Antwort: Re: Mailscanner does not scan mails

LGi at b-w-computer.de LGi at b-w-computer.de
Fri Oct 8 14:24:28 IST 2010 

fixed that, but no change of behavior


Lars 





mailscanner-bounces at lists.mailscanner.info schrieb am 08.10.2010 15:04:46:

> Von: Alex Broens <ms-list at alexb.ch>
> An: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Datum: 08.10.2010 15:09
> Betreff: Re: Mailscanner does not scan mails
> Gesendet von: mailscanner-bounces at lists.mailscanner.info
> 
> At the bottom of your first post:
> 
> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
> ERROR: is not correct, it should match X-VOSSCHEMIE-MailScanner-From
> 
> - you've configured MS clamavmodule (not recommended) but it seems you 
> also have clamd (recommended)
> 
> Alex
> 
> 
> On 2010-10-08 14:44, LGi at b-w-computer.de wrote:
> > yes, i think permissions are OK
> > 
> > fw-1 opt # ls -ls /var/spool/postfix/
> > total 20
> >  0 drwx------  2 postfix root        6 Oct  8 14:40 active
> >  0 drwx------  2 postfix root        6 Oct  8 13:41 bounce
> >  0 drwx------  2 postfix root        6 Apr  5  2006 corrupt
> >  0 drwx------ 18 postfix root      134 Apr 26  2006 defer
> >  0 drwx------ 18 postfix root      134 Apr 26  2006 deferred
> >  0 drwx------  2 postfix root       45 Oct  1 08:27 flush
> > 12 drwx------  2 postfix root     8192 Oct  8 14:42 hold
> >  0 drwx------  2 postfix root       61 Oct  8 14:42 incoming
> >  0 drwx-wx---  2 postfix postdrop   25 Oct  8 14:07 maildrop
> >  4 drwxr-xr-x  2 root    root     4096 Sep  1  2008 pid
> >  4 drwx------  2 postfix root     4096 Oct  7 20:05 private
> >  0 drwx--x---  2 postfix postdrop   68 Oct  7 20:05 public
> >  0 drwx------  2 postfix root        6 Apr  5  2006 saved
> >  0 drwx------  2 postfix root       44 Oct  8 13:32 trace
> > 
> > 
> > fw-1 opt # ls -la /var/spool/MailScanner/
> > total 8
> > drwxr-xr-x  6 postfix postfix   69 Mar  5  2009 .
> > drwxr-xr-x  9 root    root      98 Mar  5  2009 ..
> > drwxr-xr-x  2 postfix postfix    6 May 11  2006 bayes
> > drwxr-xr-x 46 postfix postfix 4096 Oct  8 14:22 incoming
> > drwxr-xr-x 34 postfix postfix 4096 Oct  8 05:23 quarantine
> > drwx------  2 postfix postfix   58 Apr  7  2006 spamassassin
> > 
> > 
> > 
> > 
> > Fragen? Kommen Sie jederzeit gerne auf uns zu!
> > 
> > Herzliche Grüße aus Hamburg
> > b&w computer
> > 
> > Lars Gierling
> > b&w computer 
> > Inh.: Michael Papenhagen
> > Fangdieckstr. 64
> > D-22547 Hamburg | Germany
> > Tel:  +49 40 / 49 296 - 0 
> > Fax: +49 40 / 49 296 - 100 
> > http://www.b-w-computer.de 
> > 
> > 
> > 
> > 
> > 
> > Von:    Alex Broens <ms-list at alexb.ch>
> > An:     MailScanner discussion <mailscanner at lists.mailscanner.info>
> > Datum:  08.10.2010 14:37
> > Betreff:        Re: Mailscanner does not scan mails
> > Gesendet von:   mailscanner-bounces at lists.mailscanner.info
> > 
> > 
> > 
> > did you check permsisions as per docs?
> > MailScanner setup may reset them after running
> > 
> > h2h
> > Alex
> > 
> > On 2010-10-08 14:24, LGi at b-w-computer.de wrote:
> >> I just ugraded to MailScanner-4.81.4-1
> >>
> >> All seems fine, but it's just not scanning messages.
> >> The debug output says:
> >>
> >>         14:10:29 Building a message batch to scan...
> >>
> >> but nothing happens
> >>
> >> ps ax shows:
> >>
> >>         29532 pts/3    S+     0:38 MailScanner: waiting for messages
> >>
> >> The Incoming Queue Dir is configured correctly:
> >>
> >> Incoming Queue Dir = /var/spool/postfix/hold
> >>
> >> When I start the job with strace the Mailscanner processs seem to 
look 
> >> into the queue directory every 6 seconds:
> >>
> >> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> >> [pid 29692] open(".", 
> > O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> >> = 9
> >> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> >> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> >> [pid 29692] close(9)                    = 0
> >> [pid 29692] umask(0177)                 = 077
> >> [pid 29692] umask(077)                  = 0177
> >> [pid 29692] time(NULL)                  = 1286540143
> >> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> >> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> >> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> >> [pid 29692] nanosleep({6, 0}, {6, 0})   = 0
> >> [pid 29692] time(NULL)                  = 1286540149
> >> [pid 29692] chdir("/var/spool/postfix/hold") = 0
> >> [pid 29692] open(".", 
> > O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) 
> >> = 9
> >> [pid 29692] getdents64(9, /* 120 entries */, 32768) = 3824
> >> [pid 29692] getdents64(9, /* 0 entries */, 32768) = 0
> >> [pid 29692] close(9)                    = 0
> >> [pid 29692] umask(0177)                 = 077
> >> [pid 29692] umask(077)                  = 0177
> >> [pid 29692] time(NULL)                  = 1286540149
> >> [pid 29692] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> >> [pid 29692] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> >> [pid 29692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> >> [pid 29692] nanosleep({6, 0},
> >>
> >>
> >> There are several new messages in the directory 
/var/spool/postfix/hold 
> >> but MailScanner does not pick them.
> >>
> >> any idea how to get this to work?
> >> Previus Version MailScanner-4.52.2 is working fine.
> >>
> >>
> >>
> >>
> >>
> >> best regards
> >>
> >>
> >> Lars Gierling
> >>
> >>
> >>
> >>
> >> Think before you print
> >> Diese E-Mail und alle Anhänge enthalten vertrauliche und/oder 
rechtlich 
> >> geschützte Informationen. Wenn Sie nicht der richtige Adressat sind 
oder 
> > 
> >> diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort 
den 
> > 
> >> Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das 
> > unerlaubte 
> >> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht 
> > gestattet.
> >> This e-mail and any attached files may contain confidential and/or 
> >> privileged information. If you are not the intended recipient (or 
have 
> >> received this e-mail by mistake) please notify the sender immediately 

> > and 
> >> delete this e-mail. Any unauthorised duplication, disclosure or 
> >> distribution of this e-mail and content is strictly forbidden. 
> >>
> > 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


Think before you print
Diese E-Mail und alle Anhänge enthalten vertrauliche und/oder rechtlich 
geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese E-Mail und ihren Inhalt. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail and any attached files may contain confidential and/or 
privileged information. If you are not the intended recipient (or have 
received this e-mail by mistake) please notify the sender immediately and 
delete this e-mail. Any unauthorised duplication, disclosure or 
distribution of this e-mail and content is strictly forbidden. 

-------------- next part --------------
fw-1 opt # /opt/MailScanner/bin/MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /opt/MailScanner/etc/MailScanner.conf
Reading configuration file /opt/MailScanner/etc/conf.d/README
Read 865 hostnames from the phishing whitelist
Read 5718 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.81.4) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (207)
MailScanner setting UID to  (207)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/32727/ISITINSTALLED
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

Found these virus scanners installed: clamavmodule, clamd
===========================================================================
Created attachment dirs for 1 messages
Looked up unknown string nonpasswordedarchive in language translation file /opt/MailScanner/etc/vosschemie-reports/de/languages.conf at /opt/MailScanner/lib/MailScanner/Config.pm line 1372
Filename Checks: Windows/DOS Executable (1 eicar.com)
Completed checking by /usr/bin/file
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Commencing scanning by clamd...
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/32727
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

SENT : CONTSCAN /var/spool/MailScanner/incoming/32727
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Completed scanning by clamd
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

More information about the MailScanner mailing list