MailScanner 4.84 - attempted to kill MailScanner
Kocisky
kocisky at autistici.org
Tue Feb 28 12:50:01 GMT 2012
it seems that the messages are kept in /var/spool/postfix/hold:
[root at mail spool]# ls
abrt abrt-upload anacron at cron cups gdm lpd mail MailScanner
plymouth postfix squirrelmail
[root at mail spool]# find ./ -name CFA4E2003F7.AF18F
[root at mail spool]# find ./ -name CFA4E*
./MailScanner/incoming/12112/CFA4E2003F7.AF18F.header
./MailScanner/incoming/12123/CFA4E2003F7.AF18F.header
./MailScanner/incoming/12074/CFA4E2003F7.AF18F.header
./MailScanner/incoming/12117/CFA4E2003F7.AF18F.header
./postfix/hold/CFA4E2003F7
[root at mail spool]# vim ./postfix/hold/CFA4E2003F7
[root at mail spool]# rm ./postfix/hold/CFA4E2003F7
rm: remove regular file `./postfix/hold/CFA4E2003F7'? y
[root at mail spool]# find ./ -name 8C8A92*
./MailScanner/incoming/12193/8C8A9200026.A2E96.header
./MailScanner/incoming/12198/8C8A9200026.A2E96.header
./MailScanner/incoming/12209/8C8A9200026.A2E96.header
./MailScanner/incoming/12204/8C8A9200026.A2E96.header
./postfix/hold/8C8A9200026
[root at mail spool]# cd postfix/hold/
[root at mail hold]# ls
008FA202307 122E720025D 1F79020227D 2B140202195 39C91202297
472432021C8 522E4200210 64DC52021B8 6FA57200253 7A8D1202205
868E9202220 92A3A20219F A0F34202272 AC3CD2021CD B954F20225F
C8075202265 D873820228E E8A6A202259
00A80202266 1256C202226 1F7F7202327 2B42A200298 39DDB202291
47E4D20229E 523D120028E 6538920220B 6FBE3202264 7A96B202314
86ECE2022DB 932972001A5 A15782022EC AC8502022F0 B9C8B200295
C83B1200050 D8C1A2022BB E917C200094
01ABC2019F4 125B82021F0 1FF33202316 2BADC2001E4 3ABB52022ED
48791200028 5324F202275 66F492021D0 6FC14200228 7AE4C20010D
8734620009E 947DF202284 A161D200104 AD3372021C1 BA3242001B1
C8D0B202199 D943620220E E9871200299
01BD02022AB ...
if you remove manually MailScanner goes to the next one, permission issue?
On 28 February 2012 07:41, Kocisky <kocisky at autistici.org> wrote:
> [root at mail incoming]# postconf -d | grep mail_version
> mail_version = 2.6.6
>
> i see that it crashes on a certain message and doesn't go further
> (check CFA4E2003F7.AF18F):
>
> Feb 28 07:44:22 mail MailScanner[11644]: Warning: skipping message
> CFA4E2003F7.AF18F as it has been attempted too many times
> Feb 28 07:44:22 mail MailScanner[11644]: Quarantined message
> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
> Feb 28 07:44:25 mail MailScanner[11650]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 28 07:44:25 mail MailScanner[11650]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 28 07:44:25 mail MailScanner[11650]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 28 07:44:25 mail MailScanner[11650]: Read 869 hostnames from the
> phishing whitelist
> Feb 28 07:44:25 mail MailScanner[11650]: Read 5352 hostnames from the
> phishing blacklists
> Feb 28 07:44:25 mail MailScanner[11650]: Config: calling custom init
> function SQLBlacklist
> Feb 28 07:44:25 mail MailScanner[11650]: Starting up SQL Blacklist
> Feb 28 07:44:25 mail MailScanner[11650]: Read 0 blacklist entries
> Feb 28 07:44:25 mail MailScanner[11650]: Config: calling custom init
> function MailWatchLogging
> Feb 28 07:44:25 mail MailScanner[11650]: Started SQL Logging child
> Feb 28 07:44:25 mail MailScanner[11650]: Config: calling custom init
> function SQLWhitelist
> Feb 28 07:44:25 mail MailScanner[11650]: Starting up SQL Whitelist
> Feb 28 07:44:25 mail MailScanner[11650]: Read 0 whitelist entries
> Feb 28 07:44:26 mail MailScanner[11650]: Using SpamAssassin results cache
> Feb 28 07:44:26 mail MailScanner[11650]: Connected to SpamAssassin cache
> database
> Feb 28 07:44:26 mail MailScanner[11650]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 28 07:44:27 mail MailScanner[11650]: Connected to Processing Attempts
> Database
> Feb 28 07:44:27 mail MailScanner[11650]: Found 615 messages in the
> Processing Attempts Database
> Feb 28 07:44:27 mail MailScanner[11650]: Using locktype = flock
> Feb 28 07:44:27 mail MailScanner[11650]: Warning: skipping message
