<br>Hi Martin!<br> Thanks for your reply, i will try as your idea, then will post the results to u soon. Again, thanks for help!<br><br><div class="gmail_quote"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="gmail_quote">On Fri, Apr 17, 2009 at 10:58 PM, Martin Hepworth <span dir="ltr"><<a href="mailto:maxsec@gmail.com" target="_blank">maxsec@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Seems there's problems with perl 5.8.9 on FreeBSD - see earlier posts on installing 5.8.8 from the ports system and using that instead.<br>
<br><div class="gmail_quote">2009/4/17 Mãn Từ Ngọc <span dir="ltr"><<a href="mailto:tungocman@gmail.com" target="_blank">tungocman@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div><div class="gmail_quote">Hi everyone! <br> <br> I have setup an email system use: Postfix + MailScanner 4.67.6 (with Perl version 5.008009 (5.8.9)) On FreeBSD 7.1-RELEASE<br>
<br> Postfix run as user postfix<br> MailScanner run as user postfix<br>
<br> I config my Mailscanner to deny all attachments which have the filename is .exe or .com<br>
<br> Then I test it by sending an email include the attachment which have the name is ATF-cleaner.exe,<br> but the MailScanner have problem when check the attachment, MailScanner report that File checker failed with real error, <br>
please see the log file below for more information<br><br> but if i config MailScanner to run as user root then everything is OK,<br> but i really don't want to allow MailScanner to run as user root.<br> <br>
I post all my log file results, and all required information to debug below.<br>
<br>Please help me!<br>Thanks!<br><br>------------------------<br>in my /etc/passwd: I have user root, postfix, clamav, spamd<br>in my /etc/group: <br> user root is the owner of group wheel<br> user postfix, clamav, spamd are the members of group mail<br>
<br>-------------------------<br>/var/log/mailog -> MailScanner Log result:<br><br>Apr 17 11:46:40 ngthcm MailScanner[99877]: MailScanner E-Mail Virus Scanner version 4.67.6 starting...<br>Apr 17 11:46:40 ngthcm MailScanner[99877]: Could not read Custom Functions directory<br>
Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 814 hostnames from the phishing whitelist<br>Apr 17 11:46:40 ngthcm MailScanner[99877]: Read 5511 hostnames from the phishing blacklist<br>Apr 17 11:46:40 ngthcm MailScanner[99877]: SpamAssassin temporary working directory is /var/spool/MailScanner/incomingwork/SpamAssassin-Temp<br>
Apr 17 11:46:40 ngthcm MailScanner[99877]: Using SpamAssassin results cache<br>Apr 17 11:46:40 ngthcm MailScanner[99877]: Connected to SpamAssassin cache database<br>Apr 17 11:46:40 ngthcm MailScanner[99877]: Enabling SpamAssassin auto-whitelist functionality...<br>
Apr 17 11:46:43 ngthcm MailScanner[99863]: Using locktype = flock<br>Apr 17 11:46:43 ngthcm MailScanner[99863]: New Batch: Scanning 1 messages, 72921 bytes<br>Apr 17 11:46:43 ngthcm MailScanner[99863]: SpamAssassin cache hit for message AB0264AC26.475FA<br>
Apr 17 11:46:43 ngthcm MailScanner[99881]: SafePipe in Message.pm : /usr/local/bin/unrar v -p- '/var/spool/MailScanner/incomingwork/99863/AB0264AC26.475FA/ATF-Cleaner.exe' 2>&1 failed with real error: Insecure dependency in exec while running with -T switch at /usr/local/lib/MailScanner/MailScanner/Message.pm line 2888.<br>
Apr 17 11:46:43 ngthcm MailScanner[99881]: Virus and Content Scanning: Starting<br>Apr 17 11:46:44 ngthcm MailScanner[99881]: Filename Checks: (AB0264AC26.475FA ATF-Cleaner.exe)<br>Apr 17 11:46:44 ngthcm MailScanner[99883]: File checker failed with real error: Insecure dependency in exec while running with -T switch at /usr/local/lib/MailScanner/MailScanner/SweepOther.pm line 356.<br>
