MailScanner hanging process, cannot write to quarantine and not processing incoming mails

Rob Verduijn rob.verduijn at gmail.com
Mon Oct 31 18:41:15 GMT 2011


Let me know if you find out,
I happened to stumble on exactly that problem as well. (on ubuntu lucid
though)

Rob

2011/10/31 Kocisky <kocisky at autistici.org>

> ok, which process changed the permissions
> to /var/spool/MailScanner/quarantine ? mailscanner? baruwa?
>
> [root at mail init.d]# ls -la /var/spool/MailScanner/
> total 32
> drwxr-xr-x.  5 root    root   4096 Oct 22 09:00 .
> drwxr-xr-x. 14 root    root   4096 Oct 28 11:27 ..
> drwxr-xr-x. 12 postfix clam   4096 Oct 31 12:54 incoming
> drwxr-xr-x. 24 root    apache 4096 Oct 31 12:48 quarantine
> drwxr-x---.  2 postfix clam   4096 Oct  3 12:21 spamassassin
> [root at mail init.d]# chown -R postfix.clam
> /var/spool/MailScanner/quarantine/
>
> #@^%#$^%$@^*$#%^*5476q%E*!!!???!!!
>
> On 31 October 2011 13:03, Kocisky <kocisky at autistici.org> wrote:
>
>> from the strace (below below) it seems that the process cannot create the
>> folder:
>>
>> [root at mail init.d]# ls -l /var/spool/MailScanner/quarantine/20111031
>> ls: cannot access /var/spool/MailScanner/quarantine/20111031: No such
>> file or directory
>>
>> it should be a simple permission issue because selinux doesnt give any
>> audit.log and "setenforce 0" didn't change the situation.
>>
>> permission of MailScanner.conf:
>>
>> Run As User = postfix
>> Run As Group = postfix
>>
>> i'm definitively missing something !!!
>>
>> below some permissions where it seems to hang:
>>
>> [root at mail init.d]# ls -la /var/spool/MailScanner/quarantine/
>> total 96
>> drwxr-xr-x.  24 root    apache  4096 Oct 22 09:00 .
>> drwxr-xr-x.   5 root    root    4096 Oct 22 09:00 ..
>> drwx------.   3 postfix apache  4096 Oct  3 13:06 20111003
>> drwxrwx---.   7 postfix apache  4096 Oct  4 13:51 20111004
>> drwxrwx---.   6 postfix apache  4096 Oct  5 13:19 20111005
>> drwxrwx---.   5 postfix apache  4096 Oct  6 20:51 20111006
>> drwxrwx---.  15 postfix apache  4096 Oct  7 07:56 20111007
>> drwxrwx---.   3 postfix apache  4096 Oct  8 00:19 20111008
>> drwxrwx---.   3 postfix apache  4096 Oct  9 00:05 20111009
>> drwxrwx---.   3 postfix apache  4096 Oct 10 00:16 20111010
>> drwxrwx---.  20 postfix apache  4096 Oct 12 22:32 20111012
>> drwxrwx---.  37 postfix postfix 4096 Oct 13 16:29 20111013
>> drwxrwx---.  15 postfix celeryd 4096 Oct 14 13:30 20111014
>> drwxrwx---.   6 postfix celeryd 4096 Oct 17 22:17 20111017
>> drwxrwx---.  20 postfix celeryd 4096 Oct 18 20:42 20111018
>> drwxrwx---.   3 postfix celeryd 4096 Oct 19 04:38 20111019
>> drwxrwx---.  54 postfix celeryd 4096 Oct 20 21:31 20111020
>> drwxrwx---.  11 postfix celeryd 4096 Oct 21 10:08 20111021
>> drwxrwx---.   5 postfix celeryd 4096 Oct 24 15:48 20111024
>> drwxrwx---. 142 postfix postfix 4096 Oct 25 23:32 20111025
>> drwxrwx---. 118 postfix postfix 4096 Oct 26 18:12 20111026
>> drwxrwx---.  15 postfix apache  4096 Oct 27 21:14 20111027
>> drwxrwx---.   5 postfix apache  4096 Oct 28 06:27 20111028
>> drwxr-x---.   3 postfix apache  4096 Oct 31 12:08 phishingupdate
>> [root at mail init.d]# ls -la /var/spool/MailScanner/quarantine/20111031
>> ls: cannot access /var/spool/MailScanner/quarantine/20111031: No such
>> file or directory
>> [root at mail init.d]# ls -la /var/spool/MailScanner/
>> total 32
>> drwxr-xr-x.  5 root    root   4096 Oct 22 09:00 .
