MailScanner Digest, Vol 68, Issue 20

Glenn Steen glenn.steen at gmail.com
Fri Aug 26 21:36:06 IST 2011


Right, so you have a taint issue preventing the creation of the date subdir
(or similar) in the quarantine.
Did you try the usual -U thing (google it, or use gmane, I'm tipsy and would
likely get something wrong;-) .

Cheers
-- 
--  Glenn
Den 25 aug 2011 19:28 skrev "John Bull" <jbull at esd113.org>:
> # MailScanner --debug
>
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> Insecure dependency in mkdir while running with -T switch at
/usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.
>
> Regards,
> John
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:
mailscanner-bounces at lists.mailscanner.info] On Behalf Of
mailscanner-request at lists.mailscanner.info
> Sent: Wednesday, August 24, 2011 4:01 AM
> To: mailscanner at lists.mailscanner.info
> Subject: MailScanner Digest, Vol 68, Issue 20
>
> Send MailScanner mailing list submissions to
> mailscanner at lists.mailscanner.info
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> mailscanner-request at lists.mailscanner.info
>
> You can reach the person managing the list at
> mailscanner-owner at lists.mailscanner.info
>
> When replying, please edit your Subject line so it is more specific than
"Re: Contents of MailScanner digest..."
>
>
> Today's Topics:
>
> 1. Re: Spam remaining in hold queue (Glenn Steen)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 24 Aug 2011 01:59:40 +0200
> From: Glenn Steen <glenn.steen at gmail.com>
> Subject: Re: Spam remaining in hold queue
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Message-ID:
> <CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> What is the debug result for a gtube run, not eicar as you showed that to
be fine...?
> The processing db thing kind of indicate that something is killing ms.
>
> Cheers
> --
> -- Glenn
> Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org>:
>> List,
>>
>> Testing Lab - Installation specifics:
>> MailScanner-4.84.3-1.rpm.tar
>> Postfix 2.6.6
>> Scientific Linux 6.1, perl 5.10.1
>> High scoring spam is set to: store and notify
>>
>> Problem:
>> Email with gtube spam test remains in the Postfix hold queue and is
>> not
> delivered to the spam quarantine.
>>
>> # postqueue -p
>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab
>> tone at test.lab<mailto:tone at test.lab>
>>
>> MailScanner successfully creates
> /var/Spool/MailScanner/quarantine/<date>/spam
>> but the email never makes it there.
>>
>> Directory Permissions:
>> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770
>> /var/spool/MailScanner/incoming chown postfix.postfix
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> chown postfix.postfix -R
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>>
>> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R
>> /var/spool/MailScanner/quarantine
>>
>> mkdir /var/spool/MailScanner/spamassassin
>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
>> chmod -R 770 /var/spool/MailScanner/spamassassin
>>
>> MailScanner Config
>> Run As User = postfix
>> Run As Group = postfix
>> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir =
>> /var/spool/postfix/incoming Incoming Work Dir =
>> /var/spool/MailScanner/incoming MTA = postfix Sendmail =
>> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work
>> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache
>> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine
>> Infections = no Quarantine Whole Message = yes Quarantine Whole
>> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes
>> Spam Checks = yes Is Definitely Not Spam =
>> %rules-dir%/spam.whitelist.rules Is Definitely Spam =
>> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes
>> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High
>> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High
>> Scoring Spam Actions = store notify
>>
>>
>> Maillog:
>> Spam Checks: Starting
>> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
> 192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin
(score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00,
DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
> messages
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
> EFF9C4EB9.A5C23 actions are store,notify
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
> tone at test.lab<mailto:tone at test.lab>
>>
>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted
>> too
> many times
>> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
> EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>>
>> MailScanner --processing
>> Currently being processed:
>>
>> Number of messages: 1
>> Tries Message Next Try At
>> ===== ======= ===========
>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>>
>> # MailScanner --lint --debug
>> Trying to setlogsock(unix)
>>
>> Reading configuration file /etc/MailScanner/MailScanner.conf Reading
>> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames
>> from the phishing whitelist Read 4076 hostnames from the phishing
>> blacklists
>>
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>>
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database SpamAssassin reported no
>> errors.
>> Connected to Processing Attempts Database Created Processing Attempts
>> Database successfully There is 1 message in the Processing Attempts
>> Database Using locktype = posix MailScanner.conf says "Virus Scanners
>> = clamd"
>> Found these virus scanners installed: clamd
>>
>
===========================================================================
>> Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks:
>> Found 1 problems Virus and Content Scanning: Starting
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus
>> Scanning: Clamd found 2 infections Infected message 1 came from
>> 10.1.1.1 Virus Scanning: Found 2 viruses
>>
>
===========================================================================
>> Virus Scanner test reports:
>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamd)
>> are not listed there, you should check that they are installed
>> correctly and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>>
>> Thank you,
>> John
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html
>
> ------------------------------
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read the Wiki (http://wiki.mailscanner.info/).
>
> Support MailScanner development - buy the book off the website!
>
>
> End of MailScanner Digest, Vol 68, Issue 20
> *******************************************
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110826/fbc86b43/attachment.html


More information about the MailScanner mailing list