All messages quarantined on Trustix 2.0/MS 4.25-14

Stephen Lee splee at PLEXIO.COM
Mon Jan 5 16:26:10 GMT 2004 

Anything else I should check into?

Thanks,
Stephen

On Sun, 2004-01-04 at 08:24, Stephen Lee wrote:
> That was my first guess but the permissions suggest that it shouldn't be
> the problem.
>
> drwxrwxr--    5 exim     exim         4096 Jan  4 08:12 exim/
> drwxrwxr--    4 exim     exim         4096 Jan  4 08:12 exim_incoming/
>
> All subdirectories have the same permissions. I even su'd to exim and
> was able to created/deleted files in those directories. Setting them to
> 777 made no difference. Here's a piece of the exim log:
>
>  2004-01-04 08:22:21 exim 4.24 daemon started: pid=22334, no queue runs,
> listening for SMTP on port 25 (IPv4)
> 2004-01-04 08:22:21 cwd=/ 4 args: /usr/local/bin/exim -C
> /usr/local/etc/exim_outgoing.conf -q15m
> 2004-01-04 08:22:21 exim 4.24 daemon started: pid=22337, -q15m, not
> listening for SMTP
> 2004-01-04 08:22:21 cwd=/var/spool/exim 4 args: /usr/local/bin/exim -C
> /usr/local/etc/exim_outgoing.conf -q
> 2004-01-04 08:22:21 Start queue run: pid=22338
> 2004-01-04 08:22:21 End queue run: pid=22338
> 2004-01-04 08:22:24 cwd=/var/spool/MailScanner/incoming/22356 5 args:
> /usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf -Mc
> 1AdB0M-0005ni-Nz
> 2004-01-04 08:22:24 1AdB0M-0005ni-Nz Spool file 1AdB0M-0005ni-Nz-D not
> found
> 2004-01-04 08:22:24 1AdB1E-0005ol-7f <= postmaster at ugw.united.private
> U=exim P=local S=762
>
> Stephen
>
> On Sun, 2004-01-04 at 04:20, Julian Field wrote:
> > Check the permissions on your Exim queue directories. For some reason it is
> > failing to analyse the message at all.
> >
> > At 09:14 04/01/2004, you wrote:
> > >I have a Trustix 2.0 box with MailScanner 4.25-14 (tarball) /Sophos
> > >3.77/Exim 4.24/Fetchmail-6.2.5. I've followed the MS instructions for
> > >installing MS manually from a tar file and configured Exim to use
> > >separate incoming and outgoing queues. Exim appears to receive incoming
> > >messages and MS picks them up. The problem is that MS takes all messages
> > >and marks them as infected and places them in quarantine. The following
> > >message is generated:
> > >
> > >  Jan  4 00:45:25 ugw MailScanner[14308]: New Batch: Scanning 1 messages,
> > >1068 bytes
> > >Jan  4 00:45:25 ugw MailScanner[14308]: Spam Checks: Starting
> > >Jan  4 00:45:25 ugw MailScanner[14308]: Virus and Content Scanning:
> > >Starting
> > >Jan  4 00:45:27 ugw MailScanner[14308]: Saved entire message to
> > >/var/spool/MailScanner/quarantine/20040104/1Ad3lV-0003hp-62
> > >Jan  4 00:45:27 ugw MailScanner[14308]: Cleaned: Delivered 1 cleaned
> > >messages
> > >Jan  4 00:45:27 ugw MailScanner[14308]: Notices: Warned about 1 messages
> > >
> > >The warning message contains:
> > >
> > >Received: from exim by ugw.united.private with local (Exim 4.24)
> > >         id 1Ad3t1-0003ix-R3
> > >         for postmaster at ugw.united.private; Sun, 04 Jan 2004 00:45:27 -0800
> > >From: "MailScanner-UGW" <postmaster at ugw.united.private>
> > >To: postmaster at ugw.united.private
> > >Subject: Warning: E-mail viruses detected
> > >Message-Id: <E1Ad3t1-0003ix-R3 at ugw.united.private>
> > >Date: Sun, 04 Jan 2004 00:45:27 -0800
> > >
> > >The following e-mail messages were found to have viruses in them:
> > >
> > >     Sender: postmaster at ugw.united.private
> > >IP Address: 127.0.0.1
> > >  Recipient: postmaster at ugw.united.private
> > >    Subject:  Warning: E-mail viruses detected
> > >  MessageID: 1Ad3lV-0003hp-62
> > >     Report: MailScanner: Could not analyze message
> > >
> > >
> > >--
> > >MailScanner
> > >Email Virus Scanner
> > >www.mailscanner.info
> > >
> > >
> > >
> > >Each warning message spawns another warning message and in short order
> > >the quarantine directory fills-up.
> > >
> > >"ps ax" indicates Sophos sweep is active when "Virus Scanners = sophos"
> > >is set and sweep is not active when set to "Virus Scanners = none".
> > >However, in both cases the same warning message (ie. detected virus) is
> > >generated.
> > >
> > >Here are some of the pertinent settings in
> > >/opt/MailScanner/etc/MailScanner.conf:
> > >
> > >Run As User = exim
> > >Run As Group = exim
> > >Incoming Queue Dir = /var/spool/exim_incoming/input
> > >Outgoing Queue Dir = /var/spool/exim/input
> > >Quarantine Dir = /var/spool/MailScanner/quarantine
> > >MTA = exim
> > >Sendmail = /usr/local/bin/exim
> > >Sendmail2 = /usr/local/bin/exim -C /usr/local/etc/exim_outgoing.conf
> > >Virus Scanners = sophos
> > >Quarantine Infections = yes
> > >Quarantine Whole Message = yes
> > >Quarantine Whole Messages As Queue Files = no
> > >Spam Checks = yes
> > >Use SpamAssassin = no
> > >Split Exim Spool = no
> > >
> > >/etc/sysconfig/MailScanner looks like this:
> > >
> > >MTA=exim
> > >EXIM=/usr/local/bin/exim
> > >EXIMINCF=/usr/local/etc/exim.conf         # Incoming configuration file
> > >EXIMSENDCF=/usr/local/etc/exim_outgoing.conf  # Outgoing configuration
> > >file
> > >
> > >The following perl modules were downloaded, compiled and installed with
> > >no issues:
> > >
> > >Convert-TNEF-0.17
> > >File-Spec-0.82
> > >File-Temp-0.14
> > >HTML-Parser-3.26
> > >HTML-Tagset-3.03
> > >IO-stringy-2.108
> > >MIME-Base64-2.12
> > >MIME-tools-5.411 (patched version)
> > >MailTools-1.50
> > >Net-CIDR-0.09
> > >
> > >
> > >Any suggestions on what next or diagnostics you need?
> > >
> > >Thanks and Happy New Year!
> > >Stephen
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list