MailScanner hanging process, cannot write to quarantine and not processing incoming mails

Kocisky kocisky at autistici.org
Mon Oct 31 16:37:40 GMT 2011 

Hi all,

i've just installed Centos 6 and my system is up to date. I've tried to
google a bit but didn't find any solutions:

LOGS:

################################################

mailq with more than 2000 emails and messages are not delivered;

################################################

[root at mail init.d]# ps aux | grep MailScanner
postfix   4074  0.0  2.2 302708 89248 ?        S    Oct28   0:05
MailScanner: compressing attachments
postfix   4081  0.0  2.2 302708 89148 ?        S    Oct28   0:05
MailScanner: compressing attachments
postfix   4086  0.0  2.2 302840 89284 ?        S    Oct28   0:04
MailScanner: compressing attachments
root      8844  0.0  0.0 103156   812 pts/2    S+   11:31   0:00 grep
MailScanner

################################################

/var/log/maillog :

Oct 31 11:50:27 mail MailScanner[9227]: writing to
/var/spool/MailScanner/quarantine/20111031/spam/BBA2A2024A1.AB0F1: No such
file or directory

################################################

[root at mail init.d]# MailScanner --debug

Configuration: Failed to find any configuration files like
/etc/MailScanner/conf.d/*, skipping them. at
/usr/share/MailScanner/MailScanner/Config.pm line 2044

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Have a batch of 30 messages.
Can't call method "print" on an undefined value at
/usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.

################################################

VERSIONS:

MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Configuration: Failed to find any configuration files like
/etc/MailScanner/conf.d/*, skipping them. at
/usr/share/MailScanner/MailScanner/Config.pm line 2044
Read 869 hostnames from the phishing whitelist
Read 4051 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 0 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 0 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (4.84.3) is correct.

Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.


Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 248 messages in the Processing Attempts Database
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/9341/ISITINSTALLED
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

Found these virus scanners installed: clamd
===========================================================================
Created attachment dirs for 1 messages
Filename Checks: Windows/DOS Executable (1 eicar.com)
Completed checking by /usr/bin/file
Other Checks: Found 1 problems

###################################

is the above "Configuration: Failed to find any configuration files like
/etc/MailScanner/conf.d/*, skipping them. at
/usr/share/MailScanner/MailScanner/Config.pm line 2044" an issue? am i
really missing something?

###################################

MailScanner -v
Running on
Linux mail.ny03.mydomain.org 2.6.32-71.29.1.el6.centos.plus.x86_64 #1 SMP
Sun Jun 26 16:27:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS Linux release 6.0 (Final)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.84.3
Module versions are:
1.00 AnyDBM_File
1.30 Archive::Zip
0.23 bignum
1.11 Carp
2.02 Compress::Zlib
1.119 Convert::BinHex
0.17 Convert::TNEF
2.124 Data::Dumper
2.27 Date::Parse
1.03 DirHandle
1.06 Fcntl
2.77 File::Basename
2.14 File::Copy
2.02 FileHandle
2.08 File::Path
0.22 File::Temp
0.92 Filesys::Df
3.64 HTML::Entities
3.64 HTML::Parser
3.57 HTML::TokeParser
1.25 IO
1.14 IO::File
1.13 IO::Pipe
2.04 Mail::Header
1.89 Math::BigInt
0.22 Math::BigRat
3.08 MIME::Base64
5.427 MIME::Decoder
5.427 MIME::Decoder::UU
5.427 MIME::Head
5.427 MIME::Parser
3.08 MIME::QuotedPrint
5.427 MIME::Tools
0.14 Net::CIDR
1.25 Net::IP
0.19 OLE::Storage_Lite
1.04 Pod::Escapes
3.13 Pod::Simple
1.17 POSIX
1.21 Scalar::Util
1.82 Socket
2.20 Storable
1.4 Sys::Hostname::Long
0.27 Sys::Syslog
1.40 Test::Pod
0.92 Test::Simple
1.9721 Time::HiRes
1.02 Time::localtime

Optional module versions are:
1.58 Archive::Tar
0.23 bignum
missing Business::ISBN
missing Business::ISBN::Data
missing Data::Dump
1.82 DB_File
1.27 DBD::SQLite
1.609 DBI
1.16 Digest
1.01 Digest::HMAC
2.39 Digest::MD5
2.12 Digest::SHA1
1.01 Encode::Detect
missing Error
0.27 ExtUtils::CBuilder
2.2203 ExtUtils::ParseXS
2.38 Getopt::Long
missing Inline
missing IO::String
1.09 IO::Zlib
missing IP::Country
missing Mail::ClamAV
3.003001 Mail::SpamAssassin
missing Mail::SPF
missing Mail::SPF::Query
0.35 Module::Build
missing Net::CIDR::Lite
0.65 Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.027 NetAddr::IP
missing Parse::RecDescent
missing SAVI
3.17 Test::Harness
missing Test::Manifest
2.0.0 Text::Balanced
1.40 URI
0.77 version
missing YAML
Virus and Content Scanning: Starting
Commencing scanning by clamd...
Debug Mode Is On
Use Threads : NO
Socket    : /var/run/clamav/clamd.sock
IP        : Using Sockets
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/9341
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

SENT : CONTSCAN /var/spool/MailScanner/incoming/9341
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Completed scanning by clamd
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist

########################################

I've tried also to disable selinux:

[root at mail init.d]# setenforce 0
[root at mail init.d]#
[root at mail init.d]# MailScanner -debug

Configuration: Failed to find any configuration files like
/etc/MailScanner/conf.d/*, skipping them. at
/usr/share/MailScanner/MailScanner/Config.pm line 2044

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Have a batch of 30 messages.
Can't call method "print" on an undefined value at
/usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
[root at mail init.d]#
[root at mail init.d]#
[root at mail init.d]#

[root at mail init.d]# postconf -d | grep mail_version
mail_version = 2.6.6

any ideas ? thanks you !!


milter_macro_v = $mail_name $mail_version
[root at mail init.d]#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111031/ad3ae66b/attachment.html

More information about the MailScanner mailing list