All Emails tagged as {VIRUS}

Sebastiano Dante Alighieri salighie at gmail.com
Sun Apr 7 00:02:39 UTC 2019 

i think I've figured out where that error was coming from -
MailScanner.conf:1422

[image: image.png]

fixed that and now MailScanner Lint returns nothing / two blank lines.

still no mail, however

multiple failed attempts to process the message - now all messages get
quarantined.
Apr  6 19:35:31 vemlsncr1 MailScanner[76527]: Warning: skipping message
73E501815AFE.A834F as it has been attempted too many times
Apr  6 19:35:31 vemlsncr1 MailScanner[76527]: Quarantined message
73E501815AFE.A834F as it caused MailScanner to crash several times
Apr  6 19:35:31 vemlsncr1 MailScanner[76527]: Saved entire message to
/var/spool/MailScanner/quarantine/20190406/73E501815AFE.A834F



thanks
Sebastiano

On Sat, Apr 6, 2019 at 9:49 AM yuwang <yuwang at cs.fsu.edu> wrote:

> "Could not read file /usr/share/MailScanner/reports/en/stored.fi [2]
> >> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.
> >>
> >> Error in line 1422, file
> >> "/usr/share/MailScanner/reports/en/stored.fi [2] them." for
> >> storedfilenamemessage does not exist (or can not be read) at
> >> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058."
>
> The file should be
> "/usr/share/MailScanner/reports/en/stored.filename.message.txt"
>
> Your error message says /usr/share/MailScanner/reports/en/stored.fi
>
> What is the output of command:
>
>   grep 'stored.fi' /usr/share/MailScanner/perl/MailScanner/ConfigDefs.pl
> and
>   ls -l /usr/share/MailScanner/reports/en/stored.filename.message.txt
>
> James
>
>
> On 2019-04-06 04:19, Sebastiano Dante Alighieri wrote:
> > After I upgraded to the latest version, i get no mail; MailScanner
> > Crashes continuously
> >
> >> APR  6 04:12:23  MYHOST  MAILSCANNER[10890]: MAILSCANNER EMAIL
> >> PROCESSOR VERSION 5.1.3 STARTING...
> >>
> >> Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration
> >> file /etc/MailScanner/MailScanner.conf
> >>
> >> Apr  6 04:12:23  MyHost  MailScanner[10890]: Reading configuration
> >> file /etc/MailScanner/conf.d/README
> >>
> >> APR  6 04:12:23  MYHOST  MAILSCANNER[10890]: COULD NOT READ FILE
> >> THEM.
> >>
> >> APR  6 04:12:23  MYHOST  MAILSCANNER[10890]: ERROR IN LINE 1422,
> >> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/STORED.FI [1] THEM." FOR
> >> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)
> >>
> >> Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 1500 hostnames
> >> from the phishing whitelist
> >>
> >> Apr  6 04:12:24  MyHost  MailScanner[10890]: Read 16624 hostnames
> >> from the phishing blacklists
> >>
> >> Apr  6 04:12:24  MyHost  MailScanner[10890]: Using SpamAssassin
> >> results cache
> >>
> >> Apr  6 04:12:24  MyHost  MailScanner[10890]: Connected to
> >> SpamAssassin cache database
> >>
> >> Apr  6 04:12:25  MyHost  MailScanner[10890]: Enabling SpamAssassin
> >> auto-whitelist functionality...
> >>
> >> Apr  6 04:12:27  MyHost  MailScanner[10885]: Auto: Found virus
> >> scanners: clamav
> >>
> >> Apr  6 04:12:27  MyHost  MailScanner[10885]: Connected to Processing
> >> Attempts Database
> >>
> >> Apr  6 04:12:27  MyHost  MailScanner[10885]: Found 1 messages in the
> >> Processing Attempts Database
> >>
> >> Apr  6 04:12:27  MyHost  MailScanner[10885]: Using locktype = flock
> >>
> >> APR  6 04:12:28  MYHOST  MAILSCANNER[10920]: MAILSCANNER EMAIL
> >> PROCESSOR VERSION 5.1.3 STARTING...
> >>
> >> Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration
> >> file /etc/MailScanner/MailScanner.conf
> >>
> >> Apr  6 04:12:28  MyHost  MailScanner[10920]: Reading configuration
> >> file /etc/MailScanner/conf.d/README
> >>
> >> Apr  6 04:12:28  MyHost  MailScanner[10920]: Could not read file
> >> them.
> >>
> >> APR  6 04:12:28  MYHOST  MAILSCANNER[10920]: ERROR IN LINE 1422,
> >> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/STORED.FI [1] THEM." FOR
> >> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)
> >
> > This goes on while there's a message to be processed in the db, until
> > it detects too many crashes and quarantines the message.
> >
> > when a new message comes in, it starts all over again.
> >
> > MAILSCANNER LINT OUTPUT
> >
> >> Could not read file /usr/share/MailScanner/reports/en/stored.fi [2]
> >> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.
> >>
> >> Error in line 1422, file
> >> "/usr/share/MailScanner/reports/en/stored.fi [2] them." for
> >> storedfilenamemessage does not exist (or can not be read) at
> >> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058.
> >
> > On Fri, Apr 5, 2019 at 8:31 PM yuwang <yuwang at cs.fsu.edu> wrote:
> >
> >> My guess is clamav update issue. What happens when you 'Mailscanner
> >> Lint'? use strace to attach to clam process, use lsof to see open
> >> files,
> >> and turn on debug mode on clam might help too.
> >>
> >> James
> >>
> >> On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:
> >>> Hi,
> >>>
> >>> In the past couple of days my email is all coming in with the
> >> subject
> >>> line tagged as {VIRUS}. This is true for all mail, but of course
> >>> there's no virus involved.
> >>>
> >>> Mailscanner v5.0.7
> >>> ClamAV v0.100.0
> >>>
> >>>> ClamAV update process started at Fri Apr  5 18:41:07 2019
> >>>>
> >>>> WARNING: Your ClamAV installation is OUTDATED!
> >>>>
> >>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.2
> >>>>
> >>>> DON'T PANIC! Read
> >> https://www.clamav.net/documents/upgrading-clamav
> >>>>
> >>>> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
> >>>> builder: sigmgr)
> >>>>
> >>>> daily.cld is up to date (version: 25410, sigs: 1552552, f-level:
> >> 63,
> >>>> builder: raynman)
> >>>>
> >>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
> >>>> builder: neo)
> >>>
> >>> A review of /var/log/maillog suggests that there's a problem with
> >>> ClamAV
> >>>
> >>>> Apr  5 18:31:22 myhost MailScanner[7448]: Virus and Content
> >>>> Scanning: Starting
> >>>>
> >>>> Apr  5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV TIMED
> >> OUT
> >>>>
> >>>> Apr  5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO
> >>>> COMPLETE, TIMED OUT
> >>>>
> >>>> Apr  5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING: DENIAL
> >> OF
> >>>> SERVICE ATTACK DETECTED!
> >>>
> >>> I've tried to observe what is happening on the system, while mail
> >> is
> >>> being scanned and what i can surmise is that clamscan is
> >> timing-out
> >>> (uses 100% CPU)
> >>>
> >>> any pointers would be greatly appreciated. I have not been able to
> >>> find anything online.
> >>>
> >>> I'll try upgrading to the latest and greatest MailScanner in the
> >> mean
> >>> time.
> >>>
> >>> thanks
> >>> Salighie
> >
> >
> > Links:
> > ------
> > [1] http://stored.fi
> > [2] http://stored.fi/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/1eb16136/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 18168 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190406/1eb16136/attachment.png>

More information about the MailScanner mailing list