All messages quarantined on Trustix 2.0/MS 4.25-14

Stephen Lee splee at PLEXIO.COM
Sun Jan 4 09:14:59 GMT 2004 

I have a Trustix 2.0 box with MailScanner 4.25-14 (tarball) /Sophos
3.77/Exim 4.24/Fetchmail-6.2.5. I've followed the MS instructions for
installing MS manually from a tar file and configured Exim to use
separate incoming and outgoing queues. Exim appears to receive incoming
messages and MS picks them up. The problem is that MS takes all messages
and marks them as infected and places them in quarantine. The following
message is generated:

 Jan  4 00:45:25 ugw MailScanner[14308]: New Batch: Scanning 1 messages,
1068 bytes
Jan  4 00:45:25 ugw MailScanner[14308]: Spam Checks: Starting
Jan  4 00:45:25 ugw MailScanner[14308]: Virus and Content Scanning:
Starting
Jan  4 00:45:27 ugw MailScanner[14308]: Saved entire message to
/var/spool/MailScanner/quarantine/20040104/1Ad3lV-0003hp-62
Jan  4 00:45:27 ugw MailScanner[14308]: Cleaned: Delivered 1 cleaned
messages
Jan  4 00:45:27 ugw MailScanner[14308]: Notices: Warned about 1 messages

The warning message contains:

Received: from exim by ugw.united.private with local (Exim 4.24)
        id 1Ad3t1-0003ix-R3
        for postmaster at ugw.united.private; Sun, 04 Jan 2004 00:45:27 -0800
From: "MailScanner-UGW" <postmaster at ugw.united.private>
To: postmaster at ugw.united.private
Subject: Warning: E-mail viruses detected
Message-Id: <E1Ad3t1-0003ix-R3 at ugw.united.private>
Date: Sun, 04 Jan 2004 00:45:27 -0800

The following e-mail messages were found to have viruses in them:

    Sender: postmaster at ugw.united.private
IP Address: 127.0.0.1
 Recipient: postmaster at ugw.united.private
   Subject:  Warning: E-mail viruses detected
 MessageID: 1Ad3lV-0003hp-62
    Report: MailScanner: Could not analyze message


--
MailScanner
Email Virus Scanner
www.mailscanner.info



Each warning message spawns another warning message and in short order
the quarantine directory fills-up.

"ps ax" indicates Sophos sweep is active when "Virus Scanners = sophos"
is set and sweep is not active when set to "Virus Scanners = none".
However, in both cases the same warning message (ie. detected virus) is
generated.

Here are some of the pertinent settings in
/opt/MailScanner/etc/MailScanner.conf:

Run As User = exim
Run As Group = exim
Incoming Queue Dir = /var/spool/exim_incoming/input
Outgoing Queue Dir = /var/spool/exim/input
Quarantine Dir = /var/spool/MailScanner/quarantine
MTA = exim
Sendmail = /usr/local/bin/exim
Sendmail2 = /usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf
Virus Scanners = sophos
Quarantine Infections = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Spam Checks = yes
Use SpamAssassin = no
Split Exim Spool = no

/etc/sysconfig/MailScanner looks like this:

MTA=exim
EXIM=/usr/local/bin/exim
EXIMINCF=/usr/local/etc/exim.conf         # Incoming configuration file
EXIMSENDCF=/usr/local/etc/exim_outgoing.conf  # Outgoing configuration
file

The following perl modules were downloaded, compiled and installed with
no issues:

Convert-TNEF-0.17
File-Spec-0.82
File-Temp-0.14
HTML-Parser-3.26
HTML-Tagset-3.03
IO-stringy-2.108
MIME-Base64-2.12
MIME-tools-5.411 (patched version)
MailTools-1.50
Net-CIDR-0.09


Any suggestions on what next or diagnostics you need?

Thanks and Happy New Year!
Stephen

More information about the MailScanner mailing list