MailScanner ANNOUNCE: 4.82 stable released

Alvaro Marín alvaro at hostalia.com
Wed Feb 16 22:41:39 GMT 2011


Hi again,

I forgot to mention this thread with the same error some months ago:

http://comments.gmane.org/gmane.mail.virus.mailscanner/75443

El 16/02/11 23:26, Alvaro Marín escribió:
> Hi,
>
> yes, I've changed Postfix's default queue depth to "2":
>
> hash_queue_depth = 2
> hash_queue_names = incoming, active, deferred, bounce, defer, flush,
> hold, trace
>
> so messages, for example on the hold queue, are stored as:
>
> /var/spool/postfix/hold/A/F/AFDD42A0009
>
> Debugging the code of Postfix.pm, I've seen that PostfixKey function
> always returns here:
>
> seek($fh, 0, 0) or return '00000';
>
> and the value of $fname is just "0E43549800C", the ID, not the complete
> path to the file.
>
> I've deleted from the queue those messages with that .rtf attached and
> it seems that is running fine now. Tomorrow, with more traffic, we'll
> how it runs.
>
> If you install Debian's latest stable version, Squeeze, you'll have Perl
> 5.10.1 and Postfix 2.7.
> I've installed MS from .tar.gz.
>
> Thank you Jules,
> Regards.
>
> El 16/02/11 22:54, Jules Field escribió:
>> Something has gone very badly wrong. They shouldn't be ".00000" on the
>> end of the directory names, that means it has failed to read the message
>> files altogether. The ".00000" should be a hash of the first few bytes
>> of the message body file.
>>
>> Also the locking has totally failed as the same message ID is showing up
>> in several different MailScanner child processes (the first
>> sub-directory name is the child process PID).
>>
>> This is a real mess. I don't know what you've done, but you've broken it
>> all very badly.
>>
>> Have you messed with the queue hashing depth in Postfix or anything like
>> that?
>>
>> How do I build a Debian box running the same version of Perl and Postfix
>> as you? I've never used Debian.
>>
>> For now, I would try a different version of Perl, a different MTA, or a
>> different Linux distribution that isn't so broken. No-one using the
>> mainstream Linux distros appears to have these problems.
>>
>> Jules.
>>
>> On 16/02/2011 19:53, Alvaro Marin wrote:
>>> Hi Jules,
>>>
>>> I'm using Debian Squeeze's Postfix 2.7.1-1.
>>>
>>> I've changed MessageBatch.pm's code to show with what ID happens and:
>>>
>>> # /opt/MailScanner/bin/MailScanner --debug
>>> ...
>>> ID: C055D2A0015.00000
>>> CombineReports OK ID: C055D2A0015.00000
>>> ID: 3CE502A004D.00000
>>> CombineReports OK ID: 3CE502A004D.00000
>>> ID: C39622A000A.00000.message
>>> Can't call method "CombineReports" on unblessed reference at
>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737.
>>>
>>> The difference is that ".message" attached to the ID.
>>> Then, in /var/spool/MailScanner/incoming I do:
>>>
>>> # find . | grep C39622A000A.00000
>>> ./26092/C39622A000A.00000.header
>>> ./26092/C39622A000A.00000
>>> ./26092/C39622A000A.00000/nmsg-26092-36.txt
>>> ./26092/C39622A000A.00000/nmsg-26092-37.html
>>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>> ./26092/C39622A000A.00000.message
>>> ./26540/C39622A000A.00000.header
>>> ./26540/C39622A000A.00000
>>> ./26540/C39622A000A.00000/nmsg-26540-36.txt
>>> ./26540/C39622A000A.00000/nmsg-26540-37.html
>>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>> ./26540/C39622A000A.00000.message
>>> ./26779/C39622A000A.00000.header
>>> ./26779/C39622A000A.00000
>>> ./26779/C39622A000A.00000/nmsg-26779-37.html
>>> ./26779/C39622A000A.00000/nmsg-26779-36.txt
>>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>> ./26779/C39622A000A.00000.message
>>> ./26803/C39622A000A.00000.header
>>> ...
>>>
>>> The message from that incoming directory, can be downloaded here:
>>>
>>> http://postmaster.hostalia.com/MSerror.tar.gz
>>>
>>> Thank you!
>>>
>>>
>>> El 16/02/11 20:33, Jules Field escribió:
>>>> What MTA are you using, and if you can reproduce this error reliably, I
>>>> would like a copy of your incoming mail queue as well. That error
>>>> should
>>>> never happen.
>>>>
>>>> Is it happening for anyone else?
>>>>
>>>> The only way that can happen is if the "sub new" isn't getting
>>>> called or