> CFA4E2003F7.AF18F as it has been attempted too many times
> Feb 28 07:44:27 mail MailScanner[11650]: Quarantined message
> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
> Feb 28 07:44:30 mail MailScanner[11655]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 28 07:44:30 mail MailScanner[11655]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 28 07:44:30 mail MailScanner[11655]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 28 07:44:30 mail MailScanner[11655]: Read 869 hostnames from the
> phishing whitelist
> Feb 28 07:44:30 mail MailScanner[11655]: Read 5352 hostnames from the
> phishing blacklists
> Feb 28 07:44:30 mail MailScanner[11655]: Config: calling custom init
> function SQLBlacklist
> Feb 28 07:44:30 mail MailScanner[11655]: Starting up SQL Blacklist
> Feb 28 07:44:30 mail MailScanner[11655]: Read 0 blacklist entries
> Feb 28 07:44:30 mail MailScanner[11655]: Config: calling custom init
> function MailWatchLogging
> Feb 28 07:44:30 mail MailScanner[11655]: Started SQL Logging child
> Feb 28 07:44:30 mail MailScanner[11655]: Config: calling custom init
> function SQLWhitelist
> Feb 28 07:44:30 mail MailScanner[11655]: Starting up SQL Whitelist
> Feb 28 07:44:30 mail MailScanner[11655]: Read 0 whitelist entries
> Feb 28 07:44:31 mail MailScanner[11655]: Using SpamAssassin results cache
> Feb 28 07:44:31 mail MailScanner[11655]: Connected to SpamAssassin cache
> database
> Feb 28 07:44:31 mail MailScanner[11655]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 28 07:44:32 mail MailScanner[11655]: Connected to Processing Attempts
> Database
> Feb 28 07:44:32 mail MailScanner[11655]: Found 615 messages in the
> Processing Attempts Database
> Feb 28 07:44:32 mail MailScanner[11655]: Using locktype = flock
> Feb 28 07:44:32 mail MailScanner[11655]: Warning: skipping message
> CFA4E2003F7.AF18F as it has been attempted too many times
> Feb 28 07:44:32 mail MailScanner[11655]: Quarantined message
> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
> Feb 28 07:44:35 mail MailScanner[11661]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
> Feb 28 07:44:35 mail MailScanner[11661]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Feb 28 07:44:35 mail MailScanner[11661]: Configuration: Failed to find any
> configuration files like /etc/MailScanner/conf.d/*.conf, skipping them.
> Feb 28 07:44:35 mail MailScanner[11661]: Read 869 hostnames from the
> phishing whitelist
> Feb 28 07:44:35 mail MailScanner[11661]: Read 5352 hostnames from the
> phishing blacklists
> Feb 28 07:44:35 mail MailScanner[11661]: Config: calling custom init
> function SQLBlacklist
> Feb 28 07:44:35 mail MailScanner[11661]: Starting up SQL Blacklist
> Feb 28 07:44:35 mail MailScanner[11661]: Read 0 blacklist entries
> Feb 28 07:44:35 mail MailScanner[11661]: Config: calling custom init
> function MailWatchLogging
> Feb 28 07:44:35 mail MailScanner[11661]: Started SQL Logging child
> Feb 28 07:44:35 mail MailScanner[11661]: Config: calling custom init
> function SQLWhitelist
> Feb 28 07:44:35 mail MailScanner[11661]: Starting up SQL Whitelist
> Feb 28 07:44:35 mail MailScanner[11661]: Read 0 whitelist entries
> Feb 28 07:44:36 mail MailScanner[11661]: Using SpamAssassin results cache
> Feb 28 07:44:36 mail MailScanner[11661]: Connected to SpamAssassin cache
> database
> Feb 28 07:44:36 mail MailScanner[11661]: Enabling SpamAssassin
> auto-whitelist functionality...
> Feb 28 07:44:37 mail MailScanner[11661]: Connected to Processing Attempts
> Database
> Feb 28 07:44:37 mail MailScanner[11661]: Found 615 messages in the
> Processing Attempts Database
> Feb 28 07:44:37 mail MailScanner[11661]: Using locktype = flock
> Feb 28 07:44:37 mail MailScanner[11661]: Warning: skipping message
> CFA4E2003F7.AF18F as it has been attempted too many times
> Feb 28 07:44:37 mail MailScanner[11661]: Quarantined message
> CFA4E2003F7.AF18F as it caused MailScanner to crash several times
> Feb 28 07:44:40 mail MailScanner[11666]: MailScanner E-Mail Virus Scanner
> version 4.84.3 starting...
