MailScanner Digest, Vol 68, Issue 20
Fernando Andrés Moya Leimberg
fercho_aml at yahoo.es
Wed Aug 31 22:20:56 IST 2011
Did that command finally solve your problem Jhon?
Think it's a good to know how it ended, or if you're stilll looking for an answer...
De: Glenn Steen <glenn.steen at gmail.com>
Para: MailScanner discussion <mailscanner at lists.mailscanner.info>
Enviado: viernes 26 de agosto de 2011 15:36
Asunto: Re: RE: MailScanner Digest, Vol 68, Issue 20
Right, so you have a taint issue preventing the creation of the date subdir (or similar) in the quarantine.
Did you try the usual -U thing (google it, or use gmane, I'm tipsy and would likely get something wrong;-) .
Den 25 aug 2011 19:28 skrev "John Bull" <jbull at esd113.org>:
> # MailScanner --debug
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of mailscanner-request at lists.mailscanner.info
> Sent: Wednesday, August 24, 2011 4:01 AM
> To: mailscanner at lists.mailscanner.info
> Subject: MailScanner Digest, Vol 68, Issue 20
> Send MailScanner mailing list submissions to
> mailscanner at lists.mailscanner.info
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> mailscanner-request at lists.mailscanner.info
> You can reach the person managing the list at
> mailscanner-owner at lists.mailscanner.info
> When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..."
> Today's Topics:
> 1. Re: Spam remaining in hold queue (Glenn Steen)
> Message: 1
> Date: Wed, 24 Aug 2011 01:59:40 +0200
> From: Glenn Steen <glenn.steen at gmail.com>
> Subject: Re: Spam remaining in hold queue
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> <CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> What is the debug result for a gtube run, not eicar as you showed that to be fine...?
> The processing db thing kind of indicate that something is killing ms.
> -- Glenn
> Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org>:
>> Testing Lab - Installation specifics:
>> Postfix 2.6.6
>> Scientific Linux 6.1, perl 5.10.1
>> High scoring spam is set to: store and notify
>> Email with gtube spam test remains in the Postfix hold queue and is
> delivered to the spam quarantine.
>> # postqueue -p
>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab
>> tone at test.lab<mailto:tone at test.lab>
>> MailScanner successfully creates
>> but the email never makes it there.
>> Directory Permissions:
>> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770
>> /var/spool/MailScanner/incoming chown postfix.postfix
>> chown postfix.postfix -R
>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
>> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R
>> mkdir /var/spool/MailScanner/spamassassin
>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
>> chmod -R 770 /var/spool/MailScanner/spamassassin
>> MailScanner Config
>> Run As User = postfix
>> Run As Group = postfix
>> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir =
>> /var/spool/postfix/incoming Incoming Work Dir =
>> /var/spool/MailScanner/incoming MTA = postfix Sendmail =
>> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work
>> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache
>> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine
>> Infections = no Quarantine Whole Message = yes Quarantine Whole
>> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes
>> Spam Checks = yes Is Definitely Not Spam =
>> %rules-dir%/spam.whitelist.rules Is Definitely Spam =
>> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes
>> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High
>> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High
>> Scoring Spam Actions = store notify
>> Spam Checks: Starting
>> Aug 22 13:26:06 opened MailScanner: Message EFF9C4EB9.A5C23 from
> 192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
>> Aug 22 13:26:06 opened MailScanner: Spam Checks: Found 1 spam
>> Aug 22 13:26:06 opened MailScanner: Spam Actions: message
> EFF9C4EB9.A5C23 actions are store,notify
>> Aug 22 13:26:06 opened MailScanner: Spam Actions: Notify
> tone at test.lab<mailto:tone at test.lab>
>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted
> many times
>> Aug 22 13:46:35 opened MailScanner: Quarantined message
> EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
>> MailScanner --processing
>> Currently being processed:
>> Number of messages: 1
>> Tries Message Next Try At
>> ===== ======= ===========
>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
>> # MailScanner --lint --debug
>> Trying to setlogsock(unix)
>> Reading configuration file /etc/MailScanner/MailScanner.conf Reading
>> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames
>> from the phishing whitelist Read 4076 hostnames from the phishing
>> Checking version numbers...
>> Version number in MailScanner.conf (4.84.3) is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>> Checking for SpamAssassin errors (if you use it)...
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database SpamAssassin reported no
>> Connected to Processing Attempts Database Created Processing Attempts
>> Database successfully There is 1 message in the Processing Attempts
>> Database Using locktype = posix MailScanner.conf says "Virus Scanners
>> = clamd"
>> Found these virus scanners installed: clamd
>> Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks:
>> Found 1 problems Virus and Content Scanning: Starting
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus
>> Scanning: Clamd found 2 infections Infected message 1 came from
>> 10.1.1.1 Virus Scanning: Found 2 viruses
>> Virus Scanner test reports:
>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>> If any of your virus scanners (clamd)
>> are not listed there, you should check that they are installed
>> correctly and that MailScanner is finding them correctly via its
>> Thank you,
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read the Wiki (http://wiki.mailscanner.info/).
> Support MailScanner development - buy the book off the website!
> End of MailScanner Digest, Vol 68, Issue 20
MailScanner mailing list
mailscanner at lists.mailscanner.info
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner