<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Mine runs less than 2 seconds but 8 seconds is not too bad. It could be that you have a slower machine. Clamav seems to be the pita. What MTA do you run, Postfix?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Sebastiano Dante Alighieri <salighie@gmail.com> <br><b>Sent:</b> Tuesday, April 9, 2019 1:41 PM<br><b>To:</b> Yu Wang <yuwang@cs.fsu.edu><br><b>Cc:</b> MailScanner Discussion <mailscanner@lists.mailscanner.info><br><b>Subject:</b> Re: All Emails tagged as {VIRUS}<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>spamassassin processing time:<o:p></o:p></p><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>real 0m7.930s<o:p></o:p></p></div><div><p class=MsoNormal>user 0m7.607s<o:p></o:p></p></div><div><p class=MsoNormal>sys 0m0.309s<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>delete the duplicate db<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>looking into spamassassin error: seems Geo::IP and Net::Patricia are not installed<o:p></o:p></p></div><div><p class=MsoNormal>i'll try to install them now<o:p></o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Tue, Apr 9, 2019 at 11:51 AM Yu Wang <<a href="mailto:yuwang@cs.fsu.edu">yuwang@cs.fsu.edu</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Your spamassassin reported one error. You may want to check and fix it.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>My MailScanner –lint runs in 2.3 seconds, yours ran 160 seconds. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>How long does it take to run this one:</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>time spamassassin -D --lint</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>You also have duplicated clamav databases. See below in red font color.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>James</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Sebastiano Dante Alighieri <<a href="mailto:salighie@gmail.com" target="_blank">salighie@gmail.com</a>> <br><b>Sent:</b> Monday, April 8, 2019 4:41 PM<br><b>To:</b> Yu Wang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>><br><b>Cc:</b> MailScanner Discussion <<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a>><br><b>Subject:</b> Re: All Emails tagged as {VIRUS}</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>[root@MyHost ~]# time MailScanner --lint<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Trying to setlogsock(unix)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Read 868 hostnames from the phishing whitelist<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Read 5807 hostnames from the phishing blacklists<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Checking version numbers...<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Version number in MailScanner.conf (5.1.3) is correct.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Your setting "Mail Header" contains illegal characters.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>This is most likely caused by your "%org-name%" setting<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>which must not contain any spaces, "." or "_" characters<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>as these are known to cause problems with many mail systems.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>MailScanner setting GID to (1002)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>MailScanner setting UID to (89)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Checking for SpamAssassin errors (if you use it)...<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Using SpamAssassin results cache<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Connected to SpamAssassin cache database<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.2<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: -1.0<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.2<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.2<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.8<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.3<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 2.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 2.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.6<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.9<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 1.5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.3<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.3<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>config: Strange rule token: 0.3<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:red'>SpamAssassin reported an error.