Postfix + MailScanner : Attachment Filename check problem !!!!

Man Ngoc what.why.how.2009 at gmail.com
Sun Apr 19 09:57:55 IST 2009


Hi!
   I deinstall the port perl 5.8.9, and then installed the port perl-5.10.0.
Then i also reinstall MailScanner. the installation process is completely
successful. Then i run the command:
   *# /usr/local/sbin/mailscanner --lint*
It print out the results as below:

*IO::Compress::Base::Common version 2.015 required--this is only version
2.008 at /usr/local/lib/perl5/site_perl/5.10.0/Compress/Zlib.pm line 11.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.10.0/Compress/Zlib.pm line 11.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.10.0/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.10.0/Archive/Zip.pm line 11.
Compilation failed in require at
/usr/local/lib/MailScanner/MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at
/usr/local/lib/MailScanner/MailScanner/Message.pm line 48.
Compilation failed in require at /usr/local/sbin/mailscanner line 80.
BEGIN failed--compilation aborted at /usr/local/sbin/mailscanner line 80.*

What is the problem? please help me!

Thanks a lot!

On Sat, Apr 18, 2009 at 12:20 PM, Man Ngoc <what.why.how.2009 at gmail.com>wrote:

>
> Hi Martin!
>      Thanks for your reply, i will try as your idea, then will post the
> results to u soon. Again, thanks for help!
>
>
> On Fri, Apr 17, 2009 at 10:58 PM, Martin Hepworth <maxsec at gmail.com>wrote:
>>
>>> Seems there's problems with perl 5.8.9 on FreeBSD - see earlier posts on
>>> installing 5.8.8 from the ports system and using that instead.
>>>
>>> 2009/4/17 Mãn Từ Ngọc <tungocman at gmail.com>
>>>
>>>> Hi everyone!
>>>>
>>>>    I have setup an email system use: Postfix + MailScanner 4.67.6 (with
>>>> Perl version 5.008009 (5.8.9)) On FreeBSD 7.1-RELEASE
>>>>
>>>>    Postfix run as user postfix
>>>>    MailScanner run as user postfix
>>>>
>>>>    I config my Mailscanner to deny all attachments which have the
>>>> filename is .exe or .com
>>>>
>>>>    Then I test it by sending an email include the attachment which have
>>>> the name is ATF-cleaner.exe,
>>>>    but the MailScanner have problem when check the attachment,
>>>> MailScanner report that File checker failed with real error,
>>>>    please see the log file below for more information
>>>>
>>>>    but if i config MailScanner to run as user root then everything is
>>>> OK,
>>>>    but i really don't want to allow MailScanner to run as user root.
>>>>
>>>>    I post all my log file results, and all required information to debug
>>>> below.
>>>>
>>>> Please help me!
>>>> Thanks!
>>>>
>>>> ------------------------
>>>> in my /etc/passwd:   I have user root, postfix, clamav, spamd
>>>> in my /etc/group:
>>>>    user root is the owner of group wheel
>>>>    user postfix, clamav, spamd are the members of group mail
>>>>
>>>> -------------------------
>>>> /var/log/mailog -> MailScanner Log result:
>>>>
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: MailScanner E-Mail Virus
>>>> Scanner version 4.67.6 starting...
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Could not read Custom
