MailScanner: Message attempted to kill MailScanner

Antony Stone Antony.Stone at mailscanner.open.source.it
Mon Aug 6 12:00:35 UTC 2018 

On Monday 06 August 2018 at 13:55:36, DobriL Dobrilov wrote:

> Some other ideas, because unfortunately this Live system and It’s very
> critical ?

When did the problem start happening?

What changed on the MS server around that time?

Can you show us full headers of an example email from webmail (which MS can't 
process) and another one to and from the same addresses, but not from webmail 
(which MS processes okay)?

Antony

> From: MailScanner
> Sent: Monday, August 6, 2018 2:08 PM
> To: 'MailScanner Discussion' <mailscanner at lists.mailscanner.info>
> Subject: RE: MailScanner: Message attempted to kill MailScanner
> 
> The same thing after I disable Virus scan , memory is enough. Something
> else cause the issue , and happen only with email send by webmail
> 
> 
> From: MailScanner
> Sent: Monday, August 6, 2018 2:04 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: MailScanner:
> Message attempted to kill MailScanner
> 
> Very first thing I would check is whether you have enough memory to carry
> out virus scanning, and make sure that OOM is not occurring.
> 
> On Mon, Aug 6, 2018 at 6:56 AM, DobriL Dobrilov wrote:
> 
> Hello,
> 
> 
> Please help me to debug follow issue:
> 
> All emails sent from my webmail to same domain cannot be processes by
> mailscanner.
> 
> 
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: connect from localhost[::1]
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: CE4AB62C48:
> client=localhost[::1], sasl_method=LOGIN, sasl_username=dobril at stanga.net
> <mailto:dobril at stanga.net>
> 
> Aug  6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48: hold: header
> Received: from mail.stanga.net <http://mail.stanga.net>  (localhost
> [IPv6:::1])??by mail.stanga.net <http://mail.stanga.net>  (Postfix) with
> ESMTPA id CE4AB62C48??for <dob
> 
> ril at stanga.net <mailto:ril at stanga.net> >; Mon,  6 Aug 2018 13:19:15 +0300
> (EEST) from localhost[::1]; from=<dobril at stanga.net
> <mailto:dobril at stanga.net> > to=<dobril at stanga.net
> <mailto:dobril at stanga.net> > proto=ESMTP helo=<mail.stanga.net
> <http://mail.stanga.net> >
> 
> Aug  6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48:
> message-id=<0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net
> <mailto:0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net> >
> 
> Aug  6 13:19:15 mail opendkim[3326]: CE4AB62C48: DKIM-Signature field added
> (s=mail, d=stanga.net <http://stanga.net> )
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: disconnect from localhost[::1]
> ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
> 
> Aug  6 13:19:18 mail MailScanner[31554]: New Batch: Scanning 1 messages,
> 3097 bytes
> 
> Aug  6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Virus and Content Scanning:
> Starting
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Virus Scanning completed at 24018
> bytes per second
> 
> Aug  6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:23:37 mail MailScanner[32582]: Making attempt 2 at processing
> message CE4AB62C48.A8F32
> 
> Aug  6 13:23:37 mail MailScanner[32582]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:26:15 mail MailScanner[2138]: Making attempt 3 at processing
> message CE4AB62C48.A8F32
> 
> Aug  6 13:26:15 mail MailScanner[2138]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:30:55 mail MailScanner[1659]: Making attempt 4 at processing
> message CE4AB62C48.A8F32
> 
> Aug  6 13:30:55 mail MailScanner[1659]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:35:44 mail MailScanner[1736]: Making attempt 5 at processing
> message CE4AB62C48.A8F32
> 
> Aug  6 13:35:44 mail MailScanner[1736]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:39:03 mail MailScanner[2946]: Making attempt 6 at processing
> message CE4AB62C48.A8F32
> 
