All Emails tagged as {VIRUS}

Sebastiano Dante Alighieri salighie at gmail.com
Sat Apr 6 08:19:15 UTC 2019 

After I upgraded to the latest version, i get no mail; MailScanner Crashes
continuously

*Apr  6 04:12:23  MyHost  MailScanner[10890]: MailScanner Email Processor
version 5.1.3 starting...*
Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration file
/etc/MailScanner/MailScanner.conf
Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration file
/etc/MailScanner/conf.d/README
*Apr  6 04:12:23  MyHost  MailScanner[10890]: Could not read file them.*
*Apr  6 04:12:23  MyHost  MailScanner[10890]: Error in line 1422, file
"/usr/share/MailScanner/reports/en/stored.fi <http://stored.fi> them." for
storedfilenamemessage does not exist (or can not be read)*
Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 1500 hostnames from the
phishing whitelist
Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 16624 hostnames from the
phishing blacklists
Apr  6 04:12:24  MyHost  MailScanner[10890]: Using SpamAssassin results
cache
Apr  6 04:12:24  MyHost  MailScanner[10890]: Connected to SpamAssassin
cache database
Apr  6 04:12:25  MyHost  MailScanner[10890]: Enabling SpamAssassin
auto-whitelist functionality...
Apr  6 04:12:27  MyHost  MailScanner[10885]: Auto: Found virus scanners:
clamav
Apr  6 04:12:27  MyHost  MailScanner[10885]: Connected to Processing
Attempts Database
Apr  6 04:12:27  MyHost  MailScanner[10885]: Found 1 messages in the
Processing Attempts Database
Apr  6 04:12:27  MyHost  MailScanner[10885]: Using locktype = flock
*Apr  6 04:12:28  MyHost  MailScanner[10920]: MailScanner Email Processor
version 5.1.3 starting...*
Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration file
/etc/MailScanner/MailScanner.conf
Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration file
/etc/MailScanner/conf.d/README
Apr  6 04:12:28  MyHost  MailScanner[10920]: Could not read file them.
*Apr  6 04:12:28  MyHost  MailScanner[10920]: Error in line 1422, file
"/usr/share/MailScanner/reports/en/stored.fi <http://stored.fi> them." for
storedfilenamemessage does not exist (or can not be read)*



This goes on while there's a message to be processed in the db, until it
detects too many crashes and quarantines the message.

when a new message comes in, it starts all over again.

*MailScanner Lint output*

Could not read file /usr/share/MailScanner/reports/en/stored.fi at
/usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.
Error in line 1422, file "/usr/share/MailScanner/reports/en/stored.fi them."
for storedfilenamemessage does not exist (or can not be read) at
/usr/share/MailScanner/perl/MailScanner/Config.pm line 3058.


On Fri, Apr 5, 2019 at 8:31 PM yuwang <yuwang at cs.fsu.edu> wrote:

> My guess is clamav update issue. What happens when you 'Mailscanner
> Lint'? use strace to attach to clam process, use lsof to see open files,
> and turn on debug mode on clam might help too.
>
> James
>
>
> On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:
> > Hi,
> >
> > In the past couple of days my email is all coming in with the subject
> > line tagged as {VIRUS}. This is true for all mail, but of course
> > there's no virus involved.
> >
> > Mailscanner v5.0.7
> > ClamAV v0.100.0
> >
> >> ClamAV update process started at Fri Apr  5 18:41:07 2019
> >>
> >> WARNING: Your ClamAV installation is OUTDATED!
> >>
> >> WARNING: Local version: 0.100.0 Recommended version: 0.101.2
> >>
> >> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> >>
> >> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
> >> builder: sigmgr)
> >>
> >> daily.cld is up to date (version: 25410, sigs: 1552552, f-level: 63,
> >> builder: raynman)
> >>
> >> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
> >> builder: neo)
> >
> > A review of /var/log/maillog suggests that there's a problem with
> > ClamAV
> >
> >> Apr  5 18:31:22 myhost MailScanner[7448]: Virus and Content
> >> Scanning: Starting
> >>
> >> Apr  5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV TIMED OUT
> >>
> >> Apr  5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO
> >> COMPLETE, TIMED OUT
> >>
> >> Apr  5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING: DENIAL OF
> >> SERVICE ATTACK DETECTED!
> >
> > I've tried to observe what is happening on the system, while mail is
> > being scanned and what i can surmise is that clamscan is timing-out
> > (uses 100% CPU)
> >
> > any pointers would be greatly appreciated. I have not been able to
> > find anything online.
> >
> > I'll try upgrading to the latest and greatest MailScanner in the mean
> > time.
> >
> > thanks
> > Salighie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/0e012c31/attachment.html>

More information about the MailScanner mailing list