MailScanner 4.84 - attempted to kill MailScanner
Kocisky
kocisky at autistici.org
Tue Feb 28 03:22:33 GMT 2012
i've removed the virus scanning from MailScanner.conf and now it doesn't
hang anymore, thats a start!
Virus Scanning = no
(i've removed also that /var/spool/MailScanner/incoming/Processing.db which
i didn't really understand what it is)
On 27 February 2012 22:00, Kocisky <kocisky at autistici.org> wrote:
> talked too early, it crashed again:
>
>
> MailScanner --debug
>
> Configuration: Failed to find any configuration files like
> /etc/MailScanner/conf.d/*.conf, skipping them. at
> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> Building a message batch to scan...
> Have a batch of 30 messages.
> Insecure dependency in open while running with -T switch at
> /usr/lib64/perl5/IO/File.pm line 185.
> [root at mail incoming]#
>
>
> the following is an extract of the /var/log/maillog:
>
> Feb 27 22:01:02 mail postfix/cleanup[2118]: 45D07200106: message-id=<
> 20120228030102.45D07200106 at myserver.com>
> Feb 27 22:01:02 mail update.bad.phishing.sites: Delaying cron job up to
> 600 seconds
> Feb 27 22:01:03 mail MailScanner[2247]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:03 mail MailScanner[2247]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:03 mail MailScanner[2247]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:03 mail MailScanner[2247]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:03 mail MailScanner[2247]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:03 mail MailScanner[2247]: Starting up SQL Blacklist
> Feb 27 22:01:03 mail MailScanner[2247]: Read 0 blacklist entries
> Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:03 mail MailScanner[2247]: Started SQL Logging child
> Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:03 mail MailScanner[2247]: Starting up SQL Whitelist
> Feb 27 22:01:03 mail MailScanner[2247]: Read 0 whitelist entries
> Feb 27 22:01:03 mail MailScanner[2247]: Using SpamAssassin results cache
> Feb 27 22:01:03 mail MailScanner[2247]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:03 mail MailScanner[2247]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:05 mail MailScanner[2247]: Connected to Processing Attempts
> Database
> Feb 27 22:01:05 mail MailScanner[2247]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:05 mail MailScanner[2247]: Using locktype = flock
> Feb 27 22:01:05 mail MailScanner[2247]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:05 mail MailScanner[2247]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:08 mail MailScanner[2252]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:08 mail MailScanner[2252]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:08 mail MailScanner[2252]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:08 mail MailScanner[2252]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:08 mail MailScanner[2252]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:08 mail MailScanner[2252]: Starting up SQL Blacklist
> Feb 27 22:01:08 mail MailScanner[2252]: Read 0 blacklist entries
> Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:08 mail MailScanner[2252]: Started SQL Logging child
> Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:08 mail MailScanner[2252]: Starting up SQL Whitelist
> Feb 27 22:01:08 mail MailScanner[2252]: Read 0 whitelist entries
> Feb 27 22:01:08 mail MailScanner[2252]: Using SpamAssassin results cache
> Feb 27 22:01:08 mail MailScanner[2252]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:08 mail MailScanner[2252]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:10 mail MailScanner[2252]: Connected to Processing Attempts
> Database
> Feb 27 22:01:10 mail MailScanner[2252]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:10 mail MailScanner[2252]: Using locktype = flock
> Feb 27 22:01:10 mail MailScanner[2252]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:10 mail MailScanner[2252]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:13 mail MailScanner[2257]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:13 mail MailScanner[2257]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:13 mail MailScanner[2257]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:13 mail MailScanner[2257]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:13 mail MailScanner[2257]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:13 mail MailScanner[2257]: Starting up SQL Blacklist
