<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I have tried numerous attempts to edit directory/file permissions so I believe that can safely be ruled out as an issue.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Mailscanner –debug is hanging after the message “Building a message batch to scan…<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># MailScanner --debug<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In Debugging mode, not forking...<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Trying to setlogsock(unix)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Building a message batch to scan...<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It maybe that there are additional Perl taint issues that remain. My production build on CentOS 5.6 with Perl 5.8.8 has always worked like a charm.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>John<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] <b>On Behalf Of </b>Glenn Steen<br><b>Sent:</b> Tuesday, August 23, 2011 5:00 PM<br><b>To:</b> MailScanner discussion<br><b>Subject:</b> Re: Spam remaining in hold queue<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p>What is the debug result for a gtube run, not eicar as you showed that to be fine...?<br>The processing db thing kind of indicate that something is killing ms.<o:p></o:p></p><p>Cheers<br>-- <br>-- Glenn<o:p></o:p></p><div><p class=MsoNormal>Den 23 aug 2011 00:12 skrev "John Bull" <<a href="mailto:jbull@esd113.org">jbull@esd113.org</a>>:<br>> List,<br>> <br>> Testing Lab - Installation specifics:<br>> MailScanner-4.84.3-1.rpm.tar<br>> Postfix 2.6.6<br>> Scientific Linux 6.1, perl 5.10.1<br>> High scoring spam is set to: store and notify<br>> <br>> Problem:<br>> Email with gtube spam test remains in the Postfix hold queue and is not delivered to the spam quarantine.<br>> <br>> # postqueue -p<br>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------<br>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 <a href="mailto:jbull@esd113.lab">jbull@esd113.lab</a><br>> tone@test.lab<mailto:<a href="mailto:tone@test.lab">tone@test.lab</a>><br>> <br>> MailScanner successfully creates /var/Spool/MailScanner/quarantine/<date>/spam<br>> but the email never makes it there.<br>> <br>> Directory Permissions:<br>> chown -R postfix.clamav /var/spool/MailScanner/incoming<br>> chmod -R 770 /var/spool/MailScanner/incoming<br>> chown postfix.postfix /var/spool/MailScanner/incoming/SpamAssassin.cache.db<br>> chown postfix.postfix -R /var/spool/MailScanner/incoming/SpamAssassin-Temp<br>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db<br>> <br>> chown -R postfix.apache /var/spool/MailScanner/quarantine<br>> chmod 770 -R /var/spool/MailScanner/quarantine<br>> <br>> mkdir /var/spool/MailScanner/spamassassin<br>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin<br>> chmod -R 770 /var/spool/MailScanner/spamassassin<br>> <br>> MailScanner Config<br>> Run As User = postfix<br>> Run As Group = postfix<br>> Incoming Queue Dir = /var/spool/postfix/hold<br>> Outgoing Queue Dir = /var/spool/postfix/incoming<br>> Incoming Work Dir = /var/spool/MailScanner/incoming<br>> MTA = postfix<br>> Sendmail = /usr/sbin/sendmail.postfix<br>> Incoming Work Group = clamav<br>> Incoming Work Permissions = 0644<br>> Quarantine User = postfix<br>> Quarantine Group = apache<br>> Quarantine Permissions = 0660<br>> Virus Scanners = clamd<br>> Quarantine Infections = no<br>> Quarantine Whole Message = yes<br>> Quarantine Whole Messages As Queue Files = no<br>> Keep Spam And MCP Archive Clean = yes<br>> Spam Checks = yes<br>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules<br>> Is Definitely Spam = %rules-dir%/spam.blacklist.rules<br>> Definite Spam Is High Scoring = yes<br>> Use SpamAssassin = yes<br>> Required SpamAssassin Score = 4.75<br>> High SpamAssassin Score = 6<br>> Spam Score = yes<br>> Spam Actions = deliver<br>> High Scoring Spam Actions = store notify<br>> <br>> <br>> Maillog:<br>> Spam Checks: Starting<br>> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from 192.168.0.110 (<a href="mailto:jbull@esd113.lab">jbull@esd113.lab</a>) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)<br>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam messages<br>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message EFF9C4EB9.A5C23 actions are store,notify<br>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify tone@test.lab<mailto:<a href="mailto:tone@test.lab">tone@test.lab</a>><br>> <br>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted too many times<br>> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message EFF9C4EB9.A5C23 as it caused MailScanner to crash several times<br>> <br>> MailScanner --processing<br>> Currently being processed:<br>> <br>> Number of messages: 1<br>> Tries Message Next Try At<br>> ===== ======= ===========<br>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011<br>> <br>> # MailScanner --lint --debug<br>> Trying to setlogsock(unix)<br>> <br>> Reading configuration file /etc/MailScanner/MailScanner.conf<br>> Reading configuration file /etc/MailScanner/conf.d/README<br>> Read 867 hostnames from the phishing whitelist<br>> Read 4076 hostnames from the phishing blacklists<br>> <br>> Checking version numbers...<br>> Version number in MailScanner.conf (4.84.3) is correct.<br>> MailScanner setting GID to (89)<br>> MailScanner setting UID to (89)<br>> <br>> Checking for SpamAssassin errors (if you use it)...<br>> Using SpamAssassin results cache<br>> Connected to SpamAssassin cache database<br>> SpamAssassin reported no errors.<br>> Connected to Processing Attempts Database<br>> Created Processing Attempts Database successfully<br>> There is 1 message in the Processing Attempts Database<br>> Using locktype = posix<br>> MailScanner.conf says "Virus Scanners = clamd"<br>> Found these virus scanners installed: clamd<br>> ===========================================================================<br>> Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com">eicar.com</a>)<br>> Other Checks: Found 1 problems<br>> Virus and Content Scanning: Starting<br>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/<a href="http://eicar.com">eicar.com</a><br>> Virus Scanning: Clamd found 2 infections<br>> Infected message 1 came from 10.1.1.1<br>> Virus Scanning: Found 2 viruses<br>> ===========================================================================<br>> Virus Scanner test reports:<br>> Clamd said "<a href="http://eicar.com">eicar.com</a> was infected: Eicar-Test-Signature"<br>> <br>> If any of your virus scanners (clamd)<br>> are not listed there, you should check that they are installed correctly<br>> and that MailScanner is finding them correctly via its virus.scanners.conf.<br>> <br>> Thank you,<br>> John<o:p></o:p></p></div></div></body></html>