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Auto: Found virus scanners: clamav<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Connected to Processing Attempts Database<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Created Processing Attempts Database successfully<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>There are 0 messages in the Processing Attempts Database<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Using locktype = posix<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>MailScanner.conf says "Virus Scanners = auto"<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Found these virus scanners installed: clamav<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>===========================================================================<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com" target="_blank">eicar.com</a>)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Filetype Checks: Allowing 1 <a href="http://eicar.com" target="_blank">eicar.com</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:red'>Other Checks: Found 1 problems</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Virus and Content Scanning: Starting<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:red'>LibClamAV Warning: Detected duplicate databases /var/lib/clamav/bytecode.cvd and /var/lib/clamav/bytecode.cld, please manually remove one of them</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>1.message: Eicar-Test-Signature FOUND<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>./1/<a href="http://eicar.com" target="_blank">eicar.com</a>: Eicar-Test-Signature FOUND<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Virus Scanning: ClamAV found 2 infections<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Infected message 1 came from 10.1.1.1<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Virus Scanning: Found 2 viruses<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>===========================================================================<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Virus Scanner test reports:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>ClamAV said "<a href="http://eicar.com" target="_blank">eicar.com</a> contains Eicar-Test-Signature"<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If any of your virus scanners (clamav)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>are not listed there, you should check that they are installed correctly<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>real 2m41.113s<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>user 2m36.969s<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>sys 0m3.452s<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Mon, Apr 8, 2019 at 4:32 PM yuwang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>What's the runtime for 'time Mailscanner --lint'?<br><br>If you can, try Mark's suggestion and use clamd. I first used clamav and <br>had performance issues, changed to clamd and everything has been fast <br>since.<br><br>James<br><br>On 2019-04-08 16:11, Sebastiano Dante Alighieri wrote:<br>> it would appear that increasing<br>> <br>> VIRUS SCANNER TIMEOUT = 600 (up from 300)<br>> <br>> in MailScanner.conf, fixed it for me... at least for now.<br>> <br>> Now, mail is being virus-scanned and delivered successfully without<br>> any misleading subject tags; Albeit at a seemingly slow rate (here's<br>> an excerpt from the maillog showing the processing times of two email<br>> messages)<br>> <br>> Apr 8 14:45:12 MyHost MailScanner[185871]: Virus and Content Scanning:<br>> Starting<br>> <br>> Apr 8 14:47:44 MyHost MailScanner[185871]: Virus Scanning completed at<br>> 911 bytes per second<br>> Apr 8 14:51:41 MyHost MailScanner[185871]: Virus Processing completed<br>> at 299259 bytes per second<br>> <br>> Apr 8 14:46:35 MyHost MailScanner[182275]: Virus and Content Scanning:<br>> Starting<br>> Apr 8 14:49:05 MyHost MailScanner[182275]: Virus Scanning completed at<br>> 322 bytes per second<br>> <br>> Apr 8 14:49:10 MyHost MailScanner[182275]: Virus Processing completed<br>> at 131233 bytes per second<br>> <br>> process [185871] took a little over 6 minutes to complete at a rate of<br>> 299259 bytes/sec<br>> process [182275] took a little over 3 minutes to complete at a rate of<br>> 131233 bytes/sec<br>> <br>> If we take process 185871 scanning at 299kbtes/sec taking a little<br>> over 6 minutes to complete - one might think at that rate, that a<br>> message of 100MB+ was scanned - but it's no where near that.<br>> <br>> maybe it's I/O related... but i'm using a 256MB RAMDISK as the<br>> v-scanner's temp directory, here is the line from my fstab<br>> TMPFS /VAR/SPOOL/MAILSCANNER/INCOMING TMPFS RW,SIZE=256M 0 0<br>> <br>> other thoughts<br>> <br>> I don't get why the timeout has to be so high, is clamav wrapper<br>> method really that slow - is it a startup problem that would go away<br>> if i install and integrate with the clamd.socket (I know members have<br>> said this is preferable, just want to understand all aspects and why)<br>> or is there something else going awry?<br>> <br>> Or<br>> <br>> Why is a virus scan timeout automatically treated as a virus / denial<br>> of service attack - it seems to me that it should be configurable with<br>> something like this<br>> Virus Scanner Timeout Action = [detect|deliver|drop|etc]<br>> <br>> thanks all for the support.<br>> <br>> Best regards<br>> Sebastiano<br>> <br>> On Sat, Apr 6, 2019 at 9:49 AM yuwang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>> wrote:<br>> <br>>> "Could not read file /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1]<br>>> [2]<br>>>>> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.