F-prot-6 and W32/Netsky cause MailScanner to crash

Le Vu lev.fpt at gmail.com
Thu Dec 17 09:53:14 GMT 2009


Hi,

I have a MailScanner installation stable for months (without
antivirus). Yesterday I installed and enabled f-prot-6 and MailScanner
report several crashes when it detected some W32/Netsky viruses.

Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: Making attempt 6 at
processing message 1C6D718D000A.A7A10
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: New Batch: Found 26
messages waiting
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: New Batch: Forwarding 3
unscanned messages, 72121 bytes
Dec 17 14:25:31 ISP-MTA1 MailScanner[16347]: Virus and Content
Scanning: Starting
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: [Found virus]
<W32/Netsky.Q at mm> ./1C6D718D000A.A7A10/message.pif
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: [Found exploit]
<HTML/IFrame (exact)> ./1C6D718D000A.A7A10/msg-16347-96.html
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Found spam-virus  in
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Virus Scanning: F-Prot6
found 1 infections
Dec 17 14:25:33 ISP-MTA1 MailScanner[16347]: Virus Scanning: Found 1 viruses

=> the MailScanner procces crash here

I have the virus scanning enabled only for two internal hosts, and the
message cause MailScanner crash is from other hosts.

It would be appreciated if anyone show me how to debug the with these message.

Thanks,
Vu

----------------------------------------------------

MailScanner.conf
Virus Scanning = %rules-dir%/virus.scanning.rules

virus.scanning.rules:
From:   xxx.245.0.150   yes
From:   xxx.245.0.151   yes
FromOrTo:       default         no


Process MailScanner[16347] log
http://pastebin.com/m246a3dc

Message attempted to kill MailScanner log:
http://pastebin.com/m3c7131b7

/var/log/message
http://pastebin.com/m10325826

Sample message
http://pastebin.com/m18da87f3


More information about the MailScanner mailing list