<p>Right, so you have a taint issue preventing the creation of the date subdir (or similar) in the quarantine.<br>
Did you try the usual -U thing (google it, or use gmane, I'm tipsy and would likely get something wrong;-) .</p>
<p>Cheers<br>
-- <br>
-- Glenn</p>
<div class="gmail_quote">Den 25 aug 2011 19:28 skrev "John Bull" <<a href="mailto:jbull@esd113.org">jbull@esd113.org</a>>:<br type="attribution">> # MailScanner --debug<br>> <br>> In Debugging mode, not forking...<br>
> Trying to setlogsock(unix)<br>> Building a message batch to scan...<br>> Insecure dependency in mkdir while running with -T switch at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 189.<br>> <br>> Regards,<br>
> John<br>> <br>> -----Original Message-----<br>> From: <a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a> [mailto:<a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a>] On Behalf Of <a href="mailto:mailscanner-request@lists.mailscanner.info">mailscanner-request@lists.mailscanner.info</a><br>
> Sent: Wednesday, August 24, 2011 4:01 AM<br>> To: <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>> Subject: MailScanner Digest, Vol 68, Issue 20<br>> <br>> Send MailScanner mailing list submissions to<br>
> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>> <br>> To subscribe or unsubscribe via the World Wide Web, visit<br>> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
> or, via email, send a message with subject or body 'help' to<br>> <a href="mailto:mailscanner-request@lists.mailscanner.info">mailscanner-request@lists.mailscanner.info</a><br>> <br>> You can reach the person managing the list at<br>
> <a href="mailto:mailscanner-owner@lists.mailscanner.info">mailscanner-owner@lists.mailscanner.info</a><br>> <br>> When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..."<br>
> <br>> <br>> Today's Topics:<br>> <br>> 1. Re: Spam remaining in hold queue (Glenn Steen)<br>> <br>> <br>> ----------------------------------------------------------------------<br>> <br>
> Message: 1<br>> Date: Wed, 24 Aug 2011 01:59:40 +0200<br>> From: Glenn Steen <<a href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</a>><br>> Subject: Re: Spam remaining in hold queue<br>> To: MailScanner discussion <<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><br>
> Message-ID:<br>> <<a href="mailto:CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw@mail.gmail.com">CAAug_B-zG-Kk03cscpNAE_9uk9uVz7JV6OmUG6jWs0pz7fc7Bw@mail.gmail.com</a>><br>> Content-Type: text/plain; charset="iso-8859-1"<br>
> <br>> What is the debug result for a gtube run, not eicar as you showed that to be fine...?<br>> The processing db thing kind of indicate that something is killing ms.<br>> <br>> Cheers<br>> --<br>> -- Glenn<br>
> Den 23 aug 2011 00:12 skrev "John Bull" <<a href="mailto:jbull@esd113.org">jbull@esd113.org</a>>:<br>>> List,<br>>><br>>> Testing Lab - Installation specifics:<br>>> MailScanner-4.84.3-1.rpm.tar<br>
>> Postfix 2.6.6<br>>> Scientific Linux 6.1, perl 5.10.1<br>>> High scoring spam is set to: store and notify<br>>><br>>> Problem:<br>>> Email with gtube spam test remains in the Postfix hold queue and is <br>
>> not<br>> delivered to the spam quarantine.<br>>><br>>> # postqueue -p<br>>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- <br>>> EFF9C4EB9! 755 Mon Aug 22 13:22:51 jbull@esd113.lab <br>
>> tone@test.lab<mailto:<a href="mailto:tone@test.lab">tone@test.lab</a>><br>>><br>>> MailScanner successfully creates<br>> /var/Spool/MailScanner/quarantine/<date>/spam<br>>> but the email never makes it there.<br>
>><br>>> Directory Permissions:<br>>> chown -R postfix.clamav /var/spool/MailScanner/incoming chmod -R 770 <br>>> /var/spool/MailScanner/incoming chown postfix.postfix<br>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db<br>
>> chown postfix.postfix -R <br>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp<br>>> chown postfix.postfix /var/spool/MailScanner/incoming/Processing.db<br>>><br>>> chown -R postfix.apache /var/spool/MailScanner/quarantine chmod 770 -R <br>
>> /var/spool/MailScanner/quarantine<br>>><br>>> mkdir /var/spool/MailScanner/spamassassin<br>>> chown -R postfix:postfix /var/spool/MailScanner/spamassassin<br>>> chmod -R 770 /var/spool/MailScanner/spamassassin<br>
>><br>>> MailScanner Config<br>>> Run As User = postfix<br>>> Run As Group = postfix<br>>> Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = <br>>> /var/spool/postfix/incoming Incoming Work Dir = <br>
