MailScanner 4.84 - attempted to kill MailScanner

Kocisky kocisky at autistici.org
Mon Feb 27 23:34:45 GMT 2012 

removing the file /var/spool/MailScanner/incoming/Processing.db it
restarted to deliver the messages, i only need to figure out how to requeue
the messages that were quarantined, should i move them into:

Incoming Queue Dir = /var/spool/postfix/hold ?
can i move the FOLDER/message directly?

Thanks!!
kocisky

On 27 February 2012 18:07, Kocisky <kocisky at autistici.org> wrote:

> Thanks Martin for the quick reply, i didn't find anything on
> http://wiki.mailscanner.info/
>
> I'm actually using Maildir format for emails with postfix as mta, this is
> the filesystem structure for the quarantine files:
>
> [root at mail quarantine]# ls -l 20120227/
> total 420
> drwxrwx---. 2 postfix clam  4096 Feb 27 00:41 00C2D202033.A443F
> drwxrwx---. 2 postfix clam  4096 Feb 27 02:45 020CF202034.AD42E
>
> [root at mail quarantine]# ls -l 20120227/00C2D202033.A443F/message
> -rw-rw----. 1 postfix clam 80013 Feb 27 00:41
> 20120227/00C2D202033.A443F/message
> [root at mail quarantine]#
>
>
> i've tried to move the messages in /var/spool/postfix/incoming/ and
> changed the ownership but nothing happend.
>
> *EDIT*
>
> i've just noticed that since the update the mta is not delivering messages:
>
> Found 250 messages in the Processing Attempts Database
> Feb 27 18:11:56 mail MailScanner[12839]: Using locktype = flock
> Feb 27 18:11:56 mail MailScanner[12839]: Warning: skipping message
> CFA4E2003F7.AF18F as it has been attempted too many times
> Feb 27 18:11:56 mail MailScanner[12839]: Quarantined message
> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
> Feb 27 18:11:59 mail MailScanner[12844]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 18:11:59 mail MailScanner[12844]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
>
>
> my MailScanner --lint:
>
> [root at mail bayes]# MailScanner --lint
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Configuration: Failed to find any configuration files like
> /etc/MailScanner/conf.d/*, skipping them. at
> /usr/share/MailScanner/MailScanner/Config.pm line 2044
> Read 869 hostnames from the phishing whitelist
> Read 5361 hostnames from the phishing blacklists
> Config: calling custom init function SQLBlacklist
> Starting up SQL Blacklist
> Read 0 blacklist entries
> Config: calling custom init function MailWatchLogging
> Started SQL Logging child
> Config: calling custom init function SQLWhitelist
> Starting up SQL Whitelist
> Read 0 whitelist entries
>
> Checking version numbers...
> Version number in MailScanner.conf (4.84.3) is correct.
>
> Unrar is not installed, it should be in /usr/bin/unrar.
> This is required for RAR archives to be read to check
> filenames and filetypes. Virus scanning is not affected.
>
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> MailScanner setting GID to  (89)
> MailScanner setting UID to  (89)
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> bayes: cannot write to /etc/MailScanner/bayes/bayes_journal, bayes db
> update ignored: Permission denied
> SpamAssassin reported no errors.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There are 250 messages in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED::Eicar-Test-Signature :: ./1/
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its virus.scanners.conf.
> Config: calling custom end function SQLBlacklist
> Closing down by-domain spam blacklist
> Config: calling custom end function MailWatchLogging
> Config: calling custom end function SQLWhitelist
