automatic queue run on hanging virus scanner update

[Antony Stone]

On Wednesday 08 October 2003 9:25 am, Michael Weiser wrote:

> While the update
> was hanging about messages were accumulated in the incoming queue *but*
> processed every 21 minutes past the full hour, apparently bypassing at
> least spam checking.

There should be no sendmail (or other MTA) processes on your system capable
of processing the MailScanner *input* queue and delivering mail from it.

MailScanner sits between two MTA processes - one accepts mail from the
outside world and places it in MailScanner's input queue; the other takes
mail from MailScanner's output queue and delivers it.

Only MailScanner should be able to take messages out of its input queue (and
perhaps transfer them to the output queue for delivery).

You say you have checked cron jobs, and there's nothing running at 21 minutes
past the hour - do you have a sendmail process with flags -bd -q1h perhaps,
which got started at 21 minutes past some hour?

Your system logs for the time when these messages were apparently delivered
without Spam checking (or, presumably, virus checking) should tell you what
process ID was respondible for delivering them, and the headers of the
delivered emails themselves should tell you whether they really were
processed by MailScanner or not.

I suggest you do not ignore this as something which only happened because the
anti-virus system update got stuck - that was just a good opportunity to
notice the problem, but it suggests to me that something might be capable of
bypassing your virus & spam checks at least once each hour - not a good idea.

Hope you find something in the logs or headers (or the process list).

Regards,

Antony.

--

I vote "no" to this proposal to form a committee to investigate whether we
should or should not hold a ballot on whether to vote yet.