MailScanner 4.84 - attempted to kill MailScanner

Jeremy McSpadden jeremy at fluxlabs.net
Tue Feb 28 03:34:21 GMT 2012


Open mailscanner’s binary and add –U to the # line. /usr/sbin/MailScanner

#!/usr/bin/perl –I/Usr/share/MailScanner … add –U

--
Jeremy McSpadden
Flux Labs, Inc
http://www.fluxlabs.net<http://www.fluxlabs.net/>
Endless Solutions
Office : 850-588-4626
Cell : 850-890-2543
Fax : 850-254-2955

From: Kocisky <kocisky at autistici.org<mailto:kocisky at autistici.org>>
Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Date: Mon, 27 Feb 2012 22:22:33 -0500
To: MailScanner discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Subject: Re: MailScanner 4.84 - attempted to kill MailScanner

i've removed the virus scanning from MailScanner.conf and now it doesn't hang anymore, thats a start!

Virus Scanning = no

(i've removed also that /var/spool/MailScanner/incoming/Processing.db which i didn't really understand what it is)

On 27 February 2012 22:00, Kocisky <kocisky at autistici.org<mailto:kocisky at autistici.org>> wrote:
talked too early, it crashed again:


MailScanner --debug

Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them. at /usr/share/MailScanner/MailScanner/Config.pm line 2044

In Debugging mode, not forking...
Trying to setlogsock(unix)
Building a message batch to scan...
Have a batch of 30 messages.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
[root at mail incoming]#


the following is an extract of the /var/log/maillog:

