Sophos/MailScanner

Thu Oct 19 19:03:46 IST 2006

Martin Hepworth wrote:
> 
> > >>
> >>>>>> Once in a while the server will fail to download its updates from
> >>> Sophos.
> >>>>>> (The cause being that our T1 line went down). Then the mail log
> >> starts
> >>>>>> posting MailScanner error messages every 10 seconds until a
> >> successful
> >>>>>> update occurs:
> >>>>>>
> >>>>>> Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched
> by
> >>> the
> >>>>>> "Monitors For Sophos Updates" patterns exist!
> >>>>>>
> >>>>>> Because of this error the queue starts placing all messages on
> hold.
> >>>>
> >>>>> Lisa
> >>>>>
> >>>>> how are you updating the virus defs for Sophos?
> >>>>
> >>>> Martin,
> >>>>
> >>>> There is a cron job that runs the Sophos update script running once
> >>> every
> >>>> hour.
> >>>>
> >>>> Thanks,
> >>>> Lisa
> >>>>
> >>>>
> >>> Lisa
> >>>
> >>> Can you give a bit more info. Which cron job? is should be
> >>> update_virus_scanners which will do all the scanners you've defined in
> >>> MailScanner.conf.
> >>>
> >>> This script is reasonbly failure proof as it downloads the updates
> into
> >>> a separate folder and only on success does it move the 'new' to 'live'
> >>> folders as it were.
> >>>
> >>> Also i presume your using the MailScanner Sophos.Install script to
> >>> install your Sophos as well..?? AS mailScanner expects Sophos V4 to be
> >>> in a non-default Sophos Directory.
> >>>
> >> Hi Martin,
> >>
> >> Here is the cron job that is running.
> >>
> >> 21 0-23/2 * * * /usr/local/updates/Sophos/savupd/savupd.sh > /dev/null
> >>
> >> I've attached a copy of the script that is being run.
> >>
> >> I did not set-up this server, so I don't know if the previous admin
> used
> >> the
> >> MailScanner Sophos.Install script to install Sophos. From how it looks
> it
> >> doesn't seem so.
> >>
> >> >From what you stated in your last e-mail, should I be setting up a
> >> cronjob
> >> that uses a preconfigured update_virus_scanners script that was part of
> >> the
> >> MailScanner Sophos install?
> >>
> >> In my MailScanner.conf file
> >>
> >> Virus Scanners = sophossavi
> >>
> >> In my virus.scanners.conf file this is the entry for sophossavi
> >>
> >> sophossavi      /bin/false                              /tmp
> >>
> >> Let me know if there's any other info you need from me.
> >>
> >> Thanks,
> >> Lisa

> > Could it be that this line in my Sophos Update script is somehow
> creating an
> > empty file string?
> >
> > wget -P$tmp $isite/$downloadfile || error_download
> >
> > So that when Mailscanner checks the "Monitors For Sophos Updates =
> > /usr/local/updates/Sophos/savupd.tmp/*ides.zip" and finds an older ide
> file
> > or a file that got renamed by some bug in wget does it cause the problem
> I'm
> > experiencing with my queue? I've looked through the script and it seems
> like
> > it should error out and exit before it even deletes the old ide file.
> >
> > Is there something I should know more about the "Monitors for Sophos
> > Updates" parameter in Mailscanner? What exactly is it doing?
> >
> > Thanks,
> > Lisa

> >
> Lisa
> 
> could be - also check the filename. I know the freebsd ones contain a
> '+' character which can throw things out..
> 

Martin,

Mailscanner is looking for any ides.zip

Monitors For Sophos Updates = /usr/local/updates/Sophos/savupd.tmp/*ides.zip

Just to make sure I'm following things correctly, if wget fails and
Mailscanner finds a file in the directory that does not match the *ides.zip
criteria, even though there may be a valid ides.zip file in that directory,
will Mailscanner error out?

Is it because this random file has an updated time stamp compared to the
older ide file? 

This is all theorizing; since this hasn't happened in a while I'm not sure
what files are in that directory path when the download script fails.

Thanks,
Lisa