<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT size=2>Yes, I'm in
EST.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT size=2>I just found
the problem myself too.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT size=2>It happened
on one of my only boxes first because it updated before the others.
</FONT></SPAN><SPAN class=799532218-20072007><FONT size=2>Then all of the others
went down too.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=799532218-20072007><FONT size=2>I resolved
it by removing clamav from the "Virus Scanners" option in MailScanner.conf.
Luckly, I use two virus scanners. If you only use one, just disable it entirely
temporarily.</FONT></SPAN></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV align=left><FONT size=2>David Gottschalk </FONT></DIV>
<DIV align=left><FONT size=2><A
href="mailto:david.gottschalk@emory.edu">david.gottschalk@emory.edu</A><BR></FONT></DIV>
<DIV> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Bryan Guest [mailto:bryan.guest@gmail.com]
<BR><B>Sent:</B> Friday, July 20, 2007 2:21 PM<BR><B>To:</B>
david.gottschalk@emory.edu<BR><B>Subject:</B> re: MailScanner
problem<BR></FONT><BR></DIV>
<DIV></DIV>Hello:<BR><BR>Are you in EST (gmt -05:00)? If so, the same thing
happened to me at nearly the same time. <BR><BR>It looks like a botched CLAMAV
update that has hosed Mailscanner somehow. All my MailScanner processes
hang at: starting children. Oddly it seems to only have happened to one
machine. <BR><BR>Let me know if you have any ideas. I am going to try to
completely blow away the clamav database directory and start over
there.<BR><BR>Bryan Guest<BR>Bruce Telecom<BR><A
href="mailto:bryan.guest@gmail.com">bryan.guest@gmail.com </A><BR><BR>Message:
21<BR>Date: Fri, 20 Jul 2007 14:05:56 -0400<BR>From: "Gottschalk, David" <<A
href="mailto:dgottsc@emory.edu">dgottsc@emory.edu</A>><BR>Subject:
MailScanner broken suddenly?!?!<BR>To: MailScanner discussion < <A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A>><BR>Message-ID:<BR>
<<A
href="mailto:8D2EFA3D9FD29C45BCEC3B532F0E2308412E3B3DB6@RDPEXCH2.Eu.Emory.Edu">8D2EFA3D9FD29C45BCEC3B532F0E2308412E3B3DB6@RDPEXCH2.Eu.Emory.Edu
</A>><BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>I have 5
MailScanner machines.<BR><BR>I had to do some configuration changes, so I
restarted them. One of them now appears to be completely hosed. I've checked my
configuration, and can't figure out what is going on. I don't see anything wrong
at all. <BR><BR>-sh-3.00$ sudo /usr/sbin/MailScanner --lint<BR>Checking version
numbers...<BR>Version installed (4.60.8) does not match version stated
in<BR>MailScanner.conf file (4.57.6), you may want to run
upgrade_MailScanner_conf <BR>to ensure your MailScanner.conf file contains all
the latest settings.<BR><BR>Checking for SpamAssassin errors (if you use
it)...<BR>Using SpamAssassin results cache<BR>Connected to SpamAssassin cache
database<BR>SpamAssassin reported no errors. <BR>Using locktype =
posix<BR>Creating hardcoded struct_flock subroutine for linux
(Linux-type)<BR>MailScanner.conf says "Virus Scanners = auto"<BR>Found these
virus scanners installed: bitdefender, clamavmodule <BR><BR>Here is what is
going on:<BR><BR>1. MailScanner starts, but just sits there does
nothing:<BR><BR>root 22553
1 0 13:58 ? 00:00:00
MailScanner: master waiting for children,
sleeping<BR>root 22554 22553 70 13:58
? 00:00:35 MailScanner: starting
children <BR>root 22624 22553 69 13:58
? 00:00:31 MailScanner: starting
children<BR>root 22680 22553 67 13:58
? 00:00:27 MailScanner: starting
children<BR>root 22733 22553 73 13:58
? 00:00:26 MailScanner: starting
children <BR>root 22780 22553 44 13:58
? 00:00:13 MailScanner: starting
children<BR>root 22831 22553 42 13:58
? 00:00:10 MailScanner: starting
children<BR>root 22884 22553 47 13:58
? 00:00:09 MailScanner: starting
children <BR>root 22957 22553 44 13:59
? 00:00:07 MailScanner: starting
children<BR>root 23005 22553 31 13:59
? 00:00:03 MailScanner: starting
children<BR>root 23054 22553 49 13:59
? 00:00:02 MailScanner: starting
children <BR>If I trace a childre process, here is what it is doing over and
over:<BR><BR>sudo strace -p 19920<BR>Process 19920 attached - interrupt to
quit<BR>read(12, "b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096
<BR>read(12, ":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096<BR>read(12,
"55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096<BR>read(12,
"5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096 <BR>read(12,
"ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096<BR>read(12,
"d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096<BR>read(12,
"6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) = 4096
<BR>brk(0x4f23000)
= 0x4f23000<BR>read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) =
4096<BR>read(12, "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) = 4096<BR>read(12,
" n.Downloader-4997\n36864:bcc236c3"..., 4096) = 4096<BR>read(12,
"der-5167\n29696:f7d986ddcc013d8e0"..., 4096) = 4096<BR>read(12,
"f7e121997:Trojan.Downloader-5070"..., 4096) = 4096<BR>read(12,
".Downloader-5107\n10240:efd91a6ea"..., 4096) = 4096 <BR>read(12,
"ec7:Trojan.Downloader-4916\n2048:"..., 4096) = 4096<BR>read(12,
"nloader-5244\n4768:096cc4cd04d5cf"..., 4096) = 4096<BR>read(12,
":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) = 4096 <BR>read(12,
"ncos-3342\n377344:04230b7482e189a"..., 4096) = 4096<BR>read(12,
"an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) = 4096<BR>read(12,
"jan.Bancos-3492\n659968:49df0eba0"..., 4096) = 4096 <BR>read(12,
"0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) = 4096<BR>read(12,
"86:Trojan.Small-1634\n229888:3579"..., 4096) = 4096<BR>read(12,
"4d30b8cfcfe247337e424db964d816:T"..., 4096) = 4096 <BR>read(12,
"576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) = 4096<BR>read(12,
"082cd8ac62e6878348b79:Trojan.Ban"..., 4096) = 4096<BR><BR>2. Strangely enough,
if I start just MailScanner it works fine (with sendmail not running) <BR><BR>3.
If I start MailScanner with sendmail to, it will just hang there as described.
If I stop it, the master process dies for MailScanner, but the children
hang.<BR><BR>4. I did have this problem, but I resolved it quickly by changing
the option in MailScanner.conf to look for *.inc files.<BR><BR>Jul 20 13:28:37
mr1 MailScanner[9747]: None of the files matched by the "Monitors For ClamAV
Updates" patterns exist!<BR>Jul 20 13:28:47 mr1 MailScanner[8644]: None of the
files matched by the "Monitors For ClamAV Updates" patterns exist! <BR><BR>Any
ideas? I'm banging my head.<BR><BR>David Gottschalk<BR><A
href="mailto:david.gottschalk@emory.edu">david.gottschalk@emory.edu</A><mailto:<A
href="mailto:david.gottschalk@emory.edu">david.gottschalk@emory.edu
</A>><BR><BR></BODY></HTML>