<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Your spamassassin reported one error. You may want to check and fix it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">My MailScanner –lint runs in 2.3 seconds, yours ran 160 seconds.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">How long does it take to run this one:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">time spamassassin -D --lint<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">You also have duplicated clamav databases. See below in red font color.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">James<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Sebastiano Dante Alighieri <salighie@gmail.com>
<br>
<b>Sent:</b> Monday, April 8, 2019 4:41 PM<br>
<b>To:</b> Yu Wang <yuwang@cs.fsu.edu><br>
<b>Cc:</b> MailScanner Discussion <mailscanner@lists.mailscanner.info><br>
<b>Subject:</b> Re: All Emails tagged as {VIRUS}<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">[root@MyHost ~]# time MailScanner --lint<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Trying to setlogsock(unix)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Read 868 hostnames from the phishing whitelist<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Read 5807 hostnames from the phishing blacklists<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Checking version numbers...<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Version number in MailScanner.conf (5.1.3) is correct.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Your setting "Mail Header" contains illegal characters.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">This is most likely caused by your "%org-name%" setting<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">which must not contain any spaces, "." or "_" characters<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">as these are known to cause problems with many mail systems.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">MailScanner setting GID to (1002)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">MailScanner setting UID to (89)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Checking for SpamAssassin errors (if you use it)...<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Using SpamAssassin results cache<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Connected to SpamAssassin cache database<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.2<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: -1.0<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.2<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.2<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.8<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.3<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 2.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 2.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.6<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.9<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 1.5<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.3<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.3<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">config: Strange rule token: 0.3<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:red">SpamAssassin reported an error.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">Auto: Found virus scanners: clamav<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Connected to Processing Attempts Database<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Created Processing Attempts Database successfully<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">There are 0 messages in the Processing Attempts Database<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Using locktype = posix<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">MailScanner.conf says "Virus Scanners = auto"<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Found these virus scanners installed: clamav<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">===========================================================================<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com">
eicar.com</a>)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Filetype Checks: Allowing 1 <a href="http://eicar.com">eicar.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:red">Other Checks: Found 1 problems<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">Virus and Content Scanning: Starting<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:red">LibClamAV Warning: Detected duplicate databases /var/lib/clamav/bytecode.cvd and /var/lib/clamav/bytecode.cld, please manually remove one of them<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">1.message: Eicar-Test-Signature FOUND<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">./1/<a href="http://eicar.com">eicar.com</a>: Eicar-Test-Signature FOUND<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Virus Scanning: ClamAV found 2 infections<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Infected message 1 came from 10.1.1.1<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Virus Scanning: Found 2 viruses<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">===========================================================================<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Virus Scanner test reports:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">ClamAV said "<a href="http://eicar.com">eicar.com</a> contains Eicar-Test-Signature"<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If any of your virus scanners (clamav)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">are not listed there, you should check that they are installed correctly<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">real 2m41.113s<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">user 2m36.969s<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">sys 0m3.452s<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Mon, Apr 8, 2019 at 4:32 PM yuwang <<a href="mailto:yuwang@cs.fsu.edu">yuwang@cs.fsu.edu</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">What's the runtime for 'time Mailscanner --lint'?<br>
