Postfix + MailScanner : Attachment Filename check problem !!!!
Man Ngoc
what.why.how.2009 at gmail.com
Sun Apr 19 10:10:40 IST 2009
Hi!
I deinstall the port perl 5.8.9, and then installed the port perl-5.10.0.
Then i also reinstall MailScanner. the installation process is completely
successful. Then i run the command:
*# /usr/local/sbin/mailscanner --lint*
It print out the results as below:
*IO::Compress::Base::Common version 2.015 required--this is only version
2.008 at /usr/local/lib/perl5/site_perl/5.10.0/Compress/Zlib.pm line 11.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.10.0/Compress/Zlib.pm line 11.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.10.0/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.10.0/Archive/Zip.pm line 11.
Compilation failed in require at
/usr/local/lib/MailScanner/MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at
/usr/local/lib/MailScanner/MailScanner/Message.pm line 48.
Compilation failed in require at /usr/local/sbin/mailscanner line 80.
BEGIN failed--compilation aborted at /usr/local/sbin/mailscanner line 80.*
What is the problem? please help me!
Thanks a lot!
On Sat, Apr 18, 2009 at 12:20 PM, Man Ngoc <what.why.how.2009 at gmail.com>wrote:
>
> Hi Martin!
> Thanks for your reply, i will try as your idea, then will post the
> results to u soon. Again, thanks for help!
>
>
> On Fri, Apr 17, 2009 at 10:58 PM, Martin Hepworth <maxsec at gmail.com>wrote:
>>
>>> Seems there's problems with perl 5.8.9 on FreeBSD - see earlier posts on
>>> installing 5.8.8 from the ports system and using that instead.
>>>
>>> 2009/4/17 Mãn Từ Ngọc <tungocman at gmail.com>
>>>
>>>> Hi everyone!
>>>>
>>>> I have setup an email system use: Postfix + MailScanner 4.67.6 (with
>>>> Perl version 5.008009 (5.8.9)) On FreeBSD 7.1-RELEASE
>>>>
>>>> Postfix run as user postfix
>>>> MailScanner run as user postfix
>>>>
>>>> I config my Mailscanner to deny all attachments which have the
>>>> filename is .exe or .com
>>>>
>>>> Then I test it by sending an email include the attachment which have
>>>> the name is ATF-cleaner.exe,
>>>> but the MailScanner have problem when check the attachment,
>>>> MailScanner report that File checker failed with real error,
>>>> please see the log file below for more information
>>>>
>>>> but if i config MailScanner to run as user root then everything is
>>>> OK,
>>>> but i really don't want to allow MailScanner to run as user root.
>>>>
>>>> I post all my log file results, and all required information to debug
>>>> below.
>>>>
>>>> Please help me!
>>>> Thanks!
>>>>
>>>> ------------------------
>>>> in my /etc/passwd: I have user root, postfix, clamav, spamd
>>>> in my /etc/group:
>>>> user root is the owner of group wheel
>>>> user postfix, clamav, spamd are the members of group mail
>>>>
>>>> -------------------------
>>>> /var/log/mailog -> MailScanner Log result:
>>>>
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: MailScanner E-Mail Virus
>>>> Scanner version 4.67.6 starting...
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Could not read Custom
>>>> Functions directory
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 814 hostnames from the
>>>> phishing whitelist
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 5511 hostnames from the
>>>> phishing blacklist
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: SpamAssassin temporary
>>>> working directory is /var/spool/MailScanner/incomingwork/SpamAssassin-Temp
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Using SpamAssassin results
>>>> cache
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Connected to SpamAssassin
>>>> cache database
>>>> Apr 17 11:46:40 ngthcm MailScanner[99877]: Enabling SpamAssassin
>>>> auto-whitelist functionality...
