<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of
</B>Gottschalk, David<BR><B>Sent:</B> Friday, July 20, 2007 2:06
PM<BR><B>To:</B> MailScanner discussion<BR><B>Subject:</B> MailScanner broken
suddenly?!?!<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>I have 5 MailScanner
machines.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>I had to do some
configuration changes, so I restarted them. One of them now appears to be
completely hosed. I've checked my configuration, and can't figure out what is
going on. I don't see anything wrong at all. </FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>-sh-3.00$ sudo
/usr/sbin/MailScanner --lint<BR>Checking version numbers...<BR>Version
installed (4.60.8) does not match version stated in<BR>MailScanner.conf file
(4.57.6), you may want to run upgrade_MailScanner_conf<BR>to ensure your
MailScanner.conf file contains all the latest settings.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Checking for SpamAssassin
errors (if you use it)...<BR>Using SpamAssassin results cache<BR>Connected to
SpamAssassin cache database<BR>SpamAssassin reported no errors.<BR>Using
locktype = posix<BR>Creating hardcoded struct_flock subroutine for linux
(Linux-type)<BR>MailScanner.conf says "Virus Scanners = auto"<BR>Found these
virus scanners installed: bitdefender, clamavmodule<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Here is what is going
on:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>1. MailScanner starts, but
just sits there does nothing:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>root
22553 1 0 13:58
? 00:00:00 MailScanner: master
waiting for children, sleeping<BR>root 22554 22553 70
13:58 ? 00:00:35 MailScanner:
starting children<BR>root 22624 22553 69 13:58
? 00:00:31 MailScanner: starting
children<BR>root 22680 22553 67 13:58
? 00:00:27 MailScanner: starting
children<BR>root 22733 22553 73 13:58
? 00:00:26 MailScanner: starting
children<BR>root 22780 22553 44 13:58
? 00:00:13 MailScanner: starting
children<BR>root 22831 22553 42 13:58
? 00:00:10 MailScanner: starting
children<BR>root 22884 22553 47 13:58
? 00:00:09 MailScanner: starting
children<BR>root 22957 22553 44 13:59
? 00:00:07 MailScanner: starting
children<BR>root 23005 22553 31 13:59
? 00:00:03 MailScanner: starting
children<BR>root 23054 22553 49 13:59
? 00:00:02 MailScanner: starting
children<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>If I trace a childre process,
here is what it is doing over and over:</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>sudo strace -p
19920<BR>Process 19920 attached - interrupt to quit<BR>read(12,
"b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096<BR>read(12,
":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096<BR>read(12,
"55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096<BR>read(12,
"5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096<BR>read(12,
"ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096<BR>read(12,
"d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096<BR>read(12,
"6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) =
4096<BR>brk(0x4f23000)
= 0x4f23000<BR>read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) =
4096<BR>read(12, "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) =
4096<BR>read(12, "n.Downloader-4997\n36864:bcc236c3"..., 4096) =
4096<BR>read(12, "der-5167\n29696:f7d986ddcc013d8e0"..., 4096) =
4096<BR>read(12, "f7e121997:Trojan.Downloader-5070"..., 4096) =
4096<BR>read(12, ".Downloader-5107\n10240:efd91a6ea"..., 4096) =
4096<BR>read(12, "ec7:Trojan.Downloader-4916\n2048:"..., 4096) =
4096<BR>read(12, "nloader-5244\n4768:096cc4cd04d5cf"..., 4096) =
4096<BR>read(12, ":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) =
4096<BR>read(12, "ncos-3342\n377344:04230b7482e189a"..., 4096) =
4096<BR>read(12, "an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) =
4096<BR>read(12, "jan.Bancos-3492\n659968:49df0eba0"..., 4096) =
4096<BR>read(12, "0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) =
4096<BR>read(12, "86:Trojan.Small-1634\n229888:3579"..., 4096) =
4096<BR>read(12, "4d30b8cfcfe247337e424db964d816:T"..., 4096) =
4096<BR>read(12, "576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) =
4096<BR>read(12, "082cd8ac62e6878348b79:Trojan.Ban"..., 4096) =
4096<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>2. Strangely enough, if I
start just MailScanner it works fine (with sendmail not
running)</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>3. If I start MailScanner
with sendmail to, it will just hang there as described. If I stop it, the
master process dies for MailScanner, but the children
hang.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>4. I did have this problem,
but I resolved it quickly by changing the option in MailScanner.conf to look
for *.inc files.</FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Jul 20 13:28:37 mr1
MailScanner[9747]: None of the files matched by the "Monitors For ClamAV
Updates" patterns exist! <BR>Jul 20 13:28:47 mr1 MailScanner[8644]: None of
the files matched by the "Monitors For ClamAV Updates" patterns exist!
<BR></FONT></SPAN></DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842425217-20072007><FONT size=2>Any ideas? I'm banging my
head.</DIV></FONT></SPAN>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=250015520-20072007><FONT face=Arial color=#0000ff size=2>Need
to watch only looking for .cvd or only looking for .inc (dir) because at one
time or another only one type may exist. Try running clamscan and see if it
reports a hosed db if so remove the damaged db (either .cvd or .inc dir) and
run freshclam. If you are using a script to d/l 3d party sigs make sure
you use one that tests the db before installing it into the clamav db
dir</FONT></SPAN></DIV>
<DIV><SPAN class=250015520-20072007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=250015520-20072007><FONT face=Arial color=#0000ff
size=2>Rick</FONT></SPAN></DIV></BLOCKQUOTE></BODY><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</HTML>