |
|  6 | sophos       | Sophos          |      0 | /usr/local/sophos        |         0 |         |             |
|  7 | mcafee       | McAfee          |      0 | /usr/local/uvscan        |         0 |         |             |
|  8 | bitdefender  | BitDefender     |      1 | /opt/BitDefender-scanner |         1 |         |             |
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+

HOST #4: mysql> select * from scanner;
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+
| id | name         | comm_name       | active | path                     | installed | version | sig_version |
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+
|  1 | clamd        | ClamAV (daemon) |      1 | /opt/clamav              |         1 |         |             |
|  2 | clamavmodule | ClamAV (module) |      0 | /tmp                     |         1 |         |             |
|  3 | clamav       | ClamAV          |      0 | /opt/clamav              |         1 |         |             |
|  4 | etrust       | eTrust          |      0 | /usr/etrust              |         0 |         |             |
|  5 | trend        | TrendMicro      |      0 | /pack/trend              |         0 |         |             |
|  6 | sophos       | Sophos          |      0 | /usr/local/sophos        |         0 |         |             |
|  7 | mcafee       | McAfee          |      0 | /usr/local/uvscan        |         0 |         |             |
|  8 | bitdefender  | BitDefender     |      1 | /opt/BitDefender-scanner |         1 |         |             |
+----+--------------+-----------------+--------+--------------------------+-----------+---------+-------------+


Code: Select all

HOST #2: mysql> select * from filetype;
+----+--------+--------------+-----------------------------+-------------------------------------+
| id | status | type         | name                        | description                         |
+----+--------+--------------+-----------------------------+-------------------------------------+
|  1 | allow  | text         | -                           | -                                   |
|  2 | allow  | script       | -                           | -                                   |
|  3 | allow  | archive      | -                           | -                                   |
|  4 | deny   | self-extract | No self-extracting archives | No self-extracting archives allowed |
|  5 | allow  | ELF          | No executables              | No programs allowed                 |
|  6 | deny   | executable   | No executables              | No programs allowed                 |
|  7 | allow  | MPEG         | No MPEG movies              | No MPEG movies allowed              |
|  8 | allow  | AVI          | No AVI movies               | No AVI movies allowed               |
|  9 | allow  | MNG          | No MNG/PNG movies           | No MNG movies allowed               |
| 10 | allow  | QuickTime    | No QuickTime movies         | No QuickTime movies allowed         |
| 11 | deny   | Registry     | No Windows Registry entries | No Windows Registry files allowed   |
+----+--------+--------------+-----------------------------+-------------------------------------+

HOST #4: mysql> select * from filetype;
+----+--------+--------------+-----------------------------+-------------------------------------+
| id | status | type         | name                        | description                         |
+----+--------+--------------+-----------------------------+-------------------------------------+
|  1 | allow  | text         | -                           | -                                   |
|  2 | allow  | script       | -                           | -                                   |
|  3 | allow  | archive      | -                           | -                                   |
|  4 | deny   | self-extract | No self-extracting archives | No self-extracting archives allowed |
|  5 | deny   | ELF          | No executables              | No programs allowed                 |
|  6 | allow  | executable   | No executables              | No programs allowed                 |
|  7 | allow  | MPEG         | No MPEG movies              | No MPEG movies allowed              |
|  8 | allow  | AVI          | No AVI movies               | No AVI movies allowed               |
|  9 | allow  | MNG          | No MNG/PNG movies           | No MNG movies allowed               |
| 10 | allow  | QuickTime    | No QuickTime movies         | No QuickTime movies allowed         |
| 11 | deny   | Registry     | No Windows Registry entries | No Windows Registry files allowed   |
+----+--------+--------------+-----------------------------+-------------------------------------+
Attachments
2015-02-26_1943.png
2015-02-26_1943.png (46.85 KiB) Viewed 12154 times

Return to “Filter efficiency”

Who is online

Users browsing this forum: No registered users and 2 guests