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: Using locktype = flock
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: New Batch: Scanning 1
>>>> messages, 72921 bytes
>>>> Apr 17 11:46:43 ngthcm MailScanner[99863]: SpamAssassin cache hit for
>>>> message AB0264AC26.475FA
>>>> Apr 17 11:46:43 ngthcm MailScanner[99881]: SafePipe in Message.pm :
>>>> /usr/local/bin/unrar v -p-
>>>> '/var/spool/MailScanner/incomingwork/99863/AB0264AC26.475FA/ATF-Cleaner.exe'
>>>> 2>&1 failed with real error: Insecure dependency in exec while running with
>>>> -T switch at /usr/local/lib/MailScanner/MailScanner/Message.pm line 2888.
>>>> Apr 17 11:46:43 ngthcm MailScanner[99881]: Virus and Content Scanning:
>>>> Starting
>>>> Apr 17 11:46:44 ngthcm MailScanner[99881]: Filename Checks:
>>>> (AB0264AC26.475FA ATF-Cleaner.exe)
>>>> Apr 17 11:46:44 ngthcm MailScanner[99883]: File checker failed with real
>>>> error: Insecure dependency in exec while running with -T switch at
>>>> /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 356.
>>>>
>>>>
>>>> ------------------------
>>>> /usr/local/etc/MailScanner/MailScanner.conf :
>>>>
>>>> # Configuration directory containing this file
>>>> %etc-dir% = /usr/local/etc/MailScanner
>>>>
>>>> # Set the directory containing all the reports in the required language
>>>> %report-dir% = /usr/local/etc/MailScanner/reports/en
>>>>
>>>> # Rulesets directory containing your ".rules" files
>>>> %rules-dir% = /usr/local/etc/MailScanner/rules
>>>>
>>>> Run As User = postfix
>>>> Run As Group = mail
>>>> Queue Scan Interval = 6
>>>> Incoming Queue Dir = /var/spool/postfix/hold
>>>> Outgoing Queue Dir = /var/spool/postfix/incoming
>>>> Run As User = postfix
>>>> Run As Group = mail
>>>> Incoming Work Dir = /var/spool/MailScanner/incomingwork
>>>> Quarantine Dir = /var/spool/MailScanner/quarantine
>>>> Incoming Work User =
>>>> InComing Work Group =
>>>> Incoming Work Permissions = 0660
>>>> Quarantine User =
>>>> Quarantine Group =
>>>> Quarantine Permissions = 0660
>>>> Allow Filenames =
>>>> Deny Filenames =
>>>> Filenames Rules = %etc-dir%/filename.rules.conf
>>>>
>>>> -----------
>>>> /usr/local/etc/MailScanner/filename.rules.conf
>>>>
>>>> # These 2 added by popular demand - Very often used by viruses
>>>> deny \.com$ Windows/DOS Executable
>>>> deny \.exe$ Windows/DOS Executable
>>>>
>>>> -------------
>>>> ngthcm# ls -l /var/spool/
>>>> drwxrwxr-x 6 postfix mail 512 Apr 17 12:01 MailScanner
>>>> drwxrwxr-x 17 root mail 512 Apr 16 16:38 postfix
>>>>
>>>> ngthcm# ls -l /var/spool/MailScanner/
>>>> -rw------- 1 postfix mail 10240 Apr 17 12:02 SpamAssassin.cache.db
>>>> drwxrwxr-x 11 postfix mail 512 Apr 17 12:02 incomingwork
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 12:02 lockfile-dir
>>>> drwxrwxr-x 2 postfix mail 512 Apr 13 15:26 quarantine
>>>> drwxrwxr-x 2 postfix mail 512 Apr 16 12:42 spamassassin
>>>>
>>>> ngthcm# ls -l /var/spool/postfix/
>>>> drwx------ 2 postfix mail 512 Apr 17 03:01 .spamassassin
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 active
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 bounce
>>>> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 corrupt
>>>> drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 defer
>>>> drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 deferred
>>>> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 flush
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 hold
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 incoming
>>>> drwxrwxr-x 2 postfix maildrop 512 Apr 17 03:01 maildrop
>>>> drwxrwxr-x 2 root mail 512 Apr 6 01:14 pid
>>>> drwxrwxr-x 2 postfix mail 512 Apr 17 11:38 private
>>>> drwxrwxr-x 2 postfix maildrop 512 Apr 17 11:38 public
>>>> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 saved
>>>> drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 trace
>>>>
>>>> ngthcm# ls -la /usr/local/lib/MailScanner/MailScanner
>>>> drwxrwxr-x 3 root mail 1024 Apr 9 00:04 .