>> drwxr-xr-x. 14 root    root   4096 Oct 28 11:27 ..
>> drwxr-xr-x.  9 postfix clam   4096 Oct 31 12:41 incoming
>> drwxr-xr-x. 24 root    apache 4096 Oct 22 09:00 quarantine
>> drwxr-x---.  2 postfix clam   4096 Oct  3 12:21 spamassassin
>>
>>
>> below the strace output:
>>
>>
>> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") =
>> 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=2}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
>> gettimeofday({1320079287, 180287}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 180496}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
>> gettimeofday({1320079287, 181930}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 182134}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 432) = 432
>> gettimeofday({1320079287, 183021}, NULL) = 0
>> gettimeofday({1320079287, 183150}, NULL) = 0
>> lseek(26, 0, SEEK_SET)                  = 0
>> lseek(26, 0, SEEK_CUR)                  = 0
>> read(26, "CO           7091             69"..., 4096) = 4096
>> lseek(26, 81, SEEK_SET)                 = 81
>> lseek(26, 0, SEEK_CUR)                  = 81
>> lseek(26, 691, SEEK_SET)                = 691
>> lseek(26, 0, SEEK_CUR)                  = 691
>> read(26, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
>> lseek(26, 2049, SEEK_SET)               = 2049
>> lseek(26, 0, SEEK_CUR)                  = 2049
>> lseek(26, 2049, SEEK_SET)               = 2049
>> lseek(26, 0, SEEK_CUR)                  = 2049
>> read(26, "N\0N,This is a multi-part message"..., 4096) = 4096
>> read(26, "realize friend letter be able.N "..., 4096) = 1641
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> F_OK) = -1 ENOENT (No such file or directory)
>> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
>> lseek(6, 24, SEEK_SET)                  = 24
>> read(6, "\0\2F\230\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> F_OK) = -1 ENOENT (No such file or directory)
>> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
>> lseek(6, 24, SEEK_SET)                  = 24
>> read(6, "\0\2F\230\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741825,
>> len=1}) = 0
>> open("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> O_RDWR|O_CREAT, 0644) = 38
>> open("/var/spool/MailScanner/incoming", O_RDONLY) = 39
>> fcntl(39, F_GETFD)                      = 0
>> fcntl(39, F_SETFD, FD_CLOEXEC)          = 0
>> fcntl(38, F_GETFD)                      = 0
>> fcntl(38, F_SETFD, FD_CLOEXEC)          = 0
>> lseek(38, 0, SEEK_SET)                  = 0
>> write(38,
>> "\0\0\0\0\0\0\0\0\0\0\0\0\7\20\240\225\0\0\20E\0\0\2\0\0\0\4\0\0\0\0\0"...,
>> 512) = 512
>> gettimeofday({1320079287, 191900}, NULL) = 0
>> lseek(38, 512, SEEK_SET)                = 512
>> write(38, "\0\0\0\4", 4)                = 4
>> lseek(38, 516, SEEK_SET)                = 516
>> write(38,
>> "\n\2\362\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
>> 1024) = 1024
>> lseek(38, 1540, SEEK_SET)               = 1540
>> write(38, "\7\20\240\261", 4)           = 4
>> lseek(38, 1544, SEEK_SET)               = 1544
>> write(38, "\0\0\v\33", 4)               = 4
>> lseek(38, 1548, SEEK_SET)               = 1548
>> write(38, "\r\0\0\0\2\0E\0\3\221\0E23.AFFF7\0   Wed Oct "..., 1024) = 1024
>> lseek(38, 2572, SEEK_SET)               = 2572
>> write(38, "\7\20\242\352", 4)           = 4
>> lseek(38, 2576, SEEK_SET)               = 2576
>> write(38, "\0\0\0\1", 4)                = 4
>> lseek(38, 2580, SEEK_SET)               = 2580
>> write(38, "SQLite format 3\0\4\0\1\1\0@  \0\2F\230\0\0\0\0"..., 1024) =
>> 1024
>> lseek(38, 3604, SEEK_SET)               = 3604
>> write(38, "\7\20\241\25", 4)            = 4
>> lseek(38, 4096, SEEK_SET)               = 4096
>> read(38, "", 8)                         = 0
>> fdatasync(38)                           = 0
>> close(39)                               = 0
>> lseek(38, 0, SEEK_SET)                  = 0
>> write(38, "\331\325\5\371 \241c\327\0\0\0\3", 12) = 12
>> fdatasync(38)                           = 0
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> lseek(6, 0, SEEK_SET)                   = 0
>> write(6, "SQLite format 3\0\4\0\1\1\0@  \0\2F\231\0\0\0\0"..., 1024) =