> Feb 27 22:01:13 mail MailScanner[2257]: Read 0 blacklist entries
> Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:13 mail MailScanner[2257]: Started SQL Logging child
> Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:13 mail MailScanner[2257]: Starting up SQL Whitelist
> Feb 27 22:01:13 mail MailScanner[2257]: Read 0 whitelist entries
> Feb 27 22:01:13 mail MailScanner[2257]: Using SpamAssassin results cache
> Feb 27 22:01:13 mail MailScanner[2257]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:13 mail MailScanner[2257]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:15 mail MailScanner[2257]: Connected to Processing Attempts
> Database
> Feb 27 22:01:15 mail MailScanner[2257]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:15 mail MailScanner[2257]: Using locktype = flock
> Feb 27 22:01:15 mail MailScanner[2257]: Making attempt 4 at processing
> message 264A7200231.A7517
> Feb 27 22:01:15 mail MailScanner[2257]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:15 mail MailScanner[2257]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:18 mail MailScanner[2262]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:18 mail MailScanner[2262]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:18 mail MailScanner[2262]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:18 mail MailScanner[2262]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:18 mail MailScanner[2262]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:18 mail MailScanner[2262]: Starting up SQL Blacklist
> Feb 27 22:01:18 mail MailScanner[2262]: Read 0 blacklist entries
> Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:18 mail MailScanner[2262]: Started SQL Logging child
> Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:18 mail MailScanner[2262]: Starting up SQL Whitelist
> Feb 27 22:01:18 mail MailScanner[2262]: Read 0 whitelist entries
> Feb 27 22:01:18 mail MailScanner[2262]: Using SpamAssassin results cache
> Feb 27 22:01:18 mail MailScanner[2262]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:18 mail MailScanner[2262]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:20 mail MailScanner[2262]: Connected to Processing Attempts
> Database
> Feb 27 22:01:20 mail MailScanner[2262]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:20 mail MailScanner[2262]: Using locktype = flock
> Feb 27 22:01:20 mail MailScanner[2262]: Making attempt 4 at processing
> message 23EBD20023A.AA792
> Feb 27 22:01:20 mail MailScanner[2262]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:20 mail MailScanner[2262]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:23 mail MailScanner[2267]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:23 mail MailScanner[2267]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:23 mail MailScanner[2267]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:23 mail MailScanner[2267]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:23 mail MailScanner[2267]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:23 mail MailScanner[2267]: Starting up SQL Blacklist
> Feb 27 22:01:23 mail MailScanner[2267]: Read 0 blacklist entries
> Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:23 mail MailScanner[2267]: Started SQL Logging child
> Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:23 mail MailScanner[2267]: Starting up SQL Whitelist
> Feb 27 22:01:23 mail MailScanner[2267]: Read 0 whitelist entries
> Feb 27 22:01:23 mail MailScanner[2267]: Using SpamAssassin results cache
> Feb 27 22:01:23 mail MailScanner[2267]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:23 mail MailScanner[2267]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:25 mail MailScanner[2267]: Connected to Processing Attempts
> Database
> Feb 27 22:01:25 mail MailScanner[2267]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:26 mail MailScanner[2267]: Using locktype = flock
> Feb 27 22:01:26 mail MailScanner[2267]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:26 mail MailScanner[2267]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:28 mail MailScanner[2303]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:28 mail MailScanner[2303]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:28 mail MailScanner[2303]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:28 mail MailScanner[2303]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:28 mail MailScanner[2303]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:28 mail MailScanner[2303]: Starting up SQL Blacklist
