MailScanner crashing
Johnson, SE
sjohnson at edina.k12.mn.us
Wed Dec 29 21:10:38 GMT 2010
I FINALLY got it to fail (duplicate the issue) on demand.
It seems to have to deal with .ZIP extensions and files that may have
"double extensions" eg: studentlist.prn.pdf
This is the reply message I get back from the mailscanner:
Our virus detector failed to completely analyse a message you sent:-
To: me at here.com
Subject: test with a zip file
Date: Wed Dec 29 14:55:32 2010
Any parts of the message that could not be analysed will not have been
delivered.
If you are using Microsoft Outlook, we strongly recommend you change
your outgoing message format from "Rich Text" to "HTML" or "Plain Text".
1) Click on the "Tools" menu and choose "Options..."
2) Go to the "Mail Format" tab
3) For message format, select "HTML" or "Plain text"
4) Click OK
The virus detector said this about the message:
Report: Report: MailScanner: Message attempted to kill MailScanner
Is this my CLAMAV causing the issue?
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Johnson, SE
Sent: Wednesday, December 29, 2010 1:38 PM
To: MailScanner discussion
Subject: RE: MailScanner crashing
Here's a copy of the whole maillog where the message is processed:
Dec 29 13:23:18 mailfilter MailScanner[21060]: New Batch: Found 6
messages waiting
Dec 29 13:23:18 mailfilter MailScanner[21060]: New Batch: Scanning 1
messages, 622326 bytes
Dec 29 13:23:19 mailfilter MailScanner[21060]: Sender Warnings:
Delivered 1 warnings to virus senders
Dec 29 13:23:19 mailfilter MailScanner[21060]: Notices: Warned about 1
messages
Dec 29 13:23:19 mailfilter MailScanner[21060]: Deleted 1 messages from
processing-database
Dec 29 13:23:19 mailfilter MailScanner[21060]: Logging message
1B40140A9A.AEEAC to SQL
Dec 29 13:23:19 mailfilter MailScanner[21060]: New Batch: Found 6
messages waiting
Dec 29 13:23:19 mailfilter MailScanner[21060]: New Batch: Scanning 1
messages, 2120 bytes
Dec 29 13:23:19 mailfilter MailScanner[21060]: Virus and Content
Scanning: Starting
Dec 29 13:23:20 mailfilter MailScanner[21060]: Requeue: 2196B40A9A.A4045
to E75AE4115A
Dec 29 13:23:20 mailfilter MailScanner[21060]: Uninfected: Delivered 1
messages
Dec 29 13:23:20 mailfilter MailScanner[21060]: Deleted 1 messages from
processing-database
Dec 29 13:23:20 mailfilter MailScanner[21060]: Logging message
2196B40A9A.A4045 to SQL
Dec 29 13:23:32 mailfilter MailScanner[21060]: Warning: skipping message
1EB5340A9B.AF498 as it has been attempted too many times
Dec 29 13:23:32 mailfilter MailScanner[21060]: Quarantined message
1EB5340A9B.AF498 as it caused MailScanner to crash several times
Dec 29 13:23:32 mailfilter MailScanner[21060]: Saved entire message to
/var/spool/MailScanner/quarantine/20101229/1EB5340A9B.AF498
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Johnson, SE
Sent: Wednesday, December 29, 2010 1:30 PM
To: MailScanner discussion
Subject: RE: MailScanner crashing
Oh, version 4.81.4
Its running on Red Hat core 13 (on a VM server), processor is 1.76ghz
2gb ram and about 200gb HD space.
