Probleme with the mailgw-5.6-28 : no spam in the quarantine, Help plz Options

[nessus9]

Hi evry body

firste i'm plased to be member of this great forum, and i'm sorry for my ba english, I'm from Morocco in the north of africa.

Second; We have juste installed the mailgw-5.6-28.i386 in Redhat 5.1.

We choosed as policy that the spams wil be transfered autmatically to quarantine,

after more than 18 houres of testing, we detected no spam in the exchange server, but I found nore spam nether AV in the quarantine.

I ask, so, where can be the probleme? why the quarntine files are empty? and how can'I resolve thie probleme?


Another question plz,is that whene I use webmine to manage the mailgw-5.6-28, I cant acced to show spam statics and the following message apprears



====================================================
Spam Statistics

Show Statistics: for Period: Show:

Can't open /var/opt/kaspersky/mailgw/stats/webmin/as_total.stat for reading: No such file or directory
Old statistics is not available.

Collect statistics with the parse_stat.pl script (see directory with this Webmin-Module) or correct path to statistics (see the MessageStatistics parameter in the [mailgw.path] section in the application configuration file and Configurable Options of this Webmin-Module).

In order to collect statistics, run

perl ./parse_stat.pl -sd=stat_dir stat_file

where stat_dir - set in the Configurable Options of this Webmin-Module, stat_file - value of the MessageStatistics parameter in the [mailgw.path] section in the application configuration file. Run it periodically to collect statistics for last days.

You can also collect statistics automatically on daily basis from cron:

perl ./parse_stat.pl -n=1 -sd=stat_dir stat_file

Usage example:

perl ./parse_stat.pl -sd=/var/opt/kaspersky/mailgw/stats/webmin/ /var/opt/kaspersky/mailgw/stats/message.stat

<- Return to main page


I m waiting for your help plz,

[Vitaly Belyakov]

1. What about logs of MailGW?
2. You said about Exchange server - you mean that MailGW is installed on additional server with RedHat?

[nessus9]

Thank you very mutch for your response.

1- How can'I generate logs, I'm vry sorry, but I'm beginer in using Linux
2- I use the mailgw in the DMZ interface of my firewalla nd the exchnage is in the inside

[Vitaly Belyakov]

Thank you very mutch for your response.

1- How can'I generate logs, I'm vry sorry, but I'm beginer in using Linux
2- I use the mailgw in the DMZ interface of my firewalla nd the exchnage is in the inside

/var/log/kaspersky/mailgw/ - here are stored logs of mailgw, and also you can see 'mail' facility in your syslog.
So you can see, what has happened with you messages.

[nessus9]

Here are an extract of the kas-filter-usere.log

==========Here are an extract of the kas-filter-usere.log===========

S 17-06-09 16:25:00 [ap-mailfilter] KASSTATS AAP000098900004A3918DC: group="00000000" spam_status=spam size=622 method="content [main]" relay_ip=192.168.2.2 from=<test@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:25:36 [ap-mailfilter] KASSTATS AAP000098900014A391900: group="00000000" spam_status=spam size=623 method="content [main]" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:26:39 [ap-mailfilter] KASSTATS AAP000098900024A391934: group="00000000" spam_status=not_detected size=607 method="none" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:27:45 [ap-mailfilter] KASSTATS AAP000098900034A391981: group="00000000" spam_status=spam size=624 method="content [main]" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:28:47 [ap-mailfilter] KASSTATS AAP000098900044A3919B2: group="00000000" spam_status=not_detected size=608 method="none" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:29:36 [ap-mailfilter] KASSTATS AAP000098800004A3919E5: group="00000000" spam_status=not_detected size=1091 method="none" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:29:59 [ap-mailfilter] KASSTATS AAP000098800014A391A07: group="00000000" spam_status=spam size=624 method="content [main]" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:30:38 [ap-mailfilter] KASSTATS AAP000098800024A391A2E: group="00000000" spam_status=spam size=622 method="content [main]" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>
S 17-06-09 16:32:46 [ap-mailfilter] KASSTATS AAP000098800034A391AA4: group="00000000" spam_status=not_detected size=606 method="none" relay_ip=192.168.2.2 from=<tets@test.com> to=<MyMAIL@mydmoaine>

==========Here are an extract of the kas-filter-stat.log===========

S 19-06-09 14:06:14 [ap-mailfilter] KASSTATS AAP000163A00014A3B9B56: group="00000000" spam_status=spam size=1050 method="content [recent terms]" relay_ip=189.70.155.120 from=<sultanucg51@score.org> to=<mail@Mydomaine>
S 19-06-09 14:06:33 [ap-mailfilter] KASSTATS AAP000163A00024A3B9B69: group="00000000" spam_status=spam size=1018 method="content [main]" relay_ip=92.80.193.34 from=<mail@Mydomaine> to=<mail@Mydomaine>
S 19-06-09 14:06:33 [ap-mailfilter] KASSTATS AAP00015DE000B4A3B9B69: group="00000000" spam_status=spam size=1347 method="content [main]" relay_ip=189.82.136.66 from=<AlineSolomon@nctta.org> to=<mail@Mydomaine;imail@Mydomaine>
S 19-06-09 14:06:42 [ap-mailfilter] KASSTATS AAP000163C00004A3B9B72: group="00000000" spam_status=spam size=1348 method="content [main]" relay_ip=58.9.197.233 from=<BookerTovar@expedia.com> to=<fmail@Mydomaine;amail@Mydomaine;r.zmail@Mydomaine.ma;jovznsusmddmail@Mydomain
e;mail@Mydomaine;mail@Mydomaine;
S 19-06-09 14:06:45 [ap-mailfilter] KASSTATS AAP000163C00014A3B9B75: group="00000000" spam_status=spam size=4259 method="headers plus" relay_ip=200.103.49.180 from=<mail@Mydomaine> to=<mail@Mydomainea>
S 19-06-09 14:07:22 [ap-mailfilter] KASSTATS AAP000163C00024A3B9B9A: group="00000000" spam_status=spam size=4319 method="headers plus" relay_ip=187.22.30.137 from=<mail@Mydomaine> to=<mail@Mydomaine>
S 19-06-09 14:07:40 [ap-mailfilter] KASSTATS AAP000163C00034A3B9BAC: group="00000000" spam_status=spam size=4304 method="headers plus" relay_ip=88.102.236.107 from=<mail@Mydomaine> to=<mail@Mydomaine>

[nessus9]

I'm waiting for your help plz

[hinote]

attach your configuration file for review (in a PM to me if it contains any confidential data that you do not wish to make public)

in addition, we'd like to see a piece of the maillog (or mail.log - depending on distro, the log file that corresponds to the mail log facility at your system, which was requested by Vitaly; you have not posted it...)

[hinote]

thanks for config,
please let me see maillog now, so that I could verify actions performed by the application on mail messages...

[nessus9]

up !!