>> 1024
>> lseek(6, 3072, SEEK_SET)                = 3072
>> write(6,
>> "\n\2\350\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
>> 1024) = 1024
>> lseek(6, 2910208, SEEK_SET)             = 2910208
>> write(6, "\r\0\0\0\2\0E\0\3\221\0E23.AFFF7\0   Wed Oct "..., 1024) = 1024
>> fdatasync(6)                            = 0
>> close(38)                               = 0
>> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") =
>> 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=2}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
>> gettimeofday({1320079287, 246889}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 247091}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
>> gettimeofday({1320079287, 248624}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 248827}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 343) = 343
>> gettimeofday({1320079287, 249686}, NULL) = 0
>> gettimeofday({1320079287, 249820}, NULL) = 0
>> lseek(12, 0, SEEK_SET)                  = 0
>> lseek(12, 0, SEEK_CUR)                  = 0
>> read(12, "CO          42635             68"..., 4096) = 4096
>> lseek(12, 81, SEEK_SET)                 = 81
>> lseek(12, 0, SEEK_CUR)                  = 81
>> lseek(12, 689, SEEK_SET)                = 689
>> lseek(12, 0, SEEK_CUR)                  = 689
>> read(12, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
>> lseek(12, 3328, SEEK_SET)               = 3328
>> lseek(12, 0, SEEK_CUR)                  = 3328
>> lseek(12, 3328, SEEK_SET)               = 3328
>> lseek(12, 0, SEEK_CUR)                  = 3328
>> read(12, "N\6<html>N\6<head>N\24<title>Sears</"..., 4096) = 4096
>> read(12, "amai=2Enet/f/248/47562/14d/ig=2E"..., 4096) = 4096
>> read(12, "b9VSRRYSUWV1b9X8w9GVbwzfTRSSSRUR"..., 4096) = 4096
>> read(12, "NLYSUWzf1vSvWf2aRRVXLX=22 rilt=3"..., 4096) = 4096
>> read(12, "klhuLjXpKVSYSARUSRVhilXlPiLXJhKL"..., 4096) = 4096
>> read(12, "trong>Even more offers from Sear"..., 4096) = 4096
>> read(12, "2011_Oc=NLtober_Week4/20111030_S"..., 4096) = 4096
>> read(12, "e</a></td>NE          <td width="..., 4096) = 4096
>> read(12, "sys4=2Enet/servlet/cc6?kLHjkQDRY"..., 4096) = 4096
>> read(12, "                <td valign=3D=22"..., 4096) = 3136
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> F_OK) = -1 ENOENT (No such file or directory)
>> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
>> lseek(6, 24, SEEK_SET)                  = 24
>> read(6, "\0\2F\231\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
>> lseek(6, 3857408, SEEK_SET)             = 3857408
>> read(6,
>> "\0\0\0\0.l\326\373_\266_\327G\311\7Pm+E\311\317\367\275\344\233\340\371\250\27\33i\v"...,
>> 1024) = 1024
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> access("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> F_OK) = -1 ENOENT (No such file or directory)
>> fstat(6, {st_mode=S_IFREG|0750, st_size=4264960, ...}) = 0
>> lseek(6, 24, SEEK_SET)                  = 24
>> read(6, "\0\2F\231\0\0\0\0\0\0\16\310\0\0\17\356", 16) = 16
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741825,
>> len=1}) = 0
>> open("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal",
>> O_RDWR|O_CREAT, 0644) = 38
>> open("/var/spool/MailScanner/incoming", O_RDONLY) = 39
>> fcntl(39, F_GETFD)                      = 0
>> fcntl(39, F_SETFD, FD_CLOEXEC)          = 0
>> fcntl(38, F_GETFD)                      = 0
>> fcntl(38, F_SETFD, FD_CLOEXEC)          = 0
>> lseek(38, 0, SEEK_SET)                  = 0
>> write(38,
>> "\0\0\0\0\0\0\0\0\0\0\0\0\274\244\2267\0\0\20E\0\0\2\0\0\0\4\0\0\0\0\0"...,
>> 512) = 512
>> gettimeofday({1320079287, 269307}, NULL) = 0
>> lseek(38, 512, SEEK_SET)                = 512
>> write(38, "\0\0\0\4", 4)                = 4
>> lseek(38, 516, SEEK_SET)                = 516
>> write(38,
>> "\n\2\350\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
>> 1024) = 1024
>> lseek(38, 1540, SEEK_SET)               = 1540
>> write(38, "\274\244\226S", 4)           = 4
>> lseek(38, 1544, SEEK_SET)               = 1544
>> write(38, "\0\0\0\1", 4)                = 4
>> lseek(38, 1548, SEEK_SET)               = 1548
>> write(38, "SQLite format 3\0\4\0\1\1\0@  \0\2F\231\0\0\0\0"..., 1024) =
