MailScanner ANNOUNCE: 4.82 stable released
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Feb 17 10:31:53 GMT 2011
I have found the bug, and a proposed fix is attached to this message.
It's a tiny patch for /usr/share/MailScanner/MailScanner/Postfix.pm (on
Debian) or /usr/lib/MailScanner/MailScanner/Postfix.pm (everywhere else).
cd /usr/lib/MailScanner/MailScanner
gunzip Postfix.pm.patch.gz
patch -p0 < Postfix.pm.patch
Or else look at it and apply it by hand (it's only 2 lines).
Sorry about that!
Jules.
On 16/02/2011 22:41, Alvaro Marín wrote:
> Hi again,
>
> I forgot to mention this thread with the same error some months ago:
>
> http://comments.gmane.org/gmane.mail.virus.mailscanner/75443
>
> El 16/02/11 23:26, Alvaro Marín escribió:
>> Hi,
>>
>> yes, I've changed Postfix's default queue depth to "2":
>>
>> hash_queue_depth = 2
>> hash_queue_names = incoming, active, deferred, bounce, defer, flush,
>> hold, trace
>>
>> so messages, for example on the hold queue, are stored as:
>>
>> /var/spool/postfix/hold/A/F/AFDD42A0009
>>
>> Debugging the code of Postfix.pm, I've seen that PostfixKey function
>> always returns here:
>>
>> seek($fh, 0, 0) or return '00000';
>>
>> and the value of $fname is just "0E43549800C", the ID, not the complete
>> path to the file.
>>
>> I've deleted from the queue those messages with that .rtf attached and
>> it seems that is running fine now. Tomorrow, with more traffic, we'll
>> how it runs.
>>
>> If you install Debian's latest stable version, Squeeze, you'll have Perl
>> 5.10.1 and Postfix 2.7.
>> I've installed MS from .tar.gz.
>>
>> Thank you Jules,
>> Regards.
>>
>> El 16/02/11 22:54, Jules Field escribió:
>>> Something has gone very badly wrong. They shouldn't be ".00000" on the
>>> end of the directory names, that means it has failed to read the
>>> message
>>> files altogether. The ".00000" should be a hash of the first few bytes
>>> of the message body file.
>>>
>>> Also the locking has totally failed as the same message ID is
>>> showing up
>>> in several different MailScanner child processes (the first
>>> sub-directory name is the child process PID).
>>>
>>> This is a real mess. I don't know what you've done, but you've
>>> broken it
>>> all very badly.
>>>
>>> Have you messed with the queue hashing depth in Postfix or anything
>>> like
>>> that?
>>>
>>> How do I build a Debian box running the same version of Perl and
>>> Postfix
>>> as you? I've never used Debian.
>>>
>>> For now, I would try a different version of Perl, a different MTA, or a
>>> different Linux distribution that isn't so broken. No-one using the
>>> mainstream Linux distros appears to have these problems.
>>>
>>> Jules.
>>>
>>> On 16/02/2011 19:53, Alvaro Marin wrote:
>>>> Hi Jules,
>>>>
>>>> I'm using Debian Squeeze's Postfix 2.7.1-1.
>>>>
>>>> I've changed MessageBatch.pm's code to show with what ID happens and:
>>>>
>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>> ...
>>>> ID: C055D2A0015.00000
>>>> CombineReports OK ID: C055D2A0015.00000
>>>> ID: 3CE502A004D.00000
>>>> CombineReports OK ID: 3CE502A004D.00000
>>>> ID: C39622A000A.00000.message
>>>> Can't call method "CombineReports" on unblessed reference at
>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737.
>>>>
>>>> The difference is that ".message" attached to the ID.
