Community Discussions and Support
How to restore Clamwall .101 file to message format?

Thanks!   That worked.  I had the heuristics settings too strict in the CLAMD.conf file.  Once I changed these the message was delivered.

Thanks!   That worked.  I had the heuristics settings too strict in the CLAMD.conf file.  Once I changed these the message was delivered.

Is there any way I can restore an incorrectly Clamwall-filtered message from the .101 file it creates when it strips the message and turn it back into a message?

 If needed, please reply directly to normang at normie.com

Thank you!

-Norman

<P>Is there any way I can restore an incorrectly Clamwall-filtered message from the .101 file it creates when it strips the message and turn it back into a message?</P> <P> If needed, please reply directly to normang at normie.com</P> <P>Thank you!</P> <P>-Norman</P>

You need to do two things:

1.  Rename the file to '8.3' format with an extention of '.cnm'  (e.g 'mail0001.cnm')

2.  Use a text editor (like Notepad) to remove the initial lines containing Mercury routing information.  They consist of '$$', 'T destination' and a blank line. The message will then begin with a line probably starting 'Return-path:'

This message can then be placed into a destination mailbox where it will be seen as new mail.  (I always keep a copy just in case.)

I have a small program which combines the .txt and .101 files and does this move automatically if you are interested.

 

<P>You need to do two things:</P> <P>1.  Rename the file to '8.3' format with an extention of '.cnm'  (e.g 'mail0001.cnm')</P> <P>2.  Use a text editor (like Notepad) to remove the initial lines containing Mercury routing information.  They consist of '$$', 'T destination' and a blank line. The message will then begin with a line probably starting 'Return-path:'</P> <P>This message can then be placed into a destination mailbox where it will be seen as new mail.  (I always keep a copy just in case.)</P> <P>I have a small program which combines the .txt and .101 files and does this move automatically if you are interested.</P> <P mce_keep="true"> </P>

The .101 file can be dropped back into the queue dir and will be reprocessed.

The .101 file can be dropped back into the queue dir and will be reprocessed.

[quote user="dilberts_left_nut"]The .101 file can be dropped back into the queue dir and will be reprocessed.
[/quote]

 

Only if renamed using a 8.3 filename. 

<p>[quote user="dilberts_left_nut"]The .101 file can be dropped back into the queue dir and will be reprocessed. [/quote]</p><p> </p><p>Only if renamed using a 8.3 filename. </p>

[quote user="dilberts_left_nut"]The .101 file can be dropped back into the queue dir and will be reprocessed.
[/quote]

Even after changing the filename (as Thomas says), it will likely be blocked again unless the signatures have been corrected or the Clamwall restrictions have been relaxed.

It all depends on what caused the incorect filtering in the first place.  I always put false positives into an admin account.

<P>[quote user="dilberts_left_nut"]The .101 file can be dropped back into the queue dir and will be reprocessed. [/quote]</P> <P>Even after changing the filename (as Thomas says), it will likely be blocked again unless the signatures have been corrected or the Clamwall restrictions have been relaxed.</P> <P>It all depends on what caused the incorect filtering in the first place.  I always put false positives into an admin account.</P>

Yes, I was going to add that, but I was in a hurry [:)]

 I was just making the point that it is saved as a .101 file so it CAN be re-injected into the queue after being inspected / fixed or filtering turned off temporarily.

<p>Yes, I was going to add that, but I was in a hurry [:)]</p><p> I was just making the point that it is saved as a .101 file so it CAN be re-injected into the queue after being inspected / fixed or filtering turned off temporarily. </p>

[quote user="PaulW"]

You need to do two things:

1.  Rename the file to '8.3' format with an extention of '.cnm'  (e.g 'mail0001.cnm')

2.  Use a text editor (like Notepad) to remove the initial lines containing Mercury routing information.  They consist of '$$', 'T destination' and a blank line. The message will then begin with a line probably starting 'Return-path:'

This message can then be placed into a destination mailbox where it will be seen as new mail.  (I always keep a copy just in case.)

I have a small program which combines the .txt and .101 files and does this move automatically if you are interested.

 

[/quote]

Is this process still true for Mercury v 4.62?  I've tried changing the message and turning off clamwall filtering and the message just sits in the queue.

 

The .txt file says

Virus : Heuristics.Structured.CreditCardNumber
BanExt:  

Where would this definition be stored in clamwall?
<p>[quote user="PaulW"]</p><p>You need to do two things:</p> <p>1.  Rename the file to '8.3' format with an extention of '.cnm'  (e.g 'mail0001.cnm')</p> <p>2.  Use a text editor (like Notepad) to remove the initial lines containing Mercury routing information.  They consist of '$$', 'T destination' and a blank line. The message will then begin with a line probably starting 'Return-path:'</p> <p>This message can then be placed into a destination mailbox where it will be seen as new mail.  (I always keep a copy just in case.)</p> <p>I have a small program which combines the .txt and .101 files and does this move automatically if you are interested.</p> <p mce_keep="true"> </p>[/quote] Is this process still true for Mercury v 4.62?  I've tried changing the message and turning off clamwall filtering and the message just sits in the queue.<p> </p><p>The .txt file says </p><p>Virus : Heuristics.Structured.CreditCardNumber BanExt:   </p>Where would this definition be stored in clamwall?

To put the file back in the queue for delivery you should keep the .101 extension but shorten the name part to 8 characters. If you want to move it directly to a mailbox follow PaulW's instruction.

The virus definitions are not in Clamwall but in ClamAV. I don't think you can edit the virus definitions, but there are lots of settings in the configuration file that can be tailored to suit your requirements.

/Rolf

<p>To put the file back in the queue for delivery you should keep the .101 extension but shorten the name part to 8 characters. If you want to move it directly to a mailbox follow PaulW's instruction.</p><p>The virus definitions are not in Clamwall but in ClamAV. I don't think you can edit the virus definitions, but there are lots of settings in the configuration file that can be tailored to suit your requirements.</p><p>/Rolf </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft