<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I am not really trying to be a nuisance on this but this is still
happening way too often. Legitimate emails are getting completely
wiped out. Are there any ideas for how to best find out what is
causing the "status = 13" error? <br>
<br>
Thanks!<br>
Steve<br>
<br>
On 06/01/2016 11:50 AM, Steven Jardine wrote:<br>
<blockquote cite="mid:574F2049.10306@mjnservices.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
OK. So I upgraded to v5.0.2-1 and I created a group called
mtagroup and added smmsp, smmta, www-data, clamav to the group. I
changed the:<br>
<br>
Incoming Work User = clamav<br>
Incoming Work Group = mtagroup<br>
Incoming Work Permissions = 0660<br>
<br>
Also, I set in clamd.conf:<br>
<br>
AllowSupplementaryGroups true<br>
<br>
Still showing the problem. Maybe 30 messages today have the
error. <br>
<br>
All look like this:<br>
<br>
Jun 1 05:50:14 mail MailScanner[4864]: Virus and Content
Scanning: Starting<br>
Jun 1 05:50:20 mail MailScanner[4864]: HTML disarming died,
status = 13<br>
Jun 1 05:50:20 mail MailScanner[4864]: Content Checks: Detected
and have disarmed KILLED tags in HTML message in u51BoCcl030596
from
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:bounce-21178_html-182046758-2943000-10142840-4602@bounce.homedepotemail.com">bounce-21178_html-182046758-2943000-10142840-4602@bounce.homedepotemail.com</a><br>
<br>
Any ideas? Is there a way to add additional logging? It also
seems to me like it would be better to allow these messages be
delivered without modification rather than removing the content
with the denial of service attack message.<br>
<br>
Thanks!<br>
Steve<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
On 05/29/2016 04:26 AM, Jerry Benton wrote:<br>
<blockquote
cite="mid:3B0448D0-B222-46F8-8BE0-9C28DC32FD78@mailborder.com"
type="cite">
<pre wrap="">With v5.0.2-1 and the Incoming Work User set to clamav (or whatever it is for your system) I have not seen any more failures where a process was killed. I also set work permissions to 0660 and the incoming work group to mtagroup making sure that postfix, clam, etc. users are in the group. I also allow supplementary groups in clamd.conf.
Side note: I am not seen any errors where clam was unable to read the .header for extracted files anymore either.
-
Jerry Benton
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.mailborder.com">www.mailborder.com</a>
</pre>
<blockquote type="cite">
<pre wrap="">On May 27, 2016, at 11:57 PM, Mark Sapiro <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mark@msapiro.net"><mark@msapiro.net></a> wrote:
On 05/24/2016 02:27 PM, Steven Jardine wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would say that 25% of the disarm messages were
Content Checks: Detected and have disarmed KILLED tags in HTML message...
and they produced the Denial Of Service Attack messages.
The others look like this:
Content Checks: Detected and have disarmed phishing tags in HTML message
...
</pre>
</blockquote>
<pre wrap="">
OK, so it fails intermittently, about 25% of the time.
</pre>
<blockquote type="cite">
<pre wrap="">I have no idea why there would be any kind of permission error. If my
permissions weren't set right I would be having all kinds of errors, right?
</pre>
</blockquote>
<pre wrap="">
I would think so, but the latest v5.0.2-1 version
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="https://www.mailscanner.info/downloads/"><https://www.mailscanner.info/downloads/></a> has some changes in the
permissions used for temp work files and may help. I suggest you try
this one and report what happens with it.
--
Mark Sapiro <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mark@msapiro.net"><mark@msapiro.net></a> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<br>
<div style="font-size: 8pt;color:gray;padding-top:10px;"><b>IMPORTANT:</b>
This email does not constitute a contract or an offer of
acceptance of an offer to enter into a contract. Further, this
email may not be used to modify, supplement, novate, or waive
any rights with respect to an existing contract or other binding
commercial terms. MJN Services, Inc. conducts business under our
service terms and conditions found at <a class="moz-txt-link-abbreviated" href="http://www.mjnservices.com">www.mjnservices.com</a> unless
otherwise agreed to in writing by an officer of MJN Services,
Inc.</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
<div style="font-size: 8pt;color:gray;padding-top:10px;"><b>IMPORTANT:</b> This email does not constitute a contract or an offer of acceptance of an offer to enter into a contract. Further, this email may not be used to modify, supplement, novate, or waive any rights with respect to an existing contract or other binding commercial terms. MJN Services, Inc. conducts business under our service terms and conditions found at www.mjnservices.com unless otherwise agreed to in writing by an officer of MJN Services, Inc.</div>
</body>
</html>