>>>> drwxrwxr-x 3 root mail 512 Apr 9 00:04 ..
>>>> -r-xr-xr-x 1 root mail 4357 Apr 9 00:04 BinHex.pm
>>>> -r-xr-xr-x 1 root mail 104100 Apr 9 00:04 Config.pm
>>>> -r-xr-xr-x 1 root mail 22104 Apr 9 00:04 ConfigDefs.pl
>>>> -r-xr-xr-x 1 root mail 56745 Apr 9 00:04 CustomConfig.pm
>>>> drwxr-xr-x 2 root mail 512 Apr 9 00:04 CustomFunctions
>>>> -r-xr-xr-x 1 root mail 49221 Apr 9 00:04 Exim.pm
>>>> -r-xr-xr-x 1 root mail 17799 Apr 9 00:04 EximDiskStore.pm
>>>> -r-xr-xr-x 1 root mail 7772 Apr 9 00:04 GenericSpam.pm
>>>> -r-xr-xr-x 1 root mail 12821 Apr 9 00:04 Lock.pm
>>>> -r-xr-xr-x 1 root mail 5128 Apr 9 00:04 Log.pm
>>>> -r-xr-xr-x 1 root mail 17369 Apr 9 00:04 MCP.pm
>>>> -r-xr-xr-x 1 root mail 24524 Apr 9 00:04 MCPMessage.pm
>>>> -r-xr-xr-x 1 root mail 2992 Apr 9 00:04 Mail.pm
>>>> -r-xr-xr-x 1 root mail 273077 Apr 17 00:26 Message.pm
>>>> -r-xr-xr-x 1 root mail 38942 Apr 9 00:04 MessageBatch.pm
>>>> -r-xr-xr-x 1 root mail 27915 Apr 9 00:04 PFDiskStore.pm
>>>> -r-xr-xr-x 1 root mail 65287 Apr 9 00:04 Postfix.pm
>>>> -r-xr-xr-x 1 root mail 14565 Apr 9 00:04 QMDiskStore.pm
>>>> -r-xr-xr-x 1 root mail 28039 Apr 9 00:04 Qmail.pm
>>>> -r-xr-xr-x 1 root mail 8201 Apr 9 00:04 Quarantine.pm
>>>> -r-xr-xr-x 1 root mail 1695 Apr 9 00:04 Queue.pm
>>>> -r-xr-xr-x 1 root mail 9400 Apr 9 00:04 RBLs.pm
>>>> -r-xr-xr-x 1 root mail 44737 Apr 9 00:04 SA.pm
>>>> -r-xr-xr-x 1 root mail 19245 Apr 9 00:04 SMDiskStore.pm
>>>> -r-xr-xr-x 1 root mail 38114 Apr 9 00:04 Sendmail.pm
>>>> -r-xr-xr-x 1 root mail 30229 Apr 9 00:04 SweepContent.pm
>>>> -r-xr-xr-x 1 root mail 27660 Apr 9 00:04 SweepOther.pm
>>>> -r-xr-xr-x 1 root mail 128436 Apr 9 00:04 SweepViruses.pm
>>>> -r-xr-xr-x 1 root mail 1446 Apr 9 00:04 SystemDefs.pm
>>>> -r-xr-xr-x 1 root mail 11895 Apr 9 00:04 TNEF.pm
>>>> -r-xr-xr-x 1 root mail 9840 Apr 9 00:04 WorkArea.pm
>>>> -r-xr-xr-x 1 root mail 15231 Apr 9 00:04 ZMDiskStore.pm
>>>> -r-xr-xr-x 1 root mail 33755 Apr 9 00:04 ZMailer.pm
>>>>
>>>> -------------------------------
>>>> ngthcm# /usr/local/sbin/mailscanner -v
>>>> ]Running on
>>>> FreeBSD ngthcm 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25