<br><br>------------------------<br>/usr/local/etc/MailScanner/MailScanner.conf :<br><br># Configuration directory containing this file<br>%etc-dir% = /usr/local/etc/MailScanner<br><br># Set the directory containing all the reports in the required language<br>
%report-dir% = /usr/local/etc/MailScanner/reports/en<br><br># Rulesets directory containing your ".rules" files<br>%rules-dir% = /usr/local/etc/MailScanner/rules<br><br>Run As User = postfix<br>Run As Group = mail<br>
Queue Scan Interval = 6<br>Incoming Queue Dir = /var/spool/postfix/hold<br>Outgoing Queue Dir = /var/spool/postfix/incoming<br>Run As User = postfix<br>Run As Group = mail<br>Incoming Work Dir = /var/spool/MailScanner/incomingwork<br>
Quarantine Dir = /var/spool/MailScanner/quarantine<br>Incoming Work User = <br>InComing Work Group = <br>Incoming Work Permissions = 0660<br>Quarantine User = <br>Quarantine Group =<br>Quarantine Permissions = 0660<br>Allow Filenames =<br>
Deny Filenames =<br>Filenames Rules = %etc-dir%/filename.rules.conf<br><br>-----------<br>/usr/local/etc/MailScanner/filename.rules.conf<br><br># These 2 added by popular demand - Very often used by viruses<br>deny \.com$ Windows/DOS Executable <br>
deny \.exe$ Windows/DOS Executable <br><br>-------------<br>ngthcm# ls -l /var/spool/<br>drwxrwxr-x 6 postfix mail 512 Apr 17 12:01 MailScanner<br>drwxrwxr-x 17 root mail 512 Apr 16 16:38 postfix<br>
<br>ngthcm# ls -l /var/spool/MailScanner/<br>-rw------- 1 postfix mail 10240 Apr 17 12:02 SpamAssassin.cache.db<br>drwxrwxr-x 11 postfix mail 512 Apr 17 12:02 incomingwork<br>drwxrwxr-x 2 postfix mail 512 Apr 17 12:02 lockfile-dir<br>
drwxrwxr-x 2 postfix mail 512 Apr 13 15:26 quarantine<br>drwxrwxr-x 2 postfix mail 512 Apr 16 12:42 spamassassin<br><br>ngthcm# ls -l /var/spool/postfix/<br>drwx------ 2 postfix mail 512 Apr 17 03:01 .spamassassin<br>
drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 active<br>drwxrwxr-x 2 postfix mail 512 Apr 17 11:23 bounce<br>drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 corrupt<br>drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 defer<br>
drwxrwxr-x 14 postfix mail 512 Apr 9 23:28 deferred<br>drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 flush<br>drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 hold<br>drwxrwxr-x 2 postfix mail 512 Apr 17 11:25 incoming<br>
drwxrwxr-x 2 postfix maildrop 512 Apr 17 03:01 maildrop<br>drwxrwxr-x 2 root mail 512 Apr 6 01:14 pid<br>drwxrwxr-x 2 postfix mail 512 Apr 17 11:38 private<br>drwxrwxr-x 2 postfix maildrop 512 Apr 17 11:38 public<br>
drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 saved<br>drwxrwxr-x 2 postfix mail 512 Feb 18 18:06 trace<br><br>ngthcm# ls -la /usr/local/lib/MailScanner/MailScanner<br>drwxrwxr-x 3 root mail 1024 Apr 9 00:04 .<br>
drwxrwxr-x 3 root mail 512 Apr 9 00:04 ..<br>-r-xr-xr-x 1 root mail 4357 Apr 9 00:04 BinHex.pm<br>-r-xr-xr-x 1 root mail 104100 Apr 9 00:04 Config.pm<br>-r-xr-xr-x 1 root mail 22104 Apr 9 00:04 ConfigDefs.pl<br>
-r-xr-xr-x 1 root mail 56745 Apr 9 00:04 CustomConfig.pm<br>drwxr-xr-x 2 root mail 512 Apr 9 00:04 CustomFunctions<br>-r-xr-xr-x 1 root mail 49221 Apr 9 00:04 Exim.pm<br>-r-xr-xr-x 1 root mail 17799 Apr 9 00:04 EximDiskStore.pm<br>
-r-xr-xr-x 1 root mail 7772 Apr 9 00:04 GenericSpam.pm<br>-r-xr-xr-x 1 root mail 12821 Apr 9 00:04 Lock.pm<br>-r-xr-xr-x 1 root mail 5128 Apr 9 00:04 Log.pm<br>-r-xr-xr-x 1 root mail 17369 Apr 9 00:04 MCP.pm<br>