Feb 27 22:01:02 mail postfix/cleanup[2118]: 45D07200106: message-id=<20120228030102.45D07200106 at myserver.com<mailto:20120228030102.45D07200106 at myserver.com>>
Feb 27 22:01:02 mail update.bad.phishing.sites: Delaying cron job up to 600 seconds
Feb 27 22:01:03 mail MailScanner[2247]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:03 mail MailScanner[2247]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:03 mail MailScanner[2247]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:03 mail MailScanner[2247]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:03 mail MailScanner[2247]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:03 mail MailScanner[2247]: Starting up SQL Blacklist
Feb 27 22:01:03 mail MailScanner[2247]: Read 0 blacklist entries
Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:03 mail MailScanner[2247]: Started SQL Logging child
Feb 27 22:01:03 mail MailScanner[2247]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:03 mail MailScanner[2247]: Starting up SQL Whitelist
Feb 27 22:01:03 mail MailScanner[2247]: Read 0 whitelist entries
Feb 27 22:01:03 mail MailScanner[2247]: Using SpamAssassin results cache
Feb 27 22:01:03 mail MailScanner[2247]: Connected to SpamAssassin cache database
Feb 27 22:01:03 mail MailScanner[2247]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:05 mail MailScanner[2247]: Connected to Processing Attempts Database
Feb 27 22:01:05 mail MailScanner[2247]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:05 mail MailScanner[2247]: Using locktype = flock
Feb 27 22:01:05 mail MailScanner[2247]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:05 mail MailScanner[2247]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:08 mail MailScanner[2252]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:08 mail MailScanner[2252]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:08 mail MailScanner[2252]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:08 mail MailScanner[2252]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:08 mail MailScanner[2252]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:08 mail MailScanner[2252]: Starting up SQL Blacklist
Feb 27 22:01:08 mail MailScanner[2252]: Read 0 blacklist entries
Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:08 mail MailScanner[2252]: Started SQL Logging child
Feb 27 22:01:08 mail MailScanner[2252]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:08 mail MailScanner[2252]: Starting up SQL Whitelist
Feb 27 22:01:08 mail MailScanner[2252]: Read 0 whitelist entries
Feb 27 22:01:08 mail MailScanner[2252]: Using SpamAssassin results cache
Feb 27 22:01:08 mail MailScanner[2252]: Connected to SpamAssassin cache database
Feb 27 22:01:08 mail MailScanner[2252]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:10 mail MailScanner[2252]: Connected to Processing Attempts Database
Feb 27 22:01:10 mail MailScanner[2252]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:10 mail MailScanner[2252]: Using locktype = flock
Feb 27 22:01:10 mail MailScanner[2252]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:10 mail MailScanner[2252]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:13 mail MailScanner[2257]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:13 mail MailScanner[2257]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:13 mail MailScanner[2257]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:13 mail MailScanner[2257]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:13 mail MailScanner[2257]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:13 mail MailScanner[2257]: Starting up SQL Blacklist
Feb 27 22:01:13 mail MailScanner[2257]: Read 0 blacklist entries
Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:13 mail MailScanner[2257]: Started SQL Logging child
Feb 27 22:01:13 mail MailScanner[2257]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:13 mail MailScanner[2257]: Starting up SQL Whitelist
Feb 27 22:01:13 mail MailScanner[2257]: Read 0 whitelist entries
Feb 27 22:01:13 mail MailScanner[2257]: Using SpamAssassin results cache
Feb 27 22:01:13 mail MailScanner[2257]: Connected to SpamAssassin cache database
Feb 27 22:01:13 mail MailScanner[2257]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:15 mail MailScanner[2257]: Connected to Processing Attempts Database
Feb 27 22:01:15 mail MailScanner[2257]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:15 mail MailScanner[2257]: Using locktype = flock
Feb 27 22:01:15 mail MailScanner[2257]: Making attempt 4 at processing message 264A7200231.A7517
Feb 27 22:01:15 mail MailScanner[2257]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:15 mail MailScanner[2257]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:18 mail MailScanner[2262]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:18 mail MailScanner[2262]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:18 mail MailScanner[2262]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:18 mail MailScanner[2262]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:18 mail MailScanner[2262]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:18 mail MailScanner[2262]: Starting up SQL Blacklist
Feb 27 22:01:18 mail MailScanner[2262]: Read 0 blacklist entries
Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:18 mail MailScanner[2262]: Started SQL Logging child
Feb 27 22:01:18 mail MailScanner[2262]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:18 mail MailScanner[2262]: Starting up SQL Whitelist
Feb 27 22:01:18 mail MailScanner[2262]: Read 0 whitelist entries
Feb 27 22:01:18 mail MailScanner[2262]: Using SpamAssassin results cache
Feb 27 22:01:18 mail MailScanner[2262]: Connected to SpamAssassin cache database
Feb 27 22:01:18 mail MailScanner[2262]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:20 mail MailScanner[2262]: Connected to Processing Attempts Database
Feb 27 22:01:20 mail MailScanner[2262]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:20 mail MailScanner[2262]: Using locktype = flock
Feb 27 22:01:20 mail MailScanner[2262]: Making attempt 4 at processing message 23EBD20023A.AA792
Feb 27 22:01:20 mail MailScanner[2262]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:20 mail MailScanner[2262]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:23 mail MailScanner[2267]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:23 mail MailScanner[2267]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:23 mail MailScanner[2267]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:23 mail MailScanner[2267]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:23 mail MailScanner[2267]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:23 mail MailScanner[2267]: Starting up SQL Blacklist
Feb 27 22:01:23 mail MailScanner[2267]: Read 0 blacklist entries
Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:23 mail MailScanner[2267]: Started SQL Logging child
Feb 27 22:01:23 mail MailScanner[2267]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:23 mail MailScanner[2267]: Starting up SQL Whitelist
