MailScanner Digest, Vol 68, Issue 20

Fernando Andrés Moya Leimberg fercho_aml at yahoo.es
Wed Aug 31 22:20:56 IST 2011 

Did that command finally solve your problem Jhon?

Think it's a good to know how it ended, or if you're stilll looking for an answer...

Greetings...

________________________________
De: Glenn Steen <glenn.steen at gmail.com>
Para: MailScanner discussion <mailscanner at lists.mailscanner.info>
Enviado: viernes 26 de agosto de 2011 15:36
Asunto: Re: RE: MailScanner Digest, Vol 68, Issue 20


Right, so you have a taint issue preventing the creation of the date subdir (or similar) in the quarantine.
Did you try the usual -U thing (google it, or use gmane, I'm tipsy and would likely get something wrong;-) .
Cheers
-- 
--  Glenn
Den 25 aug 2011 19:28 skrev "John Bull" <jbull at esd113.org>:
> # MailScanner --debug
> 
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.
> 
> Regards,
> John
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of mailscanner-request at lists.mailscanner.info
> Sent: Wednesday, August 24, 2011 4:01 AM
> To: mailscanner at lists.mailscanner.info
> Subject: MailScanner Digest, Vol 68, Issue 20
> 
> Send MailScanner mailing list submissions to
> mailscanner at lists.mailscanner.info
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> or, via email, send a message with subject or body 'help' to
> mailscanner-request at lists.mailscanner.info
> 
> You can reach the person managing the list at
> mailscanner-owner at lists.mailscanner.info
> 
> When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Spam remaining in hold queue (Glenn Steen)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 24 Aug 2011 01:59:40 +0200
> From: Glenn Steen <glenn.steen at gmail.com>
> Subject: Re: Spam remaining in hold queue
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Message-ID:
> 	<CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> What is the debug result for a gtube run, not eicar as you showed that to be fine...?
> The processing db thing kind of indicate that something is killing ms.
> 
> Cheers
> --
> -- Glenn
> Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org>:
>> List,
>>
>> Testing Lab - Installation specifics:
>> MailScanner-4.84.3-1.rpm.tar
>> Postfix 2.6.6
>> Scientific Linux 6.1, perl 5.10.1
>> High scoring spam is set to: store and notify
>>
>> Problem:
>> Email with gtube spam test remains in the Postfix hold queue and is 
>> not
> delivered to the spam quarantine.
>>
>> # postqueue -p
>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 
>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab 
>> tone at test.lab<mailto:tone at test.lab>
>>
>> MailScanner successfully creates
> /var/Spool/MailScanner/quarantine/<date>/spam
>> but the email never makes it there.
>>
>> Directory Permissions:
>> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770 
>> /var/spool/MailScanner/incoming chown postfix.postfix
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
>> chown postfix.postfix -R 
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>>
>> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R 
>> /var/spool/MailScanner/quarantine
>>
>> mkdir /var/spool/MailScanner/spamassassin
>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
>> chmod -R 770 /var/spool/MailScanner/spamassassin
>>
>> MailScanner Config
>> Run As User = postfix
>> Run As Group = postfix
>> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = 
>> /var/spool/postfix/incoming Incoming Work Dir = 
>> /var/spool/MailScanner/incoming MTA = postfix Sendmail = 
>> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work 
>> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache 
>> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine 
>> Infections = no Quarantine Whole Message = yes Quarantine Whole 
>> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes 
>> Spam Checks = yes Is Definitely Not Spam = 
>> %rules-dir%/spam.whitelist.rules Is Definitely Spam = 
>> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes 
>> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High 
>> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High 
>> Scoring Spam Actions = store notify
>>
>>
>> Maillog:
>> Spam Checks: Starting
>> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
> 192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
> messages
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
> EFF9C4EB9.A5C23 actions are store,notify
>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
> tone at test.lab<mailto:tone at test.lab>
>>
>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted 
>> too
> many times
>> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
> EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>>
>> MailScanner --processing
>> Currently being processed:
>>
>> Number of messages: 1
>> Tries Message Next Try At
>> ===== ======= ===========
>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>>
>> # MailScanner --lint --debug
>> Trying to setlogsock(unix)
>>
>> Reading configuration file /etc/MailScanner/MailScanner.conf Reading 
>> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames 
>> from the phishing whitelist Read 4076 hostnames from the phishing 
>> blacklists
>>
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>>
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database SpamAssassin reported no 
>> errors.
>> Connected to Processing Attempts Database Created Processing Attempts 
>> Database successfully There is 1 message in the Processing Attempts 
>> Database Using locktype = posix MailScanner.conf says "Virus Scanners 
>> = clamd"
>> Found these virus scanners installed: clamd
>>
> ===========================================================================
>> Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: 
>> Found 1 problems Virus and Content Scanning: Starting
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus 
>> Scanning: Clamd found 2 infections Infected message 1 came from 
>> 10.1.1.1 Virus Scanning: Found 2 viruses
>>
> ===========================================================================
>> Virus Scanner test reports:
>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamd)
>> are not listed there, you should check that they are installed 
>> correctly and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>>
>> Thank you,
>> John
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html
> 
> ------------------------------
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read the Wiki (http://wiki.mailscanner.info/).
> 
> Support MailScanner development - buy the book off the website! 
> 
> 
> End of MailScanner Digest, Vol 68, Issue 20
> *******************************************
> 
> 

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110831/1c481a88/attachment.html

More information about the MailScanner mailing list