All messages quarantined on Trustix 2.0/MS 4.25-14

Julian Field mailscanner at ecs.soton.ac.uk
Sun Jan 4 12:20:40 GMT 2004 

Check the permissions on your Exim queue directories. For some reason it is
failing to analyse the message at all.

At 09:14 04/01/2004, you wrote:
>I have a Trustix 2.0 box with MailScanner 4.25-14 (tarball) /Sophos
>3.77/Exim 4.24/Fetchmail-6.2.5. I've followed the MS instructions for
>installing MS manually from a tar file and configured Exim to use
>separate incoming and outgoing queues. Exim appears to receive incoming
>messages and MS picks them up. The problem is that MS takes all messages
>and marks them as infected and places them in quarantine. The following
>message is generated:
>
>  Jan  4 00:45:25 ugw MailScanner[14308]: New Batch: Scanning 1 messages,
>1068 bytes
>Jan  4 00:45:25 ugw MailScanner[14308]: Spam Checks: Starting
>Jan  4 00:45:25 ugw MailScanner[14308]: Virus and Content Scanning:
>Starting
>Jan  4 00:45:27 ugw MailScanner[14308]: Saved entire message to
>/var/spool/MailScanner/quarantine/20040104/1Ad3lV-0003hp-62
>Jan  4 00:45:27 ugw MailScanner[14308]: Cleaned: Delivered 1 cleaned
>messages
>Jan  4 00:45:27 ugw MailScanner[14308]: Notices: Warned about 1 messages
>
>The warning message contains:
>
>Received: from exim by ugw.united.private with local (Exim 4.24)
>         id 1Ad3t1-0003ix-R3
>         for postmaster at ugw.united.private; Sun, 04 Jan 2004 00:45:27 -0800
>From: "MailScanner-UGW" <postmaster at ugw.united.private>
>To: postmaster at ugw.united.private
>Subject: Warning: E-mail viruses detected
>Message-Id: <E1Ad3t1-0003ix-R3 at ugw.united.private>
>Date: Sun, 04 Jan 2004 00:45:27 -0800
>
>The following e-mail messages were found to have viruses in them:
>
>     Sender: postmaster at ugw.united.private
>IP Address: 127.0.0.1
>  Recipient: postmaster at ugw.united.private
>    Subject:  Warning: E-mail viruses detected
>  MessageID: 1Ad3lV-0003hp-62
>     Report: MailScanner: Could not analyze message
>
>
>--
>MailScanner
>Email Virus Scanner
>www.mailscanner.info
>
>
>
>Each warning message spawns another warning message and in short order
>the quarantine directory fills-up.
>
>"ps ax" indicates Sophos sweep is active when "Virus Scanners = sophos"
>is set and sweep is not active when set to "Virus Scanners = none".
>However, in both cases the same warning message (ie. detected virus) is
>generated.
>
>Here are some of the pertinent settings in
>/opt/MailScanner/etc/MailScanner.conf:
>
>Run As User = exim
>Run As Group = exim
>Incoming Queue Dir = /var/spool/exim_incoming/input
>Outgoing Queue Dir = /var/spool/exim/input
>Quarantine Dir = /var/spool/MailScanner/quarantine
>MTA = exim
>Sendmail = /usr/local/bin/exim
>Sendmail2 = /usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf
>Virus Scanners = sophos
>Quarantine Infections = yes
>Quarantine Whole Message = yes
>Quarantine Whole Messages As Queue Files = no
>Spam Checks = yes
>Use SpamAssassin = no
>Split Exim Spool = no
>
>/etc/sysconfig/MailScanner looks like this:
>
>MTA=exim
>EXIM=/usr/local/bin/exim
>EXIMINCF=/usr/local/etc/exim.conf         # Incoming configuration file
>EXIMSENDCF=/usr/local/etc/exim_outgoing.conf  # Outgoing configuration
>file
>
>The following perl modules were downloaded, compiled and installed with
>no issues:
>
>Convert-TNEF-0.17
>File-Spec-0.82
>File-Temp-0.14
>HTML-Parser-3.26
>HTML-Tagset-3.03
>IO-stringy-2.108
>MIME-Base64-2.12
>MIME-tools-5.411 (patched version)
>MailTools-1.50
>Net-CIDR-0.09
>
>
>Any suggestions on what next or diagnostics you need?
>
>Thanks and Happy New Year!
>Stephen

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list