weird mailscanner clamd error

Curu Wong prinbra at gmail.com
Thu Jan 6 08:40:18 GMT 2011


My system also has this problem. When a zip archive is scanned, I will
always get clamd error like:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Jan  5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied.
ERROR :: ./BAD697FE65.AD0DB/zbeyond3g.jpg
Jan  5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied.
ERROR :: ./BAD697FE65.AD0DB/zchi_button-02.jpg
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

all other attachent type, like rar, works fine.

the files in ms incoming queue get removed after it finished processing,
and I use this command to monitor file permissions under the incoming queue:

while true; do ls -lR /var/spool/MailScanner/incoming/ >> file_list.txt;
sleep 1;done

Send an email with rar attachment:
=======================================================
-rw-r----- 1 postfix www-data       4 2011-01-06 16:13 nmsg-24184-11.txt
-rw-r----- 1 postfix www-data 1536750 2011-01-06 16:13 nPI2.3.2.rar
-rw-r----- 1 postfix www-data  150576 2011-01-06 16:13 rPI2.3.2.pdf
-rw-r----- 1 postfix www-data 2141878 2011-01-06 16:13 rPoisonIvy2.3.2.exe
=======================================================

Send an email with zip attachment
=================================================
-rw-r----- 1 postfix www-data       4 2011-01-06 15:57 nmsg-24198-1.txt
-rw-r----- 1 postfix www-data 1665916 2011-01-06 15:57 ntest.zip
-rw------- 1 postfix www-data     238 2010-10-15 18:58 zall-wcprops
-rw------- 1 postfix www-data   23100 2010-10-15 18:58 zbeyond3g.jpg
-rw------- 1 postfix www-data   26180 2010-10-15 18:58 zchi_button-02.jpg
-rw------- 1 postfix www-data    2472 2010-10-15 23:33 zchi_button-reset.jpg
-rw------- 1 postfix www-data    2478 2010-10-15 23:33
zchi_button-submit.jpg
-rw------- 1 postfix www-data    6042 2010-10-18 15:34 zchi_edm.html
-rw------- 1 postfix www-data    4345 2010-10-18 15:35 zchi_web.html
========================================================

And I have this settings in MailScanner.conf:

Incoming Work Permissions = 0640

We can see that the test.zip file has the correct permissions, but its
extracted files have wrong permission.
In fact, even if I change Incoming Work Permissions to 0777, the file
permissions is still  rw------, so weird.

Can anyone point out the problem?

I think there maybe something wrong with the perl Archive::Zip module or MS
itself.