> Feb 27 22:01:28 mail MailScanner[2303]: Read 0 blacklist entries
> Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:28 mail MailScanner[2303]: Started SQL Logging child
> Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:28 mail MailScanner[2303]: Starting up SQL Whitelist
> Feb 27 22:01:28 mail MailScanner[2303]: Read 0 whitelist entries
> Feb 27 22:01:28 mail MailScanner[2303]: Using SpamAssassin results cache
> Feb 27 22:01:28 mail MailScanner[2303]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:28 mail MailScanner[2303]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:30 mail MailScanner[2303]: Connected to Processing Attempts
> Database
> Feb 27 22:01:30 mail MailScanner[2303]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:30 mail MailScanner[2303]: Using locktype = flock
> Feb 27 22:01:31 mail MailScanner[2303]: Making attempt 6 at processing
> message EC11020005B.A3395
> Feb 27 22:01:31 mail MailScanner[2303]: Warning: skipping message
> 3ED0120024F.ABEE3 as it has been attempted too many times
> Feb 27 22:01:31 mail MailScanner[2303]: Quarantined message
> 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
> Feb 27 22:01:33 mail MailScanner[2308]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:33 mail MailScanner[2308]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:33 mail MailScanner[2308]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:33 mail MailScanner[2308]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:33 mail MailScanner[2308]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:33 mail MailScanner[2308]: Starting up SQL Blacklist
> Feb 27 22:01:33 mail MailScanner[2308]: Read 0 blacklist entries
> Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:33 mail MailScanner[2308]: Started SQL Logging child
> Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:33 mail MailScanner[2308]: Starting up SQL Whitelist
> Feb 27 22:01:33 mail MailScanner[2308]: Read 0 whitelist entries
> Feb 27 22:01:33 mail MailScanner[2308]: Using SpamAssassin results cache
> Feb 27 22:01:33 mail MailScanner[2308]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:33 mail MailScanner[2308]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:35 mail MailScanner[2308]: Connected to Processing Attempts
> Database
> Feb 27 22:01:35 mail MailScanner[2308]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:35 mail MailScanner[2308]: Using locktype = flock
> Feb 27 22:01:35 mail MailScanner[2308]: Warning: skipping message
> EC11020005B.A3395 as it has been attempted too many times
> Feb 27 22:01:35 mail MailScanner[2308]: Quarantined message
> EC11020005B.A3395 as it caused MailScanner to crash several times
> Feb 27 22:01:38 mail MailScanner[2313]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:38 mail MailScanner[2313]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:38 mail MailScanner[2313]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:38 mail MailScanner[2313]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:38 mail MailScanner[2313]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:38 mail MailScanner[2313]: Starting up SQL Blacklist
> Feb 27 22:01:38 mail MailScanner[2313]: Read 0 blacklist entries
> Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:38 mail MailScanner[2313]: Started SQL Logging child
> Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:38 mail MailScanner[2313]: Starting up SQL Whitelist
> Feb 27 22:01:38 mail MailScanner[2313]: Read 0 whitelist entries
> Feb 27 22:01:38 mail MailScanner[2313]: Using SpamAssassin results cache
> Feb 27 22:01:38 mail MailScanner[2313]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:38 mail MailScanner[2313]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:40 mail MailScanner[2313]: Connected to Processing Attempts
> Database
> Feb 27 22:01:40 mail MailScanner[2313]: Found 79 messages in the
> Processing Attempts Database
> Feb 27 22:01:40 mail MailScanner[2313]: Using locktype = flock
> Feb 27 22:01:40 mail MailScanner[2313]: Warning: skipping message
> EC11020005B.A3395 as it has been attempted too many times
> Feb 27 22:01:40 mail MailScanner[2313]: Quarantined message
> EC11020005B.A3395 as it caused MailScanner to crash several times
> Feb 27 22:01:43 mail MailScanner[2319]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 27 22:01:43 mail MailScanner[2319]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 27 22:01:43 mail MailScanner[2319]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 27 22:01:43 mail MailScanner[2319]: Read 869 hostnames from the
