All messages quarantined on Trustix 2.0/MS 4.25-14

Stephen Lee splee at PLEXIO.COM
Sun Jan 4 16:24:01 GMT 2004 

That was my first guess but the permissions suggest that it shouldn't be
the problem.

drwxrwxr--    5 exim     exim         4096 Jan  4 08:12 exim/
drwxrwxr--    4 exim     exim         4096 Jan  4 08:12 exim_incoming/

All subdirectories have the same permissions. I even su'd to exim and
was able to created/deleted files in those directories. Setting them to
777 made no difference. Here's a piece of the exim log:

 2004-01-04 08:22:21 exim 4.24 daemon started: pid=22334, no queue runs,
listening for SMTP on port 25 (IPv4)
2004-01-04 08:22:21 cwd=/ 4 args: /usr/local/bin/exim -C
/usr/local/etc/exim_outgoing.conf -q15m
2004-01-04 08:22:21 exim 4.24 daemon started: pid=22337, -q15m, not
listening for SMTP
2004-01-04 08:22:21 cwd=/var/spool/exim 4 args: /usr/local/bin/exim -C
/usr/local/etc/exim_outgoing.conf -q
2004-01-04 08:22:21 Start queue run: pid=22338
2004-01-04 08:22:21 End queue run: pid=22338
2004-01-04 08:22:24 cwd=/var/spool/MailScanner/incoming/22356 5 args:
/usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf -Mc
1AdB0M-0005ni-Nz
2004-01-04 08:22:24 1AdB0M-0005ni-Nz Spool file 1AdB0M-0005ni-Nz-D not
found
2004-01-04 08:22:24 1AdB1E-0005ol-7f <= postmaster at ugw.united.private
U=exim P=local S=762

Stephen

On Sun, 2004-01-04 at 04:20, Julian Field wrote:
> Check the permissions on your Exim queue directories. For some reason it is
> failing to analyse the message at all.
>
> At 09:14 04/01/2004, you wrote:
> >I have a Trustix 2.0 box with MailScanner 4.25-14 (tarball) /Sophos
> >3.77/Exim 4.24/Fetchmail-6.2.5. I've followed the MS instructions for
> >installing MS manually from a tar file and configured Exim to use
> >separate incoming and outgoing queues. Exim appears to receive incoming
> >messages and MS picks them up. The problem is that MS takes all messages
> >and marks them as infected and places them in quarantine. The following
> >message is generated:
> >
> >  Jan  4 00:45:25 ugw MailScanner[14308]: New Batch: Scanning 1 messages,
> >1068 bytes
> >Jan  4 00:45:25 ugw MailScanner[14308]: Spam Checks: Starting
> >Jan  4 00:45:25 ugw MailScanner[14308]: Virus and Content Scanning:
> >Starting
> >Jan  4 00:45:27 ugw MailScanner[14308]: Saved entire message to
> >/var/spool/MailScanner/quarantine/20040104/1Ad3lV-0003hp-62
> >Jan  4 00:45:27 ugw MailScanner[14308]: Cleaned: Delivered 1 cleaned
> >messages
> >Jan  4 00:45:27 ugw MailScanner[14308]: Notices: Warned about 1 messages
> >
> >The warning message contains:
> >
> >Received: from exim by ugw.united.private with local (Exim 4.24)
> >         id 1Ad3t1-0003ix-R3
> >         for postmaster at ugw.united.private; Sun, 04 Jan 2004 00:45:27 -0800
> >From: "MailScanner-UGW" <postmaster at ugw.united.private>
> >To: postmaster at ugw.united.private
> >Subject: Warning: E-mail viruses detected
> >Message-Id: <E1Ad3t1-0003ix-R3 at ugw.united.private>
> >Date: Sun, 04 Jan 2004 00:45:27 -0800
> >
> >The following e-mail messages were found to have viruses in them:
> >
> >     Sender: postmaster at ugw.united.private
> >IP Address: 127.0.0.1
> >  Recipient: postmaster at ugw.united.private
> >    Subject:  Warning: E-mail viruses detected
> >  MessageID: 1Ad3lV-0003hp-62
> >     Report: MailScanner: Could not analyze message
> >
> >
> >--
> >MailScanner
> >Email Virus Scanner
> >www.mailscanner.info
> >
> >
> >
> >Each warning message spawns another warning message and in short order
> >the quarantine directory fills-up.
> >
> >"ps ax" indicates Sophos sweep is active when "Virus Scanners = sophos"
> >is set and sweep is not active when set to "Virus Scanners = none".
> >However, in both cases the same warning message (ie. detected virus) is
> >generated.
> >
> >Here are some of the pertinent settings in
> >/opt/MailScanner/etc/MailScanner.conf:
> >
> >Run As User = exim
> >Run As Group = exim
> >Incoming Queue Dir = /var/spool/exim_incoming/input
> >Outgoing Queue Dir = /var/spool/exim/input
> >Quarantine Dir = /var/spool/MailScanner/quarantine
> >MTA = exim
> >Sendmail = /usr/local/bin/exim
> >Sendmail2 = /usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf
> >Virus Scanners = sophos
> >Quarantine Infections = yes
> >Quarantine Whole Message = yes
> >Quarantine Whole Messages As Queue Files = no
> >Spam Checks = yes
> >Use SpamAssassin = no
> >Split Exim Spool = no
> >
> >/etc/sysconfig/MailScanner looks like this:
> >
> >MTA=exim
> >EXIM=/usr/local/bin/exim
> >EXIMINCF=/usr/local/etc/exim.conf         # Incoming configuration file
> >EXIMSENDCF=/usr/local/etc/exim_outgoing.conf  # Outgoing configuration
> >file
> >
> >The following perl modules were downloaded, compiled and installed with
> >no issues:
> >
> >Convert-TNEF-0.17
> >File-Spec-0.82
> >File-Temp-0.14
> >HTML-Parser-3.26
> >HTML-Tagset-3.03
> >IO-stringy-2.108
> >MIME-Base64-2.12
> >MIME-tools-5.411 (patched version)
> >MailTools-1.50
> >Net-CIDR-0.09
> >
> >
> >Any suggestions on what next or diagnostics you need?
> >
> >Thanks and Happy New Year!
> >Stephen
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list