>>>> is bailing out early, before the "bless" happens to set the type. None
>>>> of the "sub new" functions can exit early, so they must be not being
>>>> called. But in CreateBatch, when they are called, they are always
>>>> called
>>>> before the message is added to the batch.
>>>>
>>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know
>>>> about?
>>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the
>>>> ChangeLog
>>>> for Perl 5.10.1 say anything about it?
>>>>
>>>> On 16/02/2011 19:11, Alvaro Marin wrote:
>>>>> Hi,
>>>>>
>>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've
>>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error:
>>>>>
>>>>>
>>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>>>
>>>>>
>>>>> In Debugging mode, not forking...
>>>>> Trying to setlogsock(unix)
>>>>> Building a message batch to scan...
>>>>> Have a batch of 7 messages.
>>>>> Can't call method "CombineReports" on unblessed reference at
>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736.
>>>>>
>>>>> Any idea? :S
>>>>>
>>>>> # /opt/MailScanner/bin/MailScanner -V
>>>>> Running on
>>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC 2011
>>>>> i686 GNU/Linux
>>>>> This is Perl version 5.010001 (5.10.1)
>>>>>
>>>>> This is MailScanner version 4.82.6
>>>>> Module versions are:
>>>>> 1.00 AnyDBM_File
>>>>> 1.30 Archive::Zip
>>>>> 0.23 bignum
>>>>> 1.11 Carp
>>>>> 2.024 Compress::Zlib
>>>>> 1.119 Convert::BinHex
>>>>> 0.17 Convert::TNEF
>>>>> 2.125 Data::Dumper
>>>>> 2.27 Date::Parse
>>>>> 1.03 DirHandle
>>>>> 1.06 Fcntl
>>>>> 2.77 File::Basename
>>>>> 2.14 File::Copy
>>>>> 2.02 FileHandle
>>>>> 2.07_03 File::Path
>>>>> 0.22 File::Temp
>>>>> 0.92 Filesys::Df
>>>>> 3.64 HTML::Entities
>>>>> 3.64 HTML::Parser
>>>>> 3.57 HTML::TokeParser
>>>>> 1.25 IO
>>>>> 1.14 IO::File
>>>>> 1.13 IO::Pipe
>>>>> 2.04 Mail::Header
>>>>> 1.89 Math::BigInt
>>>>> 0.22 Math::BigRat
>>>>> 3.08 MIME::Base64
>>>>> 5.427 MIME::Decoder
>>>>> 5.427 MIME::Decoder::UU
>>>>> 5.427 MIME::Head
>>>>> 5.427 MIME::Parser
>>>>> 3.08 MIME::QuotedPrint
>>>>> 5.427 MIME::Tools
>>>>> 0.14 Net::CIDR
>>>>> 1.25 Net::IP
>>>>> 0.19 OLE::Storage_Lite
>>>>> 1.04 Pod::Escapes
>>>>> 3.07 Pod::Simple
>>>>> 1.17 POSIX
>>>>> 1.23 Scalar::Util
>>>>> 1.82 Socket
>>>>> 2.20 Storable
>>>>> 1.4 Sys::Hostname::Long
>>>>> 0.27 Sys::Syslog
>>>>> 1.26 Test::Pod
>>>>> 0.92 Test::Simple
>>>>> 1.9719 Time::HiRes
>>>>> 1.02 Time::localtime
>>>>>
>>>>> Optional module versions are:
>>>>> 1.52 Archive::Tar
>>>>> 0.23 bignum
>>>>> missing Business::ISBN
>>>>> missing Business::ISBN::Data
>>>>> missing Data::Dump
>>>>> 1.82 DB_File
>>>>> 1.29 DBD::SQLite
>>>>> 1.607 DBI
>>>>> 1.16 Digest
>>>>> 1.01 Digest::HMAC
>>>>> 2.39 Digest::MD5
>>>>> 2.12 Digest::SHA1
>>>>> 1.01 Encode::Detect
>>>>> 0.17016 Error
>>>>> 0.2602 ExtUtils::CBuilder
>>>>> 2.2002 ExtUtils::ParseXS
>>>>> 2.38 Getopt::Long
>>>>> missing Inline
>>>>> missing IO::String
>>>>> 1.10 IO::Zlib
>>>>> 2.27 IP::Country
>>>>> missing Mail::ClamAV
>>>>> 3.003001 Mail::SpamAssassin
>>>>> v2.007 Mail::SPF
>>>>> 1.999001 Mail::SPF::Query
>>>>> 0.340201 Module::Build
>>>>> 0.20 Net::CIDR::Lite
>>>>> 0.66 Net::DNS
>>>>> v0.003 Net::DNS::Resolver::Programmable
>>>>> 0.40 Net::LDAP
>>>>> 4.027 NetAddr::IP
>>>>> missing Parse::RecDescent
>>>>> missing SAVI
>>>>> 3.17 Test::Harness
>>>>> missing Test::Manifest
>>>>> 2.0.0 Text::Balanced
>>>>> 1.53 URI
>>>>> 0.77 version
>>>>> 0.72 YAML
>>>>>
>>>>>
>>>>> Thanks!
>>>>>
>>>>> El 11/02/11 17:02, Stephen Cox escribió:
>>>>>> Thank you!
>>>>>>
>>>>>> On 2/11/11, Julian Field<MailScanner at ecs.soton.ac.uk> wrote:
>>>>>>> Folks,
>>>>>>>
>>>>>>> I have just released a new stable edition of MailScanner, version
>>>>>>> 4.82.6.
>>>>>>>
>>>>>>> This is identical to the recent beta version 4.82.5.
>>>>>>>
>>>>>>> The main new feature is in filename.rules.conf and
>>>>>>> filetype.rules.conf
>>>>>>> configuration files. As well as the previous "allow", "deny" and
>>>>>>> "deny+delete" instructions in a rule, you can now automatically
>>>>>>> rename
>>>>>>> attachment filenames using the "rename" and "rename to" instructions
>>>>>>> instead of just allowing or denying them.
>>>>>>>
>>>>>>> When using the new "rename" instruction in a rule, any matching file