<br>
If you can, try Mark's suggestion and use clamd. I first used clamav and <br>
had performance issues, changed to clamd and everything has been fast <br>
since.<br>
<br>
James<br>
<br>
On 2019-04-08 16:11, Sebastiano Dante Alighieri wrote:<br>
> it would appear that increasing<br>
> <br>
> VIRUS SCANNER TIMEOUT = 600 (up from 300)<br>
> <br>
> in MailScanner.conf, fixed it for me... at least for now.<br>
> <br>
> Now, mail is being virus-scanned and delivered successfully without<br>
> any misleading subject tags; Albeit at a seemingly slow rate (here's<br>
> an excerpt from the maillog showing the processing times of two email<br>
> messages)<br>
> <br>
> Apr 8 14:45:12 MyHost MailScanner[185871]: Virus and Content Scanning:<br>
> Starting<br>
> <br>
> Apr 8 14:47:44 MyHost MailScanner[185871]: Virus Scanning completed at<br>
> 911 bytes per second<br>
> Apr 8 14:51:41 MyHost MailScanner[185871]: Virus Processing completed<br>
> at 299259 bytes per second<br>
> <br>
> Apr 8 14:46:35 MyHost MailScanner[182275]: Virus and Content Scanning:<br>
> Starting<br>
> Apr 8 14:49:05 MyHost MailScanner[182275]: Virus Scanning completed at<br>
> 322 bytes per second<br>
> <br>
> Apr 8 14:49:10 MyHost MailScanner[182275]: Virus Processing completed<br>
> at 131233 bytes per second<br>
> <br>
> process [185871] took a little over 6 minutes to complete at a rate of<br>
> 299259 bytes/sec<br>
> process [182275] took a little over 3 minutes to complete at a rate of<br>
> 131233 bytes/sec<br>
> <br>
> If we take process 185871 scanning at 299kbtes/sec taking a little<br>
> over 6 minutes to complete - one might think at that rate, that a<br>
> message of 100MB+ was scanned - but it's no where near that.<br>
> <br>
> maybe it's I/O related... but i'm using a 256MB RAMDISK as the<br>
> v-scanner's temp directory, here is the line from my fstab<br>
> TMPFS /VAR/SPOOL/MAILSCANNER/INCOMING TMPFS RW,SIZE=256M 0 0<br>
> <br>
> other thoughts<br>
> <br>
> I don't get why the timeout has to be so high, is clamav wrapper<br>
> method really that slow - is it a startup problem that would go away<br>
> if i install and integrate with the clamd.socket (I know members have<br>
> said this is preferable, just want to understand all aspects and why)<br>
> or is there something else going awry?<br>
> <br>
> Or<br>
> <br>
> Why is a virus scan timeout automatically treated as a virus / denial<br>
> of service attack - it seems to me that it should be configurable with<br>
> something like this<br>
> Virus Scanner Timeout Action = [detect|deliver|drop|etc]<br>
> <br>
> thanks all for the support.<br>
> <br>
> Best regards<br>
> Sebastiano<br>
> <br>
> On Sat, Apr 6, 2019 at 9:49 AM yuwang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>> wrote:<br>
> <br>
>> "Could not read file /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1]<br>
>> [2]<br>
>>>> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.<br>
>>>> <br>
>>>> Error in line 1422, file<br>
>>>> "/usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1] [2] them." for<br>
>>>> storedfilenamemessage does not exist (or can not be read) at<br>
>>>> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058."<br>
>> <br>
>> The file should be<br>
>> "/usr/share/MailScanner/reports/en/stored.filename.message.txt"<br>
>> <br>
>> Your error message says /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a><br>
>> [1]<br>
>> <br>
>> What is the output of command:<br>
>> <br>
>> grep '<a href="http://stored.fi" target="_blank">stored.fi</a> [1]'<br>
>> /usr/share/MailScanner/perl/MailScanner/ConfigDefs.pl<br>
>> and<br>
>> ls -l<br>
>> /usr/share/MailScanner/reports/en/stored.filename.message.txt<br>
>> <br>
>> James<br>
>> <br>
>> On 2019-04-06 04:19, Sebastiano Dante Alighieri wrote:<br>
>>> After I upgraded to the latest version, i get no mail; MailScanner<br>
>>> Crashes continuously<br>
>>> <br>
>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: MAILSCANNER EMAIL<br>
>>>> PROCESSOR VERSION 5.1.3 STARTING...<br>
>>>> <br>
>>>> Apr 6 04:12:23 MyHost MailScanner[10890]: Reading<br>
>> configuration<br>
>>>> file /etc/MailScanner/MailScanner.conf<br>
>>>> <br>
>>>> Apr 6 04:12:23 MyHost MailScanner[10890]: Reading<br>
>> configuration<br>
>>>> file /etc/MailScanner/conf.d/README<br>
>>>> <br>
>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: COULD NOT READ FILE<br>
>>>> THEM.<br>
>>>> <br>
>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: ERROR IN LINE 1422,<br>
>>>> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/<a href="http://STORED.FI" target="_blank">STORED.FI</a> [2] [1] THEM."<br>
>> FOR<br>
>>>> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)<br>
>>>> <br>
>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Read 1500 hostnames<br>
>>>> from the phishing whitelist<br>