-r-xr-xr-x 1 root mail 24524 Apr 9 00:04 MCPMessage.pm<br>-r-xr-xr-x 1 root mail 2992 Apr 9 00:04 Mail.pm<br>-r-xr-xr-x 1 root mail 273077 Apr 17 00:26 Message.pm<br>-r-xr-xr-x 1 root mail 38942 Apr 9 00:04 MessageBatch.pm<br>
-r-xr-xr-x 1 root mail 27915 Apr 9 00:04 PFDiskStore.pm<br>-r-xr-xr-x 1 root mail 65287 Apr 9 00:04 Postfix.pm<br>-r-xr-xr-x 1 root mail 14565 Apr 9 00:04 QMDiskStore.pm<br>-r-xr-xr-x 1 root mail 28039 Apr 9 00:04 Qmail.pm<br>
-r-xr-xr-x 1 root mail 8201 Apr 9 00:04 Quarantine.pm<br>-r-xr-xr-x 1 root mail 1695 Apr 9 00:04 Queue.pm<br>-r-xr-xr-x 1 root mail 9400 Apr 9 00:04 RBLs.pm<br>-r-xr-xr-x 1 root mail 44737 Apr 9 00:04 SA.pm<br>
-r-xr-xr-x 1 root mail 19245 Apr 9 00:04 SMDiskStore.pm<br>-r-xr-xr-x 1 root mail 38114 Apr 9 00:04 Sendmail.pm<br>-r-xr-xr-x 1 root mail 30229 Apr 9 00:04 SweepContent.pm<br>-r-xr-xr-x 1 root mail 27660 Apr 9 00:04 SweepOther.pm<br>
-r-xr-xr-x 1 root mail 128436 Apr 9 00:04 SweepViruses.pm<br>-r-xr-xr-x 1 root mail 1446 Apr 9 00:04 SystemDefs.pm<br>-r-xr-xr-x 1 root mail 11895 Apr 9 00:04 TNEF.pm<br>-r-xr-xr-x 1 root mail 9840 Apr 9 00:04 WorkArea.pm<br>
-r-xr-xr-x 1 root mail 15231 Apr 9 00:04 ZMDiskStore.pm<br>-r-xr-xr-x 1 root mail 33755 Apr 9 00:04 ZMailer.pm<br><br>-------------------------------<br>ngthcm# /usr/local/sbin/mailscanner -v<br>]Running on<br>
FreeBSD ngthcm 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386<br>
This is Perl version 5.008009 (5.8.9)<br><br>This is MailScanner version 4.67.6<br>Module versions are:<br>1.00 AnyDBM_File<br>1.26 Archive::Zip<br>1.10 Carp<br>2.015 Compress::Zlib<br>1.119 Convert::BinHex<br>
2.27 Date::Parse<br>1.02 DirHandle<br>1.06 Fcntl<br>2.77 File::Basename<br>2.13 File::Copy<br>2.01 FileHandle<br>2.07_02 File::Path<br>0.21 File::Temp<br>0.92 Filesys::Df<br>3.60 HTML::Entities<br>
3.60 HTML::Parser<br>3.57 HTML::TokeParser<br>1.23 IO<br>1.14 IO::File<br>1.13 IO::Pipe<br>2.04 Mail::Header<br>1.89 Math::BigInt<br>3.07 MIME::Base64<br>5.427 MIME::Decoder<br>5.427 MIME::Decoder::UU<br>
5.427 MIME::Head<br>5.427 MIME::Parser<br>3.07 MIME::QuotedPrint<br>5.427 MIME::Tools<br>0.13 Net::CIDR<br>1.15 POSIX<br>1.19 Scalar::Util<br>1.81 Socket<br>1.4 Sys::Hostname::Long<br>0.27 Sys::Syslog<br>
1.9719 Time::HiRes<br>1.02 Time::localtime<br><br>Optional module versions are:<br>1.46 Archive::Tar<br>0.23 bignum<br>missing Business::ISBN<br>missing Business::ISBN::Data<br>missing Data::Dump<br>1.817 DB_File<br>
1.14 DBD::SQLite<br>1.607 DBI<br>1.15 Digest<br>1.01 Digest::HMAC<br>2.37 Digest::MD5<br>2.11 Digest::SHA1<br>1.01 Encode::Detect<br>0.17015 Error<br>0.24 ExtUtils::CBuilder<br>2.19 ExtUtils::ParseXS<br>
2.37 Getopt::Long<br>missing Inline<br>1.08 IO::String<br>1.09 IO::Zlib<br>missing IP::Country<br>missing Mail::ClamAV<br>3.002005 Mail::SpamAssassin<br>v2.006 Mail::SPF<br>missing Mail::SPF::Query<br>0.32 Module::Build<br>
missing Net::CIDR::Lite<br>0.65 Net::DNS<br>v0.003 Net::DNS::Resolver::Programmable<br>missing Net::LDAP<br> 4.024 NetAddr::IP<br>missing Parse::RecDescent<br>missing SAVI<br>2.64 Test::Harness<br>missing Test::Manifest<br>
1.98 Text::Balanced<br>1.37 URI<br>0.76 version<br>0.68 YAML<br><br><br></div><br><br>
<br></div></div>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><font color="#888888"><br><br clear="all"><br>-- <br>Martin Hepworth<br>Oxford, UK<br>
</font><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><font color="#888888">
</font></blockquote></div><br>