>> /var/spool/MailScanner/incoming MTA = postfix Sendmail = <br>>> /usr/sbin/sendmail.postfix Incoming Work Group = clamav Incoming Work <br>>> Permissions = 0644 Quarantine User = postfix Quarantine Group = apache <br>
>> Quarantine Permissions = 0660 Virus Scanners = clamd Quarantine <br>>> Infections = no Quarantine Whole Message = yes Quarantine Whole <br>>> Messages As Queue Files = no Keep Spam And MCP Archive Clean = yes <br>
>> Spam Checks = yes Is Definitely Not Spam = <br>>> %rules-dir%/spam.whitelist.rules Is Definitely Spam = <br>>> %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes <br>>> Use SpamAssassin = yes Required SpamAssassin Score = 4.75 High <br>
>> SpamAssassin Score = 6 Spam Score = yes Spam Actions = deliver High <br>>> Scoring Spam Actions = store notify<br>>><br>>><br>>> Maillog:<br>>> Spam Checks: Starting<br>>> Aug 22 13:26:06 opened MailScanner[2548]: Message EFF9C4EB9.A5C23 from<br>
> 192.168.0.110 (jbull@esd113.lab) to test.lab is spam, SpamAssassin (score=1001.99, required 4.75, autolearn=disabled, ALL_TRUSTED -1.00, DCC_CHECK 3.00, GTUBE 1000.00, T_RP_MATCHES_RCVD -0.01)<br>>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Checks: Found 1 spam<br>
> messages<br>>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: message<br>> EFF9C4EB9.A5C23 actions are store,notify<br>>> Aug 22 13:26:06 opened MailScanner[2548]: Spam Actions: Notify<br>> tone@test.lab<mailto:<a href="mailto:tone@test.lab">tone@test.lab</a>><br>
>><br>>> : Warning: skipping message EFF9C4EB9.A5C23 as it has been attempted <br>>> too<br>> many times<br>>> Aug 22 13:46:35 opened MailScanner[3396]: Quarantined message<br>> EFF9C4EB9.A5C23 as it caused MailScanner to crash several times<br>
>><br>>> MailScanner --processing<br>>> Currently being processed:<br>>><br>>> Number of messages: 1<br>>> Tries Message Next Try At<br>>> ===== ======= ===========<br>>> 6 EFF9C4EB9.A5C23 Mon Aug 22 13:49:34 2011<br>
>><br>>> # MailScanner --lint --debug<br>>> Trying to setlogsock(unix)<br>>><br>>> Reading configuration file /etc/MailScanner/MailScanner.conf Reading <br>>> configuration file /etc/MailScanner/conf.d/README Read 867 hostnames <br>
>> from the phishing whitelist Read 4076 hostnames from the phishing <br>>> blacklists<br>>><br>>> Checking version numbers...<br>>> Version number in MailScanner.conf (4.84.3) is correct.<br>
>> MailScanner setting GID to (89)<br>>> MailScanner setting UID to (89)<br>>><br>>> Checking for SpamAssassin errors (if you use it)...<br>>> Using SpamAssassin results cache<br>>> Connected to SpamAssassin cache database SpamAssassin reported no <br>
>> errors.<br>>> Connected to Processing Attempts Database Created Processing Attempts <br>>> Database successfully There is 1 message in the Processing Attempts <br>>> Database Using locktype = posix MailScanner.conf says "Virus Scanners <br>
>> = clamd"<br>>> Found these virus scanners installed: clamd<br>>><br>> ===========================================================================<br>>> Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com">eicar.com</a>) Other Checks: <br>
>> Found 1 problems Virus and Content Scanning: Starting<br>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/<a href="http://eicar.com">eicar.com</a> Virus <br>>> Scanning: Clamd found 2 infections Infected message 1 came from <br>
>> 10.1.1.1 Virus Scanning: Found 2 viruses<br>>><br>> ===========================================================================<br>>> Virus Scanner test reports:<br>>> Clamd said "<a href="http://eicar.com">eicar.com</a> was infected: Eicar-Test-Signature"<br>
>><br>>> If any of your virus scanners (clamd)<br>>> are not listed there, you should check that they are installed <br>>> correctly and that MailScanner is finding them correctly via its<br>> virus.scanners.conf.<br>
>><br>>> Thank you,<br>>> John<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <a href="http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html">http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110824/bbe6f83f/attachment-0001.html</a><br>
> <br>> ------------------------------<br>> <br>> --<br>> MailScanner mailing list<br>> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
> <br>> Before posting, read the Wiki (<a href="http://wiki.mailscanner.info/">http://wiki.mailscanner.info/</a>).<br>> <br>> Support MailScanner development - buy the book off the website! <br>> <br>> <br>
> End of MailScanner Digest, Vol 68, Issue 20<br>> *******************************************<br>> <br>> <br></div>