2011/1/5 Naz Snidanko <nsnidanko at harperpowerproducts.com>

> MailScanner --lint was generating "found 2 viruses" instead of a proper
> "found 1 virus". So I got fed up, scrapped clamd and went with clamav.
> Clamav works as it should: --lint generates "found 1 virus" and no more
> errors with .ZIP archives. This is a small site and speed should not be
> a factor.
>
> Tons of thanks,
>
> Naz Snidanko
> Desktop & Network Support
> Harper Power Products Inc.
> (p) 416 201- 7506
>  nsnidanko at harperpowerproducts.com
>
> -----Original Message-----
> Date: Tue, 4 Jan 2011 14:45:51 -0500
> From: "Rick Cooper" <rcooper at dwford.com>
> Subject: RE: weird mailscanner clamd error
> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
> Message-ID: <3AD1272E15D14A43BD27F7E3F3C17BD1 at SAHOMELT>
> Content-Type: text/plain; charset="us-ascii"
>
> Have you attempted to manually scan an example file with clamscan or
> clamdscan? (preferably as the same user as would mailscanner).  Have you
> tried sending with MailScanner running in debug mode? The error you are
> seeing is coming from clamd,
>
>  _____
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Naz
> Snidanko
> Sent: Tuesday, January 04, 2011 10:07 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: weird mailscanner clamd error
>
>
>
> Glenn,
>
>
>
> /tmp and incoming directories both have chmod 777. Also from my guess if
> it
> had something to do with permissions it would generate this error for
> all
> files, not just ZIP archives created by Winrar and Winzip programs. I
> also
> completely removed apparmor (even though it originally had rw
> permissions
> for clamd on incoming directory).
>
>
>
> Is there a module within MailScanner that does .zip file extracting
> before
> it goes for a clamd scan?
>
> Any help is much appreciated.
>
> Thank you,
>
> Naz Snidanko
>
> Desktop & Network Support
>
> Harper Power Products Inc.
>
> (p) 416 201- 7506
>
>  <mailto:nsnidanko at harperpowerproducts.com>
> nsnidanko at harperpowerproducts.com
>
> ------------------------------
>
>
>
> Message: 4
>
> Date: Tue, 4 Jan 2011 11:40:03 +0100
>
> From: Glenn Steen <glenn.steen at gmail.com>
>
> Subject: Re: weird mailscanner clamd error
>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>
> Message-ID:
>
>      <AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE+503D-uSTMug at mail.gmail.com<AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE%2B503D-uSTMug at mail.gmail.com>
> >
>
> Content-Type: text/plain; charset=windows-1252
>
>
>
> On 3 January 2011 21:34, Naz Snidanko
> <nsnidanko at harperpowerproducts.com>
> wrote:
>
> > I have weird stuff happening. When we put any file into ZIP archive
> created
>
> > from Winzip or Winrar I get the following log in mail.log:
>
> >
>
> >
>
> >
>
> > Jan  3 15:14:43 ares MailScanner[5103]: Virus and Content Scanning:
> Starting
>
> >
>
> > Jan  3 15:14:43 ares MailScanner[5103]: Clamd::ERROR:: Access denied.
> ERROR
>
> > :: ./66522203B7.AD6EB/zRicohdeviceUsersetup.doc
>
> >
>
> > Jan  3 15:14:43 ares MailScanner[5103]: Virus Scanning: Clamd found 1
>
> > infections
>
> >
>
> > Jan  3 15:14:43 ares MailScanner[5103]: Virus Scanning: Found 1
> viruses
>
> >
>
> > Jan  3 15:14:43 ares MailScanner[5103]: Spam Checks: Starting
>
> >
>
> >
>
> >
>
> > File delivered after passing mailscanner to final destination.
>
> >
>
> >
>
> >
>
> > When I put the same file into ZIP archive using built-in Windows XP
> engine
>
> > it works flawlessly and no error log is generated. No error is
> generated
>
> > when same file is put within .rar archive either.
>
> >
>
> >
>
> >
>
> > I've tried different files anything from jpeg to pdf and end up with
> error
>
> > described above.
>
> >
>
> >
>
> >
>
> > Can someone point me in the right direct how to troubleshoot this
> within
>
> > mailscanner.
>
> >
>
> >
>
> >
>
> > System:
>
> >
>
> >
>
> >
>
> > Clamd 0.96.5
>
> >
>
> > Ubuntu Server 10.04
>
> >
>
> > MailScanner 4.82.3
>
> >
>
> > Perl 5.10.1
>
> >
>
> >
>
> Check that both postfix and clamav (or whatever the users/groups are
>
> called) have relevant perms... Run As User/Group and 0660 perms in
>
> MailScanner.conf, correct perms on your incoming directory (perhaps
>
> /var/spool/MailScanner/incoming), Also check your clamd settings, of
>
> course.
>
> Perhaps the most crucial bit though... is to make sure that you have
>
> sane permissions on /tmp, and that they can create files/directories
>
> there as needed.
>
>
>
> Cheers
>
> --
>
> -- Glenn
>
> email: glenn < dot > steen < at > gmail < dot > com
>
> work: glenn < dot > steen < at > ap1 < dot > se
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by  <http://www.mailscanner.info/> MailScanner, and is
>
> believed to be clean.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104
> /c3d769b6/attachment-0001.html<http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104%0A/c3d769b6/attachment-0001.html>
>
> ------------------------------
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110106/5f7f69b8/attachment.html


More information about the MailScanner mailing list