MailScanner problem
Gottschalk, David
dgottsc at emory.edu
Fri Jul 20 19:25:46 IST 2007
Yes, I'm in EST.
I just found the problem myself too.
It happened on one of my only boxes first because it updated before the others. Then all of the others went down too.
I resolved it by removing clamav from the "Virus Scanners" option in MailScanner.conf. Luckly, I use two virus scanners. If you only use one, just disable it entirely temporarily.
David Gottschalk
david.gottschalk at emory.edu<mailto:david.gottschalk at emory.edu>
________________________________
From: Bryan Guest [mailto:bryan.guest at gmail.com]
Sent: Friday, July 20, 2007 2:21 PM
To: david.gottschalk at emory.edu
Subject: re: MailScanner problem
Hello:
Are you in EST (gmt -05:00)? If so, the same thing happened to me at nearly the same time.
It looks like a botched CLAMAV update that has hosed Mailscanner somehow. All my MailScanner processes hang at: starting children. Oddly it seems to only have happened to one machine.
Let me know if you have any ideas. I am going to try to completely blow away the clamav database directory and start over there.
Bryan Guest
Bruce Telecom
bryan.guest at gmail.com <mailto:bryan.guest at gmail.com>
Message: 21
Date: Fri, 20 Jul 2007 14:05:56 -0400
From: "Gottschalk, David" <dgottsc at emory.edu<mailto:dgottsc at emory.edu>>
Subject: MailScanner broken suddenly?!?!
To: MailScanner discussion < mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Message-ID:
<8D2EFA3D9FD29C45BCEC3B532F0E2308412E3B3DB6 at RDPEXCH2.Eu.Emory.Edu <mailto:8D2EFA3D9FD29C45BCEC3B532F0E2308412E3B3DB6 at RDPEXCH2.Eu.Emory.Edu> >
Content-Type: text/plain; charset="us-ascii"
I have 5 MailScanner machines.
I had to do some configuration changes, so I restarted them. One of them now appears to be completely hosed. I've checked my configuration, and can't figure out what is going on. I don't see anything wrong at all.
-sh-3.00$ sudo /usr/sbin/MailScanner --lint
Checking version numbers...
Version installed (4.60.8) does not match version stated in
MailScanner.conf file (4.57.6), you may want to run upgrade_MailScanner_conf
to ensure your MailScanner.conf file contains all the latest settings.
Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
Creating hardcoded struct_flock subroutine for linux (Linux-type)
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: bitdefender, clamavmodule
Here is what is going on:
1. MailScanner starts, but just sits there does nothing:
root 22553 1 0 13:58 ? 00:00:00 MailScanner: master waiting for children, sleeping
root 22554 22553 70 13:58 ? 00:00:35 MailScanner: starting children
root 22624 22553 69 13:58 ? 00:00:31 MailScanner: starting children
root 22680 22553 67 13:58 ? 00:00:27 MailScanner: starting children
root 22733 22553 73 13:58 ? 00:00:26 MailScanner: starting children
root 22780 22553 44 13:58 ? 00:00:13 MailScanner: starting children
root 22831 22553 42 13:58 ? 00:00:10 MailScanner: starting children
root 22884 22553 47 13:58 ? 00:00:09 MailScanner: starting children
root 22957 22553 44 13:59 ? 00:00:07 MailScanner: starting children
root 23005 22553 31 13:59 ? 00:00:03 MailScanner: starting children
root 23054 22553 49 13:59 ? 00:00:02 MailScanner: starting children
If I trace a childre process, here is what it is doing over and over:
sudo strace -p 19920
Process 19920 attached - interrupt to quit
read(12, "b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096
read(12, ":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096
read(12, "55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096
read(12, "5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096
read(12, "ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096
read(12, "d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096
read(12, "6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) = 4096
brk(0x4f23000) = 0x4f23000
read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) = 4096
read(12, "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) = 4096
read(12, " n.Downloader-4997\n36864:bcc236c3"..., 4096) = 4096
read(12, "der-5167\n29696:f7d986ddcc013d8e0"..., 4096) = 4096
read(12, "f7e121997:Trojan.Downloader-5070"..., 4096) = 4096
read(12, ".Downloader-5107\n10240:efd91a6ea"..., 4096) = 4096
read(12, "ec7:Trojan.Downloader-4916\n2048:"..., 4096) = 4096
read(12, "nloader-5244\n4768:096cc4cd04d5cf"..., 4096) = 4096
read(12, ":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) = 4096
read(12, "ncos-3342\n377344:04230b7482e189a"..., 4096) = 4096
read(12, "an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) = 4096
read(12, "jan.Bancos-3492\n659968:49df0eba0"..., 4096) = 4096
read(12, "0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) = 4096
read(12, "86:Trojan.Small-1634\n229888:3579"..., 4096) = 4096
read(12, "4d30b8cfcfe247337e424db964d816:T"..., 4096) = 4096
read(12, "576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) = 4096
read(12, "082cd8ac62e6878348b79:Trojan.Ban"..., 4096) = 4096
2. Strangely enough, if I start just MailScanner it works fine (with sendmail not running)
3. If I start MailScanner with sendmail to, it will just hang there as described. If I stop it, the master process dies for MailScanner, but the children hang.
4. I did have this problem, but I resolved it quickly by changing the option in MailScanner.conf to look for *.inc files.
Jul 20 13:28:37 mr1 MailScanner[9747]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist!
Jul 20 13:28:47 mr1 MailScanner[8644]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist!
Any ideas? I'm banging my head.
David Gottschalk
david.gottschalk at emory.edu<mailto:david.gottschalk at emory.edu><mailto:david.gottschalk at emory.edu <mailto:david.gottschalk at emory.edu> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070720/a85cbc37/attachment.html
More information about the MailScanner
mailing list