>>>> Then, in /var/spool/MailScanner/incoming I do:
>>>>
>>>> # find . | grep C39622A000A.00000
>>>> ./26092/C39622A000A.00000.header
>>>> ./26092/C39622A000A.00000
>>>> ./26092/C39622A000A.00000/nmsg-26092-36.txt
>>>> ./26092/C39622A000A.00000/nmsg-26092-37.html
>>>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>> ./26092/C39622A000A.00000.message
>>>> ./26540/C39622A000A.00000.header
>>>> ./26540/C39622A000A.00000
>>>> ./26540/C39622A000A.00000/nmsg-26540-36.txt
>>>> ./26540/C39622A000A.00000/nmsg-26540-37.html
>>>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>> ./26540/C39622A000A.00000.message
>>>> ./26779/C39622A000A.00000.header
>>>> ./26779/C39622A000A.00000
>>>> ./26779/C39622A000A.00000/nmsg-26779-37.html
>>>> ./26779/C39622A000A.00000/nmsg-26779-36.txt
>>>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>> ./26779/C39622A000A.00000.message
>>>> ./26803/C39622A000A.00000.header
>>>> ...
>>>>
>>>> The message from that incoming directory, can be downloaded here:
>>>>
>>>> http://postmaster.hostalia.com/MSerror.tar.gz
>>>>
>>>> Thank you!
>>>>
>>>>
>>>> El 16/02/11 20:33, Jules Field escribió:
>>>>> What MTA are you using, and if you can reproduce this error
>>>>> reliably, I
>>>>> would like a copy of your incoming mail queue as well. That error
>>>>> should
>>>>> never happen.
>>>>>
>>>>> Is it happening for anyone else?
>>>>>
>>>>> The only way that can happen is if the "sub new" isn't getting
>>>>> called or
>>>>> is bailing out early, before the "bless" happens to set the type.
>>>>> None
>>>>> of the "sub new" functions can exit early, so they must be not being
>>>>> called. But in CreateBatch, when they are called, they are always
>>>>> called
>>>>> before the message is added to the batch.
>>>>>
>>>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know
>>>>> about?
>>>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the
>>>>> ChangeLog
>>>>> for Perl 5.10.1 say anything about it?
>>>>>
>>>>> On 16/02/2011 19:11, Alvaro Marin wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've
>>>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error:
>>>>>>
>>>>>>
>>>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>>>>
>>>>>>
>>>>>> In Debugging mode, not forking...
>>>>>> Trying to setlogsock(unix)
>>>>>> Building a message batch to scan...
>>>>>> Have a batch of 7 messages.
>>>>>> Can't call method "CombineReports" on unblessed reference at
>>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736.
>>>>>>
>>>>>> Any idea? :S
>>>>>>
>>>>>> # /opt/MailScanner/bin/MailScanner -V
>>>>>> Running on
>>>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC
>>>>>> 2011
>>>>>> i686 GNU/Linux
>>>>>> This is Perl version 5.010001 (5.10.1)
>>>>>>
>>>>>> This is MailScanner version 4.82.6
>>>>>> Module versions are:
>>>>>> 1.00 AnyDBM_File
>>>>>> 1.30 Archive::Zip
>>>>>> 0.23 bignum
>>>>>> 1.11 Carp
>>>>>> 2.024 Compress::Zlib
>>>>>> 1.119 Convert::BinHex
>>>>>> 0.17 Convert::TNEF
>>>>>> 2.125 Data::Dumper
>>>>>> 2.27 Date::Parse
>>>>>> 1.03 DirHandle
