MailScanner ANNOUNCE: 4.82 stable released
Alvaro Marin
alvaro at hostalia.com
Thu Feb 17 10:45:51 GMT 2011
Hi,
I've applied the patch and now the IDs are generated ok:
1C9385EA8B7.A8402
703D55EA8B5.A923E
...
thank you very much!
El 17/02/11 11:31, Julian Field escribió:
> I have found the bug, and a proposed fix is attached to this message.
> It's a tiny patch for /usr/share/MailScanner/MailScanner/Postfix.pm (on
> Debian) or /usr/lib/MailScanner/MailScanner/Postfix.pm (everywhere else).
>
> cd /usr/lib/MailScanner/MailScanner
> gunzip Postfix.pm.patch.gz
> patch -p0 < Postfix.pm.patch
>
> Or else look at it and apply it by hand (it's only 2 lines).
>
> Sorry about that!
> Jules.
>
> On 16/02/2011 22:41, Alvaro Marín wrote:
>> Hi again,
>>
>> I forgot to mention this thread with the same error some months ago:
>>
>> http://comments.gmane.org/gmane.mail.virus.mailscanner/75443
>>
>> El 16/02/11 23:26, Alvaro Marín escribió:
>>> Hi,
>>>
>>> yes, I've changed Postfix's default queue depth to "2":
>>>
>>> hash_queue_depth = 2
>>> hash_queue_names = incoming, active, deferred, bounce, defer, flush,
>>> hold, trace
>>>
>>> so messages, for example on the hold queue, are stored as:
>>>
>>> /var/spool/postfix/hold/A/F/AFDD42A0009
>>>
>>> Debugging the code of Postfix.pm, I've seen that PostfixKey function
>>> always returns here:
>>>
>>> seek($fh, 0, 0) or return '00000';
>>>
>>> and the value of $fname is just "0E43549800C", the ID, not the complete
>>> path to the file.
>>>
>>> I've deleted from the queue those messages with that .rtf attached and
>>> it seems that is running fine now. Tomorrow, with more traffic, we'll
>>> how it runs.
>>>
>>> If you install Debian's latest stable version, Squeeze, you'll have Perl
>>> 5.10.1 and Postfix 2.7.
>>> I've installed MS from .tar.gz.
>>>
>>> Thank you Jules,
>>> Regards.
>>>
>>> El 16/02/11 22:54, Jules Field escribió:
>>>> Something has gone very badly wrong. They shouldn't be ".00000" on the
>>>> end of the directory names, that means it has failed to read the
>>>> message
>>>> files altogether. The ".00000" should be a hash of the first few bytes
>>>> of the message body file.
>>>>
>>>> Also the locking has totally failed as the same message ID is
>>>> showing up
>>>> in several different MailScanner child processes (the first
>>>> sub-directory name is the child process PID).
>>>>
>>>> This is a real mess. I don't know what you've done, but you've
>>>> broken it
>>>> all very badly.
>>>>
>>>> Have you messed with the queue hashing depth in Postfix or anything
>>>> like
>>>> that?
>>>>
>>>> How do I build a Debian box running the same version of Perl and
>>>> Postfix
>>>> as you? I've never used Debian.
>>>>
>>>> For now, I would try a different version of Perl, a different MTA, or a
>>>> different Linux distribution that isn't so broken. No-one using the
>>>> mainstream Linux distros appears to have these problems.
>>>>
>>>> Jules.
>>>>
>>>> On 16/02/2011 19:53, Alvaro Marin wrote:
>>>>> Hi Jules,
>>>>>
>>>>> I'm using Debian Squeeze's Postfix 2.7.1-1.
>>>>>
>>>>> I've changed MessageBatch.pm's code to show with what ID happens and:
>>>>>
>>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>>> ...