>>>> UTC 2009 root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
>>>> i386
>>>> This is Perl version 5.008009 (5.8.9)
>>>>
>>>> This is MailScanner version 4.67.6
>>>> Module versions are:
>>>> 1.00 AnyDBM_File
>>>> 1.26 Archive::Zip
>>>> 1.10 Carp
>>>> 2.015 Compress::Zlib
>>>> 1.119 Convert::BinHex
>>>> 2.27 Date::Parse
>>>> 1.02 DirHandle
>>>> 1.06 Fcntl
>>>> 2.77 File::Basename
>>>> 2.13 File::Copy
>>>> 2.01 FileHandle
>>>> 2.07_02 File::Path
>>>> 0.21 File::Temp
>>>> 0.92 Filesys::Df
>>>> 3.60 HTML::Entities
>>>> 3.60 HTML::Parser
>>>> 3.57 HTML::TokeParser
>>>> 1.23 IO
>>>> 1.14 IO::File
>>>> 1.13 IO::Pipe
>>>> 2.04 Mail::Header
>>>> 1.89 Math::BigInt
>>>> 3.07 MIME::Base64
>>>> 5.427 MIME::Decoder
>>>> 5.427 MIME::Decoder::UU
>>>> 5.427 MIME::Head
>>>> 5.427 MIME::Parser
>>>> 3.07 MIME::QuotedPrint
>>>> 5.427 MIME::Tools
>>>> 0.13 Net::CIDR
>>>> 1.15 POSIX
>>>> 1.19 Scalar::Util
>>>> 1.81 Socket
>>>> 1.4 Sys::Hostname::Long
>>>> 0.27 Sys::Syslog
>>>> 1.9719 Time::HiRes
>>>> 1.02 Time::localtime
>>>>
>>>> Optional module versions are:
>>>> 1.46 Archive::Tar
>>>> 0.23 bignum
>>>> missing Business::ISBN
>>>> missing Business::ISBN::Data
>>>> missing Data::Dump
>>>> 1.817 DB_File
>>>> 1.14 DBD::SQLite
>>>> 1.607 DBI
>>>> 1.15 Digest
>>>> 1.01 Digest::HMAC
>>>> 2.37 Digest::MD5
>>>> 2.11 Digest::SHA1
>>>> 1.01 Encode::Detect
>>>> 0.17015 Error
>>>> 0.24 ExtUtils::CBuilder
>>>> 2.19 ExtUtils::ParseXS
>>>> 2.37 Getopt::Long
>>>> missing Inline
>>>> 1.08 IO::String
>>>> 1.09 IO::Zlib
>>>> missing IP::Country
>>>> missing Mail::ClamAV
>>>> 3.002005 Mail::SpamAssassin
>>>> v2.006 Mail::SPF
>>>> missing Mail::SPF::Query
>>>> 0.32 Module::Build
>>>> missing Net::CIDR::Lite
>>>> 0.65 Net::DNS
>>>> v0.003 Net::DNS::Resolver::Programmable
>>>> missing Net::LDAP
>>>> 4.024 NetAddr::IP
>>>> missing Parse::RecDescent
>>>> missing SAVI
>>>> 2.64 Test::Harness
>>>> missing Test::Manifest
>>>> 1.98 Text::Balanced
>>>> 1.37 URI
>>>> 0.76 version
>>>> 0.68 YAML
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Oxford, UK
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090419/46c6f934/attachment-0001.html
More information about the MailScanner
mailing list