Problem Messages

--[ UxBoD ]-- uxbod at splatnix.net
Wed Jan 13 07:37:46 GMT 2010 

Hi,

I got spammed with the following message over night.

Number of messages: 1
Tries	Message	Last Tried
=====	=======	==========
6	2AE74398847B.A6EE2	Tue Jan 12 22:17:26 2010

I have checked /var/spool/MailScanner/incoming/Processing.db and the message is listed:

strings Processing.db 
SQLite format 3
{tablearchivearchive
CREATE TABLE archive (id TEXT, count INT, nexttime INT)J
gindexid_uniqprocessing
CREATE UNIQUE INDEX id_uniq ON processing(id)[
tableprocessingprocessing
CREATE TABLE processing (id TEXT, count INT, nexttime INT)
892FD3988413.A95E6
26E5239883ED.A900C
KMwT
.892FD3988413.A95E6
26E5239883ED.A900C
2AE74398847B.A6EE2

Yet the message has actually been sorted in the Quarantine ?

# ls -ld quarantine/20100112/2AE74398847B.A6EE2
drwxrwx--- 2 postfix apache 4096 Jan 13 07:31 quarantine/20100112/2AE74398847B.A6EE2

If it has been moved to the quarantine then should it not have been removed from the Processing database ?

Jan 12 21:53:15 gateway MailScanner[3575]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3575-13.html
Jan 12 21:57:16 gateway MailScanner[3561]: Making attempt 2 at processing message 2AE74398847B.A6EE2
Jan 12 21:57:18 gateway MailScanner[3561]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3561-5.html
Jan 12 22:02:25 gateway MailScanner[3557]: Making attempt 3 at processing message 2AE74398847B.A6EE2
Jan 12 22:02:26 gateway MailScanner[3557]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3557-5.html
Jan 12 22:06:55 gateway MailScanner[7797]: Making attempt 4 at processing message 2AE74398847B.A6EE2
Jan 12 22:06:57 gateway MailScanner[7797]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-7797-3.html
Jan 12 22:10:38 gateway MailScanner[3552]: Making attempt 5 at processing message 2AE74398847B.A6EE2
Jan 12 22:10:40 gateway MailScanner[3552]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3552-9.html
Jan 12 22:14:30 gateway MailScanner[7757]: Making attempt 6 at processing message 2AE74398847B.A6EE2
Jan 12 22:14:31 gateway MailScanner[7757]: [Found password stealer] <HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-7757-2.html
Jan 12 22:14:35 gateway MailScanner[8075]: Warning: skipping message 2AE74398847B.A6EE2 as it has been attempted too many times
Jan 12 22:14:35 gateway MailScanner[8075]: Quarantined message 2AE74398847B.A6EE2 as it caused MailScanner to crash several times
Jan 12 22:14:35 gateway MailScanner[8075]: Saved entire message to /var/spool/MailScanner/quarantine/20100112/2AE74398847B.A6EE2
Jan 12 22:14:35 gateway MailScanner[8075]: Logging message 2AE74398847B.A6EE2 to SQL
Jan 12 22:14:35 gateway MailScanner[8801]: 2AE74398847B.A6EE2: Logged to MailWatch SQL

-- 
Thanks, Phil

More information about the MailScanner mailing list