check_mailscanner: FATAL ... with eicar-containing mailin/var/spool/mqueue.in

Sander Jonkers felker at GMX.NET
Wed Jan 23 21:01:36 GMT 2002


After reading the source (sweep.pl), I changed the following line in
/usr/local/MailScanner/etc/mailscanner.conf

Minimum Code Status = beta # was: supported

After restarting mailscanner, the infected file eicar.com was moved to
/var/spool/MailScanner/quarantine/. Great!

> Please go and *READ*:
>
>  http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml
>
> just like the error message states.

I'm sorry: I thought it meant that mailscanner was reading that page. Yes, I
know, it should then have said "Reading ..." and not "Read ...", but as an
excuse: English is not my first language.

Thanks.

Sander



>
> Since you're using F-prot, you need to change your configuration to beta
> instead of supported.
>
> --Clint.
>
> Sander Jonkers wrote:
> >
> > Hi,
> >
> > Short story:
> > My mailscanner process crashes if it finds an eicar infected message in
> > mqueue.in.
> >
> > Long story:
> >
> > I'm trying to get mailscanner working with f-prot.
> >
> > The result so far: non-infected mail is handled OK. However,
> eicar-infected
> > mail stays in the /var/spool/mqueue.in forever.
> >
> > I then noticed that no mailscanner process was running anymore (ps -ef |
> > grep -i mailsca).
> >
> > Restarting (with the eicar-infected message in in mqueue.in) mailscanner
> > gave this result:
> >
> > [root at sanderold sander]#
> > [root at sanderold sander]#  /usr/local/MailScanner/bin/check_mailscanner
> > Starting virus scanner...
> > [root at sanderold sander]# FATAL: Read
> > http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at
> /usr/local/MailScanner/bin/logger.pl line 60.
> >
> > [root at sanderold sander]#
> >
> > In other words: mailscanner crashed immedeately with a FATAL.
> > After removing the eicar infected message from mqueue.in, running
> > mailscanner was possible again.
> >
> > In other words (or: hypothesis): my mailscanner crashes if it finds an
> eicar
> > infected message in mqueue.in.
> >
> > Alas, /usr/local/MailScanner/bin/logger.pl line 60 is only the 'die'
> itself,
> > and I don't know where the call comes from.
> >
> > I'll dive deeper into this. If anybody has suggestions, please let me
> know.
> >
> > Sander
> >
> > --
> > Sent through GMX FreeMail - http://www.gmx.net
>

--
Sent through GMX FreeMail - http://www.gmx.net



More information about the MailScanner mailing list