MailScanner 4.84 - attempted to kill MailScanner

Michel Bulgado michel at casa.co.cu
Thu Dec 1 17:44:59 GMT 2011 

Martin Hepworth wrote:
> You need run this message through in debug mode to find out what's the 
> issue . Have a look on the wiki for how to do this and don't forget to 
> run as postfix when u do this
>
> Martin
>
> On Thursday, 1 December 2011,  <michel at casa.co.cu 
> <mailto:michel at casa.co.cu>> wrote:
> > Hello
> >
> > I Work with CentOS 6 and I installed the latest version of 
> MailScanner 4.84.3  with postfix as MTA and Clamav antivirus.
> >
> > In the MailScanner logs attempts to process a number of messages in 
> more than one occasion, and after trying repeatedly, quarantines and 
> returns the following message:
> >
> > MailScanner: Message attempted to kill MailScanner
> >
> > maillog:
> >
> >
> > Nov 30 09:18:20 tornado MailScanner[29950]: New Batch: Found 2 
> messages waiting
> > Nov 30 09:18:20 tornado MailScanner[29950]: New Batch: Scanning 1 
> messages, 1990 bytes
> > Nov 30 09:18:20 tornado MailScanner[29950]: Virus and Content 
> Scanning: Starting
> > Nov 30 09:18:25 tornado MailScanner[29950]: Virus Scanning completed 
> at 409 bytes per second
> > Nov 30 09:18:25 tornado MailScanner[29950]: Requeue: 
> 0C7BA5005F.AB094 to 93EC45005D
> > Nov 30 09:18:25 tornado postfix/qmgr[1260]: 93EC45005D: 
> from=<marujasantos at casa.co.cu <mailto:marujasantos at casa.co.cu>>, 
> size=1730, nrcpt=1 (queue active)
> > Nov 30 09:18:25 tornado MailScanner[29950]: Uninfected: Delivered 1 
> messages
> > Nov 30 09:18:25 tornado MailScanner[29950]: Virus Processing 
> completed at 190354 bytes per second
> > Nov 30 09:18:25 tornado MailScanner[29950]: Deleted 1 messages from 
> processing-database
> > Nov 30 09:18:25 tornado MailScanner[29950]: Batch completed at 399 
> bytes per second (1990 / 4)
> > Nov 30 09:18:25 tornado MailScanner[29950]: Batch (1 message) 
> processed in 4.98 seconds
> > Nov 30 09:18:32 tornado postfix/anvil[26593]: statistics: max 
> connection rate 2/60s for (smtp:213.97.145.50) at Nov 30 09:08:44
> > Nov 30 09:18:32 tornado postfix/anvil[26593]: statistics: max 
> connection count 2 for (smtp:66.231.83.31) at Nov 30 09:17:13
> > Nov 30 09:18:32 tornado postfix/anvil[26593]: statistics: max cache 
> size 5 at Nov 30 09:08:42
> > Nov 30 09:18:43 tornado MailScanner[29950]: Making attempt 6 at 
> processing message 05A215004E.A0F82
> > Nov 30 09:18:43 tornado MailScanner[29950]: New Batch: Scanning 1 
> messages, 113309 bytes
> > Nov 30 09:18:44 tornado MailScanner[30295]: MailScanner E-Mail Virus 
> Scanner version 4.84.3 starting...
> > Nov 30 09:18:44 tornado MailScanner[30295]: Reading configuration 
> file /etc/MailScanner/MailScanner.conf
> > Nov 30 09:18:44 tornado MailScanner[30295]: Reading configuration 
> file /etc/MailScanner/conf.d/README
> > Nov 30 09:18:44 tornado MailScanner[30295]: Connected to Processing 
> Attempts Database
> > Nov 30 09:18:44 tornado MailScanner[30295]: Found 1 messages in the 
> Processing Attempts Database
> > Nov 30 09:18:44 tornado MailScanner[30295]: Using locktype = flock
> > Nov 30 09:18:44 tornado MailScanner[30295]: Warning: skipping 
> message 05A215004E.A0F82 as it has been attempted too many times
> > Nov 30 09:18:44 tornado MailScanner[30295]: Quarantined message 
> 05A215004E.A0F82 as it caused MailScanner to crash several times
> > Nov 30 09:18:44 tornado MailScanner[30295]: Saved entire message to 
> /var/spool/MailScanner/quarantine/20111130/05A215004E.A0F82
> >
> >
> > Quarantined messages, attachments bring on some occasions doc files
> >
> > part of header message.
> >
> > Content-Type: multipart/mixed;
> >        boundary="----=_NextPart_000_0044_01CCAF32.1F8B9A10"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> > X-EsetScannerBuild: 9822
> >
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_000_0044_01CCAF32.1F8B9A10
> > Content-Type: multipart/alternative;
> >        boundary="----=_NextPart_001_0045_01CCAF32.1F8E0B10"
> >
> >
> > ------=_NextPart_001_0045_01CCAF32.1F8E0B10
> > Content-Type: text/plain;
> >        charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> >
> >
> > Could you help me?
> >
> > Thanks
> >
> > Michel
> >
> > ----------------------------------------------
> > Webmail, servicio de correo electronico
> > Casa de las Americas - La Habana, Cuba.
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
> -- 
> -- 
> Martin Hepworth
> Oxford, UK
Hi and thanks to all persons for reply me in short time

I check clamd.log  and freshclam.log, only show process update
Thu Dec  1 12:41:35 2011 -> SelfCheck: Database status OK.

Freshclam
ClamAV update process started at Thu Dec  1 03:41:01 2011
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, 
builder: sven)
Downloading daily-14042.cdiff [100%]
Downloading daily-14043.cdiff [100%]
Downloading daily-14044.cdiff [100%]
Downloading daily-14045.cdiff [100%]
Downloading daily-14046.cdiff [100%]
Downloading daily-14047.cdiff [100%]
daily.cld updated (version: 14047, sigs: 43122, f-level: 60, builder: 
guitar)
bytecode.cld is up to date (version: 154, sigs: 38, f-level: 60, 
builder: edwin)
Database updated (1087547 signatures) from db.cu.clamav.net (IP: 
194.47.250.218)
Clamd successfully notified about the update.

I edit the MailScanner.conf  file, setting "Debug=yes" and restart the 
MailScanner, in maillog the only cant i note is this:
Dec  1 11:27:38 rodas MailScanner[23151]: lock.pl sees Config  LockType 
=  flock
Dec  1 11:27:38 rodas MailScanner[23151]: lock.pl sees have_module =  0
Dec  1 11:27:38 rodas MailScanner[23151]: Using locktype = flock

MailScanner tries to process the message in multiple times and i not see 
error messages in maillog

After go to wiki site, I see how set MailScanner in debug mode:
http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mailscanner

root at server ~]# check_MailScanner
Starting MailScanner...11:55:49 Building a message batch to scan...
11:55:49 Have a batch of 1 message.
11:55:49 Insecure dependency in chmod while running with -T switch at 
/usr/share/perl5/Archive/Zip/Member.pm line 490. Failed.

So i check if is a permission or owner problem

[root at server ~]# ll /var/spool/MailScanner/
total 8
drwxr-xr-x.  6 postfix clamav 4096 Dec  1 12:05 incoming
drwxr-xr-x. 10 postfix apache 4096 Dec  1 00:28 quarantine

But i thinks this is Ok

Any Ideas

(Sorry for my english , is very poor)

Thanks
Michel






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111201/372000f8/attachment.html

More information about the MailScanner mailing list