MailScanner Digest, Vol 68, Issue 20

John Bull jbull at esd113.org
Thu Aug 25 18:20:01 IST 2011


# MailScanner --debug

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.

Regards,
John

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of mailscanner-request at lists.mailscanner.info
Sent: Wednesday, August 24, 2011 4:01 AM
To: mailscanner at lists.mailscanner.info
Subject: MailScanner Digest, Vol 68, Issue 20

Send MailScanner mailing list submissions to
	mailscanner at lists.mailscanner.info

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
or, via email, send a message with subject or body 'help' to
	mailscanner-request at lists.mailscanner.info

You can reach the person managing the list at
	mailscanner-owner at lists.mailscanner.info

When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..."


Today's Topics:

   1. Re: Spam remaining in hold queue (Glenn Steen)


----------------------------------------------------------------------

Message: 1
Date: Wed, 24 Aug 2011 01:59:40 +0200
From: Glenn Steen <glenn.steen at gmail.com>
Subject: Re: Spam remaining in hold queue
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Message-ID:
	<CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

What is the debug result for a gtube run, not eicar as you showed that to be fine...?
The processing db thing kind of indicate that something is killing ms.

Cheers
--
-- Glenn
Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org>:
> List,
>
> Testing Lab - Installation specifics:
> MailScanner-4.84.3-1.rpm.tar
> Postfix 2.6.6
> Scientific Linux 6.1, perl 5.10.1
> High scoring spam is set to: store and notify
>
> Problem:
> Email with gtube spam test remains in the Postfix hold queue and is 
> not
delivered to the spam quarantine.
>
> # postqueue -p
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 
> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab 
> tone at test.lab<mailto:tone at test.lab>
>
> MailScanner successfully creates
/var/Spool/MailScanner/quarantine/<date>/spam
> but the email never makes it there.
>
> Directory Permissions:
> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770 
> /var/spool/MailScanner/incoming chown postfix.postfix
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
> chown postfix.postfix -R 
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>
> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R 
> /var/spool/MailScanner/quarantine
>
> mkdir /var/spool/MailScanner/spamassassin
> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
> chmod -R 770 /var/spool/MailScanner/spamassassin
>
> MailScanner Config
> Run As User = postfix
> Run As Group = postfix
> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = 
> /var/spool/postfix/incoming Incoming Work Dir = 
> /var/spool/MailScanner/incoming MTA = postfix Sendmail = 
> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work 
> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache 
> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine 
> Infections = no Quarantine Whole Message = yes Quarantine Whole 
> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes 
> Spam Checks = yes Is Definitely Not Spam = 
> %rules-dir%/spam.whitelist.rules Is Definitely Spam = 
> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes 
> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High 
> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High 
> Scoring Spam Actions = store notify
>
>
> Maillog:
> Spam Checks: Starting
> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
messages
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
EFF9C4EB9.A5C23 actions are store,notify
> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
tone at test.lab<mailto:tone at test.lab>
>
> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted 
> too
many times
> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>
> MailScanner --processing
> Currently being processed:
>
> Number of messages: 1
> Tries Message Next Try At
> ===== ======= ===========
> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>
> # MailScanner --lint --debug
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf Reading 
> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames 
> from the phishing whitelist Read 4076 hostnames from the phishing 
> blacklists
>
> Checking version numbers...
> Version number in MailScanner.conf (4.84.3) is correct.
> MailScanner setting GID to (89)
> MailScanner setting UID to (89)
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database SpamAssassin reported no 
> errors.
> Connected to Processing Attempts Database Created Processing Attempts 
> Database successfully There is 1 message in the Processing Attempts 
> Database Using locktype = posix MailScanner.conf says "Virus Scanners 
> = clamd"
> Found these virus scanners installed: clamd
>
===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: 
> Found 1 problems Virus and Content Scanning: Starting
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus 
> Scanning: Clamd found 2 infections Infected message 1 came from 
> 10.1.1.1 Virus Scanning: Found 2 viruses
>
===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed 
> correctly and that MailScanner is finding them correctly via its
virus.scanners.conf.
>
> Thank you,
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html

------------------------------

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read the Wiki (http://wiki.mailscanner.info/).

Support MailScanner development - buy the book off the website! 


End of MailScanner Digest, Vol 68, Issue 20
*******************************************




More information about the MailScanner mailing list