Feb 27 22:01:23 mail MailScanner[2267]: Read 0 whitelist entries
Feb 27 22:01:23 mail MailScanner[2267]: Using SpamAssassin results cache
Feb 27 22:01:23 mail MailScanner[2267]: Connected to SpamAssassin cache database
Feb 27 22:01:23 mail MailScanner[2267]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:25 mail MailScanner[2267]: Connected to Processing Attempts Database
Feb 27 22:01:25 mail MailScanner[2267]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:26 mail MailScanner[2267]: Using locktype = flock
Feb 27 22:01:26 mail MailScanner[2267]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:26 mail MailScanner[2267]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:28 mail MailScanner[2303]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:28 mail MailScanner[2303]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:28 mail MailScanner[2303]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:28 mail MailScanner[2303]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:28 mail MailScanner[2303]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:28 mail MailScanner[2303]: Starting up SQL Blacklist
Feb 27 22:01:28 mail MailScanner[2303]: Read 0 blacklist entries
Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:28 mail MailScanner[2303]: Started SQL Logging child
Feb 27 22:01:28 mail MailScanner[2303]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:28 mail MailScanner[2303]: Starting up SQL Whitelist
Feb 27 22:01:28 mail MailScanner[2303]: Read 0 whitelist entries
Feb 27 22:01:28 mail MailScanner[2303]: Using SpamAssassin results cache
Feb 27 22:01:28 mail MailScanner[2303]: Connected to SpamAssassin cache database
Feb 27 22:01:28 mail MailScanner[2303]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:30 mail MailScanner[2303]: Connected to Processing Attempts Database
Feb 27 22:01:30 mail MailScanner[2303]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:30 mail MailScanner[2303]: Using locktype = flock
Feb 27 22:01:31 mail MailScanner[2303]: Making attempt 6 at processing message EC11020005B.A3395
Feb 27 22:01:31 mail MailScanner[2303]: Warning: skipping message 3ED0120024F.ABEE3 as it has been attempted too many times
Feb 27 22:01:31 mail MailScanner[2303]: Quarantined message 3ED0120024F.ABEE3 as it caused MailScanner to crash several times
Feb 27 22:01:33 mail MailScanner[2308]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:33 mail MailScanner[2308]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:33 mail MailScanner[2308]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:33 mail MailScanner[2308]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:33 mail MailScanner[2308]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:33 mail MailScanner[2308]: Starting up SQL Blacklist
Feb 27 22:01:33 mail MailScanner[2308]: Read 0 blacklist entries
Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:33 mail MailScanner[2308]: Started SQL Logging child
Feb 27 22:01:33 mail MailScanner[2308]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:33 mail MailScanner[2308]: Starting up SQL Whitelist
Feb 27 22:01:33 mail MailScanner[2308]: Read 0 whitelist entries
Feb 27 22:01:33 mail MailScanner[2308]: Using SpamAssassin results cache
Feb 27 22:01:33 mail MailScanner[2308]: Connected to SpamAssassin cache database
Feb 27 22:01:33 mail MailScanner[2308]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:35 mail MailScanner[2308]: Connected to Processing Attempts Database
Feb 27 22:01:35 mail MailScanner[2308]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:35 mail MailScanner[2308]: Using locktype = flock
Feb 27 22:01:35 mail MailScanner[2308]: Warning: skipping message EC11020005B.A3395 as it has been attempted too many times
Feb 27 22:01:35 mail MailScanner[2308]: Quarantined message EC11020005B.A3395 as it caused MailScanner to crash several times
Feb 27 22:01:38 mail MailScanner[2313]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:38 mail MailScanner[2313]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:38 mail MailScanner[2313]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:38 mail MailScanner[2313]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:38 mail MailScanner[2313]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:38 mail MailScanner[2313]: Starting up SQL Blacklist
Feb 27 22:01:38 mail MailScanner[2313]: Read 0 blacklist entries
Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:38 mail MailScanner[2313]: Started SQL Logging child
Feb 27 22:01:38 mail MailScanner[2313]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:38 mail MailScanner[2313]: Starting up SQL Whitelist
Feb 27 22:01:38 mail MailScanner[2313]: Read 0 whitelist entries
Feb 27 22:01:38 mail MailScanner[2313]: Using SpamAssassin results cache
Feb 27 22:01:38 mail MailScanner[2313]: Connected to SpamAssassin cache database
Feb 27 22:01:38 mail MailScanner[2313]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:40 mail MailScanner[2313]: Connected to Processing Attempts Database
Feb 27 22:01:40 mail MailScanner[2313]: Found 79 messages in the Processing Attempts Database
Feb 27 22:01:40 mail MailScanner[2313]: Using locktype = flock
Feb 27 22:01:40 mail MailScanner[2313]: Warning: skipping message EC11020005B.A3395 as it has been attempted too many times
Feb 27 22:01:40 mail MailScanner[2313]: Quarantined message EC11020005B.A3395 as it caused MailScanner to crash several times
Feb 27 22:01:43 mail MailScanner[2319]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 22:01:43 mail MailScanner[2319]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 27 22:01:43 mail MailScanner[2319]: Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
Feb 27 22:01:43 mail MailScanner[2319]: Read 869 hostnames from the phishing whitelist
Feb 27 22:01:43 mail MailScanner[2319]: Read 5345 hostnames from the phishing blacklists
Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init function SQLBlacklist
Feb 27 22:01:43 mail MailScanner[2319]: Starting up SQL Blacklist
Feb 27 22:01:43 mail MailScanner[2319]: Read 0 blacklist entries
Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init function MailWatchLogging
Feb 27 22:01:43 mail MailScanner[2319]: Started SQL Logging child
Feb 27 22:01:43 mail MailScanner[2319]: Config: calling custom init function SQLWhitelist
Feb 27 22:01:43 mail MailScanner[2319]: Starting up SQL Whitelist
Feb 27 22:01:43 mail MailScanner[2319]: Read 0 whitelist entries
Feb 27 22:01:44 mail MailScanner[2319]: Using SpamAssassin results cache
Feb 27 22:01:44 mail MailScanner[2319]: Connected to SpamAssassin cache database
Feb 27 22:01:44 mail MailScanner[2319]: Enabling SpamAssassin auto-whitelist functionality...
Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max connection rate 2/60s for (smtp:220.248.164.185) at Feb 27 21:58:23
Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max connection count 2 for (smtp:220.248.164.185) at Feb 27 21:58:23
Feb 27 22:01:44 mail postfix/anvil[1902]: statistics: max cache size 1 at Feb 27 21:58:23