>> 1024
>> lseek(38, 2572, SEEK_SET)               = 2572
>> write(38, "\274\244\226\267", 4)        = 4
>> lseek(38, 2576, SEEK_SET)               = 2576
>> write(38, "\0\0\16\310", 4)             = 4
>> lseek(38, 2580, SEEK_SET)               = 2580
>> write(38,
>> "\0\0\16N\0\0\0]\0\0\16>\0\0\7\317\0\0\16a\0\0\6\366\0\0\6\335\0\0\16\262"...,
>> 1024) = 1024
>> lseek(38, 3604, SEEK_SET)               = 3604
>> write(38, "\274\244\226\244", 4)        = 4
>> lseek(38, 3608, SEEK_SET)               = 3608
>> write(38, "\0\0\16>", 4)                = 4
>> lseek(38, 3612, SEEK_SET)               = 3612
>> write(38,
>> "\0\0\0\0\233\306\0\367\310\355z\367\344\332f\v;;\f\315\223\215\20\5\217\326\266\320\214c\263z"...,
>> 1024) = 1024
>> lseek(38, 4636, SEEK_SET)               = 4636
>> write(38, "\274\244\227F", 4)           = 4
>> lseek(38, 4640, SEEK_SET)               = 4640
>> write(38, "\0\0\t\334", 4)              = 4
>> lseek(38, 4644, SEEK_SET)               = 4644
>> write(38,
>> "\r\0\0\0\2\0\210\0\3\221\0\210d\303\265\3322(yy=J\276C\313`\217W\33Ik\220"...,
>> 1024) = 1024
>> lseek(38, 5668, SEEK_SET)               = 5668
>> write(38, "\274\244\230\350", 4)        = 4
>> lseek(38, 6144, SEEK_SET)               = 6144
>> read(38, "", 8)                         = 0
>> fdatasync(38)                           = 0
>> close(39)                               = 0
>> lseek(38, 0, SEEK_SET)                  = 0
>> write(38, "\331\325\5\371 \241c\327\0\0\0\5", 12) = 12
>> fdatasync(38)                           = 0
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741824,
>> len=1}) = 0
>> fcntl(6, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> lseek(6, 0, SEEK_SET)                   = 0
>> write(6, "SQLite format 3\0\4\0\1\1\0@  \0\2F\232\0\0\0\0"..., 1024) =
>> 1024
>> lseek(6, 3072, SEEK_SET)                = 3072
>> write(6,
>> "\n\2\336\0A\0\302\0\0\302\0\314\0\326\0\340\0\352\0\364\0\376\1\10\1\22\1\34\1&\0010"...,
>> 1024) = 1024
>> lseek(6, 2583552, SEEK_SET)             = 2583552
>> write(6,
>> "\r\0\0\0\2\0\210\0\3\221\0\210d\303\265\3322(yy=J\276C\313`\217W\33Ik\220"...,
>> 1024) = 1024
>> lseek(6, 3732480, SEEK_SET)             = 3732480
>> write(6,
>> "\0\0\0\0.l\326\373_\266_\327G\311\7Pm+E\311\317\367\275\344\233\340\371\250\27\33i\v"...,
>> 1024) = 1024
>> lseek(6, 3873792, SEEK_SET)             = 3873792
>> write(6,
>> "\0\0\16N\0\0\0]\0\0\n\n\0\0\7\317\0\0\16a\0\0\6\366\0\0\6\335\0\0\16\262"...,
>> 1024) = 1024
>> fdatasync(6)                            = 0
>> close(38)                               = 0
>> unlink("/var/spool/MailScanner/incoming/SpamAssassin.cache.db-journal") =
>> 0
>> fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1073741826,
>> len=510}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=1073741824,
>> len=2}) = 0
>> fcntl(6, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
>> gettimeofday({1320079287, 337396}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 337599}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<22>Oct 31 12:41:27 MailScanner["..., 94) = 94
>> gettimeofday({1320079287, 339319}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 339522}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<21>Oct 31 12:41:27 MailScanner["..., 77) = 77
>> gettimeofday({1320079287, 340458}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 340662}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<21>Oct 31 12:41:27 MailScanner["..., 99) = 99
>> umask(07)                               = 077
>> stat("/var/spool/MailScanner/quarantine", {st_mode=S_IFDIR|0755,
>> st_size=4096, ...}) = 0
>> stat("/var/spool/MailScanner/quarantine/20111031", 0x129c130) = -1 ENOENT
>> (No such file or directory)
>> mkdir("/var/spool/MailScanner/quarantine/20111031", 0777) = -1 EACCES
>> (Permission denied)
>> chown("/var/spool/MailScanner/quarantine/20111031", 89, 48) = -1 ENOENT
>> (No such file or directory)
>> stat("/var/spool/MailScanner/quarantine/20111031/spam", 0x129c130) = -1
>> ENOENT (No such file or directory)
>> mkdir("/var/spool/MailScanner/quarantine/20111031/spam", 0777) = -1
>> ENOENT (No such file or directory)
