<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=842425217-20072007><FONT size=2>I have 5 MailScanner
machines.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>I had to do some configuration
changes, so I restarted them. One of them now appears to be completely hosed.
I've checked my configuration, and can't figure out what is going on. I don't
see anything wrong at all. </FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>-sh-3.00$ sudo
/usr/sbin/MailScanner --lint<BR>Checking version numbers...<BR>Version installed
(4.60.8) does not match version stated in<BR>MailScanner.conf file (4.57.6), you
may want to run upgrade_MailScanner_conf<BR>to ensure your MailScanner.conf file
contains all the latest settings.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Checking for SpamAssassin
errors (if you use it)...<BR>Using SpamAssassin results cache<BR>Connected to
SpamAssassin cache database<BR>SpamAssassin reported no errors.<BR>Using
locktype = posix<BR>Creating hardcoded struct_flock subroutine for linux
(Linux-type)<BR>MailScanner.conf says "Virus Scanners = auto"<BR>Found these
virus scanners installed: bitdefender, clamavmodule<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Here is what is going
on:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>1. MailScanner starts, but just
sits there does nothing:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>root
22553 1 0 13:58
? 00:00:00 MailScanner: master waiting
for children, sleeping<BR>root 22554 22553 70 13:58
? 00:00:35 MailScanner: starting
children<BR>root 22624 22553 69 13:58
? 00:00:31 MailScanner: starting
children<BR>root 22680 22553 67 13:58
? 00:00:27 MailScanner: starting
children<BR>root 22733 22553 73 13:58
? 00:00:26 MailScanner: starting
children<BR>root 22780 22553 44 13:58
? 00:00:13 MailScanner: starting
children<BR>root 22831 22553 42 13:58
? 00:00:10 MailScanner: starting
children<BR>root 22884 22553 47 13:58
? 00:00:09 MailScanner: starting
children<BR>root 22957 22553 44 13:59
? 00:00:07 MailScanner: starting
children<BR>root 23005 22553 31 13:59
? 00:00:03 MailScanner: starting
children<BR>root 23054 22553 49 13:59
? 00:00:02 MailScanner: starting
children<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>If I trace a childre process,
here is what it is doing over and over:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>sudo strace -p 19920<BR>Process
19920 attached - interrupt to quit<BR>read(12,
"b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096<BR>read(12,
":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096<BR>read(12,
"55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096<BR>read(12,
"5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096<BR>read(12,
"ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096<BR>read(12,
"d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096<BR>read(12,
"6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) =
4096<BR>brk(0x4f23000)
= 0x4f23000<BR>read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) =
4096<BR>read(12, "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) = 4096<BR>read(12,
"n.Downloader-4997\n36864:bcc236c3"..., 4096) = 4096<BR>read(12,
"der-5167\n29696:f7d986ddcc013d8e0"..., 4096) = 4096<BR>read(12,
"f7e121997:Trojan.Downloader-5070"..., 4096) = 4096<BR>read(12,
".Downloader-5107\n10240:efd91a6ea"..., 4096) = 4096<BR>read(12,
"ec7:Trojan.Downloader-4916\n2048:"..., 4096) = 4096<BR>read(12,
"nloader-5244\n4768:096cc4cd04d5cf"..., 4096) = 4096<BR>read(12,
":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) = 4096<BR>read(12,
"ncos-3342\n377344:04230b7482e189a"..., 4096) = 4096<BR>read(12,
"an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) = 4096<BR>read(12,
"jan.Bancos-3492\n659968:49df0eba0"..., 4096) = 4096<BR>read(12,
"0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) = 4096<BR>read(12,
"86:Trojan.Small-1634\n229888:3579"..., 4096) = 4096<BR>read(12,
"4d30b8cfcfe247337e424db964d816:T"..., 4096) = 4096<BR>read(12,
"576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) = 4096<BR>read(12,
"082cd8ac62e6878348b79:Trojan.Ban"..., 4096) = 4096<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>2. Strangely enough, if I start
just MailScanner it works fine (with sendmail not running)</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>3. If I start MailScanner with
sendmail to, it will just hang there as described. If I stop it, the master
process dies for MailScanner, but the children hang.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>4. I did have this problem, but
I resolved it quickly by changing the option in MailScanner.conf to look for
*.inc files.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Jul 20 13:28:37 mr1
MailScanner[9747]: None of the files matched by the "Monitors For ClamAV
Updates" patterns exist! <BR>Jul 20 13:28:47 mr1 MailScanner[8644]: None of the
files matched by the "Monitors For ClamAV Updates" patterns exist!
<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Any ideas? I'm banging my
head.</DIV></FONT></SPAN>
<DIV> </DIV>
<DIV align=left><FONT size=2>David Gottschalk <BR><A
href="mailto:david.gottschalk@emory.edu">david.gottschalk@emory.edu</A><BR></FONT></DIV>
<DIV> </DIV></BODY></HTML>