All Emails tagged as {VIRUS}

Shawn Iverson iversons at rushville.k12.in.us
Sat Apr 6 13:52:17 UTC 2019


You have garbage/typos in your MailScanner.conf at line 1422.

On Sat, Apr 6, 2019 at 4:20 AM Sebastiano Dante Alighieri <
salighie at gmail.com> wrote:

> After I upgraded to the latest version, i get no mail; MailScanner Crashes
> continuously
>
> *Apr  6 04:12:23  MyHost  MailScanner[10890]: MailScanner Email Processor
> version 5.1.3 starting...*
> Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration file
> /etc/MailScanner/conf.d/README
> *Apr  6 04:12:23  MyHost  MailScanner[10890]: Could not read file them.*
> *Apr  6 04:12:23  MyHost  MailScanner[10890]: Error in line 1422, file
> "/usr/share/MailScanner/reports/en/stored.fi <http://stored.fi> them." for
> storedfilenamemessage does not exist (or can not be read)*
> Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 1500 hostnames from the
> phishing whitelist
> Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 16624 hostnames from the
> phishing blacklists
> Apr  6 04:12:24  MyHost  MailScanner[10890]: Using SpamAssassin results
> cache
> Apr  6 04:12:24  MyHost  MailScanner[10890]: Connected to SpamAssassin
> cache database
> Apr  6 04:12:25  MyHost  MailScanner[10890]: Enabling SpamAssassin
> auto-whitelist functionality...
> Apr  6 04:12:27  MyHost  MailScanner[10885]: Auto: Found virus scanners:
> clamav
> Apr  6 04:12:27  MyHost  MailScanner[10885]: Connected to Processing
> Attempts Database
> Apr  6 04:12:27  MyHost  MailScanner[10885]: Found 1 messages in the
> Processing Attempts Database
> Apr  6 04:12:27  MyHost  MailScanner[10885]: Using locktype = flock
> *Apr  6 04:12:28  MyHost  MailScanner[10920]: MailScanner Email Processor
> version 5.1.3 starting...*
> Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration file
> /etc/MailScanner/conf.d/README
> Apr  6 04:12:28  MyHost  MailScanner[10920]: Could not read file them.
> *Apr  6 04:12:28  MyHost  MailScanner[10920]: Error in line 1422, file
> "/usr/share/MailScanner/reports/en/stored.fi <http://stored.fi> them." for
> storedfilenamemessage does not exist (or can not be read)*
>
>
>
> This goes on while there's a message to be processed in the db, until it
> detects too many crashes and quarantines the message.
>
> when a new message comes in, it starts all over again.
>
> *MailScanner Lint output*
>
> Could not read file /usr/share/MailScanner/reports/en/stored.fi at
> /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.
> Error in line 1422, file "/usr/share/MailScanner/reports/en/stored.fi them."
> for storedfilenamemessage does not exist (or can not be read) at
> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058.
>
>
> On Fri, Apr 5, 2019 at 8:31 PM yuwang <yuwang at cs.fsu.edu> wrote:
>
>> My guess is clamav update issue. What happens when you 'Mailscanner
>> Lint'? use strace to attach to clam process, use lsof to see open files,
>> and turn on debug mode on clam might help too.
>>
>> James
>>
>>
>> On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:
>> > Hi,
>> >
>> > In the past couple of days my email is all coming in with the subject
>> > line tagged as {VIRUS}. This is true for all mail, but of course
>> > there's no virus involved.
>> >
>> > Mailscanner v5.0.7
>> > ClamAV v0.100.0
>> >
>> >> ClamAV update process started at Fri Apr  5 18:41:07 2019
>> >>
>> >> WARNING: Your ClamAV installation is OUTDATED!
>> >>
>> >> WARNING: Local version: 0.100.0 Recommended version: 0.101.2
>> >>
>> >> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>> >>
>> >> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
>> >> builder: sigmgr)
>> >>
>> >> daily.cld is up to date (version: 25410, sigs: 1552552, f-level: 63,
>> >> builder: raynman)
>> >>
>> >> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>> >> builder: neo)
>> >
>> > A review of /var/log/maillog suggests that there's a problem with
>> > ClamAV
>> >
>> >> Apr  5 18:31:22 myhost MailScanner[7448]: Virus and Content
>> >> Scanning: Starting
>> >>
>> >> Apr  5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV TIMED OUT
>> >>
>> >> Apr  5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO
>> >> COMPLETE, TIMED OUT
>> >>
>> >> Apr  5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING: DENIAL OF
>> >> SERVICE ATTACK DETECTED!
>> >
>> > I've tried to observe what is happening on the system, while mail is
>> > being scanned and what i can surmise is that clamscan is timing-out
>> > (uses 100% CPU)
>> >
>> > any pointers would be greatly appreciated. I have not been able to
>> > find anything online.
>> >
>> > I'll try upgrading to the latest and greatest MailScanner in the mean
>> > time.
>> >
>> > thanks
>> > Salighie
>>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us

[image: Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/9533d3ab/attachment.html>


More information about the MailScanner mailing list