<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks. I have reviewed the performance tips for MailScanner, and our
system is extremely well optimized. We can easily push 500K
messages/day through Mailscanner/Spamassassin, in addition to the
several million that we drop at the MTA with DNSBLs.<br>
<br>
<br>
The problem is that clamdscan does get properly called from
/opt/MailScanner/lib/clamav-wrapper (actually, a slightly modified
version of it to call calmdscan rather than clamscan). The problem is
that only the message headers make it into my '<br>
Incoming Work Dir’, which is set to /tmp. <br>
<br>
Here's what clamd writes out in its log, which shows that only headers
are being scanned<br>
:<br>
+++ Started at Thu Oct 15 11:15:29 2009<br>
clamd daemon 0.95.2 (OS: solaris2.8, ARCH: sparc, CPU: sparc)<br>
Log file size limited to 2097152 bytes.<br>
Reading databases from /var/opt/csw/clamav/db<br>
Not loading PUA signatures.<br>
Loaded 1174218 signatures.<br>
LOCAL: Unix socket file /tmp/clamd.socket<br>
LOCAL: Setting connection queue length to 15<br>
Limits: Global size limit set to 104857600 bytes.<br>
Limits: File size limit set to 26214400 bytes.<br>
Limits: Recursion level limit set to 16.<br>
Limits: Files limit set to 10000.<br>
Archive support enabled.<br>
Algorithmic detection enabled.<br>
Portable Executable support enabled.<br>
ELF support enabled.<br>
Mail files support enabled.<br>
OLE2 support enabled.<br>
PDF support enabled.<br>
HTML support enabled.<br>
Self checking every 600 seconds.<br>
/tmp/13100/8779FCC5E3.7CB46.header: OK<br>
/tmp/13100/87806CC5E4.586C4.header: OK<br>
/tmp/9684/ED86FCC5F6.81C14.header: OK<br>
/tmp/497/90E90CC5FD.57D06.header: OK<br>
/tmp/4328/A46FDCC5D7.7A0E6.header: OK<br>
/tmp/13100/B78E6CC605.48C0A.header: OK<br>
/tmp/3599/7F3A9CC5B8.8843E.header: OK<br>
<etc, etc, etc><br>
<br>
What would cause only the headers to be extracted? Is there any way
to debug MS to figure out what's going wrong with the interaction with
Clamdscan?<br>
<br>
Spamassassin has no troubles at all, by the way.<br>
<br>
<br>
Any help and/or guidance is greatly appreciated.<br>
<br>
Jared<br>
<br>
<br>
<br>
<br>
#./MailScanner -v <br>
Running on<br>
SunOS <snip> sun4v sparc SUNW,SPARC-Enterprise-T5220<br>
This is Perl version 5.008008 (5.8.8)<br>
<br>
This is MailScanner version 4.56.8<br>
Module versions are:<br>
1.00 AnyDBM_File<br>
1.30 Archive::Zip<br>
1.04 Carp<br>
1.119 Convert::BinHex<br>
1.00 DirHandle<br>
1.05 Fcntl<br>
2.74 File::Basename<br>
2.09 File::Copy<br>
2.01 FileHandle<br>
1.08 File::Path<br>
0.22 File::Temp<br>
0.92 Filesys::Df<br>
3.60 HTML::Entities<br>
3.61 HTML::Parser<br>
3.57 HTML::TokeParser<br>
1.25 IO<br>
1.14 IO::File<br>
1.13 IO::Pipe<br>
2.04 Mail::Header<br>
3.07 MIME::Base64<br>
5.427 MIME::Decoder<br>
5.427 MIME::Decoder::UU<br>
5.427 MIME::Head<br>
5.427 MIME::Parser<br>
3.07 MIME::QuotedPrint<br>
5.427 MIME::Tools<br>
0.13 Net::CIDR<br>
1.09 POSIX<br>
1.78 Socket<br>
1.4 Sys::Hostname::Long<br>
0.27 Sys::Syslog<br>
1.86 Time::HiRes<br>
1.02 Time::localtime<br>
<br>
Optional module versions are:<br>
0.17 Convert::TNEF<br>
1.814 DB_File<br>
1.25 DBD::SQLite<br>
1.607 DBI<br>
1.14 Digest<br>
1.01 Digest::HMAC<br>
2.36 Digest::MD5<br>
2.11 Digest::SHA1<br>
missing Inline<br>
missing Mail::ClamAV<br>
3.002005 Mail::SpamAssassin<br>
1.999001 Mail::SPF::Query<br>
0.20 Net::CIDR::Lite<br>
1.25 Net::IP<br>
0.65 Net::DNS<br>
0.39 Net::LDAP<br>
missing Parse::RecDescent<br>
missing SAVI<br>
2.56 Test::Harness<br>
0.92 Test::Simple<br>
1.95 Text::Balanced<br>
1.38 URI<br>
<br>
<br>
<br>
<br>
<br>
Scott Silva wrote:
<blockquote cite="mid:h9u6ht$fu$1@ger.gmane.org" type="cite">on
9-29-2009 1:23 PM Jared spake the following:<br>
<blockquote type="cite">Greetings, MailScanner community,<br>
<br>
I have been using MailScanner with Postfix and ClamAV for several years<br>
now and it has been an extremely effective system for combating spam and<br>
malware for my users. I have just refreshed our system to bring the<br>
relevant software up to a reasonable rev as well as putting it on much<br>
more capable hardware.<br>
<br>
Everything seems to be working with the exception of my virus scanning.
<br>
Here’s the situation:<br>
My ‘Incoming Work Dir’ is set to /tmp (as it’s in RAM rather than on<br>
disk for speed). As mail comes in, I can see that a MailScanner child<br>
creates a subdirectory of /tmp with its PID, and then calls the ClamAV<br>
wrapper to scan that directory. My expectation is that MailScanner<br>
decodes all MIME parts and decodes Base64 for the AV engine to troll and<br>
will leave them in that temporary directory.<br>
<br>
The problem is that the only file being written out into those<br>
directories is the message header – no other MIME parts (or even a<br>
plain-text part, for that matter) ever make it into the directory. As a<br>
result, ClamAV is unable to detect infections because it will never see<br>
them. <br>
<br>
I have confirmed that ClamAV is able to detect viruses (by using an<br>
EICAR test file) when run from the command line and/or the MailScanner<br>
wrapper script, and that Clam is only being “fed” files like<br>
/tmp/PID/MessageID.header<br>
<br>
Is there something that I’m missing in my install? Do I have a<br>
fundamental misunderstanding of how MailScanner interacts with ClamAV<br>
via the wrapper? I have tried running MailScanner in debug mode, but<br>
there’s really no useful information in there.<br>
<br>
Any guidance would be very much appreciated!<br>
<Snip><br>
</blockquote>
<!----><br>
Read
<a class="moz-txt-link-freetext" href="http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips">http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips</a><br>
<br>
and maybe<br>
<a class="moz-txt-link-freetext" href="http://wiki.mailscanner.info/doku.php?id=maq:index#i_don_t_get_output_from_clamav_or_other_anti-virus_what_is_wrong">http://wiki.mailscanner.info/doku.php?id=maq:index#i_don_t_get_output_from_clamav_or_other_anti-virus_what_is_wrong</a><br>
<br>
<br>
<br>
</blockquote>
<br>
</body>
</html>