>>>>> ID: C055D2A0015.00000
>>>>> CombineReports OK ID: C055D2A0015.00000
>>>>> ID: 3CE502A004D.00000
>>>>> CombineReports OK ID: 3CE502A004D.00000
>>>>> ID: C39622A000A.00000.message
>>>>> Can't call method "CombineReports" on unblessed reference at
>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 737.
>>>>>
>>>>> The difference is that ".message" attached to the ID.
>>>>> Then, in /var/spool/MailScanner/incoming I do:
>>>>>
>>>>> # find . | grep C39622A000A.00000
>>>>> ./26092/C39622A000A.00000.header
>>>>> ./26092/C39622A000A.00000
>>>>> ./26092/C39622A000A.00000/nmsg-26092-36.txt
>>>>> ./26092/C39622A000A.00000/nmsg-26092-37.html
>>>>> ./26092/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>>> ./26092/C39622A000A.00000.message
>>>>> ./26540/C39622A000A.00000.header
>>>>> ./26540/C39622A000A.00000
>>>>> ./26540/C39622A000A.00000/nmsg-26540-36.txt
>>>>> ./26540/C39622A000A.00000/nmsg-26540-37.html
>>>>> ./26540/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>>> ./26540/C39622A000A.00000.message
>>>>> ./26779/C39622A000A.00000.header
>>>>> ./26779/C39622A000A.00000
>>>>> ./26779/C39622A000A.00000/nmsg-26779-37.html
>>>>> ./26779/C39622A000A.00000/nmsg-26779-36.txt
>>>>> ./26779/C39622A000A.00000/nLOOKING FOR A FOREIGN PARTNER.rtf
>>>>> ./26779/C39622A000A.00000.message
>>>>> ./26803/C39622A000A.00000.header
>>>>> ...
>>>>>
>>>>> The message from that incoming directory, can be downloaded here:
>>>>>
>>>>> http://postmaster.hostalia.com/MSerror.tar.gz
>>>>>
>>>>> Thank you!
>>>>>
>>>>>
>>>>> El 16/02/11 20:33, Jules Field escribió:
>>>>>> What MTA are you using, and if you can reproduce this error
>>>>>> reliably, I
>>>>>> would like a copy of your incoming mail queue as well. That error
>>>>>> should
>>>>>> never happen.
>>>>>>
>>>>>> Is it happening for anyone else?
>>>>>>
>>>>>> The only way that can happen is if the "sub new" isn't getting
>>>>>> called or
>>>>>> is bailing out early, before the "bless" happens to set the type.
>>>>>> None
>>>>>> of the "sub new" functions can exit early, so they must be not being
>>>>>> called. But in CreateBatch, when they are called, they are always
>>>>>> called
>>>>>> before the message is added to the batch.
>>>>>>
>>>>>> Some bug in Perl 5.10.1 or a change of behaviour in Perl I don't know
>>>>>> about?
>>>>>> It's clearly a change between Perl 5.10.0 and 5.10.1. Does the
>>>>>> ChangeLog
>>>>>> for Perl 5.10.1 say anything about it?
>>>>>>
>>>>>> On 16/02/2011 19:11, Alvaro Marin wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I was using MS 4.79.11-1 with Debian Lenny (Perl 5.10.0) and I've
>>>>>>> upgraded to Debian Squeeze with Perl 5.10.1 and now I've this error:
>>>>>>>
>>>>>>>
>>>>>>> # /opt/MailScanner/bin/MailScanner --debug
>>>>>>>
>>>>>>>
>>>>>>> In Debugging mode, not forking...
>>>>>>> Trying to setlogsock(unix)
>>>>>>> Building a message batch to scan...
>>>>>>> Have a batch of 7 messages.
>>>>>>> Can't call method "CombineReports" on unblessed reference at
>>>>>>> /opt/MailScanner/lib/MailScanner/MessageBatch.pm line 736.