>> chown("/var/spool/MailScanner/quarantine/20111031/spam", 89, 48) = -1
>> ENOENT (No such file or directory)
>> umask(0117)                             = 07
>> open("/var/spool/MailScanner/quarantine/20111031/spam/BBA2A2024A1.AB0F1",
>> O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory)
>> gettimeofday({1320079287, 342597}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> gettimeofday({1320079287, 342797}, NULL) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
>> select(8, [7], NULL, [7], {0, 0})       = 0 (Timeout)
>> write(7, "<20>Oct 31 12:41:27 MailScanner["..., 145) = 145
>> lseek(32, 7335, SEEK_SET)               = 7335
>> lseek(32, 0, SEEK_CUR)                  = 7335
>> lseek(32, 0, SEEK_SET)                  = 0
>> lseek(32, 0, SEEK_CUR)                  = 0
>> read(32, "CO           6642             69"..., 4096) = 4096
>> lseek(32, 81, SEEK_SET)                 = 81
>> lseek(32, 0, SEEK_CUR)                  = 81
>> lseek(32, 691, SEEK_SET)                = 691
>> lseek(32, 0, SEEK_CUR)                  = 691
>> read(32, "NJReceived: from mysubdomain.trac"..., 4096) = 4096
>> write(2, "Can't call method \"print\" on an "..., 111Can't call method
>> "print" on an undefined value at
>> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
>> ) = 111
>> lseek(8, 3860, SEEK_SET)                = 3860
>> lseek(8, 0, SEEK_CUR)                   = 3860
>> lseek(9, 8388, SEEK_SET)                = 8388
>> lseek(9, 0, SEEK_CUR)                   = 8388
>> lseek(10, 21849, SEEK_SET)              = 21849
>> lseek(10, 0, SEEK_CUR)                  = 21849
>> lseek(11, 5590, SEEK_SET)               = 5590
>> lseek(11, 0, SEEK_CUR)                  = 5590
>> lseek(12, 43326, SEEK_SET)              = 43326
>> lseek(12, 0, SEEK_CUR)                  = 43326
>> lseek(13, 10434, SEEK_SET)              = 10434
>> lseek(13, 0, SEEK_CUR)                  = 10434
>> lseek(14, 10074, SEEK_SET)              = 10074
>> lseek(14, 0, SEEK_CUR)                  = 10074
>> lseek(15, 21625, SEEK_SET)              = 21625
>> lseek(15, 0, SEEK_CUR)                  = 21625
>> lseek(16, 9794, SEEK_SET)               = 9794
>> lseek(16, 0, SEEK_CUR)                  = 9794
>> lseek(17, 13493, SEEK_SET)              = 13493
>> lseek(17, 0, SEEK_CUR)                  = 13493
>> lseek(18, 905, SEEK_SET)                = 905
>> lseek(18, 0, SEEK_CUR)                  = 905
>> lseek(19, 3604, SEEK_SET)               = 3604
>> lseek(19, 0, SEEK_CUR)                  = 3604
>> lseek(20, 15318, SEEK_SET)              = 15318
>> lseek(20, 0, SEEK_CUR)                  = 15318
>> lseek(21, 27935, SEEK_SET)              = 27935
>> lseek(21, 0, SEEK_CUR)                  = 27935
>> lseek(22, 5884, SEEK_SET)               = 5884
>> lseek(22, 0, SEEK_CUR)                  = 5884
>> lseek(23, 6165, SEEK_SET)               = 6165
>> lseek(23, 0, SEEK_CUR)                  = 6165
>> lseek(24, 54958, SEEK_SET)              = 54958
>> lseek(24, 0, SEEK_CUR)                  = 54958
>> lseek(25, 7347, SEEK_SET)               = 7347
>> lseek(25, 0, SEEK_CUR)                  = 7347
>> lseek(26, 7784, SEEK_SET)               = 7784
>> lseek(26, 0, SEEK_CUR)                  = 7784
>> lseek(27, 11887, SEEK_SET)              = 11887
>> lseek(27, 0, SEEK_CUR)                  = 11887
>> lseek(28, 10515, SEEK_SET)              = 10515
>> lseek(28, 0, SEEK_CUR)                  = 10515
>> lseek(29, 3475, SEEK_SET)               = 3475
>> lseek(29, 0, SEEK_CUR)                  = 3475
>> lseek(31, 6376, SEEK_SET)               = 6376
>> lseek(31, 0, SEEK_CUR)                  = 6376
>> lseek(32, 767, SEEK_SET)                = 767
>> lseek(32, 0, SEEK_CUR)                  = 767
>> lseek(33, 18203, SEEK_SET)              = 18203
>> lseek(33, 0, SEEK_CUR)                  = 18203
>> lseek(34, 12058, SEEK_SET)              = 12058
>> lseek(34, 0, SEEK_CUR)                  = 12058
>> lseek(35, 3818, SEEK_SET)               = 3818
>> lseek(35, 0, SEEK_CUR)                  = 3818
>> lseek(36, 6967, SEEK_SET)               = 6967
>> lseek(36, 0, SEEK_CUR)                  = 6967
>> lseek(37, 8868, SEEK_SET)               = 8868
