Alex Broens ms-list at
Sun Sep 14 18:00:32 IST 2008

On 9/14/2008 5:29 PM, Glenn Steen wrote:
> 2008/9/14 Alex Broens <ms-list at>:
>> On 9/14/2008 3:40 PM, Glenn Steen wrote:
>>> 2008/9/14 Hugo van der Kooij <hvdkooij at>:
>>>> Hash: SHA1
>>>> Alex Broens wrote:
>>>>> On 9/14/2008 1:04 PM, Glenn Steen wrote:
>>>>>> Yes, well... they seem to be indacations of the same thing. So far
>>>>>> only observed on CentOS 5.2 boxes (I've had reports that it's working
>>>>>> OK on Slackware as well as Mandriva).
>>>>> Centos 4.x and older MS release as well (most of my production boxes)
>>>> Alex can you compare the list of packages on Centos 4 and Centos 5?
>>>> Could this be a revival of past issues with the perl-IO module?
>>> Yes, it very much could.
>>> Then again, I'm not sure exactly what is happening... I suspect even
>>> Jules is a tad baffled here:-).
>>>>>> The problem is that the "exploding" of the message as read from the
>>>>>> queue file fails. It simply returns nothing.
>>>>> so that's the bug...
>>>> What would it take to write a seperate program that calls upon the
>>>> MailScanner code and compare the MailScanner results against postcat?
>>> Pretty much writing MailScanner for a singel thread....;-). IMO it's
>>> not that easily separable. Much easier to just ... put some serious
>>> debug "breakpoints" and printouts at various stages, then running a
>>> single batch with a singel queue file.
>>> Which is pretty much what I did on my systems.
>>>> That way we can find a set of sample queue files to work on and the
>>>> difference might tell us why it does not work all the time.
>>> On my systems it did just work, with or without debug code. With Alex
>>> "bad" files.
>>> One thing I noted about the quarantined messages on Alex box was that
>>> they all lacked the message file... Similar infections on my box all
>>> have trhe expected message, zip-file and executable in the quarantine
>>> dir. So this is an easy thing to look for, for all youfollowing this
>>> thread. If you have virus quarantine directories lacking the message
>>> file (provided you do as Alex and I, and don't quarantine the complete
>>> queue file!), then you probably suffer from the attachment exploding
>>> problem.
>>> If you do, it would be interresting to see if it is, as I suspect,
>>> solely a CentOS 5.2 (or RHEL) problem.
>> I can quarantine the whole file.. I thought I was....
>> what have I done wrong?
>> Alex
> MailWatch demands that it gets quarantined as the RFC822-decoded file,
> not the queue file. Since your spam quarantine contained that, I drew
> that conclusion... is all;)

ya jumped to conclusions a bit too fast?  :-)

I was storing in Q file format to do the debugging
- test box - no real users behind it - just a trap feed for a little BL 
I contribute to .-)

> Nothing wrong, so to speak, apart from the message exploding thing.
I didn't make them explode right.. yes... aaaaaaaaaaaall my fault.

more beeeeeeeeeeeeeeeeeeeeeer, less bugs!


More information about the MailScanner mailing list