>>>>>>>
>>>>>>> Any idea? :S
>>>>>>>
>>>>>>> # /opt/MailScanner/bin/MailScanner -V
>>>>>>> Running on
>>>>>>> Linux main0260 2.6.32-5-686-bigmem #1 SMP Wed Jan 12 04:40:25 UTC
>>>>>>> 2011
>>>>>>> i686 GNU/Linux
>>>>>>> This is Perl version 5.010001 (5.10.1)
>>>>>>>
>>>>>>> This is MailScanner version 4.82.6
>>>>>>> Module versions are:
>>>>>>> 1.00 AnyDBM_File
>>>>>>> 1.30 Archive::Zip
>>>>>>> 0.23 bignum
>>>>>>> 1.11 Carp
>>>>>>> 2.024 Compress::Zlib
>>>>>>> 1.119 Convert::BinHex
>>>>>>> 0.17 Convert::TNEF
>>>>>>> 2.125 Data::Dumper
>>>>>>> 2.27 Date::Parse
>>>>>>> 1.03 DirHandle
>>>>>>> 1.06 Fcntl
>>>>>>> 2.77 File::Basename
>>>>>>> 2.14 File::Copy
>>>>>>> 2.02 FileHandle
>>>>>>> 2.07_03 File::Path
>>>>>>> 0.22 File::Temp
>>>>>>> 0.92 Filesys::Df
>>>>>>> 3.64 HTML::Entities
>>>>>>> 3.64 HTML::Parser
>>>>>>> 3.57 HTML::TokeParser
>>>>>>> 1.25 IO
>>>>>>> 1.14 IO::File
>>>>>>> 1.13 IO::Pipe
>>>>>>> 2.04 Mail::Header
>>>>>>> 1.89 Math::BigInt
>>>>>>> 0.22 Math::BigRat
>>>>>>> 3.08 MIME::Base64
>>>>>>> 5.427 MIME::Decoder
>>>>>>> 5.427 MIME::Decoder::UU
>>>>>>> 5.427 MIME::Head
>>>>>>> 5.427 MIME::Parser
>>>>>>> 3.08 MIME::QuotedPrint
>>>>>>> 5.427 MIME::Tools
>>>>>>> 0.14 Net::CIDR
>>>>>>> 1.25 Net::IP
>>>>>>> 0.19 OLE::Storage_Lite
>>>>>>> 1.04 Pod::Escapes
>>>>>>> 3.07 Pod::Simple
>>>>>>> 1.17 POSIX
>>>>>>> 1.23 Scalar::Util
>>>>>>> 1.82 Socket
>>>>>>> 2.20 Storable
>>>>>>> 1.4 Sys::Hostname::Long
>>>>>>> 0.27 Sys::Syslog
>>>>>>> 1.26 Test::Pod
>>>>>>> 0.92 Test::Simple
>>>>>>> 1.9719 Time::HiRes
>>>>>>> 1.02 Time::localtime
>>>>>>>
>>>>>>> Optional module versions are:
>>>>>>> 1.52 Archive::Tar
>>>>>>> 0.23 bignum
>>>>>>> missing Business::ISBN
>>>>>>> missing Business::ISBN::Data
>>>>>>> missing Data::Dump
>>>>>>> 1.82 DB_File
>>>>>>> 1.29 DBD::SQLite
>>>>>>> 1.607 DBI
>>>>>>> 1.16 Digest
>>>>>>> 1.01 Digest::HMAC
>>>>>>> 2.39 Digest::MD5
>>>>>>> 2.12 Digest::SHA1
>>>>>>> 1.01 Encode::Detect
>>>>>>> 0.17016 Error
>>>>>>> 0.2602 ExtUtils::CBuilder
>>>>>>> 2.2002 ExtUtils::ParseXS
>>>>>>> 2.38 Getopt::Long
>>>>>>> missing Inline
>>>>>>> missing IO::String
>>>>>>> 1.10 IO::Zlib
>>>>>>> 2.27 IP::Country
>>>>>>> missing Mail::ClamAV
>>>>>>> 3.003001 Mail::SpamAssassin
>>>>>>> v2.007 Mail::SPF
>>>>>>> 1.999001 Mail::SPF::Query
>>>>>>> 0.340201 Module::Build
>>>>>>> 0.20 Net::CIDR::Lite
>>>>>>> 0.66 Net::DNS
>>>>>>> v0.003 Net::DNS::Resolver::Programmable
>>>>>>> 0.40 Net::LDAP
>>>>>>> 4.027 NetAddr::IP
>>>>>>> missing Parse::RecDescent
>>>>>>> missing SAVI
>>>>>>> 3.17 Test::Harness
>>>>>>> missing Test::Manifest
>>>>>>> 2.0.0 Text::Balanced
>>>>>>> 1.53 URI
>>>>>>> 0.77 version
>>>>>>> 0.72 YAML
>>>>>>>
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> El 11/02/11 17:02, Stephen Cox escribió:
>>>>>>>> Thank you!