>> lseek(37, 0, SEEK_CUR)                  = 8868
>> close(37)                               = 0
>> close(35)                               = 0
>> close(36)                               = 0
>> close(34)                               = 0
>> close(32)                               = 0
>> close(33)                               = 0
>> close(31)                               = 0
>> close(29)                               = 0
>> close(30)                               = 0
>> close(28)                               = 0
>> close(27)                               = 0
>> close(25)                               = 0
>> close(26)                               = 0
>> close(24)                               = 0
>> close(22)                               = 0
>> close(23)                               = 0
>> close(21)                               = 0
>> close(19)                               = 0
>> close(20)                               = 0
>> close(18)                               = 0
>> close(16)                               = 0
>> close(17)                               = 0
>> close(15)                               = 0
>> close(14)                               = 0
>> close(13)                               = 0
>> close(12)                               = 0
>> close(10)                               = 0
>> close(11)                               = 0
>> close(9)                                = 0
>> close(8)                                = 0
>> stat("/usr/lib64/perl5/auto/DBI/DESTROY.al", 0x129c130) = -1 ENOENT (No
>> such file or directory)
>> stat("/usr/sbin/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT (No
>> such file or directory)
>> stat("/usr/sbin/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
>> ENOTDIR (Not a directory)
>> stat("/usr/share/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
>> ENOENT (No such file or directory)
>> stat("/usr/local/lib64/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
>> ENOENT (No such file or directory)
>> stat("/usr/local/share/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
>> ENOENT (No such file or directory)
>> stat("/usr/lib64/perl5/vendor_perl/auto/DBI/DESTROY.al", 0x7ffffabb86f0)
>> = -1 ENOENT (No such file or directory)
>> stat("/usr/share/perl5/vendor_perl/auto/DBI/DESTROY.al", 0x7ffffabb86f0)
>> = -1 ENOENT (No such file or directory)
>> stat("/usr/lib64/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT
>> (No such file or directory)
>> stat("/usr/share/perl5/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1 ENOENT
>> (No such file or directory)
>> stat("/usr/share/MailScanner/auto/DBI/DESTROY.al", 0x7ffffabb86f0) = -1
>> ENOENT (No such file or directory)
>> close(4)                                = 0
>> close(5)                                = 0
>> close(7)                                = 0
>> exit_group(255)
>>
>> On 31 October 2011 12:37, Kocisky <kocisky at autistici.org> wrote:
>>
>>> Hi all,
>>>
>>> i've just installed Centos 6 and my system is up to date. I've tried to
>>> google a bit but didn't find any solutions:
>>>
>>> LOGS:
>>>
>>> ################################################
>>>
>>> mailq with more than 2000 emails and messages are not delivered;
>>>
>>> ################################################
>>>
>>> [root at mail init.d]# ps aux | grep MailScanner
>>> postfix   4074  0.0  2.2 302708 89248 ?        S    Oct28   0:05
>>> MailScanner: compressing attachments
>>> postfix   4081  0.0  2.2 302708 89148 ?        S    Oct28   0:05
>>> MailScanner: compressing attachments
>>> postfix   4086  0.0  2.2 302840 89284 ?        S    Oct28   0:04
>>> MailScanner: compressing attachments
>>> root      8844  0.0  0.0 103156   812 pts/2    S+   11:31   0:00 grep
>>> MailScanner
>>>
>>> ################################################
>>>
>>> /var/log/maillog :
>>>
>>> Oct 31 11:50:27 mail MailScanner[9227]: writing to
>>> /var/spool/MailScanner/quarantine/20111031/spam/BBA2A2024A1.AB0F1: No such
>>> file or directory
>>>
>>> ################################################
>>>
>>> [root at mail init.d]# MailScanner --debug
>>>
>>> Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>>
>>> In Debugging mode, not forking...
