4.39.3-1 bug or is it me - but 4.38.9-1 OK!

Julian Field MailScanner at ecs.soton.ac.uk
Fri Feb 25 16:53:18 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Can you see if it gets as far as running DeliverModifiedBody ? It's in
Message.pm (like a lot of things!)

Quentin Campbell wrote:

>Julian
>
>It helps a bit. I still get the error in Entity.pm when running in Debug
>mode but the "Cannot open message file" error in the logs no longer
>appears.
>
>All the tests I have done are always on the same message - the one you
>have a copy of. In Debug mode I still get:
>
>[root at cheviot7 tmp]# check_mailscanner
>Starting MailScanner...
>In Debugging mode, not forking...
>SA bayes lock is /root/.spamassassin/bayes.lock
>Bayes lock is at /root/.spamassassin/bayes.lock
>Can't call method "print" on an undefined value at
>/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803.
>[root at cheviot7 tmp]# exit
>
>Script done on Fri 25 Feb 2005 16:25:11 GMT
>[root at cheviot7 log]#
>
>However the logs look better but of course the message is still not
>being processed:
>
>...
>Feb 25 16:24:46 cheviot7 MailScanner[10352]: MailScanner E-Mail Virus
>Scanner version 4.39.3 starting...
>Feb 25 16:24:46 cheviot7 MailScanner[10352]: Read 47 hostnames from the
>phishing whitelist
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: lock.pl sees Config
>LockType =  flock
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: lock.pl sees have_module =
>0
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: Using locktype = flock
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: New Batch: Scanning 1
>messages, 41643 bytes
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: Created attachment dirs for
>1 messages
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: MCP Checks completed at
>41643 bytes per second
>Feb 25 16:24:48 cheviot7 MailScanner[10352]: Spam Checks: Starting
>Feb 25 16:24:49 cheviot7 MailScanner[10352]: SpamAssassin returned 0
>Feb 25 16:24:49 cheviot7 MailScanner[10352]: Message j1NBBuHV009018 from
>62.38.158.5 (penthe2 at hotmail.com) to ncl.ac.uk is spam, SpamAssassin
>(score=8.549, required 6, autolearn=disabled, FORGED_HOTMAIL_RCVD2 1.08,
>FORGED_RCVD_HELO 0.05, MIME_BOUND_NEXTPART 0.11, MIME_MISSING_BOUNDARY
>0.25, MISSING_MIMEOLE 0.00, MSGID_FROM_MTA_ID 1.70, NO_REAL_NAME 0.18,
>PRIORITY_NO_NAME 1.19, SARE_BOUNDARY_NP2 4.00)
>Feb 25 16:24:49 cheviot7 MailScanner[10352]: Spam Checks: Found 1 spam
>messages
>Feb 25 16:24:49 cheviot7 MailScanner[10352]: Spam Actions: message
>j1NBBuHV009018 actions are attachment,deliver
>Feb 25 16:24:49 cheviot7 MailScanner[10352]: Spam Checks completed at
>41643 bytes per second
>Feb 25 16:24:50 cheviot7 MailScanner[10352]: Virus and Content Scanning:
>Starting
>Feb 25 16:24:50 cheviot7 MailScanner[10352]: Commencing scanning by
>sophos...
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: >>> Virus 'W32/Netsky-P'
>found in file
>./j1NBBuHV009018/website_panayiotis.periorellis.zip/document.txt .exe
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: >>> Virus 'W32/Netsky-P'
>found in file ./j1NBBuHV009018/website_panayiotis.periorellis.zip
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: >>> Virus 'W32/Netsky-P'
>found in file ./j1NBBuHV009018/website_panayiotis.periorellis.zip
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: Completed scanning by
>sophosFeb 25 16:24:52 cheviot7 MailScanner[10352]: Virus Scanning:
>Sophos found 2 infections
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: Commencing scanning by
>mcafee...Feb 25 16:24:52 cheviot7 MailScanner[10352]:
>/j1NBBuHV009018/website_panayiotis.periorellis.zip        Found the
>W32/Netsky.p at MM!zip virus !!!Feb 25 16:24:52 cheviot7
>MailScanner[10352]: Completed scanning by mcafeeFeb 25 16:24:52 cheviot7
>MailScanner[10352]: Virus Scanning: McAfee found 1 infectionsFeb 25
>16:24:52 cheviot7 MailScanner[10352]: Infected message j1NBBuHV009018
>came from 62.38.158.5
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: Virus Scanning: Found 1
