Postfix + MailScanner : Attachment Filename check problem !!!!
Martin Hepworth
maxsec at gmail.com
Fri Apr 17 16:58:02 IST 2009
Seems there's problems with perl 5.8.9 on FreeBSD - see earlier posts on
installing 5.8.8 from the ports system and using that instead.
2009/4/17 Mãn Từ Ngọc <tungocman at gmail.com>
> Hi everyone!
>
> I have setup an email system use: Postfix + MailScanner 4.67.6 (with
> Perl version 5.008009 (5.8.9)) On FreeBSD 7.1-RELEASE
>
> Postfix run as user postfix
> MailScanner run as user postfix
>
> I config my Mailscanner to deny all attachments which have the filename
> is .exe or .com
>
> Then I test it by sending an email include the attachment which have the
> name is ATF-cleaner.exe,
> but the MailScanner have problem when check the attachment, MailScanner
> report that File checker failed with real error,
> please see the log file below for more information
>
> but if i config MailScanner to run as user root then everything is OK,
> but i really don't want to allow MailScanner to run as user root.
>
> I post all my log file results, and all required information to debug
> below.
>
> Please help me!
> Thanks!
>
> ------------------------
> in my /etc/passwd: I have user root, postfix, clamav, spamd
> in my /etc/group:
> user root is the owner of group wheel
> user postfix, clamav, spamd are the members of group mail
>
> -------------------------
> /var/log/mailog -> MailScanner Log result:
>
> Apr 17 11:46:40 ngthcm MailScanner[99877]: MailScanner E-Mail Virus Scanner
> version 4.67.6 starting...
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Could not read Custom Functions
> directory
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 814 hostnames from the
> phishing whitelist
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 5511 hostnames from the
> phishing blacklist
> Apr 17 11:46:40 ngthcm MailScanner[99877]: SpamAssassin temporary working
> directory is /var/spool/MailScanner/incomingwork/SpamAssassin-Temp
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Using SpamAssassin results cache
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Connected to SpamAssassin cache
> database
> Apr 17 11:46:40 ngthcm MailScanner[99877]: Enabling SpamAssassin
> auto-whitelist functionality...
> Apr 17 11:46:43 ngthcm MailScanner[99863]: Using locktype = flock
> Apr 17 11:46:43 ngthcm MailScanner[99863]: New Batch: Scanning 1 messages,
> 72921 bytes
> Apr 17 11:46:43 ngthcm MailScanner[99863]: SpamAssassin cache hit for
> message AB0264AC26.475FA
> Apr 17 11:46:43 ngthcm MailScanner[99881]: SafePipe in Message.pm :
> /usr/local/bin/unrar v -p-
> '/var/spool/MailScanner/incomingwork/99863/AB0264AC26.475FA/ATF-Cleaner.exe'
> 2>&1 failed with real error: Insecure dependency in exec while running with
> -T switch at /usr/local/lib/MailScanner/MailScanner/Message.pm line 2888.
> Apr 17 11:46:43 ngthcm MailScanner[99881]: Virus and Content Scanning:
> Starting
> Apr 17 11:46:44 ngthcm MailScanner[99881]: Filename Checks:
> (AB0264AC26.475FA ATF-Cleaner.exe)
> Apr 17 11:46:44 ngthcm MailScanner[99883]: File checker failed with real
> error: Insecure dependency in exec while running with -T switch at
> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 356.