[root at mail ~]# MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*.conf, skipping them. at /usr/share/MailScanner/MailScanner/Config.pm line 2044
Read 869 hostnames from the phishing whitelist
Read 5345 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 0 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 0 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (4.84.3) is correct.

Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.


Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 79 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<http://eicar.com>
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com<http://eicar.com> was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist
[root at mail ~]#

any ideas? something to say: i've kust updated, for the MailScanner configuration i've used:

upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf

thanks again!!
kocisky

On 27 February 2012 18:34, Kocisky <kocisky at autistici.org<mailto:kocisky at autistici.org>> wrote:
removing the file /var/spool/MailScanner/incoming/Processing.db it restarted to deliver the messages, i only need to figure out how to requeue the messages that were quarantined, should i move them into:

Incoming Queue Dir = /var/spool/postfix/hold ?
can i move the FOLDER/message directly?

Thanks!!
kocisky

On 27 February 2012 18:07, Kocisky <kocisky at autistici.org<mailto:kocisky at autistici.org>> wrote:
Thanks Martin for the quick reply, i didn't find anything on http://wiki.mailscanner.info/

I'm actually using Maildir format for emails with postfix as mta, this is the filesystem structure for the quarantine files:

[root at mail quarantine]# ls -l 20120227/
total 420
drwxrwx---. 2 postfix clam  4096 Feb 27 00:41 00C2D202033.A443F
drwxrwx---. 2 postfix clam  4096 Feb 27 02:45 020CF202034.AD42E

[root at mail quarantine]# ls -l 20120227/00C2D202033.A443F/message
-rw-rw----. 1 postfix clam 80013 Feb 27 00:41 20120227/00C2D202033.A443F/message
[root at mail quarantine]#


i've tried to move the messages in /var/spool/postfix/incoming/ and changed the ownership but nothing happend.

*EDIT*

i've just noticed that since the update the mta is not delivering messages:

Found 250 messages in the Processing Attempts Database
Feb 27 18:11:56 mail MailScanner[12839]: Using locktype = flock
Feb 27 18:11:56 mail MailScanner[12839]: Warning: skipping message CFA4E2003F7.AF18F as it has been attempted too many times
Feb 27 18:11:56 mail MailScanner[12839]: Quarantined message CFA4E2003F7.AF18F as it caused MailScanner to crash several times
Feb 27 18:11:59 mail MailScanner[12844]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...
Feb 27 18:11:59 mail MailScanner[12844]: Reading configuration file /etc/MailScanner/MailScanner.conf


my MailScanner --lint:

[root at mail bayes]# MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Configuration: Failed to find any configuration files like /etc/MailScanner/conf.d/*, skipping them. at /usr/share/MailScanner/MailScanner/Config.pm line 2044
Read 869 hostnames from the phishing whitelist
Read 5361 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
Starting up SQL Blacklist
Read 0 blacklist entries
Config: calling custom init function MailWatchLogging
Started SQL Logging child
Config: calling custom init function SQLWhitelist
Starting up SQL Whitelist
Read 0 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (4.84.3) is correct.

Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.


Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
bayes: cannot write to /etc/MailScanner/bayes/bayes_journal, bayes db update ignored: Permission denied
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 250 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com<http://eicar.com>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<http://eicar.com>
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com<http://eicar.com> was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
Closing down by-domain spam blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
Closing down by-domain spam whitelist
[root at mail bayes]#

On 27 February 2012 16:09, Martin Hepworth <maxsec at gmail.com<mailto:maxsec at gmail.com>> wrote:
Depends on how u saved the file as mbox files or queue files

Should be info on the wiki on how to rerun depending on the mta etc

Martin


On Monday, 27 February 2012, Kocisky wrote:
Hi all,

I had the same issue, updating the os it updated also that perl/archive package, my question now is how do i re run MailScanner over all the messages that have been quarantined?

in particular that perl/archive pkg was crashing because of docx and xlsx files, the problem is that all those are valid files/emails and i need to reprocess them.

Thanks!
Kociscky

Feb 27 15:29:04 mail MailScanner[30697]: Warning: skipping message CFA4E2003F7.AF18F as it has been attempted too many times
Feb 27 15:29:04 mail MailScanner[30697]: Quarantined message CFA4E2003F7.AF18F as it caused MailScanner to crash several times
Feb 27 15:29:07 mail MailScanner[30702]: MailScanner E-Mail Virus Scanner version 4.84.3 starting...

On 2 December 2011 01:32, Martin Hepworth <maxsec at gmail.com> wrote:
That's a perl issue and patch

Martin



On Thursday, 1 December 2011, Michel Bulgado <michel at casa.co.cu> wrote:
> John Wilcock wrote:
>
> Le 01/12/2011 18:44, Michel Bulgado a écrit :
>
> Insecure dependency in chmod while running with -T switch at
> /usr/share/perl5/Archive/Zip/Member.pm line 490. Failed.
>
> There's a patch for that in https://rt.cpan.org/Public/Bug/Display.html?id=61930
>
> Ok, i download the patch file, i see the patch is for perl files, so i ask ,  the problem is perl o MailScanner?
>
> So, when a go to apply the patch, I get a error, he can't find the file  10_chmod.t
>
> [root at server MailScanner]# patch -p1 < patch_MailScanner.txt
> can't find file to patch at input line 5
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |diff --git a/lib/Archive/Zip/Member.pm b/lib/Archive/Zip/Member.pm
> |index f86ef75..4bb2171 100644
> |--- a/lib/Archive/Zip/Member.pm
> |+++ b/lib/Archive/Zip/Member.pm
> --------------------------
> File to patch: /usr/share/perl5/Archive/Zip/Member.pm
> patching file /usr/share/perl5/Archive/Zip/Member.pm
> can't find file to patch at input line 46
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |diff --git a/t/10_chmod.t b/t/10_chmod.t
> |index 7ae647f..0495062 100644
> |--- a/t/10_chmod.t
> |+++ b/t/10_chmod.t
> --------------------------
> File to patch:
> Skip this patch? [y] n
> File to patch:
> Skip this patch? [y] y
> Skipping patch.
> 1 out of 1 hunk ignored
> Searching for the  10_chmod.t, his belong to "perl-Archive-Zip", i have installed this packages from rpm : perl-Archive-Zip-1.30-2.el6.noarch
>
> Ideas?
>
>
>

--
--
Martin Hepworth
Oxford, UK

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!




--
--
Martin Hepworth
Oxford, UK

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!





-- MailScanner mailing list mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info> http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120228/5b172291/attachment-0001.html


More information about the MailScanner mailing list