MailScanner Digest, Vol 68, Issue 20

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 1 10:00:44 IST 2011


Have fixed that one. Will be in the next release.
Is there a good collection of the taint problems still outstanding? If 
so, please can someone email me one?

Cheers,
Jules.

On 31/08/2011 22:20, Fernando Andrés Moya Leimberg wrote:
> Did that command finally solve your problem Jhon?
>
> Think it's a good to know how it ended, or if you're stilll looking 
> for an answer...
>
> Greetings...
> ------------------------------------------------------------------------
> *De:* Glenn Steen <glenn.steen at gmail.com>
> *Para:* MailScanner discussion <mailscanner at lists.mailscanner.info>
> *Enviado:* viernes 26 de agosto de 2011 15:36
> *Asunto:* Re: RE: MailScanner Digest, Vol 68, Issue 20
>
> Right, so you have a taint issue preventing the creation of the date 
> subdir (or similar) in the quarantine.
> Did you try the usual -U thing (google it, or use gmane, I'm tipsy and 
> would likely get something wrong;-) .
> Cheers
> -- 
> --  Glenn
> Den 25 aug 2011 19:28 skrev "John Bull" <jbull at esd113.org 
> <mailto:jbull at esd113.org>>:
> > # MailScanner --debug
> >
> > In Debugging mode, not forking...
> > Trying to setlogsock(unix)
> > Building a message batch to scan...
> > Insecure dependency in mkdir while running with -T switch at 
> /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.
> >
> > Regards,
> > John
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info 
> <mailto:mailscanner-bounces at lists.mailscanner.info> 
> [mailto:mailscanner-bounces at lists.mailscanner.info 
> <mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of 
> mailscanner-request at lists.mailscanner.info 
> <mailto:mailscanner-request at lists.mailscanner.info>
> > Sent: Wednesday, August 24, 2011 4:01 AM
> > To: mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> > Subject: MailScanner Digest, Vol 68, Issue 20
> >
> > Send MailScanner mailing list submissions to
> > mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > or, via email, send a message with subject or body 'help' to
> > mailscanner-request at lists.mailscanner.info 
> <mailto:mailscanner-request at lists.mailscanner.info>
> >
> > You can reach the person managing the list at
> > mailscanner-owner at lists.mailscanner.info 
> <mailto:mailscanner-owner at lists.mailscanner.info>
> >
> > When replying, please edit your Subject line so it is more specific 
> than "Re: Contents of MailScanner digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: Spam remaining in hold queue (Glenn Steen)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 24 Aug 2011 01:59:40 +0200
> > From: Glenn Steen <glenn.steen at gmail.com <mailto:glenn.steen at gmail.com>>
> > Subject: Re: Spam remaining in hold queue
> > To: MailScanner discussion <mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>>
> > Message-ID:
> > <CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com 
> <mailto:CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw at mail.gmail.com>>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > What is the debug result for a gtube run, not eicar as you showed 
> that to be fine...?
> > The processing db thing kind of indicate that something is killing ms.
> >
> > Cheers
> > --
> > -- Glenn
> > Den 23 aug 2011 00:12 skrev "John Bull" <jbull at esd113.org 
> <mailto:jbull at esd113.org>>:
> >> List,
> >>
> >> Testing Lab - Installation specifics:
> >> MailScanner-4.84.3-1.rpm.tar
> >> Postfix 2.6.6
> >> Scientific Linux 6.1, perl 5.10.1
> >> High scoring spam is set to: store and notify
> >>
> >> Problem:
> >> Email with gtube spam test remains in the Postfix hold queue and is
> >> not
> > delivered to the spam quarantine.
> >>
> >> # postqueue -p
> >> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> >> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull at esd113.lab
> >> tone at test.lab<mailto:tone at test.lab <mailto:tone at test.lab>>
> >>
> >> MailScanner successfully creates
> > /var/Spool/MailScanner/quarantine/<date>/spam
> >> but the email never makes it there.
> >>
> >> Directory Permissions:
> >> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770
> >> /var/spool/MailScanner/incoming chown postfix.postfix
> > /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> >> chown postfix.postfix -R
> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db
> >>
> >> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R
> >> /var/spool/MailScanner/quarantine
> >>
> >> mkdir /var/spool/MailScanner/spamassassin
> >> chown -R postfix:postfix /var/spool/MailScanner/spamassassin