>
>
> ------------------------
> /usr/local/etc/MailScanner/MailScanner.conf :
>
> # Configuration directory containing this file
> %etc-dir% = /usr/local/etc/MailScanner
>
> # Set the directory containing all the reports in the required language
> %report-dir% = /usr/local/etc/MailScanner/reports/en
>
> # Rulesets directory containing your ".rules" files
> %rules-dir% = /usr/local/etc/MailScanner/rules
>
> Run As User = postfix
> Run As Group = mail
> Queue Scan Interval = 6
> Incoming Queue Dir = /var/spool/postfix/hold
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Run As User = postfix
> Run As Group = mail
> Incoming Work Dir = /var/spool/MailScanner/incomingwork
> Quarantine Dir = /var/spool/MailScanner/quarantine
> Incoming Work User =
> InComing Work Group =
> Incoming Work Permissions = 0660
> Quarantine User =
> Quarantine Group =
> Quarantine Permissions = 0660
> Allow Filenames =
> Deny Filenames =
> Filenames Rules = %etc-dir%/filename.rules.conf
>
> -----------
> /usr/local/etc/MailScanner/filename.rules.conf
>
> # These 2 added by popular demand - Very often used by viruses
> deny \.com$ Windows/DOS Executable
> deny \.exe$ Windows/DOS Executable
>
> -------------
> ngthcm# ls -l /var/spool/
> drwxrwxr-x 6 postfix mail 512 Apr 17 12:01 MailScanner
> drwxrwxr-x 17 root mail 512 Apr 16 16:38 postfix
>
> ngthcm# ls -l /var/spool/MailScanner/
> -rw------- 1 postfix mail 10240 Apr 17 12:02 SpamAssassin.cache.db
> drwxrwxr-x 11 postfix mail 512 Apr 17 12:02 incomingwork
> drwxrwxr-x 2 postfix mail 512 Apr 17 12:02 lockfile-dir
> drwxrwxr-x 2 postfix mail 512 Apr 13 15:26 quarantine
> drwxrwxr-x 2 postfix mail 512 Apr 16 12:42 spamassassin
>
> ngthcm# ls -l /var/spool/postfix/
> drwx------ 2 postfix mail 512 Apr 17 03:01 .spamassassin
> drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 active
> drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 bounce
> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 corrupt
> drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 defer
> drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 deferred
> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 flush
> drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 hold
> drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 incoming
> drwxrwxr-x 2 postfix maildrop 512 Apr 17 03:01 maildrop
> drwxrwxr-x 2 root mail 512 Apr 6 01:14 pid
> drwxrwxr-x 2 postfix mail 512 Apr 17 11:38 private
> drwxrwxr-x 2 postfix maildrop 512 Apr 17 11:38 public
> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 saved
> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 trace
>
> ngthcm# ls -la /usr/local/lib/MailScanner/MailScanner
> drwxrwxr-x 3 root mail 1024 Apr 9 00:04 .
> drwxrwxr-x 3 root mail 512 Apr 9 00:04 ..
> -r-xr-xr-x 1 root mail 4357 Apr 9 00:04 BinHex.pm
> -r-xr-xr-x 1 root mail 104100 Apr 9 00:04 Config.pm
> -r-xr-xr-x 1 root mail 22104 Apr 9 00:04 ConfigDefs.pl
> -r-xr-xr-x 1 root mail 56745 Apr 9 00:04 CustomConfig.pm
> drwxr-xr-x 2 root mail 512 Apr 9 00:04 CustomFunctions
> -r-xr-xr-x 1 root mail 49221 Apr 9 00:04 Exim.pm
> -r-xr-xr-x 1 root mail 17799 Apr 9 00:04 EximDiskStore.pm
> -r-xr-xr-x 1 root mail 7772 Apr 9 00:04 GenericSpam.pm
> -r-xr-xr-x 1 root mail 12821 Apr 9 00:04 Lock.pm
> -r-xr-xr-x 1 root mail 5128 Apr 9 00:04 Log.pm