>>> Trying to setlogsock(unix)
>>> Building a message batch to scan...
>>> Have a batch of 30 messages.
>>> Can't call method "print" on an undefined value at
>>> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
>>>
>>> ################################################
>>>
>>> VERSIONS:
>>>
>>> MailScanner --lint
>>> Trying to setlogsock(unix)
>>>
>>> Reading configuration file /etc/MailScanner/MailScanner.conf
>>> Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>> Read 869 hostnames from the phishing whitelist
>>> Read 4051 hostnames from the phishing blacklists
>>> Config: calling custom init function SQLBlacklist
>>> Starting up SQL Blacklist
>>> Read 0 blacklist entries
>>> Config: calling custom init function MailWatchLogging
>>> Started SQL Logging child
>>> Config: calling custom init function SQLWhitelist
>>> Starting up SQL Whitelist
>>> Read 0 whitelist entries
>>>
>>> Checking version numbers...
>>> Version number in MailScanner.conf (4.84.3) is correct.
>>>
>>> Unrar is not installed, it should be in /usr/bin/unrar.
>>> This is required for RAR archives to be read to check
>>> filenames and filetypes. Virus scanning is not affected.
>>>
>>>
>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>> MailScanner setting GID to  (89)
>>> MailScanner setting UID to  (89)
>>>
>>> Checking for SpamAssassin errors (if you use it)...
>>> Using SpamAssassin results cache
>>> Connected to SpamAssassin cache database
>>> SpamAssassin reported no errors.
>>> Connected to Processing Attempts Database
>>> Created Processing Attempts Database successfully
>>> There are 248 messages in the Processing Attempts Database
>>> lock.pl sees Config  LockType =  posix
>>> lock.pl sees have_module =  0
>>> Using locktype = posix
>>> MailScanner.conf says "Virus Scanners = clamd"
>>> Debug Mode Is On
>>> Use Threads : NO
>>> Socket    : /var/run/clamav/clamd.sock
>>> IP        : Using Sockets
>>> Lock File : NOT USED
>>> Time Out  : 300
>>> Scan Dir  : /var/spool/MailScanner/incoming/9341/ISITINSTALLED
>>> Clamd : Sending PING
>>> Clamd : GOT 'PONG'
>>> ClamD is running
>>>
>>> Found these virus scanners installed: clamd
>>>
>>> ===========================================================================
>>> Created attachment dirs for 1 messages
>>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>>> Completed checking by /usr/bin/file
>>> Other Checks: Found 1 problems
>>>
>>> ###################################
>>>
>>> is the above "Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044" an issue? am i
>>> really missing something?
>>>
>>> ###################################
>>>
>>> MailScanner -v
>>> Running on
>>> Linux mail.ny03.mydomain.org 2.6.32-71.29.1.el6.centos.plus.x86_64 #1
>>> SMP Sun Jun 26 16:27:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
>>> This is CentOS Linux release 6.0 (Final)
>>> This is Perl version 5.010001 (5.10.1)
>>>
>>> This is MailScanner version 4.84.3
>>> Module versions are:
>>> 1.00 AnyDBM_File
>>> 1.30 Archive::Zip
>>> 0.23 bignum
>>> 1.11 Carp
>>> 2.02 Compress::Zlib
>>> 1.119 Convert::BinHex
>>> 0.17 Convert::TNEF
>>> 2.124 Data::Dumper
>>> 2.27 Date::Parse
>>> 1.03 DirHandle
>>> 1.06 Fcntl
>>> 2.77 File::Basename
>>> 2.14 File::Copy
>>> 2.02 FileHandle
>>> 2.08 File::Path
>>> 0.22 File::Temp
>>> 0.92 Filesys::Df
>>> 3.64 HTML::Entities
>>> 3.64 HTML::Parser
>>> 3.57 HTML::TokeParser
>>> 1.25 IO
>>> 1.14 IO::File
>>> 1.13 IO::Pipe
>>> 2.04 Mail::Header
>>> 1.89 Math::BigInt
>>> 0.22 Math::BigRat
>>> 3.08 MIME::Base64
>>> 5.427 MIME::Decoder
>>> 5.427 MIME::Decoder::UU
>>> 5.427 MIME::Head
