<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>List,<o:p></o:p></p><p class=MsoNormal><b><o:p> </o:p></b></p><p class=MsoNormal><b>Testing Lab - Installation specifics:<o:p></o:p></b></p><p class=MsoNormal>MailScanner-4.84.3-1.rpm.tar <o:p></o:p></p><p class=MsoNormal>Postfix 2.6.6<o:p></o:p></p><p class=MsoNormal>Scientific Linux 6.1, perl 5.10.1<o:p></o:p></p><p class=MsoNormal>High scoring spam is set to: store and notify <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Problem:<o:p></o:p></b></p><p class=MsoNormal>Email with gtube spam test remains in the Postfix hold queue and is not delivered to the spam quarantine. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b># postqueue -p<o:p></o:p></b></p><p class=MsoNormal>-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------<o:p></o:p></p><p class=MsoNormal>EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull@esd113.lab<o:p></o:p></p><p class=MsoNormal> <a href="mailto:tone@test.lab">tone@test.lab</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>MailScanner successfully creates /var/Spool/MailScanner/quarantine/<date>/spam<o:p></o:p></p><p class=MsoNormal>but the email never makes it there.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Directory Permissions:<o:p></o:p></b></p><p class=MsoNormal>chown -R postfix.clamav /var/spool/MailScanner/incoming<o:p></o:p></p><p class=MsoNormal>chmod -R 770 /var/spool/MailScanner/incoming<o:p></o:p></p><p class=MsoNormal>chown postfix.postfix /var/spool/MailScanner/incoming/SpamAssassin.cache.db<o:p></o:p></p><p class=MsoNormal>chown postfix.postfix -R /var/spool/MailScanner/incoming/SpamAssassin-Temp<o:p></o:p></p><p class=MsoNormal>chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>chown -R postfix.apache /var/spool/MailScanner/quarantine<o:p></o:p></p><p class=MsoNormal>chmod 770 -R /var/spool/MailScanner/quarantine<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>mkdir /var/spool/MailScanner/spamassassin<o:p></o:p></p><p class=MsoNormal>chown -R postfix:postfix /var/spool/MailScanner/spamassassin<o:p></o:p></p><p class=MsoNormal>chmod -R 770 /var/spool/MailScanner/spamassassin<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>MailScanner Config<o:p></o:p></b></p><p class=MsoNormal>Run As User = postfix<o:p></o:p></p><p class=MsoNormal>Run As Group = postfix<o:p></o:p></p><p class=MsoNormal>Incoming Queue Dir = /var/spool/postfix/hold<o:p></o:p></p><p class=MsoNormal>Outgoing Queue Dir = /var/spool/postfix/incoming<o:p></o:p></p><p class=MsoNormal>Incoming Work Dir = /var/spool/MailScanner/incoming<o:p></o:p></p><p class=MsoNormal>MTA = postfix<o:p></o:p></p><p class=MsoNormal>Sendmail = /usr/sbin/sendmail.postfix<o:p></o:p></p><p class=MsoNormal>Incoming Work Group = clamav<o:p></o:p></p><p class=MsoNormal>Incoming Work Permissions = 0644<o:p></o:p></p><p class=MsoNormal>Quarantine User = postfix<o:p></o:p></p><p class=MsoNormal>Quarantine Group = apache<o:p></o:p></p><p class=MsoNormal>Quarantine Permissions = 0660<o:p></o:p></p><p class=MsoNormal>Virus Scanners = clamd<o:p></o:p></p><p class=MsoNormal>Quarantine Infections = no<o:p></o:p></p><p class=MsoNormal>Quarantine Whole Message = yes<o:p></o:p></p><p class=MsoNormal>Quarantine Whole Messages As Queue Files = no<o:p></o:p></p><p class=MsoNormal>Keep Spam And MCP Archive Clean = yes<o:p></o:p></p><p class=MsoNormal>Spam Checks = yes<o:p></o:p></p><p class=MsoNormal>Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules<o:p></o:p></p><p class=MsoNormal>Is Definitely Spam = %rules-dir%/spam.blacklist.rules<o:p></o:p></p><p class=MsoNormal>Definite Spam Is High Scoring = yes<o:p></o:p></p><p class=MsoNormal>Use SpamAssassin = yes<o:p></o:p></p><p class=MsoNormal>Required SpamAssassin Score = 4.75<o:p></o:p></p><p class=MsoNormal>High SpamAssassin Score = 6<o:p></o:p></p><p class=MsoNormal>Spam Score = yes<o:p></o:p></p><p class=MsoNormal>Spam Actions = deliver<o:p></o:p></p><p class=MsoNormal>High