>>>>>>> will be automatically renamed using the new "Rename Pattern"
>>>>>>> setting in
>>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix to any
>>>>>>> filename.
>>>>>>>
>>>>>>> When using the new "rename to" instruction in a rule, any matching
>>>>>>> file
>>>>>>> will be automatically renamed so that the portion of the filename
>>>>>>> that
>>>>>>> matches the pattern string is replaced with new text. So for
>>>>>>> example,
>>>>>>> you can rename all *.pps files to *.ppt with the rule
>>>>>>>
>>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file
>>>>>>>
>>>>>>> If you want to be even cleverer, you can use parenthesised
>>>>>>> sections of
>>>>>>> the match pattern within the replacement text. I'm not quite sure
>>>>>>> who
>>>>>>> this will be useful to, but I'm sure you will find some clever uses
>>>>>>> (you
>>>>>>> folks always do!). As a random example,
>>>>>>>
>>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous
>>>>>>> exes Renamed file
>>>>>>>
>>>>>>> That will rename any file such as "PleaseRunMe.exe" to
>>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to
>>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot run it
>>>>>>> without renaming it first.
>>>>>>>
>>>>>>> Cool huh?
>>>>>>>
>>>>>>> Anyway, you can get it as usual from
>>>>>>>
>>>>>>> http://www.mailscanner.info
>>>>>>>
>>>>>>> ==========================
>>>>>>> The full Changelog is:
>>>>>>> * New Features and Improvements *
>>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as
>>>>>>> the
>>>>>>> previous "allow", "deny", "deny+delete", and email-address types of
>>>>>>> rule,
>>>>>>> there are now "rename" rules as well. If a filename or filetype
>>>>>>> matches
>>>>>>> a "rename" rule, the original attachment is left in the message
>>>>>>> but is
>>>>>>> renamed according to the "Rename Pattern" setting in
>>>>>>> MailScanner.conf.
>>>>>>> This allows for any prefixes or suffixes you may want to add to the
>>>>>>> attachment's filename.
>>>>>>> 2 Improved "rename" rules so you can now also specify "rename to
>>>>>>> new-text".
>>>>>>> If the rule matched an attachment's filename, the text matching the
>>>>>>> pattern
>>>>>>> for that rule will be replaced with the "new-text" string supplied.
>>>>>>> The "to" is optional, but makes it easier to read.
>>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the
>>>>>>> filename now
>>>>>>> ends in ".Rules" as well as ".rules".
>>>>>>> 4 Allow deployments with the 'split mail per recipient' setup where
>>>>>>> mail
>>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for
>>>>>>> releasing
>>>>>>> of quarantined messages, while still scanning re-injected mail.
>>>>>>>
>>>>>>> * Fixes *
>>>>>>> 1 AVG scanner command-line arguments typo fixed.
>>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be
>>>>>>> truncated
>>>>>>> at the start of the first<a> tag if it was never closed properly.
>>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement
>>>>>>> text of a
>>>>>>> "rename to" filename.rules.conf rule.
>>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms instead of
>>>>>>> 0600.
>>>>>>> Thanks to Rick Cooper for this fix!
>>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain List"
>>>>>>> values
>>>>>>> appearing in the conf file. Thanks to Steve Freegard for this!
>>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack
>>>>>>> did not
>>>>>>> have their headers quarantined correctly.
>>>>>>>
>>>>>>> Jules
>>>>>>>
>>>>>>> --
>>>>>>> Julian Field MEng CITP CEng
>>>>>>> www.MailScanner.info
>>>>>>>
>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>> Need help customising MailScanner? Contact me!
>>>>>>>
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>> Follow me at twitter.com/JulesFM
>>>>>>>
>>>>>>> 'All programs have a desire to be useful' - Tron, 1982
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> This message has been scanned for viruses and
>>>>>>> dangerous content by MailScanner, and is
>>>>>>> believed to be clean.
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> Jules
>>>>
>>>
>>>
>>
>> Jules
>>
>
>


-- 
Alvaro Marín Illera
Hostalia Internet
www.hostalia.com



More information about the MailScanner mailing list