>>>> Functions directory
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 814 hostnames from the
>>>> phishing whitelist
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 5511 hostnames from the
>>>> phishing blacklist
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: SpamAssassin temporary
>>>> working directory is /var/spool/MailScanner/incomingwork/SpamAssassin-Temp
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Using SpamAssassin results
>>>> cache
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Connected to SpamAssassin
>>>> cache database
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Enabling SpamAssassin
>>>> auto-whitelist functionality...
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: Using locktype = flock
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: New Batch: Scanning 1
>>>> messages, 72921 bytes
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: SpamAssassin cache hit for
>>>> message AB0264AC26.475FA
>>>> Apr 17 11:46:43 ngthcm MailScanner[99881]: SafePipe in Message.pm :
>>>> /usr/local/bin/unrar v -p-
>>>> '/var/spool/MailScanner/incomingwork/99863/AB0264AC26.475FA/ATF-Cleaner.exe'
>>>> 2>&1 failed with real error: Insecure dependency in exec while running with
>>>> -T switch at /usr/local/lib/MailScanner/MailScanner/Message.pm line 2888.
>>>> Apr 17 11:46:43 ngthcm MailScanner[99881]: Virus and Content Scanning:
>>>> Starting
>>>> Apr 17 11:46:44 ngthcm MailScanner[99881]: Filename Checks:
>>>> (AB0264AC26.475FA ATF-Cleaner.exe)
>>>> Apr 17 11:46:44 ngthcm MailScanner[99883]: File checker failed with real
>>>> error: Insecure dependency in exec while running with -T switch at
>>>> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 356.
>>>>
>>>>
>>>> ------------------------
>>>> /usr/local/etc/MailScanner/MailScanner.conf :
>>>>
>>>> # Configuration directory containing this file
>>>> %etc-dir% = /usr/local/etc/MailScanner
>>>>
>>>> # Set the directory containing all the reports in the required language
>>>> %report-dir% = /usr/local/etc/MailScanner/reports/en
>>>>
>>>> # Rulesets directory containing your ".rules" files
>>>> %rules-dir% = /usr/local/etc/MailScanner/rules
>>>>
>>>> Run As User = postfix
>>>> Run As Group = mail
>>>> Queue Scan Interval = 6
>>>> Incoming Queue Dir = /var/spool/postfix/hold
>>>> Outgoing Queue Dir = /var/spool/postfix/incoming
>>>> Run As User = postfix
>>>> Run As Group = mail
>>>> Incoming Work Dir = /var/spool/MailScanner/incomingwork
>>>> Quarantine Dir = /var/spool/MailScanner/quarantine
>>>> Incoming Work User =
>>>> InComing Work Group =
>>>> Incoming Work Permissions = 0660
>>>> Quarantine User =
>>>> Quarantine Group =
>>>> Quarantine Permissions = 0660
>>>> Allow Filenames =
>>>> Deny Filenames =
>>>> Filenames Rules = %etc-dir%/filename.rules.conf
>>>>
>>>> -----------
>>>> /usr/local/etc/MailScanner/filename.rules.conf
>>>>
>>>> # These 2 added by popular demand - Very often used by viruses
>>>> deny    \.com$          Windows/DOS Executable
>>>> deny    \.exe$          Windows/DOS Executable
>>>>
>>>> -------------
>>>> ngthcm# ls -l /var/spool/
>>>> drwxrwxr-x   6 postfix  mail    512 Apr 17 12:01 MailScanner