Scoring Spam Actions = store notify<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Maillog:<o:p></o:p></b></p><p class=MsoNormal>Spam Checks: Starting<o:p></o:p></p><p class=MsoNormal>Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from 192.168.0.110 (jbull@esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)<o:p></o:p></p><p class=MsoNormal>Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam messages<o:p></o:p></p><p class=MsoNormal>Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message EFF9C4EB9.A5C23 actions are store,notify<o:p></o:p></p><p class=MsoNormal>Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify <a href="mailto:tone@test.lab">tone@test.lab</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>: Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too many times<o:p></o:p></p><p class=MsoNormal>Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message EFF9C4EB9.A5C23 as it caused MailScanner to crash several times<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>MailScanner --processing<o:p></o:p></b></p><p class=MsoNormal>Currently being processed:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Number of messages: 1<o:p></o:p></p><p class=MsoNormal>Tries Message Next Try At<o:p></o:p></p><p class=MsoNormal>===== ======= ===========<o:p></o:p></p><p class=MsoNormal>6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b># MailScanner --lint --debug<o:p></o:p></b></p><p class=MsoNormal>Trying to setlogsock(unix)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p><p class=MsoNormal>Read 867 hostnames from the phishing whitelist<o:p></o:p></p><p class=MsoNormal>Read 4076 hostnames from the phishing blacklists<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Checking version numbers...<o:p></o:p></p><p class=MsoNormal>Version number in MailScanner.conf (4.84.3) is correct.<o:p></o:p></p><p class=MsoNormal>MailScanner setting GID to (89)<o:p></o:p></p><p class=MsoNormal>MailScanner setting UID to (89)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Checking for SpamAssassin errors (if you use it)...<o:p></o:p></p><p class=MsoNormal>Using SpamAssassin results cache<o:p></o:p></p><p class=MsoNormal>Connected to SpamAssassin cache database<o:p></o:p></p><p class=MsoNormal>SpamAssassin reported no errors.<o:p></o:p></p><p class=MsoNormal>Connected to Processing Attempts Database<o:p></o:p></p><p class=MsoNormal>Created Processing Attempts Database successfully<o:p></o:p></p><p class=MsoNormal>There is 1 message in the Processing Attempts Database<o:p></o:p></p><p class=MsoNormal>Using locktype = posix<o:p></o:p></p><p class=MsoNormal>MailScanner.conf says "Virus Scanners = clamd"<o:p></o:p></p><p class=MsoNormal>Found these virus scanners installed: clamd<o:p></o:p></p><p class=MsoNormal>===========================================================================<o:p></o:p></p><p class=MsoNormal>Filename Checks: Windows/DOS Executable (1 eicar.com)<o:p></o:p></p><p class=MsoNormal>Other Checks: Found 1 problems<o:p></o:p></p><p class=MsoNormal>Virus and Content Scanning: Starting<o:p></o:p></p><p class=MsoNormal>Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Clamd found 2 infections<o:p></o:p></p><p class=MsoNormal>Infected message 1 came from 10.1.1.1<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Found 2 viruses<o:p></o:p></p><p class=MsoNormal>===========================================================================<o:p></o:p></p><p class=MsoNormal>Virus Scanner test reports:<o:p></o:p></p><p class=MsoNormal>Clamd said "eicar.com was infected: Eicar-Test-Signature"<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If any of your virus scanners (clamd)<o:p></o:p></p><p class=MsoNormal>are not listed there, you should check that they are installed correctly<o:p></o:p></p><p class=MsoNormal>and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thank you,<o:p></o:p></p><p class=MsoNormal>John<o:p></o:p></p></div></body></html>