> Aug  6 13:39:03 mail MailScanner[2946]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:39:05 mail MailScanner[2589]: Warning: skipping message
> CE4AB62C48.A8F32 as it has been attempted too many times
> 
> Aug  6 13:39:05 mail MailScanner[2589]: Quarantined message
> CE4AB62C48.A8F32 as it caused MailScanner to crash several times
> 
> Aug  6 13:39:05 mail MailScanner[2589]: Saved entire message to
> /var/spool/MailScanner/quarantine/20180806/CE4AB62C48.A8F32
> 
> Aug  6 13:39:05 mail MailScanner[2589]: MailWatch: Logging message
> CE4AB62C48.A8F32 to SQL
> 
> 
> 
> 
> 
> Then I started in  with debug option.
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: connect from localhost[::1]
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: CE4AB62C48:
> client=localhost[::1], sasl_method=LOGIN, sasl_username=dobril at stanga.net
> <mailto:dobril at stanga.net>
> 
> Aug  6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48: hold: header
> Received: from mail.stanga.net <http://mail.stanga.net>  (localhost
> [IPv6:::1])??by mail.stanga.net <http://mail.stanga.net>  (Postfix) with
> ESMTPA id CE4AB62C48??for <dobril at stanga.net <mailto:dobril at stanga.net> >;
> Mon,  6 Aug 2018 13:19:15 +0300 (EEST) from localhost[::1];
> from=<dobril at stanga.net <mailto:dobril at stanga.net> > to=<dobril at stanga.net
> <mailto:dobril at stanga.net> > proto=ESMTP helo=<mail.stanga.net
> <http://mail.stanga.net> >
> 
> Aug  6 13:19:15 mail postfix/cleanup[31703]: CE4AB62C48:
> message-id=<0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net
> <mailto:0a5acc9eeddaa3cd9256ba112f5270d5 at stanga.net> >
> 
> Aug  6 13:19:15 mail opendkim[3326]: CE4AB62C48: DKIM-Signature field added
> (s=mail, d=stanga.net <http://stanga.net> )
> 
> Aug  6 13:19:15 mail postfix/smtpd[31702]: disconnect from localhost[::1]
> ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
> 
> Aug  6 13:19:18 mail MailScanner[31554]: New Batch: Found 4 messages
> waiting
> 
> Aug  6 13:19:18 mail MailScanner[31554]: New Batch: Scanning 1 messages,
> 3097 bytes
> 
> Aug  6 13:19:18 mail MailScanner[31554]: Saved archive copies of
> CE4AB62C48.A8F32
> 
> Aug  6 13:19:18 mail MailScanner[31554]: Created attachment dirs for 1
> messages
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Completed checking by
> /usr/bin/file
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Virus and Content Scanning:
> Starting
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Commencing scanning with clamd...
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Debug Mode Is On
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Use Threads : YES
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Socket    :
> /var/run/clamav/clamd.sock
> 
> Aug  6 13:19:19 mail MailScanner[31726]: IP        : Using Sockets
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Lock File : NOT USED
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Time Out  : 300
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Scan Dir  :
> /var/spool/MailScanner/incoming/31554
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Clamd : Sending PING
> 
> Aug  6 13:19:19 mail MailScanner[31726]: Clamd : GOT 'PONG'
> 
> Aug  6 13:19:19 mail MailScanner[31726]: ClamD is running
> 
> Aug  6 13:19:19 mail MailScanner[31726]: SENT : MULTISCAN
> /var/spool/MailScanner/incoming/31554
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Completed AV scan with clamd
> 
> Aug  6 13:19:19 mail MailScanner[31554]: Virus Scanning completed at 24018
> bytes per second
> 
> Aug  6 13:19:19 mail root[31735]: MailScanner failed to start
> 
> Aug  6 13:19:19 mail root[31736]: Found a possible dead PID. Stopping all
> MailScanner rogue processes ...
> 
> 
> 
> 
> 
> How I can find out what cause this issue.

-- 
When you find yourself arguing with an idiot,
you should first of all make sure that the other person isn't doing the same 
thing.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the MailScanner mailing list