>>>> drwxrwxr-x  17 root     mail    512 Apr 16 16:38 postfix
>>>>
>>>> ngthcm# ls -l /var/spool/MailScanner/
>>>> -rw-------   1 postfix  mail  10240 Apr 17 12:02 SpamAssassin.cache.db
>>>> drwxrwxr-x  11 postfix  mail    512 Apr 17 12:02 incomingwork
>>>> drwxrwxr-x   2 postfix  mail    512 Apr 17 12:02 lockfile-dir
>>>> drwxrwxr-x   2 postfix  mail    512 Apr 13 15:26 quarantine
>>>> drwxrwxr-x   2 postfix  mail    512 Apr 16 12:42 spamassassin
>>>>
>>>> ngthcm# ls -l /var/spool/postfix/
>>>> drwx------   2 postfix  mail      512 Apr 17 03:01 .spamassassin
>>>> drwxrwxr-x   2 postfix  mail      512 Apr 17 11:23 active
>>>> drwxrwxr-x   2 postfix  mail      512 Apr 17 11:23 bounce
>>>> drwxrwxr-x   2 postfix  mail      512 Feb 18 18:06 corrupt
>>>> drwxrwxr-x  14 postfix  mail      512 Apr  9 23:28 defer
>>>> drwxrwxr-x  14 postfix  mail      512 Apr  9 23:28 deferred
>>>> drwxrwxr-x   2 postfix  mail      512 Feb 18 18:06 flush
>>>> drwxrwxr-x   2 postfix  mail      512 Apr 17 11:25 hold
>>>> drwxrwxr-x   2 postfix  mail      512 Apr 17 11:25 incoming
>>>> drwxrwxr-x   2 postfix  maildrop  512 Apr 17 03:01 maildrop
>>>> drwxrwxr-x   2 root     mail      512 Apr  6 01:14 pid
>>>> drwxrwxr-x   2 postfix  mail      512 Apr 17 11:38 private
>>>> drwxrwxr-x   2 postfix  maildrop  512 Apr 17 11:38 public
>>>> drwxrwxr-x   2 postfix  mail      512 Feb 18 18:06 saved
>>>> drwxrwxr-x   2 postfix  mail      512 Feb 18 18:06 trace
>>>>
>>>> ngthcm# ls -la /usr/local/lib/MailScanner/MailScanner
>>>> drwxrwxr-x  3 root  mail    1024 Apr  9 00:04 .
>>>> drwxrwxr-x  3 root  mail     512 Apr  9 00:04 ..
>>>> -r-xr-xr-x  1 root  mail    4357 Apr  9 00:04 BinHex.pm
>>>> -r-xr-xr-x  1 root  mail  104100 Apr  9 00:04 Config.pm
>>>> -r-xr-xr-x  1 root  mail   22104 Apr  9 00:04 ConfigDefs.pl
>>>> -r-xr-xr-x  1 root  mail   56745 Apr  9 00:04 CustomConfig.pm
>>>> drwxr-xr-x  2 root  mail     512 Apr  9 00:04 CustomFunctions
>>>> -r-xr-xr-x  1 root  mail   49221 Apr  9 00:04 Exim.pm
>>>> -r-xr-xr-x  1 root  mail   17799 Apr  9 00:04 EximDiskStore.pm
>>>> -r-xr-xr-x  1 root  mail    7772 Apr  9 00:04 GenericSpam.pm
>>>> -r-xr-xr-x  1 root  mail   12821 Apr  9 00:04 Lock.pm
>>>> -r-xr-xr-x  1 root  mail    5128 Apr  9 00:04 Log.pm
>>>> -r-xr-xr-x  1 root  mail   17369 Apr  9 00:04 MCP.pm
>>>> -r-xr-xr-x  1 root  mail   24524 Apr  9 00:04 MCPMessage.pm
>>>> -r-xr-xr-x  1 root  mail    2992 Apr  9 00:04 Mail.pm
>>>> -r-xr-xr-x  1 root  mail  273077 Apr 17 00:26 Message.pm
>>>> -r-xr-xr-x  1 root  mail   38942 Apr  9 00:04 MessageBatch.pm
>>>> -r-xr-xr-x  1 root  mail   27915 Apr  9 00:04 PFDiskStore.pm
>>>> -r-xr-xr-x  1 root  mail   65287 Apr  9 00:04 Postfix.pm
>>>> -r-xr-xr-x  1 root  mail   14565 Apr  9 00:04 QMDiskStore.pm
>>>> -r-xr-xr-x  1 root  mail   28039 Apr  9 00:04 Qmail.pm
>>>> -r-xr-xr-x  1 root  mail    8201 Apr  9 00:04 Quarantine.pm
>>>> -r-xr-xr-x  1 root  mail    1695 Apr  9 00:04 Queue.pm
>>>> -r-xr-xr-x  1 root  mail    9400 Apr  9 00:04 RBLs.pm
>>>> -r-xr-xr-x  1 root  mail   44737 Apr  9 00:04 SA.pm
>>>> -r-xr-xr-x  1 root  mail   19245 Apr  9 00:04 SMDiskStore.pm