> phishing whitelist
> Feb 27 22:01:43 mail MailScanner[2319]: Read 5345 hostnames from the
> phishing blacklists
> Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init
> function SQLBlacklist
> Feb 27 22:01:43 mail MailScanner[2319]: Starting up SQL Blacklist
> Feb 27 22:01:43 mail MailScanner[2319]: Read 0 blacklist entries
> Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init
> function MailWatchLogging
> Feb 27 22:01:43 mail MailScanner[2319]: Started SQL Logging child
> Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init
> function SQLWhitelist
> Feb 27 22:01:43 mail MailScanner[2319]: Starting up SQL Whitelist
> Feb 27 22:01:43 mail MailScanner[2319]: Read 0 whitelist entries
> Feb 27 22:01:44 mail MailScanner[2319]: Using SpamAssassin results cache
> Feb 27 22:01:44 mail MailScanner[2319]: Connected to SpamAssassin cache
> database
> Feb 27 22:01:44 mail MailScanner[2319]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max connection rate
> 2/60s for (smtp:220.248.164.185) at Feb 27 21:58:23
> Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max connection count
> 2 for (smtp:220.248.164.185) at Feb 27 21:58:23
> Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max cache size 1 at
> Feb 27 21:58:23
>
> [root at mail ~]# MailScanner --lint
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Configuration: Failed to find any configuration files like
> /etc/MailScanner/conf.d/*.conf, skipping them. at
> /usr/share/MailScanner/MailScanner/Config.pm line 2044
> Read 869 hostnames from the phishing whitelist
> Read 5345 hostnames from the phishing blacklists
> Config: calling custom init function SQLBlacklist
> Starting up SQL Blacklist
> Read 0 blacklist entries
> Config: calling custom init function MailWatchLogging
> Started SQL Logging child
> Config: calling custom init function SQLWhitelist
> Starting up SQL Whitelist
> Read 0 whitelist entries
>
> Checking version numbers...
> Version number in MailScanner.conf (4.84.3) is correct.
>
> Unrar is not installed, it should be in /usr/bin/unrar.
> This is required for RAR archives to be read to check
> filenames and filetypes. Virus scanning is not affected.
>
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> MailScanner setting GID to (89)
> MailScanner setting UID to (89)
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There are 79 messages in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED::Eicar-Test-Signature :: ./1/
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its virus.scanners.conf.
> Config: calling custom end function SQLBlacklist
> Closing down by-domain spam blacklist
> Config: calling custom end function MailWatchLogging
> Config: calling custom end function SQLWhitelist
> Closing down by-domain spam whitelist
> [root at mail ~]#
>
> any ideas? something to say: i've kust updated, for the MailScanner
> configuration i've used:
>
> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew >
> MailScanner.new
> mv -f MailScanner.conf MailScanner.old
> mv -f MailScanner.new MailScanner.conf
>
> thanks again!!
> kocisky
>
> On 27 February 2012 18:34, Kocisky <kocisky at autistici.org> wrote:
>
>> removing the file /var/spool/MailScanner/incoming/Processing.db it
>> restarted to deliver the messages, i only need to figure out how to requeue
>> the messages that were quarantined, should i move them into:
>>
>> Incoming Queue Dir = /var/spool/postfix/hold ?
>> can i move the FOLDER/message directly?
>>
>> Thanks!!
>> kocisky
>>
>> On 27 February 2012 18:07, Kocisky <kocisky at autistici.org> wrote:
>>
>>> Thanks Martin for the quick reply, i didn't find anything on
>>> http://wiki.mailscanner.info/
>>>
>>> I'm actually using Maildir format for emails with postfix as mta, this
>>> is the filesystem structure for the quarantine files:
>>>
>>> [root at mail quarantine]# ls -l 20120227/
>>> total 420
>>> drwxrwx---. 2 postfix clam 4096 Feb 27 00:41 00C2D202033.A443F
>>> drwxrwx---. 2 postfix clam 4096 Feb 27 02:45 020CF202034.AD42E
>>>
>>> [root at mail quarantine]# ls -l 20120227/00C2D202033.A443F/message
>>> -rw-rw----. 1 postfix clam 80013 Feb 27 00:41
>>> 20120227/00C2D202033.A443F/message
>>> [root at mail quarantine]#
>>>
>>>
>>> i've tried to move the messages in /var/spool/postfix/incoming/ and
>>> changed the ownership but nothing happend.