>
>
> On 28 February 2012 07:24, Kocisky <kocisky at autistici.org> wrote:
>
>> postfix, below some additional info:
>>
>> MailScanner --version
>> Running on
>> Linux mail 2.6.32-71.29.1.el6.centos.plus.x86_64 #1 SMP Sun Jun 26
>> 16:27:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
>> This is CentOS release 6.2 (Final)
>> This is Perl version 5.010001 (5.10.1)
>>
>> This is MailScanner version 4.84.3
>> Module versions are:
>> 1.00 AnyDBM_File
>> 1.30 Archive::Zip
>> 0.23 bignum
>> 1.11 Carp
>> 2.02 Compress::Zlib
>> 1.119 Convert::BinHex
>> 0.17 Convert::TNEF
>> 2.124 Data::Dumper
>> 2.27 Date::Parse
>> 1.03 DirHandle
>> 1.06 Fcntl
>> 2.77 File::Basename
>> 2.14 File::Copy
>> 2.02 FileHandle
>> 2.08 File::Path
>> 0.22 File::Temp
>> 0.92 Filesys::Df
>> 3.64 HTML::Entities
>> 3.64 HTML::Parser
>> 3.57 HTML::TokeParser
>> 1.25 IO
>> 1.14 IO::File
>> 1.13 IO::Pipe
>> 2.04 Mail::Header
>> 1.89 Math::BigInt
>> 0.22 Math::BigRat
>> 3.08 MIME::Base64
>> 5.427 MIME::Decoder
>> 5.427 MIME::Decoder::UU
>> 5.427 MIME::Head
>> 5.427 MIME::Parser
>> 3.08 MIME::QuotedPrint
>> 5.427 MIME::Tools
>> 0.14 Net::CIDR
>> 1.25 Net::IP
>> 0.19 OLE::Storage_Lite
>> 1.04 Pod::Escapes
>> 3.13 Pod::Simple
>> 1.17 POSIX
>> 1.21 Scalar::Util
>> 1.82 Socket
>> 2.20 Storable
>> 1.4 Sys::Hostname::Long
>> 0.27 Sys::Syslog
>> 1.40 Test::Pod
>> 0.92 Test::Simple
>> 1.9721 Time::HiRes
>> 1.02 Time::localtime
>>
>> Optional module versions are:
>> 1.58 Archive::Tar
>> 0.23 bignum
>> missing Business::ISBN
>> missing Business::ISBN::Data
>> missing Data::Dump
>> 1.82 DB_File
>> 1.27 DBD::SQLite
>> 1.609 DBI
>> 1.16 Digest
>> 1.01 Digest::HMAC
>> 2.39 Digest::MD5
>> 2.12 Digest::SHA1
>> 1.01 Encode::Detect
>> missing Error
>> 0.27 ExtUtils::CBuilder
>> 2.2203 ExtUtils::ParseXS
>> 2.38 Getopt::Long
>> missing Inline
>> missing IO::String
>> 1.09 IO::Zlib
>> missing IP::Country
>> missing Mail::ClamAV
>> 3.003001 Mail::SpamAssassin
>> missing Mail::SPF
>> missing Mail::SPF::Query
>> 0.35 Module::Build
>> missing Net::CIDR::Lite
>> 0.65 Net::DNS
>> missing Net::DNS::Resolver::Programmable
>> missing Net::LDAP
>> 4.027 NetAddr::IP
>> missing Parse::RecDescent
>> missing SAVI
>> 3.17 Test::Harness
>> missing Test::Manifest
>> 2.0.0 Text::Balanced
>> 1.40 URI
>> 0.77 version
>> missing YAML
>> [root at mail ~]#
>>
>> On 27 February 2012 23:50, Andrew Colin Kissa <andrew at topdog.za.net>wrote:
>>
>>>
>>> On 28 Feb 2012, at 5:51 AM, Kocisky wrote:
>>>
>>> > let me take it back... it still crashes, i still have the error:
>>> >
>>> > [root at mail ~]# MailScanner --debug
>>> >
>>> > Configuration: Failed to find any configuration files like
>>> /etc/MailScanner/conf.d/*.conf, skipping them. at
>>> /usr/share/MailScanner/MailScanner/Config.pm line 2044
>>> >
>>> > In Debugging mode, not forking...
>>> > Trying to setlogsock(unix)
>>> > Building a message batch to scan...
>>> > Have a batch of 30 messages.
>>> > Insecure dependency in open while running with -T switch at
>>> /usr/lib64/perl5/IO/File.pm line 185.
>>> >
>>>
>>> What MTA are you using ? i can take a look at this for you if i can
>>> squeeze some time.
>>>
>>> --
>>> www.baruwa.org
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120228/447a9b1c/attachment.html
More information about the MailScanner
mailing list