> -r-xr-xr-x 1 root mail 17369 Apr 9 00:04 MCP.pm
> -r-xr-xr-x 1 root mail 24524 Apr 9 00:04 MCPMessage.pm
> -r-xr-xr-x 1 root mail 2992 Apr 9 00:04 Mail.pm
> -r-xr-xr-x 1 root mail 273077 Apr 17 00:26 Message.pm
> -r-xr-xr-x 1 root mail 38942 Apr 9 00:04 MessageBatch.pm
> -r-xr-xr-x 1 root mail 27915 Apr 9 00:04 PFDiskStore.pm
> -r-xr-xr-x 1 root mail 65287 Apr 9 00:04 Postfix.pm
> -r-xr-xr-x 1 root mail 14565 Apr 9 00:04 QMDiskStore.pm
> -r-xr-xr-x 1 root mail 28039 Apr 9 00:04 Qmail.pm
> -r-xr-xr-x 1 root mail 8201 Apr 9 00:04 Quarantine.pm
> -r-xr-xr-x 1 root mail 1695 Apr 9 00:04 Queue.pm
> -r-xr-xr-x 1 root mail 9400 Apr 9 00:04 RBLs.pm
> -r-xr-xr-x 1 root mail 44737 Apr 9 00:04 SA.pm
> -r-xr-xr-x 1 root mail 19245 Apr 9 00:04 SMDiskStore.pm
> -r-xr-xr-x 1 root mail 38114 Apr 9 00:04 Sendmail.pm
> -r-xr-xr-x 1 root mail 30229 Apr 9 00:04 SweepContent.pm
> -r-xr-xr-x 1 root mail 27660 Apr 9 00:04 SweepOther.pm
> -r-xr-xr-x 1 root mail 128436 Apr 9 00:04 SweepViruses.pm
> -r-xr-xr-x 1 root mail 1446 Apr 9 00:04 SystemDefs.pm
> -r-xr-xr-x 1 root mail 11895 Apr 9 00:04 TNEF.pm
> -r-xr-xr-x 1 root mail 9840 Apr 9 00:04 WorkArea.pm
> -r-xr-xr-x 1 root mail 15231 Apr 9 00:04 ZMDiskStore.pm
> -r-xr-xr-x 1 root mail 33755 Apr 9 00:04 ZMailer.pm
>
> -------------------------------
> ngthcm# /usr/local/sbin/mailscanner -v
> ]Running on
> FreeBSD ngthcm 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC
> 2009 root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
> This is Perl version 5.008009 (5.8.9)
>
> This is MailScanner version 4.67.6
> Module versions are:
> 1.00 AnyDBM_File
> 1.26 Archive::Zip
> 1.10 Carp
> 2.015 Compress::Zlib
> 1.119 Convert::BinHex
> 2.27 Date::Parse
> 1.02 DirHandle
> 1.06 Fcntl
> 2.77 File::Basename
> 2.13 File::Copy
> 2.01 FileHandle
> 2.07_02 File::Path
> 0.21 File::Temp
> 0.92 Filesys::Df
> 3.60 HTML::Entities
> 3.60 HTML::Parser
> 3.57 HTML::TokeParser
> 1.23 IO
> 1.14 IO::File
> 1.13 IO::Pipe
> 2.04 Mail::Header
> 1.89 Math::BigInt
> 3.07 MIME::Base64
> 5.427 MIME::Decoder
> 5.427 MIME::Decoder::UU
> 5.427 MIME::Head
> 5.427 MIME::Parser
> 3.07 MIME::QuotedPrint
> 5.427 MIME::Tools
> 0.13 Net::CIDR
> 1.15 POSIX
> 1.19 Scalar::Util
> 1.81 Socket
> 1.4 Sys::Hostname::Long
> 0.27 Sys::Syslog
> 1.9719 Time::HiRes
> 1.02 Time::localtime
>
> Optional module versions are:
> 1.46 Archive::Tar
> 0.23 bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.817 DB_File
> 1.14 DBD::SQLite
> 1.607 DBI
> 1.15 Digest
> 1.01 Digest::HMAC
> 2.37 Digest::MD5
> 2.11 Digest::SHA1
> 1.01 Encode::Detect
> 0.17015 Error
> 0.24 ExtUtils::CBuilder
> 2.19 ExtUtils::ParseXS
> 2.37 Getopt::Long
> missing Inline
> 1.08 IO::String
> 1.09 IO::Zlib
> missing IP::Country
> missing Mail::ClamAV
> 3.002005 Mail::SpamAssassin
> v2.006 Mail::SPF
> missing Mail::SPF::Query
> 0.32 Module::Build
> missing Net::CIDR::Lite
> 0.65 Net::DNS
> v0.003 Net::DNS::Resolver::Programmable
> missing Net::LDAP
> 4.024 NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 2.64 Test::Harness
> missing Test::Manifest
> 1.98 Text::Balanced
> 1.37 URI
> 0.76 version
> 0.68 YAML
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
--
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090417/a438e120/attachment-0001.html
More information about the MailScanner
mailing list