>viruses
>Feb 25 16:24:52 cheviot7 MailScanner[10352]: Virus Scanning completed at
>13881 bytes per second
>...
>
>
>Quentin
>---
>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                           University of Newcastle,
>                           Newcastle upon Tyne,
>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>------------------------------------------------------------------------
>"Any opinion expressed above is mine. The University can get its own."
>
>
>
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: 25 February 2005 16:15
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: 4.39.3-1 bug or is it me - but 4.38.9-1 OK!
>>
>>In Message.pm around line 2351 you will find "Sub ConstructWarning".
>>Please change the start of the code there to
>>sub ConstructWarning {
>> my $this = shift;
>> my($attachmententity, $scannersaid, $id, $reportname) = @_;
>>
>> # If there is no report file then we create no warning
>> return "" unless $reportname;
>>
>> my $date = scalar localtime;
>> my $textfh = new FileHandle;
>> my $dir = $global::MS->{work}{dir}; # Get the working directory
>> my $localpostmaster = MailScanner::Config::Value('localpostmaster',
>>$this);
>> my $postmastername  = MailScanner::Config::LanguageValue($this,
>>'mailscanner');
>>
>>The important bit is the return statement.
>>Let me know if this helps.
>>
>>Quentin Campbell wrote:
>>
>>
>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>>>Sent: 25 February 2005 15:13
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: 4.39.3-1 bug or is it me - but 4.38.9-1 OK!
>>>>
>>>>Ah! I hadn't seen that error in context before.
>>>>
>>>>All the places it can have come from are in Message.pm.
>>>>Can you put a little bit of debugging (e.g. print STDERR
>>>>
>>>>
>>"Got to point
>>
>>
>>>>1\n";) just before each occurrence of "Cannot open message" in
>>>>the file.
>>>>
>>>>
>>>>
>>>>
>>>I had done some initial digging and I said in one of my first messages
>>>it was probably from Message.pm!  :-(
>>>
>>>Doing what you suggest I get:
>>>
>>>[root at cheviot7 tmp]# check_mailscanner
>>>Starting MailScanner...
>>>In Debugging mode, not forking...
>>>SA bayes lock is /root/.spamassassin/bayes.lock
>>>Bayes lock is at /root/.spamassassin/bayes.lock
>>>DEBUG: Got to point 3
>>>Can't call method "print" on an undefined value at
>>>/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803.
>>>[root at cheviot7 tmp]#
>>>
>>>And in Message.pm, "point 3" is at line 2401 in the "entity" modified
>>>Message.pm file:
>>>
>>>...
>>> $month++;
>>> $year += 1900;
>>> my $datenumber = sprintf("%04d%02d%02d", $year, $month, $day);
>>>
>>>#  # Do we want to hide the directory and message id from the report
>>>path?
>>>#  if (MailScanner::Config::Value('hideworkdir', $this)) {
>>>#    my $pattern = "(" . quotemeta($global::MS->{work}->{dir}) .
>>>"|\.)/$id/";
>>>#    $report =~ s/$pattern//gm;
>>>#  }
>>>
>>> print STDERR "DEBUG: Got to point 3\n";
>>> open($textfh, $reportname)
>>>   or MailScanner::Log::WarnLog("Cannot open message file %s, %s",
>>>                                $reportname, $!);
>>> my $line;
>>> while(defined ($line = <$textfh>)) {
>>>   chomp $line;
>>>   #$line =~ s/"/\\"/g; # Escape any " characters
>>>   #$line =~ s/@/\\@/g; # Escape any @ characters
>>>   $line =~ s/([\(\)\[\]\.\?\*\+\^"'@])/\\$1/g; # Escape any regex
>>>characters
>>>   # Untainting joy...
>>>...
>>>
>>>
>>>
>>>
>>>
>>>>Are you warning sender, bouncing spam or notifying spam?
>>>>
>>>>
>>>>
>>>>
>>>In the case of spam we simply tag and deliver mostly. This is
>>>
>>>
>>controlled
>>
>>
>>>by rulesets:
>>>
>>>Spam Actions = %rules-dir%/Spam_Actions.rules
>>>...
>>>High Scoring Spam Actions =
>>>
>>>
>>%rules-dir%/High_Scoring_Spam_Actions.rules
>>
>>
>>>The default for both ruleset files is "deliver attachment". The other
>>>190+ entries in each file are mainly "delete" with a few
>>>
>>>
>>"deliver" and a
>>
>>
>>>few "deliver striphtml".
>>>
>>>Quentin
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list