> >> chmod -R 770 /var/spool/MailScanner/spamassassin
> >>
> >> MailScanner Config
> >> Run As User = postfix
> >> Run As Group = postfix
> >> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir =
> >> /var/spool/postfix/incoming Incoming Work Dir =
> >> /var/spool/MailScanner/incoming MTA = postfix Sendmail =
> >> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work
> >> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache
> >> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine
> >> Infections = no Quarantine Whole Message = yes Quarantine Whole
> >> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes
> >> Spam Checks = yes Is Definitely Not Spam =
> >> %rules-dir%/spam.whitelist.rules Is Definitely Spam =
> >> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes
> >> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High
> >> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High
> >> Scoring Spam Actions = store notify
> >>
> >>
> >> Maillog:
> >> Spam Checks: Starting
> >> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from
> > 192.168.0.110 (jbull at esd113.lab) to test.lab is spam, SpamAssassin 
> (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, 
> DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)
> >> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam
> > messages
> >> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message
> > EFF9C4EB9.A5C23 actions are store,notify
> >> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify
> > tone at test.lab<mailto:tone at test.lab <mailto:tone at test.lab>>
> >>
> >> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted
> >> too
> > many times
> >> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message
> > EFF9C4EB9.A5C23 as it caused MailScanner to crash several times
> >>
> >> MailScanner --processing
> >> Currently being processed:
> >>
> >> Number of messages: 1
> >> Tries Message Next Try At
> >> ===== ======= ===========
> >> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011
> >>
> >> # MailScanner --lint --debug
> >> Trying to setlogsock(unix)
> >>
> >> Reading configuration file /etc/MailScanner/MailScanner.conf Reading
> >> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames
> >> from the phishing whitelist Read 4076 hostnames from the phishing
> >> blacklists
> >>
> >> Checking version numbers...
> >> Version number in MailScanner.conf (4.84.3) is correct.
> >> MailScanner setting GID to (89)
> >> MailScanner setting UID to (89)
> >>
> >> Checking for SpamAssassin errors (if you use it)...
> >> Using SpamAssassin results cache
> >> Connected to SpamAssassin cache database SpamAssassin reported no
> >> errors.
> >> Connected to Processing Attempts Database Created Processing Attempts
> >> Database successfully There is 1 message in the Processing Attempts
> >> Database Using locktype = posix MailScanner.conf says "Virus Scanners
> >> = clamd"
> >> Found these virus scanners installed: clamd
> >>
> > 
> ===========================================================================
> >> Filename Checks: Windows/DOS Executable (1 eicar.com 
> <http://eicar.com>) Other Checks:
> >> Found 1 problems Virus and Content Scanning: Starting
> >> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com 
> <http://eicar.com> Virus
> >> Scanning: Clamd found 2 infections Infected message 1 came from
> >> 10.1.1.1 Virus Scanning: Found 2 viruses
> >>
> > 
> ===========================================================================
> >> Virus Scanner test reports:
> >> Clamd said "eicar.com <http://eicar.com> was infected: 
> Eicar-Test-Signature"
> >>
> >> If any of your virus scanners (clamd)
> >> are not listed there, you should check that they are installed
> >> correctly and that MailScanner is finding them correctly via its
> > virus.scanners.conf.
> >>
> >> Thank you,
> >> John
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: 
> http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html
> >
> > ------------------------------
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read the Wiki (http://wiki.mailscanner.info/).
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> > End of MailScanner Digest, Vol 68, Issue 20
> > *******************************************
> >
> >
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
>
> Buy the MailScanner book at www.MailScanner.info/store
> Need help customising MailScanner? Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>
> 'It's okay to live without all the answers' - Charlie Eppes, 2011
> 'All programs have a desire to be useful' - Tron, 1982

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list