>>>>>> 1.06 Fcntl
>>>>>> 2.77 File::Basename
>>>>>> 2.14 File::Copy
>>>>>> 2.02 FileHandle
>>>>>> 2.07_03 File::Path
>>>>>> 0.22 File::Temp
>>>>>> 0.92 Filesys::Df
>>>>>> 3.64 HTML::Entities
>>>>>> 3.64 HTML::Parser
>>>>>> 3.57 HTML::TokeParser
>>>>>> 1.25 IO
>>>>>> 1.14 IO::File
>>>>>> 1.13 IO::Pipe
>>>>>> 2.04 Mail::Header
>>>>>> 1.89 Math::BigInt
>>>>>> 0.22 Math::BigRat
>>>>>> 3.08 MIME::Base64
>>>>>> 5.427 MIME::Decoder
>>>>>> 5.427 MIME::Decoder::UU
>>>>>> 5.427 MIME::Head
>>>>>> 5.427 MIME::Parser
>>>>>> 3.08 MIME::QuotedPrint
>>>>>> 5.427 MIME::Tools
>>>>>> 0.14 Net::CIDR
>>>>>> 1.25 Net::IP
>>>>>> 0.19 OLE::Storage_Lite
>>>>>> 1.04 Pod::Escapes
>>>>>> 3.07 Pod::Simple
>>>>>> 1.17 POSIX
>>>>>> 1.23 Scalar::Util
>>>>>> 1.82 Socket
>>>>>> 2.20 Storable
>>>>>> 1.4 Sys::Hostname::Long
>>>>>> 0.27 Sys::Syslog
>>>>>> 1.26 Test::Pod
>>>>>> 0.92 Test::Simple
>>>>>> 1.9719 Time::HiRes
>>>>>> 1.02 Time::localtime
>>>>>>
>>>>>> Optional module versions are:
>>>>>> 1.52 Archive::Tar
>>>>>> 0.23 bignum
>>>>>> missing Business::ISBN
>>>>>> missing Business::ISBN::Data
>>>>>> missing Data::Dump
>>>>>> 1.82 DB_File
>>>>>> 1.29 DBD::SQLite
>>>>>> 1.607 DBI
>>>>>> 1.16 Digest
>>>>>> 1.01 Digest::HMAC
>>>>>> 2.39 Digest::MD5
>>>>>> 2.12 Digest::SHA1
>>>>>> 1.01 Encode::Detect
>>>>>> 0.17016 Error
>>>>>> 0.2602 ExtUtils::CBuilder
>>>>>> 2.2002 ExtUtils::ParseXS
>>>>>> 2.38 Getopt::Long
>>>>>> missing Inline
>>>>>> missing IO::String
>>>>>> 1.10 IO::Zlib
>>>>>> 2.27 IP::Country
>>>>>> missing Mail::ClamAV
>>>>>> 3.003001 Mail::SpamAssassin
>>>>>> v2.007 Mail::SPF
>>>>>> 1.999001 Mail::SPF::Query
>>>>>> 0.340201 Module::Build
>>>>>> 0.20 Net::CIDR::Lite
>>>>>> 0.66 Net::DNS
>>>>>> v0.003 Net::DNS::Resolver::Programmable
>>>>>> 0.40 Net::LDAP
>>>>>> 4.027 NetAddr::IP
>>>>>> missing Parse::RecDescent
>>>>>> missing SAVI
>>>>>> 3.17 Test::Harness
>>>>>> missing Test::Manifest
>>>>>> 2.0.0 Text::Balanced
>>>>>> 1.53 URI
>>>>>> 0.77 version
>>>>>> 0.72 YAML
>>>>>>
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> El 11/02/11 17:02, Stephen Cox escribió:
>>>>>>> Thank you!
>>>>>>>
>>>>>>> On 2/11/11, Julian Field<MailScanner at ecs.soton.ac.uk> wrote:
>>>>>>>> Folks,
>>>>>>>>
>>>>>>>> I have just released a new stable edition of MailScanner, version
>>>>>>>> 4.82.6.
>>>>>>>>
>>>>>>>> This is identical to the recent beta version 4.82.5.
>>>>>>>>
>>>>>>>> The main new feature is in filename.rules.conf and
>>>>>>>> filetype.rules.conf
>>>>>>>> configuration files. As well as the previous "allow", "deny" and
>>>>>>>> "deny+delete" instructions in a rule, you can now automatically
>>>>>>>> rename
>>>>>>>> attachment filenames using the "rename" and "rename to"
>>>>>>>> instructions
>>>>>>>> instead of just allowing or denying them.
>>>>>>>>
>>>>>>>> When using the new "rename" instruction in a rule, any matching
>>>>>>>> file
>>>>>>>> will be automatically renamed using the new "Rename Pattern"
>>>>>>>> setting in
>>>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix
>>>>>>>> to any
>>>>>>>> filename.