> Closing down by-domain spam whitelist
> [root at mail bayes]#
>
> On 27 February 2012 16:09, Martin Hepworth <maxsec at gmail.com> wrote:
>
>> Depends on how u saved the file as mbox files or queue files
>>
>> Should be info on the wiki on how to rerun depending on the mta etc
>>
>> Martin
>>
>>
>> On Monday, 27 February 2012, Kocisky wrote:
>>
>>> Hi all,
>>>
>>> I had the same issue, updating the os it updated also that perl/archive
>>> package, my question now is how do i re run MailScanner over all the
>>> messages that have been quarantined?
>>>
>>> in particular that perl/archive pkg was crashing because of docx and
>>> xlsx files, the problem is that all those are valid files/emails and i need
>>> to reprocess them.
>>>
>>> Thanks!
>>> Kociscky
>>>
>>> Feb 27 15:29:04 mail MailScanner[30697]: Warning: skipping message
>>> CFA4E2003F7.AF18F as it has been attempted too many times
>>> Feb 27 15:29:04 mail MailScanner[30697]: Quarantined message
>>> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
>>> Feb 27 15:29:07 mail MailScanner[30702]: MailScanner E-Mail Virus
>>> Scanner version 4.84.3 starting...
>>>
>>> On 2 December 2011 01:32, Martin Hepworth <maxsec at gmail.com> wrote:
>>>
>>>> That's a perl issue and patch
>>>>
>>>> Martin
>>>>
>>>>
>>>>
>>>> On Thursday, 1 December 2011, Michel Bulgado <michel at casa.co.cu> wrote:
>>>> > John Wilcock wrote:
>>>> >
>>>> > Le 01/12/2011 18:44, Michel Bulgado a écrit :
>>>> >
>>>> > Insecure dependency in chmod while running with -T switch at
>>>> > /usr/share/perl5/Archive/Zip/Member.pm line 490. Failed.
>>>> >
>>>> > There's a patch for that in
>>>> https://rt.cpan.org/Public/Bug/Display.html?id=61930
>>>> >
>>>> > Ok, i download the patch file, i see the patch is for perl files, so
>>>> i ask ,  the problem is perl o MailScanner?
>>>> >
>>>> > So, when a go to apply the patch, I get a error, he can't find the
>>>> file  10_chmod.t
>>>> >
>>>> > [root at server MailScanner]# patch -p1 < patch_MailScanner.txt
>>>> > can't find file to patch at input line 5
>>>> > Perhaps you used the wrong -p or --strip option?
>>>> > The text leading up to this was:
>>>> > --------------------------
>>>> > |diff --git a/lib/Archive/Zip/Member.pm b/lib/Archive/Zip/Member.pm
>>>> > |index f86ef75..4bb2171 100644
>>>> > |--- a/lib/Archive/Zip/Member.pm
>>>> > |+++ b/lib/Archive/Zip/Member.pm
>>>> > --------------------------
>>>> > File to patch: /usr/share/perl5/Archive/Zip/Member.pm
>>>> > patching file /usr/share/perl5/Archive/Zip/Member.pm
>>>> > can't find file to patch at input line 46
>>>> > Perhaps you used the wrong -p or --strip option?
>>>> > The text leading up to this was:
>>>> > --------------------------
>>>> > |diff --git a/t/10_chmod.t b/t/10_chmod.t
>>>> > |index 7ae647f..0495062 100644
>>>> > |--- a/t/10_chmod.t
>>>> > |+++ b/t/10_chmod.t
>>>> > --------------------------
>>>> > File to patch:
>>>> > Skip this patch? [y] n
>>>> > File to patch:
>>>> > Skip this patch? [y] y
>>>> > Skipping patch.
>>>> > 1 out of 1 hunk ignored
>>>> > Searching for the  10_chmod.t, his belong to "perl-Archive-Zip", i
>>>> have installed this packages from rpm : perl-Archive-Zip-1.30-2.el6.noarch
>>>> >
>>>> > Ideas?
>>>> >
>>>> >
>>>> >
>>>>
>>>> --
>>>> --
>>>> Martin Hepworth
>>>> Oxford, UK
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>
>> --
>> --
>> Martin Hepworth
>> Oxford, UK
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120227/e3eba0ce/attachment.html

More information about the MailScanner mailing list