[root at mailfilter ~]# MailScanner --version
Running on
Linux mailfilter 2.6.34.7-66.fc13.x86_64 #1 SMP Wed Dec 15 07:04:30 UTC
2010 x86_64 x86_64 x86_64 GNU/Linux
This is Fedora release 13 (Goddard)
This is Perl version 5.010001 (5.10.1)
This is MailScanner version 4.81.4
Module versions are:
1.00 AnyDBM_File
1.30 Archive::Zip
0.23 bignum
1.11 Carp
2.03 Compress::Zlib
1.119 Convert::BinHex
0.17 Convert::TNEF
2.124 Data::Dumper
2.30 Date::Parse
1.03 DirHandle
1.06 Fcntl
2.77 File::Basename
2.14 File::Copy
2.02 FileHandle
2.08 File::Path
0.22 File::Temp
0.92 Filesys::Df
3.68 HTML::Entities
3.68 HTML::Parser
3.57 HTML::TokeParser
1.25 IO
1.14 IO::File
1.13 IO::Pipe
2.06 Mail::Header
1.89 Math::BigInt
0.22 Math::BigRat
3.08 MIME::Base64
5.428 MIME::Decoder
5.428 MIME::Decoder::UU
5.428 MIME::Head
5.428 MIME::Parser
3.08 MIME::QuotedPrint
5.428 MIME::Tools
0.13 Net::CIDR
1.25 Net::IP
0.19 OLE::Storage_Lite
1.04 Pod::Escapes
3.07 Pod::Simple
1.17 POSIX
1.21 Scalar::Util
1.82 Socket
2.20 Storable
1.4 Sys::Hostname::Long
0.27 Sys::Syslog
1.44 Test::Pod
0.94 Test::Simple
1.9719 Time::HiRes
1.02 Time::localtime
Optional module versions are:
1.62 Archive::Tar
0.23 bignum
2.05 Business::ISBN
20081208 Business::ISBN::Data
1.19 Data::Dump
1.82 DB_File
1.29 DBD::SQLite
1.609 DBI
1.16 Digest
1.02 Digest::HMAC
2.39 Digest::MD5
2.12 Digest::SHA1
1.01 Encode::Detect
0.17016 Error
0.2802 ExtUtils::CBuilder
2.2206 ExtUtils::ParseXS
2.38 Getopt::Long
0.46 Inline
1.08 IO::String
1.10 IO::Zlib
2.27 IP::Country
0.29 Mail::ClamAV
3.003001 Mail::SpamAssassin
v2.006 Mail::SPF
missing Mail::SPF::Query
0.3607 Module::Build
0.21 Net::CIDR::Lite
0.65 Net::DNS
v0.003 Net::DNS::Resolver::Programmable
0.4001 Net::LDAP
4.027 NetAddr::IP
1.965001 Parse::RecDescent
missing SAVI
3.17 Test::Harness
1.23 Test::Manifest
2.0.0 Text::Balanced
1.54 URI
0.82 version
0.72 YAML
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Johnson, SE
Sent: Wednesday, December 29, 2010 12:14 PM
To: MailScanner discussion
Subject: RE: MailScanner crashing
Update on that error...
I let the
MailScanner --debug ID=[messageid]
run over night and it came back to a prompt with no errors. However,
I'm not sure if the message was ultimately delivered.
The crash is happening at the rate of about 2 / hour and the vast
majority of messages are legitimate which is not good...
Any ideas on what's going? I could really use some assistance on this
problem...
Oh one more thing I noticed. I'm not 100% sure if this is true on all
messages stopped, but it appears that they are HTML emails around 35-50k
in size.
I took the body of one of those emails and sent it from my outside email
account and it worked just fine.
Thanks!
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Johnson, SE
Sent: Tuesday, December 28, 2010 3:58 PM
To: mailscanner at lists.mailscanner.info
Subject: MailScanner crashing
I've seen a few posts out there but no one with my exact issue...
Periodically I'm getting the message similar to this in my logs:
Dec 28 13:27:30 mailfilter MailScanner[27222]: Making attempt 2 at
processing message 872F6416F2.ACB5B
Dec 28 13:36:32 mailfilter MailScanner[27229]: Making attempt 3 at
processing message 872F6416F2.ACB5B
Dec 28 13:41:45 mailfilter MailScanner[30951]: Making attempt 4 at
processing message 872F6416F2.ACB5B
Dec 28 13:44:27 mailfilter MailScanner[31782]: Making attempt 5 at
processing message 872F6416F2.ACB5B
Dec 28 13:51:32 mailfilter MailScanner[1250]: Making attempt 6 at
processing message 872F6416F2.ACB5B
Dec 28 13:51:39 mailfilter MailScanner[1290]: Warning: skipping message
872F6416F2.ACB5B as it has been attempted too many times
Dec 28 13:51:39 mailfilter MailScanner[1290]: Quarantined message
872F6416F2.ACB5B as it caused MailScanner to crash several times
Dec 28 13:51:39 mailfilter MailScanner[1290]: Saved entire message to
/var/spool/MailScanner/quarantine/20101228/872F6416F2.ACB5B
Dec 28 13:52:36 mailfilter MailScanner[1290]: Logging message
872F6416F2.ACB5B to SQL
I didn't think much of it at first until I realized in the MailWatch
program that many of these messages were legitimate.
I tried MailScanner --lint which came up clean
spamassassin --lint is clean as well
I then tried to reprocess one of the messages in the queue with:
MailScanner --debug --ID=[messageid]
(while I was in the quarantine dir)
The program starts to process it I got
In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
But it never seems to go past this... I let it sit for over an hour and
it never came back...
I then found a reference to debug-sa... I ran MailScanner --debug
--debug-sa and got:
15:54:34 Building a message batch to scan...
(long pause)
Then I get the final output with no issues being reported.
Does anyone know what I can do to find my issue?
Thanks!
Scott
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list