Comments on version 4.00.0a13-1

Julian Field mailscanner at ecs.soton.ac.uk
Thu Oct 17 05:28:41 IST 2002 

At 20:08 16/10/2002, you wrote:
>Hello,
>
>Yesterday I installed version 4.00.0a13-1 on a RH 7.3 box with
>SpamAssassin 2.43 and McAfee.  The installation proceeded without a
>single problem.
>
>I have some problems with config files:
>"Hide Incoming Work Dir = yes"  but my McAfee scans return:
>/g9GHwad17379/bugbear.virus   contient le virus W32/Bugbear at MM
>(I've translated McAfee's output in French in SweepViruses.pm but this
>should have no impact on the problem).  I had the same problem with V3.

Fixed.

>"Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf" and the
>file contains:
>FromorTo: W32/Klez.h at MM yes
>FromorTo: W32/Klez.gen at MM yes
>FromorTo: W32/Yaha.g at MM yes
>FromorTo: W32/Bugbear at MM yes
>but I receive an email telling me I sent a Bugbear infected file after
>sending such a message.

You have misunderstood the format of the rules file. It is always
     Direction    email-address-match    result
So what your ruleset should simply look like is

FromorTo:  default  W32/Klez.h at MM W32/Klez.gen at MM W32/Yaha.g at MM W32/Bugbear at MM


>My /var/run/MailScanner directory seems to be filling up with files that
>point to processes that no longer exist:
># ls -l /var/run/MailScanner/
>total 116
>-rw-------    1 root     root            5 Oct 15 22:50 MailScanner.1053
>-rw-------    1 root     root            6 Oct 15 17:01 MailScanner.13094
>-rw-------    1 root     root            6 Oct 16 14:23 MailScanner.18835
>-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19259
>-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19262
>-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19269
>-rw-------    1 root     root            6 Oct 16 14:26 MailScanner.19270
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19271
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19347
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19350
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19351
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19352
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19353
>-rw-------    1 root     root            6 Oct 16 14:27 MailScanner.19354
>-rw-------    1 root     root            5 Oct 16 09:14 MailScanner.2223
>-rw-------    1 root     root            5 Oct 15 23:06 MailScanner.2345
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30802
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30854
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30857
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30858
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30859
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30860
>-rw-------    1 root     root            6 Oct 15 22:06 MailScanner.30861
>-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32312
>-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32315
>-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32316
>-rw-------    1 root     root            6 Oct 15 22:30 MailScanner.32317
>-rw-------    1 root     root            6 Oct 15 22:32 MailScanner.32398
>-rw-------    1 root     root            6 Oct 15 22:32 MailScanner.32401
>
># for i in /var/run/MailScanner/*;do j=$(cat $i);echo == $j ==;ps -fp
>$j|grep -v PPID;done
>== 1053 ==
>== 13094 ==
>== 18835 ==
>== 19259 ==
>== 19262 ==
>== 19269 ==
>== 19270 ==
>== 19271 ==
>== 19347 ==
>root     19347     1  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 19350 ==
>root     19350 19347  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 19351 ==
>root     19351 19347  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 19352 ==
>root     19352 19347  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 19353 ==
>root     19353 19347  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 19354 ==
>root     19354 19347  0 14:27 ?        00:00:00 /usr/bin/perl
>/usr/sbin/MailScan
>== 2223 ==
>== 2345 ==
>== 30802 ==
>== 30854 ==
>== 30857 ==
>== 30858 ==
>== 30859 ==
>== 30860 ==
>== 30861 ==
>== 32312 ==
>== 32315 ==
>== 32316 ==
>== 32317 ==
>== 32398 ==
>== 32401 ==
>
>Sometimes issuing "service MailScanner restart" gives an error message:
>Shutting down MailScanner daemons:
>          MailScanner:       We haven't got any child processes, which
> isn't right!, No child processes at /usr/sbin/MailScanner line 186.
>We have just tried to reap a process which wasn't one of ours!, No child
>processes at /usr/sbin/MailScanner line 189.
>
>This error happened seconds after the ps loop above.  There was a "vim
>MailScanner.conf" running at that time.

I haven't managed to solve this one. It isn't harmful.

>I am also trying to quarantine files for different domains in different
>directories using:
>Quarantine Infections = yes
>Quarantine Dir = /etc/MailScanner/rules/quarantine.rules
>
>/etc/MailScanner/rules/quarantine.rules contains:
>To:  *@usherbrooke.ca           /quarantaine/usherbrooke
>To:  *@courrier.usherb.ca       /quarantaine/courrier
>To:  *@courrier.usherbrooke.ca  /quarantaine/courrier
>To:  *@hermes.usherb.ca         /quarantaine/hermes
>To:  *@hermes.usherbrooke.ca    /quarantaine/hermes
>To:  default                    /quarantaine/autres
>
>Everything (so far) gets quarantined in /quarantaine/autres (the default
>directory).  Am I missing something?

No, you're not. Fixed.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list