>>>
>>> *EDIT*
>>>
>>> i've just noticed that since the update the mta is not delivering
>>> messages:
>>>
>>> Found 250 messages in the Processing Attempts Database
>>> Feb 27 18:11:56 mail MailScanner[12839]: Using locktype = flock
>>> Feb 27 18:11:56 mail MailScanner[12839]: Warning: skipping message
>>> CFA4E2003F7.AF18F as it has been attempted too many times
>>> Feb 27 18:11:56 mail MailScanner[12839]: Quarantined message
>>> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
>>> Feb 27 18:11:59 mail MailScanner[12844]: MailScanner E-Mail Virus
>>> Scanner version 4.84.3 starting...
>>> Feb 27 18:11:59 mail MailScanner[12844]: Reading configuration file
>>> /etc/MailScanner/MailScanner.conf
>>>
>>>
>>> my MailScanner --lint:
>>>
>>> [root at mail bayes]# MailScanner --lint
>>> Trying to setlogsock(unix)
>>>
>>> Reading configuration file /etc/MailScanner/MailScanner.conf
>>> Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>> Read 869 hostnames from the phishing whitelist
>>> Read 5361 hostnames from the phishing blacklists
>>> Config: calling custom init function SQLBlacklist
>>> Starting up SQL Blacklist
>>> Read 0 blacklist entries
>>> Config: calling custom init function MailWatchLogging
>>> Started SQL Logging child
>>> Config: calling custom init function SQLWhitelist
>>> Starting up SQL Whitelist
>>> Read 0 whitelist entries
>>>
>>> Checking version numbers...
>>> Version number in MailScanner.conf (4.84.3) is correct.
>>>
>>> Unrar is not installed, it should be in /usr/bin/unrar.
>>> This is required for RAR archives to be read to check
>>> filenames and filetypes. Virus scanning is not affected.
>>>
>>>
>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>> MailScanner setting GID to (89)
>>> MailScanner setting UID to (89)
>>>
>>> Checking for SpamAssassin errors (if you use it)...
>>> Using SpamAssassin results cache
>>> Connected to SpamAssassin cache database
>>> bayes: cannot write to /etc/MailScanner/bayes/bayes_journal, bayes db
>>> update ignored: Permission denied
>>> SpamAssassin reported no errors.
>>> Connected to Processing Attempts Database
>>> Created Processing Attempts Database successfully
>>> There are 250 messages in the Processing Attempts Database
>>> Using locktype = posix
>>> MailScanner.conf says "Virus Scanners = clamd"
>>> Found these virus scanners installed: clamd
>>>
>>> ===========================================================================
>>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>>> Other Checks: Found 1 problems
>>> Virus and Content Scanning: Starting
>>> Clamd::INFECTED::Eicar-Test-Signature :: ./1/
>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>>> Virus Scanning: Clamd found 2 infections
>>> Infected message 1 came from 10.1.1.1
>>> Virus Scanning: Found 2 viruses
>>>
>>> ===========================================================================
>>> Virus Scanner test reports:
>>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>>
>>> If any of your virus scanners (clamd)
>>> are not listed there, you should check that they are installed correctly
>>> and that MailScanner is finding them correctly via its
>>> virus.scanners.conf.
>>> Config: calling custom end function SQLBlacklist
>>> Closing down by-domain spam blacklist
>>> Config: calling custom end function MailWatchLogging
>>> Config: calling custom end function SQLWhitelist
>>> Closing down by-domain spam whitelist
>>> [root at mail bayes]#
>>>
>>> On 27 February 2012 16:09, Martin Hepworth <maxsec at gmail.com> wrote:
>>>
>>>> Depends on how u saved the file as mbox files or queue files
>>>>
>>>> Should be info on the wiki on how to rerun depending on the mta etc
>>>>
>>>> Martin
>>>>
>>>>
>>>> On Monday, 27 February 2012, Kocisky wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I had the same issue, updating the os it updated also that
>>>>> perl/archive package, my question now is how do i re run MailScanner over
>>>>> all the messages that have been quarantined?