>>>> -r-xr-xr-x  1 root  mail   38114 Apr  9 00:04 Sendmail.pm
>>>> -r-xr-xr-x  1 root  mail   30229 Apr  9 00:04 SweepContent.pm
>>>> -r-xr-xr-x  1 root  mail   27660 Apr  9 00:04 SweepOther.pm
>>>> -r-xr-xr-x  1 root  mail  128436 Apr  9 00:04 SweepViruses.pm
>>>> -r-xr-xr-x  1 root  mail    1446 Apr  9 00:04 SystemDefs.pm
>>>> -r-xr-xr-x  1 root  mail   11895 Apr  9 00:04 TNEF.pm
>>>> -r-xr-xr-x  1 root  mail    9840 Apr  9 00:04 WorkArea.pm
>>>> -r-xr-xr-x  1 root  mail   15231 Apr  9 00:04 ZMDiskStore.pm
>>>> -r-xr-xr-x  1 root  mail   33755 Apr  9 00:04 ZMailer.pm
>>>>
>>>> -------------------------------
>>>> ngthcm# /usr/local/sbin/mailscanner -v
>>>> ]Running on
>>>> FreeBSD ngthcm 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1 14:37:25
>>>> UTC 2009     root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
>>>> i386
>>>> This is Perl version 5.008009 (5.8.9)
>>>>
>>>> This is MailScanner version 4.67.6
>>>> Module versions are:
>>>> 1.00    AnyDBM_File
>>>> 1.26    Archive::Zip
>>>> 1.10    Carp
>>>> 2.015   Compress::Zlib
>>>> 1.119   Convert::BinHex
>>>> 2.27    Date::Parse
>>>> 1.02    DirHandle
>>>> 1.06    Fcntl
>>>> 2.77    File::Basename
>>>> 2.13    File::Copy
>>>> 2.01    FileHandle
>>>> 2.07_02 File::Path
>>>> 0.21    File::Temp
>>>> 0.92    Filesys::Df
>>>> 3.60    HTML::Entities
>>>> 3.60    HTML::Parser
>>>> 3.57    HTML::TokeParser
>>>> 1.23    IO
>>>> 1.14    IO::File
>>>> 1.13    IO::Pipe
>>>> 2.04    Mail::Header
>>>> 1.89    Math::BigInt
>>>> 3.07    MIME::Base64
>>>> 5.427   MIME::Decoder
>>>> 5.427   MIME::Decoder::UU
>>>> 5.427   MIME::Head
>>>> 5.427   MIME::Parser
>>>> 3.07    MIME::QuotedPrint
>>>> 5.427   MIME::Tools
>>>> 0.13    Net::CIDR
>>>> 1.15    POSIX
>>>> 1.19    Scalar::Util
>>>> 1.81    Socket
>>>> 1.4     Sys::Hostname::Long
>>>> 0.27    Sys::Syslog
>>>> 1.9719  Time::HiRes
>>>> 1.02    Time::localtime
>>>>
>>>> Optional module versions are:
>>>> 1.46    Archive::Tar
>>>> 0.23    bignum
>>>> missing Business::ISBN
>>>> missing Business::ISBN::Data
>>>> missing Data::Dump
>>>> 1.817   DB_File
>>>> 1.14    DBD::SQLite
>>>> 1.607   DBI
>>>> 1.15    Digest
>>>> 1.01    Digest::HMAC
>>>> 2.37    Digest::MD5
>>>> 2.11    Digest::SHA1
>>>> 1.01    Encode::Detect
>>>> 0.17015 Error
>>>> 0.24    ExtUtils::CBuilder
>>>> 2.19    ExtUtils::ParseXS
>>>> 2.37    Getopt::Long
>>>> missing Inline
>>>> 1.08    IO::String
>>>> 1.09    IO::Zlib
>>>> missing IP::Country
>>>> missing Mail::ClamAV
>>>> 3.002005        Mail::SpamAssassin
>>>> v2.006  Mail::SPF
>>>> missing Mail::SPF::Query
>>>> 0.32    Module::Build
>>>> missing Net::CIDR::Lite
>>>> 0.65    Net::DNS
>>>> v0.003  Net::DNS::Resolver::Programmable
>>>> missing Net::LDAP
>>>>  4.024  NetAddr::IP
>>>> missing Parse::RecDescent
>>>> missing SAVI
>>>> 2.64    Test::Harness
>>>> missing Test::Manifest
>>>> 1.98    Text::Balanced
>>>> 1.37    URI
>>>> 0.76    version
>>>> 0.68    YAML
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Oxford, UK
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090419/45b30f67/attachment.html


More information about the MailScanner mailing list