MailScanner 4.84 - attempted to kill MailScanner

Kocisky kocisky at autistici.org
Mon Feb 27 23:07:58 GMT 2012


Thanks Martin for the quick reply, i didn't find anything on
http://wiki.mailscanner.info/

I'm actually using Maildir format for emails with postfix as mta, this is
the filesystem structure for the quarantine files:

[root at mail quarantine]# ls -l 20120227/
total 420
drwxrwx---. 2 postfix clam  4096 Feb 27 00:41 00C2D202033.A443F
drwxrwx---. 2 postfix clam  4096 Feb 27 02:45 020CF202034.AD42E

[root at mail quarantine]# ls -l 20120227/00C2D202033.A443F/message
-rw-rw----. 1 postfix clam 80013 Feb 27 00:41
20120227/00C2D202033.A443F/message
[root at mail quarantine]#


i've tried to move the messages in /var/spool/postfix/incoming/ and changed
the ownership but nothing happend.

*EDIT*

i've just noticed that since the update the mta is not delivering messages:

Found 250 messages in the Processing Attempts Database
Feb 27 18:11:56 mail MailScanner[12839]: Using locktype = flock
Feb 27 18:11:56 mail MailScanner[12839]: Warning: skipping message
CFA4E2003F7.AF18F as it has been attempted too many times
Feb 27 18:11:56 mail MailScanner[12839]: Quarantined message
CFA4E2003F7.AF18F as it caused MailScanner to crash several times
Feb 27 18:11:59 mail MailScanner[12844]: MailScanner E-Mail Virus Scanner
version 4.84.3 starting...
Feb 27 18:11:59 mail MailScanner[12844]: Reading configuration file
/etc/MailScanner/MailScanner.conf


my MailScanner --lint:

[root at mail bayes]# MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Configuration: Failed to find any configuration files like
/etc/MailScanner/conf.d/*, skipping them. at
/usr/share/MailScanner/MailScanner/Config.pm line 2044
Read 869 hostnames from the phishing whitelist
Read 5361 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 0 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 0 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (4.84.3) is correct.

Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.


Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
bayes: cannot write to /etc/MailScanner/bayes/bayes_journal, bayes db
update ignored: Permission denied
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 250 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist
[root at mail bayes]#

On 27 February 2012 16:09, Martin Hepworth <maxsec at gmail.com> wrote:

> Depends on how u saved the file as mbox files or queue files
>
> Should be info on the wiki on how to rerun depending on the mta etc
>
> Martin
>
>
> On Monday, 27 February 2012, Kocisky wrote:
>
>> Hi all,
>>
>> I had the same issue, updating the os it updated also that perl/archive
>> package, my question now is how do i re run MailScanner over all the
>> messages that have been quarantined?
>>
>> in particular that perl/archive pkg was crashing because of docx and xlsx
>> files, the problem is that all those are valid files/emails and i need to
>> reprocess them.
>>
>> Thanks!
>> Kociscky
>>
>> Feb 27 15:29:04 mail MailScanner[30697]: Warning: skipping message
>> CFA4E2003F7.AF18F as it has been attempted too many times
>> Feb 27 15:29:04 mail MailScanner[30697]: Quarantined message
>> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
>> Feb 27 15:29:07 mail MailScanner[30702]: MailScanner E-Mail Virus Scanner
>> version 4.84.3 starting...
>>
>> On 2 December 2011 01:32, Martin Hepworth <maxsec at gmail.com> wrote:
>>
>>> That's a perl issue and patch
>>>
>>> Martin
>>>
>>>
>>>
>>> On Thursday, 1 December 2011, Michel Bulgado <michel at casa.co.cu> wrote:
>>> > John Wilcock wrote:
>>> >
>>> > Le 01/12/2011 18:44, Michel Bulgado a écrit :
>>> >
>>> > Insecure dependency in chmod while running with -T switch at
>>> > /usr/share/perl5/Archive/Zip/Member.pm line 490. Failed.
>>> >
>>> > There's a patch for that in
>>> https://rt.cpan.org/Public/Bug/Display.html?id=61930
>>> >
>>> > Ok, i download the patch file, i see the patch is for perl files, so i
>>> ask ,  the problem is perl o MailScanner?
>>> >
>>> > So, when a go to apply the patch, I get a error, he can't find the
>>> file  10_chmod.t
>>> >
>>> > [root at server MailScanner]# patch -p1 < patch_MailScanner.txt
>>> > can't find file to patch at input line 5
>>> > Perhaps you used the wrong -p or --strip option?
>>> > The text leading up to this was:
>>> > --------------------------
>>> > |diff --git a/lib/Archive/Zip/Member.pm b/lib/Archive/Zip/Member.pm
>>> > |index f86ef75..4bb2171 100644
>>> > |--- a/lib/Archive/Zip/Member.pm
>>> > |+++ b/lib/Archive/Zip/Member.pm
>>> > --------------------------
>>> > File to patch: /usr/share/perl5/Archive/Zip/Member.pm
>>> > patching file /usr/share/perl5/Archive/Zip/Member.pm
>>> > can't find file to patch at input line 46
>>> > Perhaps you used the wrong -p or --strip option?
>>> > The text leading up to this was:
>>> > --------------------------
>>> > |diff --git a/t/10_chmod.t b/t/10_chmod.t
>>> > |index 7ae647f..0495062 100644
>>> > |--- a/t/10_chmod.t
>>> > |+++ b/t/10_chmod.t
>>> > --------------------------
>>> > File to patch:
>>> > Skip this patch? [y] n
>>> > File to patch:
>>> > Skip this patch? [y] y
>>> > Skipping patch.
>>> > 1 out of 1 hunk ignored
>>> > Searching for the  10_chmod.t, his belong to "perl-Archive-Zip", i
>>> have installed this packages from rpm : perl-Archive-Zip-1.30-2.el6.noarch
>>> >
>>> > Ideas?
>>> >
>>> >
>>> >
>>>
>>> --
>>> --
>>> Martin Hepworth
>>> Oxford, UK
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>
> --
> --
> Martin Hepworth
> Oxford, UK
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120227/a7367b3e/attachment.html


More information about the MailScanner mailing list