>>> 5.427 MIME::Parser
>>> 3.08 MIME::QuotedPrint
>>> 5.427 MIME::Tools
>>> 0.14 Net::CIDR
>>> 1.25 Net::IP
>>> 0.19 OLE::Storage_Lite
>>> 1.04 Pod::Escapes
>>> 3.13 Pod::Simple
>>> 1.17 POSIX
>>> 1.21 Scalar::Util
>>> 1.82 Socket
>>> 2.20 Storable
>>> 1.4 Sys::Hostname::Long
>>> 0.27 Sys::Syslog
>>> 1.40 Test::Pod
>>> 0.92 Test::Simple
>>> 1.9721 Time::HiRes
>>> 1.02 Time::localtime
>>>
>>> Optional module versions are:
>>> 1.58 Archive::Tar
>>> 0.23 bignum
>>> missing Business::ISBN
>>> missing Business::ISBN::Data
>>> missing Data::Dump
>>> 1.82 DB_File
>>> 1.27 DBD::SQLite
>>> 1.609 DBI
>>> 1.16 Digest
>>> 1.01 Digest::HMAC
>>> 2.39 Digest::MD5
>>> 2.12 Digest::SHA1
>>> 1.01 Encode::Detect
>>> missing Error
>>> 0.27 ExtUtils::CBuilder
>>> 2.2203 ExtUtils::ParseXS
>>> 2.38 Getopt::Long
>>> missing Inline
>>> missing IO::String
>>> 1.09 IO::Zlib
>>> missing IP::Country
>>> missing Mail::ClamAV
>>> 3.003001 Mail::SpamAssassin
>>> missing Mail::SPF
>>> missing Mail::SPF::Query
>>> 0.35 Module::Build
>>> missing Net::CIDR::Lite
>>> 0.65 Net::DNS
>>> missing Net::DNS::Resolver::Programmable
>>> missing Net::LDAP
>>>  4.027 NetAddr::IP
>>> missing Parse::RecDescent
>>> missing SAVI
>>> 3.17 Test::Harness
>>> missing Test::Manifest
>>> 2.0.0 Text::Balanced
>>> 1.40 URI
>>> 0.77 version
>>> missing YAML
>>> Virus and Content Scanning: Starting
>>> Commencing scanning by clamd...
>>> Debug Mode Is On
>>> Use Threads : NO
>>> Socket    : /var/run/clamav/clamd.sock
>>> IP        : Using Sockets
>>> Lock File : NOT USED
>>> Time Out  : 300
>>> Scan Dir  : /var/spool/MailScanner/incoming/9341
>>> Clamd : Sending PING
>>> Clamd : GOT 'PONG'
>>> ClamD is running
>>>
>>>  SENT : CONTSCAN /var/spool/MailScanner/incoming/9341
>>> Clamd::INFECTED::Eicar-Test-Signature :: ./1/
>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>>>  Completed scanning by clamd
>>> Virus Scanning: Clamd found 2 infections
>>> Infected message 1 came from 10.1.1.1
>>> Virus Scanning: Found 2 viruses
>>>
>>> ===========================================================================
>>> Virus Scanner test reports:
>>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>>
>>> If any of your virus scanners (clamd)
>>> are not listed there, you should check that they are installed correctly
>>> and that MailScanner is finding them correctly via its
>>> virus.scanners.conf.
>>> Config: calling custom end function SQLBlacklist
>>> Closing down by-domain spam blacklist
>>> Config: calling custom end function MailWatchLogging
>>> Config: calling custom end function SQLWhitelist
>>> Closing down by-domain spam whitelist
>>>
>>> ########################################
>>>
>>> I've tried also to disable selinux:
>>>
>>> [root at mail init.d]# setenforce 0
>>> [root at mail init.d]#
>>> [root at mail init.d]# MailScanner -debug
>>>
>>> Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>>
>>> In Debugging mode, not forking...
>>> Trying to setlogsock(unix)
>>> Building a message batch to scan...
>>> Have a batch of 30 messages.
>>> Can't call method "print" on an undefined value at
>>> /usr/share/MailScanner/MailScanner/PFDiskStore.pm line 755.
>>> [root at mail init.d]#
>>> [root at mail init.d]#
>>> [root at mail init.d]#
>>>
>>> [root at mail init.d]# postconf -d | grep mail_version
>>> mail_version = 2.6.6
>>>
>>> any ideas ? thanks you !!
>>>
>>>
>>> milter_macro_v = $mail_name $mail_version
>>> [root at mail init.d]#
>>>
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111031/b9f4f92b/attachment-0001.html


More information about the MailScanner mailing list