Problem Email Again (retry)

Mike Kercher mike at CAMAROSS.NET
Thu Jun 16 00:53:26 IST 2005 

I tried attaching the problem qf/df pair and it was rejected so I have
uploaded the archive here:

http://www.abby.com/problem_email.tar.gz



I emailed the list a week or so ago about certain emails getting stuck in
/var/spool/mqueue.in, being processed over and over again.  It happened
again today.  I restarted MailScanner in debug mode and didn't see anything
useful there:

Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases rebuilt by
root

Jun 15 18:39:11 mail sendmail[4248]: /etc/aliases: 73 aliases, longest 17
bytes, 768 bytes total

Jun 15 18:39:11 mail sendmail[4258]: starting daemon (8.13.4): SMTP

Jun 15 18:39:11 mail sm-msp-queue[4263]: starting daemon (8.13.4):
queueing at 00:15:00

Jun 15 18:39:12 mail sendmail[4269]: starting daemon (8.13.4):
queueing at 00:15:00

Jun 15 18:39:13 mail MailScanner[4285]: MailScanner E-Mail Virus Scanner
version 4.41.3 starting... 

Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI 3.94 (engine 2.30)
recognizing 105435 viruses 

Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI using 109 IDE files 

Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees Config  LockType =
posix 

Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees have_module =  0 

Jun 15 18:39:17 mail MailScanner[4285]: Using locktype = posix 

Jun 15 18:39:17 mail MailScanner[4285]: Creating hardcoded struct_flock
subroutine for linux (Linux-type) 

Jun 15 18:39:17 mail MailScanner[4285]: New Batch: Scanning 1 messages, 9206
bytes 

Jun 15 18:39:17 mail MailScanner[4285]: Created attachment dirs for 1
messages 

Jun 15 18:39:17 mail MailScanner[4285]: Spam Checks: Starting 

Jun 15 18:39:17 mail MailScanner[4285]: RBL Checks: returned 0 

Jun 15 18:39:19 mail MailScanner[4285]: SpamAssassin returned 0 

Jun 15 18:39:19 mail MailScanner[4285]: Message j5FJvISb003617 from
66.163.175.82 (service at paypal.com) to abby.com is spam, SpamAssassin
(score=12.606, required 5.7, AWL -0.01, BAYES_40 -1.10, DCC_CHECK 2.17,
DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63,
FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY
0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RAZOR2_CHECK 1.51,
URIBL_OB_SURBL 3.21) 

Jun 15 18:39:19 mail MailScanner[4285]: Spam Checks: Found 1 spam messages 

Jun 15 18:39:19 mail MailScanner[4285]: Spam Actions: message j5FJvISb003617
actions are delete 

Jun 15 18:39:19 mail MailScanner[4285]: Virus and Content Scanning: Starting


Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by
clamavmodule... 

Jun 15 18:39:19 mail MailScanner[4285]: ClamAVModule::INFECTED::
HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-4285-1.html 

Jun 15 18:39:19 mail MailScanner[4285]: Completed scanning by clamavmodule 

Jun 15 18:39:19 mail MailScanner[4285]: Virus Scanning: ClamAV Module found
1 infections 

Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by sophossavi...


Jun 15 18:39:20 mail MailScanner[4285]: Completed scanning by sophossavi 

Jun 15 18:39:20 mail MailScanner[4285]: Infected message j5FJvISb003617 came
from 66.163.175.82 

Jun 15 18:39:20 mail MailScanner[4285]: MailScanner child dying of old age 

I am attaching the associated qf/df pair...maybe someone can recreate the
problem on their end <?>

TIA

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list