Comments on version 4.00.0a13-1

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Wed Oct 16 20:08:44 IST 2002 

Hello,

Yesterday I installed version 4.00.0a13-1 on a RH 7.3 box with
SpamAssassin 2.43 and McAfee.  The installation proceeded without a
single problem.

I have some problems with config files:
"Hide Incoming Work Dir = yes"  but my McAfee scans return: 
/g9GHwad17379/bugbear.virus   contient le virus W32/Bugbear at MM
(I've translated McAfee's output in French in SweepViruses.pm but this
should have no impact on the problem).  I had the same problem with V3.

"Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf" and the
file contains:
FromorTo: W32/Klez.h at MM yes
FromorTo: W32/Klez.gen at MM yes
FromorTo: W32/Yaha.g at MM yes
FromorTo: W32/Bugbear at MM yes
but I receive an email telling me I sent a Bugbear infected file after
sending such a message.

My /var/run/MailScanner directory seems to be filling up with files that
point to processes that no longer exist:
# ls -l /var/run/MailScanner/
total 116
-rw-------    1 root     root            5 Oct 15 22:50 MailScanner.1053
-rw-------    1 root     root            6 Oct 15 17:01 MailScanner.13094
-rw-------    1 root     root            6 Oct 16 14:23 MailScanner.18835
-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19259
-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19262
-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19269
-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19270
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19271
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19347
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19350
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19351
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19352
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19353
-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19354
-rw-------    1 root     root            5 Oct 16 09:14 MailScanner.2223
-rw-------    1 root     root            5 Oct 15 23:06 MailScanner.2345
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30802
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30854
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30857
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30858
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30859
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30860
-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30861
-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32312
-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32315
-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32316
-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32317
-rw-------    1 root     root            6 Oct 15 22:32 MailScanner.32398
-rw-------    1 root     root            6 Oct 15 22:32 MailScanner.32401

# for i in /var/run/MailScanner/*;do j=$(cat $i);echo == $j ==;ps -fp $j|grep -v PPID;done
== 1053 ==
== 13094 ==
== 18835 ==
== 19259 ==
== 19262 ==
== 19269 ==
== 19270 ==
== 19271 ==
== 19347 ==
root     19347     1  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 19350 ==
root     19350 19347  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 19351 ==
root     19351 19347  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 19352 ==
root     19352 19347  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 19353 ==
root     19353 19347  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 19354 ==
root     19354 19347  0 14:27 ?        00:00:00 /usr/bin/perl /usr/sbin/MailScan
== 2223 ==
== 2345 ==
== 30802 ==
== 30854 ==
== 30857 ==
== 30858 ==
== 30859 ==
== 30860 ==
== 30861 ==
== 32312 ==
== 32315 ==
== 32316 ==
== 32317 ==
== 32398 ==
== 32401 ==

Sometimes issuing "service MailScanner restart" gives an error message:
Shutting down MailScanner daemons:
         MailScanner:       We haven't got any child processes, which isn't right!, No child processes at /usr/sbin/MailScanner line 186.
We have just tried to reap a process which wasn't one of ours!, No child processes at /usr/sbin/MailScanner line 189.

This error happened seconds after the ps loop above.  There was a "vim
MailScanner.conf" running at that time.

I am also trying to quarantine files for different domains in different
directories using:
Quarantine Infections = yes
Quarantine Dir = /etc/MailScanner/rules/quarantine.rules

/etc/MailScanner/rules/quarantine.rules contains:
To:  *@usherbrooke.ca           /quarantaine/usherbrooke
To:  *@courrier.usherb.ca       /quarantaine/courrier
To:  *@courrier.usherbrooke.ca  /quarantaine/courrier
To:  *@hermes.usherb.ca         /quarantaine/hermes
To:  *@hermes.usherbrooke.ca    /quarantaine/hermes
To:  default                    /quarantaine/autres

Everything (so far) gets quarantined in /quarantaine/autres (the default
directory).  Am I missing something?

Last thing: can I get to today's date in the format used in the
quarantine directory (YYYYMMDD) in reports templates?

Thanks again for this great product!

Denis
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list