>>>>>>>>
>>>>>>>> On 2/11/11, Julian Field<MailScanner at ecs.soton.ac.uk> wrote:
>>>>>>>>> Folks,
>>>>>>>>>
>>>>>>>>> I have just released a new stable edition of MailScanner, version
>>>>>>>>> 4.82.6.
>>>>>>>>>
>>>>>>>>> This is identical to the recent beta version 4.82.5.
>>>>>>>>>
>>>>>>>>> The main new feature is in filename.rules.conf and
>>>>>>>>> filetype.rules.conf
>>>>>>>>> configuration files. As well as the previous "allow", "deny" and
>>>>>>>>> "deny+delete" instructions in a rule, you can now automatically
>>>>>>>>> rename
>>>>>>>>> attachment filenames using the "rename" and "rename to"
>>>>>>>>> instructions
>>>>>>>>> instead of just allowing or denying them.
>>>>>>>>>
>>>>>>>>> When using the new "rename" instruction in a rule, any matching
>>>>>>>>> file
>>>>>>>>> will be automatically renamed using the new "Rename Pattern"
>>>>>>>>> setting in
>>>>>>>>> MailScanner.conf. This allows you to add a prefix or a suffix
>>>>>>>>> to any
>>>>>>>>> filename.
>>>>>>>>>
>>>>>>>>> When using the new "rename to" instruction in a rule, any matching
>>>>>>>>> file
>>>>>>>>> will be automatically renamed so that the portion of the filename
>>>>>>>>> that
>>>>>>>>> matches the pattern string is replaced with new text. So for
>>>>>>>>> example,
>>>>>>>>> you can rename all *.pps files to *.ppt with the rule
>>>>>>>>>
>>>>>>>>> rename to .ppt \.pps$ Renamed pps to ppt Renamed file
>>>>>>>>>
>>>>>>>>> If you want to be even cleverer, you can use parenthesised
>>>>>>>>> sections of
>>>>>>>>> the match pattern within the replacement text. I'm not quite sure
>>>>>>>>> who
>>>>>>>>> this will be useful to, but I'm sure you will find some clever
>>>>>>>>> uses
>>>>>>>>> (you
>>>>>>>>> folks always do!). As a random example,
>>>>>>>>>
>>>>>>>>> rename to Dangerous_$1_$2 ^(.*)\.(exe|com|scr)$ Renamed dangerous
>>>>>>>>> exes Renamed file
>>>>>>>>>
>>>>>>>>> That will rename any file such as "PleaseRunMe.exe" to
>>>>>>>>> "Dangerous_PleaseRunMe_exe" and rename "DodgyScreensaver.scr" to
>>>>>>>>> "Dangerous_DodgyScreensaver_scr" which means the user cannot
>>>>>>>>> run it
>>>>>>>>> without renaming it first.
>>>>>>>>>
>>>>>>>>> Cool huh?
