Hugo van der Kooij hvdkooij at
Sun Sep 14 16:04:22 IST 2008

Hash: SHA1

Alex Broens wrote:
> On 9/14/2008 3:40 PM, Glenn Steen wrote:
>> 2008/9/14 Hugo van der Kooij <hvdkooij at>:
>>> Hash: SHA1
>>> Alex Broens wrote:
>>>> On 9/14/2008 1:04 PM, Glenn Steen wrote:
>>>>> Yes, well... they seem to be indacations of the same thing. So far
>>>>> only observed on CentOS 5.2 boxes (I've had reports that it's working
>>>>> OK on Slackware as well as Mandriva).
>>>> Centos 4.x and older MS release as well (most of my production boxes)
>>> Alex can you compare the list of packages on Centos 4 and Centos 5?
>>> Could this be a revival of past issues with the perl-IO module?
>> Yes, it very much could.
>> Then again, I'm not sure exactly what is happening... I suspect even
>> Jules is a tad baffled here:-).
>>>>> The problem is that the "exploding" of the message as read from the
>>>>> queue file fails. It simply returns nothing.
>>>> so that's the bug...
>>> What would it take to write a seperate program that calls upon the
>>> MailScanner code and compare the MailScanner results against postcat?
>> Pretty much writing MailScanner for a singel thread....;-). IMO it's
>> not that easily separable. Much easier to just ... put some serious
>> debug "breakpoints" and printouts at various stages, then running a
>> single batch with a singel queue file.
>> Which is pretty much what I did on my systems.
>>> That way we can find a set of sample queue files to work on and the
>>> difference might tell us why it does not work all the time.
>> On my systems it did just work, with or without debug code. With Alex
>> "bad" files.
>> One thing I noted about the quarantined messages on Alex box was that
>> they all lacked the message file... Similar infections on my box all
>> have trhe expected message, zip-file and executable in the quarantine
>> dir. So this is an easy thing to look for, for all youfollowing this
>> thread. If you have virus quarantine directories lacking the message
>> file (provided you do as Alex and I, and don't quarantine the complete
>> queue file!), then you probably suffer from the attachment exploding
>> problem.
>> If you do, it would be interresting to see if it is, as I suspect,
>> solely a CentOS 5.2 (or RHEL) problem.
> I can quarantine the whole file.. I thought I was....
> what have I done wrong?

Just to compare note from the MailScanner -c output.

I noticed these lines:

Option Name                        Default        Current Value
clamavfullmessagescan              no             yes
logsilentviruses                   no             yes
monitorsforclamavupdates           /usr/local/share/clamav/*.cvd
/var/clamav/*.cld /var/clamav/*.cvd
mta                                sendmail       postfix
quarantinesilentviruses            no             yes
virusscanners                      auto           clamav mcafee avastd
virusscanning                      yes            RULESET:Default=yes

I also happen to notice there are no ClamAV warnings. I would have
expected them on at least some of them that were detected by both Avast
and McAfee.

So I think I happen to have an issue with ClamAV I need to sort out. Not
sure what as all the usual suspects turn out to be clean.


- --
hvdkooij at     

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on and rate those images.

Version: GnuPG v1.4.7 (GNU/Linux)


More information about the MailScanner mailing list