>>>>>>>>
>>>>>>>> When using the new "rename to" instruction in a rule, any matching
>>>>>>>> file
>>>>>>>> will be automatically renamed so that the portion of the filename
>>>>>>>> that
>>>>>>>> matches the pattern string is replaced with new text. So for
>>>>>>>> example,
>>>>>>>> you can rename all *.pps files to *.ppt with the rule
>>>>>>>>
>>>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file
>>>>>>>>
>>>>>>>> If you want to be even cleverer, you can use parenthesised
>>>>>>>> sections of
>>>>>>>> the match pattern within the replacement text. I'm not quite sure
>>>>>>>> who
>>>>>>>> this will be useful to, but I'm sure you will find some clever
>>>>>>>> uses
>>>>>>>> (you
>>>>>>>> folks always do!). As a random example,
>>>>>>>>
>>>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous
>>>>>>>> exes Renamed file
>>>>>>>>
>>>>>>>> That will rename any file such as "PleaseRunMe.exe" to
>>>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to
>>>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot
>>>>>>>> run it
>>>>>>>> without renaming it first.
>>>>>>>>
>>>>>>>> Cool huh?
>>>>>>>>
>>>>>>>> Anyway, you can get it as usual from
>>>>>>>>
>>>>>>>> http://www.mailscanner.info
>>>>>>>>
>>>>>>>> ==========================
>>>>>>>> The full Changelog is:
>>>>>>>> * New Features and Improvements *
>>>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as
>>>>>>>> the
>>>>>>>> previous "allow", "deny", "deny+delete", and email-address
>>>>>>>> types of
>>>>>>>> rule,
>>>>>>>> there are now "rename" rules as well. If a filename or filetype
>>>>>>>> matches
>>>>>>>> a "rename" rule, the original attachment is left in the message
>>>>>>>> but is
>>>>>>>> renamed according to the "Rename Pattern" setting in
>>>>>>>> MailScanner.conf.
>>>>>>>> This allows for any prefixes or suffixes you may want to add to
>>>>>>>> the
>>>>>>>> attachment's filename.
>>>>>>>> 2 Improved "rename" rules so you can now also specify "rename to
>>>>>>>> new-text".
>>>>>>>> If the rule matched an attachment's filename, the text matching
>>>>>>>> the
>>>>>>>> pattern
>>>>>>>> for that rule will be replaced with the "new-text" string
>>>>>>>> supplied.
>>>>>>>> The "to" is optional, but makes it easier to read.
>>>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the
>>>>>>>> filename now
>>>>>>>> ends in ".Rules" as well as ".rules".
>>>>>>>> 4 Allow deployments with the 'split mail per recipient' setup
>>>>>>>> where
>>>>>>>> mail
>>>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for
>>>>>>>> releasing
>>>>>>>> of quarantined messages, while still scanning re-injected mail.
>>>>>>>>
>>>>>>>> * Fixes *
>>>>>>>> 1 AVG scanner command-line arguments typo fixed.
>>>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be
>>>>>>>> truncated
>>>>>>>> at the start of the first<a> tag if it was never closed properly.
>>>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement
>>>>>>>> text of a
>>>>>>>> "rename to" filename.rules.conf rule.
>>>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms
>>>>>>>> instead of
>>>>>>>> 0600.
>>>>>>>> Thanks to Rick Cooper for this fix!
>>>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain
>>>>>>>> List"
>>>>>>>> values
>>>>>>>> appearing in the conf file. Thanks to Steve Freegard for this!
>>>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack
>>>>>>>> did not
>>>>>>>> have their headers quarantined correctly.
>>>>>>>>
>>>>>>>> Jules
>>>>>>>>
>>>>>>>> --
>>>>>>>> Julian Field MEng CITP CEng
>>>>>>>> www.MailScanner.info
>>>>>>>>
>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>> Need help customising MailScanner? Contact me!
>>>>>>>>
>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>>> Follow me at twitter.com/JulesFM
>>>>>>>>
>>>>>>>> 'All programs have a desire to be useful' - Tron, 1982
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> This message has been scanned for viruses and
>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>> believed to be clean.
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Jules
>>>>>
>>>>
>>>>
>>>
>>> Jules
>>>
>>
>>
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
'All programs have a desire to be useful' - Tron, 1982
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Postfix.pm.patch.gz
Type: application/x-gzip
Size: 502 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110217/0cf3132d/Postfix.pm.patch.gz
More information about the MailScanner
mailing list