>>>>>>>>>
>>>>>>>>> Anyway, you can get it as usual from
>>>>>>>>>
>>>>>>>>> http://www.mailscanner.info
>>>>>>>>>
>>>>>>>>> ==========================
>>>>>>>>> The full Changelog is:
>>>>>>>>> * New Features and Improvements *
>>>>>>>>> 1 In filename.rules.conf and filetype.rules.conf files, as well as
>>>>>>>>> the
>>>>>>>>> previous "allow", "deny", "deny+delete", and email-address
>>>>>>>>> types of
>>>>>>>>> rule,
>>>>>>>>> there are now "rename" rules as well. If a filename or filetype
>>>>>>>>> matches
>>>>>>>>> a "rename" rule, the original attachment is left in the message
>>>>>>>>> but is
>>>>>>>>> renamed according to the "Rename Pattern" setting in
>>>>>>>>> MailScanner.conf.
>>>>>>>>> This allows for any prefixes or suffixes you may want to add to
>>>>>>>>> the
>>>>>>>>> attachment's filename.
>>>>>>>>> 2 Improved "rename" rules so you can now also specify "rename to
>>>>>>>>> new-text".
>>>>>>>>> If the rule matched an attachment's filename, the text matching
>>>>>>>>> the
>>>>>>>>> pattern
>>>>>>>>> for that rule will be replaced with the "new-text" string
>>>>>>>>> supplied.
>>>>>>>>> The "to" is optional, but makes it easier to read.
>>>>>>>>> 4 Rules files will be assumed in the MailScanner.conf if the
>>>>>>>>> filename now
>>>>>>>>> ends in ".Rules" as well as ".rules".
>>>>>>>>> 4 Allow deployments with the 'split mail per recipient' setup
>>>>>>>>> where
>>>>>>>>> mail
>>>>>>>>> is re-injected from 127.0.0.1 to still whitelist 127.0.0.1 for
>>>>>>>>> releasing
>>>>>>>>> of quarantined messages, while still scanning re-injected mail.
>>>>>>>>>
>>>>>>>>> * Fixes *
>>>>>>>>> 1 AVG scanner command-line arguments typo fixed.
>>>>>>>>> 2 Fixed problem where HTML messages scanned for Phishing would be
>>>>>>>>> truncated
>>>>>>>>> at the start of the first<a> tag if it was never closed properly.
>>>>>>>>> 3 Fixed bug stopping things like "$1" working in the replacement
>>>>>>>>> text of a
>>>>>>>>> "rename to" filename.rules.conf rule.
>>>>>>>>> 4 Fixed permissions of ClamAV temp files to use workperms
>>>>>>>>> instead of
>>>>>>>>> 0600.
>>>>>>>>> Thanks to Rick Cooper for this fix!
>>>>>>>>> 4 Fixed problem caused by invalid "Spam List" or "Spam Domain
>>>>>>>>> List"
>>>>>>>>> values
>>>>>>>>> appearing in the conf file. Thanks to Steve Freegard for this!
>>>>>>>>> 5 Fixed issue where messages quarantined for being a DoS attack
>>>>>>>>> did not
>>>>>>>>> have their headers quarantined correctly.
>>>>>>>>>
>>>>>>>>> Jules
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Julian Field MEng CITP CEng
>>>>>>>>> www.MailScanner.info
>>>>>>>>>
>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>>> Need help customising MailScanner? Contact me!
>>>>>>>>>
>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>>>> Follow me at twitter.com/JulesFM
>>>>>>>>>
>>>>>>>>> 'All programs have a desire to be useful' - Tron, 1982
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> This message has been scanned for viruses and
>>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>>> believed to be clean.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Jules
>>>>>>
>>>>>
>>>>>
>>>>
>>>> Jules
>>>>
>>>
>>>
>>
>>
>
> Jules
>
--
Alvaro Marín Illera
Hostalia Internet
www.hostalia.com
More information about the MailScanner
mailing list