Couple of issues...

Shawn Iverson iversons at rushville.k12.in.us
Fri Feb 22 05:17:12 UTC 2019 

You can delete those older directories safely while MailScanner is idle and
running (stopping MailScanner may sync the ramdisk, which means they will
come back when MailScanner is started back up).  If you are paranoid, you
can get the current PIDs of all current MailScanner processes, just to be
safe, and skip those directories, if present.  They normally auto-delete,
but I have seen cases where they do not, such as a system crash,
MailScanner crash, or permissions issue.

On Thu, Feb 21, 2019 at 5:41 PM Kevin Miller <kevin.miller at juneau.org>
wrote:

> I noticed a couple of issues on my MailScanner boxes:
> 1:  Old directories in /var/spool/MailScanner/Incoming:
>
> root at mx2:/var/spool/MailScanner/incoming# l
> total 252
> drwxrwx--- 2 postfix  mtagroup     40 Jun 22  2018 10064
> drwxrwx--- 2 postfix  mtagroup     40 Jan 23 04:41 10983
> drwxrwx--- 2 postfix  mtagroup     40 Oct  5 15:17 11738
> drwxrwx--- 2 postfix  mtagroup     40 Dec 16 09:35 1221
> drwxrwx--- 2 postfix  mtagroup     40 Aug 16  2018 1259
> drwxrwx--- 2 postfix  mtagroup     40 Dec 14 06:25 1267
> drwxrwx--- 2 postfix  mtagroup     40 Jun  1  2018 13123
> drwxrwx--- 2 postfix  mtagroup     40 Sep 27 13:50 14581
> drwxrwx--- 2 postfix  mtagroup     40 Sep 25 14:53 1504
> drwxrwx--- 2 postfix  mtagroup     40 Jan 23 06:26 15182
> drwxrwx--- 2 postfix  mtagroup     40 Nov  7 06:25 15247
> drwxrwx--- 2 postfix  mtagroup     40 Dec 14 16:50 15342
> drwxrwx--- 2 postfix  mtagroup     40 Jan 21 14:56 15377
> drwxrwx--- 2 postfix  mtagroup     40 Sep 25 14:55 1561
> ...snip...
>
> Shouldn't these be auto-deleted?  I presume I can manually delete them if
> they're empty, yes?
>
> 2:  I just ran MailScanner --lint which output the following:
> MailScanner.conf says "Virus Scanners = sophos clamd"
> mktemp: failed to create directory via template
> '/var/spool/MailScanner/incoming/clamav-tmp/tmp.XXXXXXXXXX': Permission
> denied
> Found these virus scanners installed: clamd, sophos
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> >>> Virus 'EICAR-AV-Test' found in file
> /var/pool/MailScanner/incoming/27249/1/neicar.com
> Virus Scanning: Sophos found 1 infections
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 1 infections
> Infected message 1 came from 10.1.1.1
> Infected message var came from
> Virus Scanning: Found 2 viruses
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> It seems that clam-av is catching the infection, despite the clamav-tmp
> directory being inaccessible but I suspect there could be some other issues
> that could arise that I'm not seeing in a simple lint test.
>
> Also, this is puzzeling:
>         Other Checks: Found 1 problems
> What other check and what's the problem?
>
> I'm running both Sophos and clamav (clamd).
> Permisson on /var/spool/MailScanner/incoming/clamav-tmp are:
>         drwxr-xr-x 2 www-data www-data    40 Aug 10  2018 clamav-tmp
>
> What should the owner.group and perms be on that directory?
>
> ---
> Environment details:
> MailWatch Version: 1.2.12
> Operating System Version: Debian GNU/Linux 9 (stretch)
> Postfix Version: 3.1.9
> MailScanner Version: 5.0.7
> ClamAV Version: 0.100.2
> SpamAssassin Version: 3.4.2
> PHP Version: 7.0.33-0+deb9u1
> MySQL Version: 10.1.37-MariaDB-0+deb9u1
> GeoIP Database Version: GeoLite2 Country database 2019-02-05 05:36:24
>
> Incoming Work User = postfix
> Incoming Work Group = mtagroup
> /etc/group:  mtagroup:x:1002:clamav,postfix,mail,www-data
> I'm also running Mailwatch
>
> Thanks...
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190222/ef174c9a/attachment.html>

More information about the MailScanner mailing list