F-prot-6 and W32/Netsky cause MailScanner to crash
Le Vu
lev.fpt at gmail.com
Thu Dec 17 09:53:14 GMT 2009
Hi,
I have a MailScanner installation stable for months (without
antivirus). Yesterday I installed and enabled f-prot-6 and MailScanner
report several crashes when it detected some W32/Netsky viruses.
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: Making attempt 6 at
processing message 1C6D718D000A.A7A10
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: New Batch: Found 26
messages waiting
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: New Batch: Forwarding 3
unscanned messages, 72121 bytes
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: Virus and Content
Scanning: Starting
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: [Found virus]
<W32/Netsky.Q at mm> ./1C6D718D000A.A7A10/message.pif
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: [Found exploit]
<HTML/IFrame (exact)> ./1C6D718D000A.A7A10/msg-16347-96.html
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Found spam-virus in
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Virus Scanning: F-Prot6
found 1 infections
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Virus Scanning: Found 1 viruses
=> the MailScanner procces crash here
I have the virus scanning enabled only for two internal hosts, and the
message cause MailScanner crash is from other hosts.
It would be appreciated if anyone show me how to debug the with these message.
Thanks,
Vu
----------------------------------------------------
MailScanner.conf
Virus Scanning = %rules-dir%/virus.scanning.rules
virus.scanning.rules:
From: xxx.245.0.150 yes
From: xxx.245.0.151 yes
FromOrTo: default no
Process MailScanner[16347] log
http://pastebin.com/m246a3dc
Message attempted to kill MailScanner log:
http://pastebin.com/m3c7131b7
/var/log/message
http://pastebin.com/m10325826
Sample message
http://pastebin.com/m18da87f3
More information about the MailScanner
mailing list