>>>>>
>>>>> in particular that perl/archive pkg was crashing because of docx and
>>>>> xlsx files, the problem is that all those are valid files/emails and i need
>>>>> to reprocess them.
>>>>>
>>>>> Thanks!
>>>>> Kociscky
>>>>>
>>>>> Feb 27 15:29:04 mail MailScanner[30697]: Warning: skipping message
>>>>> CFA4E2003F7.AF18F as it has been attempted too many times
>>>>> Feb 27 15:29:04 mail MailScanner[30697]: Quarantined message
>>>>> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
>>>>> Feb 27 15:29:07 mail MailScanner[30702]: MailScanner E-Mail Virus
>>>>> Scanner version 4.84.3 starting...
>>>>>
>>>>> On 2 December 2011 01:32, Martin Hepworth <maxsec at gmail.com> wrote:
>>>>>
>>>>>> That's a perl issue and patch
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thursday, 1 December 2011, Michel Bulgado <michel at casa.co.cu>
>>>>>> wrote:
>>>>>> > John Wilcock wrote:
>>>>>> >
>>>>>> > Le 01/12/2011 18:44, Michel Bulgado a écrit :
>>>>>> >
>>>>>> > Insecure dependency in chmod while running with -T switch at
>>>>>> > /usr/share/perl5/Archive/Zip/Member.pm line 490. Failed.
>>>>>> >
>>>>>> > There's a patch for that in
>>>>>> https://rt.cpan.org/Public/Bug/Display.html?id=61930
>>>>>> >
>>>>>> > Ok, i download the patch file, i see the patch is for perl files,
>>>>>> so i ask , the problem is perl o MailScanner?
>>>>>> >
>>>>>> > So, when a go to apply the patch, I get a error, he can't find the
>>>>>> file 10_chmod.t
>>>>>> >
>>>>>> > [root at server MailScanner]# patch -p1 < patch_MailScanner.txt
>>>>>> > can't find file to patch at input line 5
>>>>>> > Perhaps you used the wrong -p or --strip option?
>>>>>> > The text leading up to this was:
>>>>>> > --------------------------
>>>>>> > |diff --git a/lib/Archive/Zip/Member.pm b/lib/Archive/Zip/Member.pm
>>>>>> > |index f86ef75..4bb2171 100644
>>>>>> > |--- a/lib/Archive/Zip/Member.pm
>>>>>> > |+++ b/lib/Archive/Zip/Member.pm
>>>>>> > --------------------------
>>>>>> > File to patch: /usr/share/perl5/Archive/Zip/Member.pm
>>>>>> > patching file /usr/share/perl5/Archive/Zip/Member.pm
>>>>>> > can't find file to patch at input line 46
>>>>>> > Perhaps you used the wrong -p or --strip option?
>>>>>> > The text leading up to this was:
>>>>>> > --------------------------
>>>>>> > |diff --git a/t/10_chmod.t b/t/10_chmod.t
>>>>>> > |index 7ae647f..0495062 100644
>>>>>> > |--- a/t/10_chmod.t
>>>>>> > |+++ b/t/10_chmod.t
>>>>>> > --------------------------
>>>>>> > File to patch:
>>>>>> > Skip this patch? [y] n
>>>>>> > File to patch:
>>>>>> > Skip this patch? [y] y
>>>>>> > Skipping patch.
>>>>>> > 1 out of 1 hunk ignored
>>>>>> > Searching for the 10_chmod.t, his belong to "perl-Archive-Zip", i
>>>>>> have installed this packages from rpm : perl-Archive-Zip-1.30-2.el6.noarch
>>>>>> >
>>>>>> > Ideas?
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>>
>>>>>> --
>>>>>> --
>>>>>> Martin Hepworth
>>>>>> Oxford, UK
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> --
>>>> Martin Hepworth
>>>> Oxford, UK
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120227/b04a7e5f/attachment.html
More information about the MailScanner
mailing list