Couple of issues...

Kevin Miller kevin.miller at juneau.org
Thu Feb 21 22:41:08 UTC 2019 

I noticed a couple of issues on my MailScanner boxes:
1:  Old directories in /var/spool/MailScanner/Incoming:

root at mx2:/var/spool/MailScanner/incoming# l
total 252
drwxrwx--- 2 postfix  mtagroup     40 Jun 22  2018 10064
drwxrwx--- 2 postfix  mtagroup     40 Jan 23 04:41 10983
drwxrwx--- 2 postfix  mtagroup     40 Oct  5 15:17 11738
drwxrwx--- 2 postfix  mtagroup     40 Dec 16 09:35 1221
drwxrwx--- 2 postfix  mtagroup     40 Aug 16  2018 1259
drwxrwx--- 2 postfix  mtagroup     40 Dec 14 06:25 1267
drwxrwx--- 2 postfix  mtagroup     40 Jun  1  2018 13123
drwxrwx--- 2 postfix  mtagroup     40 Sep 27 13:50 14581
drwxrwx--- 2 postfix  mtagroup     40 Sep 25 14:53 1504
drwxrwx--- 2 postfix  mtagroup     40 Jan 23 06:26 15182
drwxrwx--- 2 postfix  mtagroup     40 Nov  7 06:25 15247
drwxrwx--- 2 postfix  mtagroup     40 Dec 14 16:50 15342
drwxrwx--- 2 postfix  mtagroup     40 Jan 21 14:56 15377
drwxrwx--- 2 postfix  mtagroup     40 Sep 25 14:55 1561
...snip...

Shouldn't these be auto-deleted?  I presume I can manually delete them if they're empty, yes?

2:  I just ran MailScanner --lint which output the following:
MailScanner.conf says "Virus Scanners = sophos clamd"
mktemp: failed to create directory via template '/var/spool/MailScanner/incoming/clamav-tmp/tmp.XXXXXXXXXX': Permission denied
Found these virus scanners installed: clamd, sophos
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/27249/1/neicar.com
Virus Scanning: Sophos found 1 infections
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Infected message var came from 
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

It seems that clam-av is catching the infection, despite the clamav-tmp directory being inaccessible but I suspect there could be some other issues that could arise that I'm not seeing in a simple lint test.

Also, this is puzzeling:
	Other Checks: Found 1 problems
What other check and what's the problem?

I'm running both Sophos and clamav (clamd).
Permisson on /var/spool/MailScanner/incoming/clamav-tmp are:
	drwxr-xr-x 2 www-data www-data    40 Aug 10  2018 clamav-tmp

What should the owner.group and perms be on that directory?

---
Environment details:
MailWatch Version: 1.2.12
Operating System Version: Debian GNU/Linux 9 (stretch)
Postfix Version: 3.1.9
MailScanner Version: 5.0.7
ClamAV Version: 0.100.2
SpamAssassin Version: 3.4.2
PHP Version: 7.0.33-0+deb9u1
MySQL Version: 10.1.37-MariaDB-0+deb9u1
GeoIP Database Version: GeoLite2 Country database 2019-02-05 05:36:24

Incoming Work User = postfix
Incoming Work Group = mtagroup
/etc/group:  mtagroup:x:1002:clamav,postfix,mail,www-data
I'm also running Mailwatch

Thanks...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

More information about the MailScanner mailing list