<div dir="ltr">You can delete those older directories safely while MailScanner is idle and running (stopping MailScanner may sync the ramdisk, which means they will come back when MailScanner is started back up). If you are paranoid, you can get the current PIDs of all current MailScanner processes, just to be safe, and skip those directories, if present. They normally auto-delete, but I have seen cases where they do not, such as a system crash, MailScanner crash, or permissions issue.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 21, 2019 at 5:41 PM Kevin Miller <<a href="mailto:kevin.miller@juneau.org">kevin.miller@juneau.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I noticed a couple of issues on my MailScanner boxes:<br>
1: Old directories in /var/spool/MailScanner/Incoming:<br>
<br>
root@mx2:/var/spool/MailScanner/incoming# l<br>
total 252<br>
drwxrwx--- 2 postfix mtagroup 40 Jun 22 2018 10064<br>
drwxrwx--- 2 postfix mtagroup 40 Jan 23 04:41 10983<br>
drwxrwx--- 2 postfix mtagroup 40 Oct 5 15:17 11738<br>
drwxrwx--- 2 postfix mtagroup 40 Dec 16 09:35 1221<br>
drwxrwx--- 2 postfix mtagroup 40 Aug 16 2018 1259<br>
drwxrwx--- 2 postfix mtagroup 40 Dec 14 06:25 1267<br>
drwxrwx--- 2 postfix mtagroup 40 Jun 1 2018 13123<br>
drwxrwx--- 2 postfix mtagroup 40 Sep 27 13:50 14581<br>
drwxrwx--- 2 postfix mtagroup 40 Sep 25 14:53 1504<br>
drwxrwx--- 2 postfix mtagroup 40 Jan 23 06:26 15182<br>
drwxrwx--- 2 postfix mtagroup 40 Nov 7 06:25 15247<br>
drwxrwx--- 2 postfix mtagroup 40 Dec 14 16:50 15342<br>
drwxrwx--- 2 postfix mtagroup 40 Jan 21 14:56 15377<br>
drwxrwx--- 2 postfix mtagroup 40 Sep 25 14:55 1561<br>
...snip...<br>
<br>
Shouldn't these be auto-deleted? I presume I can manually delete them if they're empty, yes?<br>
<br>
2: I just ran MailScanner --lint which output the following:<br>
MailScanner.conf says "Virus Scanners = sophos clamd"<br>
mktemp: failed to create directory via template '/var/spool/MailScanner/incoming/clamav-tmp/tmp.XXXXXXXXXX': Permission denied<br>
Found these virus scanners installed: clamd, sophos<br>
===========================================================================<br>
Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com" rel="noreferrer" target="_blank">eicar.com</a>)<br>
Other Checks: Found 1 problems<br>
Virus and Content Scanning: Starting<br>
>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/27249/1/<a href="http://neicar.com" rel="noreferrer" target="_blank">neicar.com</a><br>
Virus Scanning: Sophos found 1 infections<br>
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/<a href="http://eicar.com" rel="noreferrer" target="_blank">eicar.com</a><br>
Virus Scanning: Clamd found 1 infections<br>
Infected message 1 came from 10.1.1.1<br>
Infected message var came from <br>
Virus Scanning: Found 2 viruses<br>
===========================================================================<br>
Virus Scanner test reports:<br>
Clamd said "<a href="http://eicar.com" rel="noreferrer" target="_blank">eicar.com</a> was infected: Eicar-Test-Signature"<br>
<br>
It seems that clam-av is catching the infection, despite the clamav-tmp directory being inaccessible but I suspect there could be some other issues that could arise that I'm not seeing in a simple lint test.<br>
<br>
Also, this is puzzeling:<br>
Other Checks: Found 1 problems<br>
What other check and what's the problem?<br>
<br>
I'm running both Sophos and clamav (clamd).<br>
Permisson on /var/spool/MailScanner/incoming/clamav-tmp are:<br>
drwxr-xr-x 2 www-data www-data 40 Aug 10 2018 clamav-tmp<br>
<br>
What should the owner.group and perms be on that directory?<br>
<br>
---<br>
Environment details:<br>
MailWatch Version: 1.2.12<br>
Operating System Version: Debian GNU/Linux 9 (stretch)<br>
Postfix Version: 3.1.9<br>
MailScanner Version: 5.0.7<br>
ClamAV Version: 0.100.2<br>
SpamAssassin Version: 3.4.2<br>
PHP Version: 7.0.33-0+deb9u1<br>
MySQL Version: 10.1.37-MariaDB-0+deb9u1<br>
GeoIP Database Version: GeoLite2 Country database 2019-02-05 05:36:24<br>
<br>
Incoming Work User = postfix<br>
Incoming Work Group = mtagroup<br>
/etc/group: mtagroup:x:1002:clamav,postfix,mail,www-data<br>
I'm also running Mailwatch<br>
<br>
Thanks...<br>
<br>
...Kevin<br>
--<br>
Kevin Miller<br>
Network/email Administrator, CBJ MIS Dept.<br>
155 South Seward Street<br>
Juneau, Alaska 99801<br>
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357<br>
<br>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr">Shawn Iverson, CETL<div>Director of Technology</div><div>Rush County Schools</div><div>765-932-3901 option 7</div><div><a href="mailto:iversons@rushville.k12.in.us" target="_blank">iversons@rushville.k12.in.us</a></div><div><br></div><div><img src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ" style="font-size: 12.8px;" width="96" height="96"><img src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ" width="89" height="96"></div><div><img src="https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ" style="font-size: 12.8px;"><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>