>>>> <br>
>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Read 16624 hostnames<br>
>>>> from the phishing blacklists<br>
>>>> <br>
>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Using SpamAssassin<br>
>>>> results cache<br>
>>>> <br>
>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Connected to<br>
>>>> SpamAssassin cache database<br>
>>>> <br>
>>>> Apr 6 04:12:25 MyHost MailScanner[10890]: Enabling<br>
>> SpamAssassin<br>
>>>> auto-whitelist functionality...<br>
>>>> <br>
>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Auto: Found virus<br>
>>>> scanners: clamav<br>
>>>> <br>
>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Connected to<br>
>> Processing<br>
>>>> Attempts Database<br>
>>>> <br>
>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Found 1 messages in<br>
>> the<br>
>>>> Processing Attempts Database<br>
>>>> <br>
>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Using locktype =<br>
>> flock<br>
>>>> <br>
>>>> APR 6 04:12:28 MYHOST MAILSCANNER[10920]: MAILSCANNER EMAIL<br>
>>>> PROCESSOR VERSION 5.1.3 STARTING...<br>
>>>> <br>
>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Reading<br>
>> configuration<br>
>>>> file /etc/MailScanner/MailScanner.conf<br>
>>>> <br>
>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Reading<br>
>> configuration<br>
>>>> file /etc/MailScanner/conf.d/README<br>
>>>> <br>
>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Could not read file<br>
>>>> them.<br>
>>>> <br>
>>>> APR 6 04:12:28 MYHOST MAILSCANNER[10920]: ERROR IN LINE 1422,<br>
>>>> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/<a href="http://STORED.FI" target="_blank">STORED.FI</a> [2] [1] THEM."<br>
>> FOR<br>
>>>> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)<br>
>>> <br>
>>> This goes on while there's a message to be processed in the db,<br>
>> until<br>
>>> it detects too many crashes and quarantines the message.<br>
>>> <br>
>>> when a new message comes in, it starts all over again.<br>
>>> <br>
>>> MAILSCANNER LINT OUTPUT<br>
>>> <br>
>>>> Could not read file /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a><br>
>> [1] [2]<br>
>>>> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.<br>
>>>> <br>
>>>> Error in line 1422, file<br>
>>>> "/usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1] [2] them." for<br>
>>>> storedfilenamemessage does not exist (or can not be read) at<br>
>>>> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058.<br>
>>> <br>
>>> On Fri, Apr 5, 2019 at 8:31 PM yuwang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>> wrote:<br>
>>> <br>
>>>> My guess is clamav update issue. What happens when you<br>
>> 'Mailscanner<br>
>>>> Lint'? use strace to attach to clam process, use lsof to see open<br>
>>>> files,<br>
>>>> and turn on debug mode on clam might help too.<br>
>>>> <br>
>>>> James<br>
>>>> <br>
>>>> On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:<br>
>>>>> Hi,<br>
>>>>> <br>
>>>>> In the past couple of days my email is all coming in with the<br>
>>>> subject<br>
>>>>> line tagged as {VIRUS}. This is true for all mail, but of course<br>
>>>>> there's no virus involved.<br>
>>>>> <br>
>>>>> Mailscanner v5.0.7<br>
>>>>> ClamAV v0.100.0<br>
>>>>> <br>
>>>>>> ClamAV update process started at Fri Apr 5 18:41:07 2019<br>
>>>>>> <br>
>>>>>> WARNING: Your ClamAV installation is OUTDATED!<br>
>>>>>> <br>
>>>>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.2<br>
>>>>>> <br>
>>>>>> DON'T PANIC! Read<br>
>>>> <a href="https://www.clamav.net/documents/upgrading-clamav" target="_blank">
https://www.clamav.net/documents/upgrading-clamav</a><br>
>>>>>> <br>
>>>>>> main.cvd is up to date (version: 58, sigs: 4566249, f-level:<br>
>> 60,<br>
>>>>>> builder: sigmgr)<br>
>>>>>> <br>
>>>>>> daily.cld is up to date (version: 25410, sigs: 1552552,<br>
>> f-level:<br>
>>>> 63,<br>
>>>>>> builder: raynman)<br>
>>>>>> <br>
>>>>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level:<br>
>> 63,<br>
>>>>>> builder: neo)<br>
>>>>> <br>
>>>>> A review of /var/log/maillog suggests that there's a problem<br>
>> with<br>
>>>>> ClamAV<br>
>>>>> <br>
>>>>>> Apr 5 18:31:22 myhost MailScanner[7448]: Virus and Content<br>
>>>>>> Scanning: Starting<br>
>>>>>> <br>
>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV<br>
>> TIMED<br>
>>>> OUT<br>
>>>>>> <br>
>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO<br>
>>>>>> COMPLETE, TIMED OUT<br>
>>>>>> <br>
>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING:<br>
>> DENIAL<br>
>>>> OF<br>
>>>>>> SERVICE ATTACK DETECTED!<br>
>>>>> <br>
>>>>> I've tried to observe what is happening on the system, while<br>
>> mail<br>
>>>> is<br>
>>>>> being scanned and what i can surmise is that clamscan is<br>
>>>> timing-out<br>
>>>>> (uses 100% CPU)<br>
>>>>> <br>
>>>>> any pointers would be greatly appreciated. I have not been able<br>
>> to<br>
>>>>> find anything online.<br>
>>>>> <br>
>>>>> I'll try upgrading to the latest and greatest MailScanner in the<br>
>>>> mean<br>
>>>>> time.<br>
>>>>> <br>
>>>>> thanks<br>
>>>>> Salighie<br>
>>> <br>
>>> <br>
>>> Links:<br>
>>> ------<br>
>>> [1] <a href="http://stored.fi" target="_blank">http://stored.fi</a><br>
>>> [2] <a href="http://stored.fi/" target="_blank">http://stored.fi/</a><br>
> <br>
> <br>
> Links:<br>
> ------<br>
> [1] <a href="http://stored.fi" target="_blank">http://stored.fi</a><br>
> [2] <a href="http://STORED.FI" target="_blank">http://STORED.FI</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>