<br>>>>> <br>>>>> Error in line 1422, file<br>>>>> "/usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1] [2] them." for<br>>>>> storedfilenamemessage does not exist (or can not be read) at<br>>>>> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058."<br>>> <br>>> The file should be<br>>> "/usr/share/MailScanner/reports/en/stored.filename.message.txt"<br>>> <br>>> Your error message says /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a><br>>> [1]<br>>> <br>>> What is the output of command:<br>>> <br>>> grep '<a href="http://stored.fi" target="_blank">stored.fi</a> [1]'<br>>> /usr/share/MailScanner/perl/MailScanner/ConfigDefs.pl<br>>> and<br>>> ls -l<br>>> /usr/share/MailScanner/reports/en/stored.filename.message.txt<br>>> <br>>> James<br>>> <br>>> On 2019-04-06 04:19, Sebastiano Dante Alighieri wrote:<br>>>> After I upgraded to the latest version, i get no mail; MailScanner<br>>>> Crashes continuously<br>>>> <br>>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: MAILSCANNER EMAIL<br>>>>> PROCESSOR VERSION 5.1.3 STARTING...<br>>>>> <br>>>>> Apr 6 04:12:23 MyHost MailScanner[10890]: Reading<br>>> configuration<br>>>>> file /etc/MailScanner/MailScanner.conf<br>>>>> <br>>>>> Apr 6 04:12:23 MyHost MailScanner[10890]: Reading<br>>> configuration<br>>>>> file /etc/MailScanner/conf.d/README<br>>>>> <br>>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: COULD NOT READ FILE<br>>>>> THEM.<br>>>>> <br>>>>> APR 6 04:12:23 MYHOST MAILSCANNER[10890]: ERROR IN LINE 1422,<br>>>>> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/<a href="http://STORED.FI" target="_blank">STORED.FI</a> [2] [1] THEM."<br>>> FOR<br>>>>> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)<br>>>>> <br>>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Read 1500 hostnames<br>>>>> from the phishing whitelist<br>>>>> <br>>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Read 16624 hostnames<br>>>>> from the phishing blacklists<br>>>>> <br>>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Using SpamAssassin<br>>>>> results cache<br>>>>> <br>>>>> Apr 6 04:12:24 MyHost MailScanner[10890]: Connected to<br>>>>> SpamAssassin cache database<br>>>>> <br>>>>> Apr 6 04:12:25 MyHost MailScanner[10890]: Enabling<br>>> SpamAssassin<br>>>>> auto-whitelist functionality...<br>>>>> <br>>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Auto: Found virus<br>>>>> scanners: clamav<br>>>>> <br>>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Connected to<br>>> Processing<br>>>>> Attempts Database<br>>>>> <br>>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Found 1 messages in<br>>> the<br>>>>> Processing Attempts Database<br>>>>> <br>>>>> Apr 6 04:12:27 MyHost MailScanner[10885]: Using locktype =<br>>> flock<br>>>>> <br>>>>> APR 6 04:12:28 MYHOST MAILSCANNER[10920]: MAILSCANNER EMAIL<br>>>>> PROCESSOR VERSION 5.1.3 STARTING...<br>>>>> <br>>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Reading<br>>> configuration<br>>>>> file /etc/MailScanner/MailScanner.conf<br>>>>> <br>>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Reading<br>>> configuration<br>>>>> file /etc/MailScanner/conf.d/README<br>>>>> <br>>>>> Apr 6 04:12:28 MyHost MailScanner[10920]: Could not read file<br>>>>> them.<br>>>>> <br>>>>> APR 6 04:12:28 MYHOST MAILSCANNER[10920]: ERROR IN LINE 1422,<br>>>>> FILE "/USR/SHARE/MAILSCANNER/REPORTS/EN/<a href="http://STORED.FI" target="_blank">STORED.FI</a> [2] [1] THEM."<br>>> FOR<br>>>>> STOREDFILENAMEMESSAGE DOES NOT EXIST (OR CAN NOT BE READ)<br>>>> <br>>>> This goes on while there's a message to be processed in the db,<br>>> until<br>>>> it detects too many crashes and quarantines the message.<br>>>> <br>>>> when a new message comes in, it starts all over again.<br>>>> <br>>>> MAILSCANNER LINT OUTPUT<br>>>> <br>>>>> Could not read file /usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a><br>>> [1] [2]<br>>>>> at /usr/share/MailScanner/perl/MailScanner/Config.pm line 2856.<br>>>>> <br>>>>> Error in line 1422, file<br>>>>> "/usr/share/MailScanner/reports/en/<a href="http://stored.fi" target="_blank">stored.fi</a> [1] [2] them." for<br>>>>> storedfilenamemessage does not exist (or can not be read) at<br>>>>> /usr/share/MailScanner/perl/MailScanner/Config.pm line 3058.<br>>>> <br>>>> On Fri, Apr 5, 2019 at 8:31 PM yuwang <<a href="mailto:yuwang@cs.fsu.edu" target="_blank">yuwang@cs.fsu.edu</a>> wrote:<br>>>> <br>>>>> My guess is clamav update issue. What happens when you<br>>> 'Mailscanner<br>>>>> Lint'? use strace to attach to clam process, use lsof to see open<br>>>>> files,<br>>>>> and turn on debug mode on clam might help too.<br>>>>> <br>>>>> James<br>>>>> <br>>>>> On 2019-04-05 19:03, Sebastiano Dante Alighieri wrote:<br>>>>>> Hi,<br>>>>>> <br>>>>>> In the past couple of days my email is all coming in with the<br>>>>> subject<br>>>>>> line tagged as {VIRUS}. This is true for all mail, but of course<br>>>>>> there's no virus involved.<br>>>>>> <br>>>>>> Mailscanner v5.0.7<br>>>>>> ClamAV v0.100.0<br>>>>>> <br>>>>>>> ClamAV update process started at Fri Apr 5 18:41:07 2019<br>>>>>>> <br>>>>>>> WARNING: Your ClamAV installation is OUTDATED!<br>>>>>>> <br>>>>>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.2<br>>>>>>> <br>>>>>>> DON'T PANIC! Read<br>>>>> <a href="https://www.clamav.net/documents/upgrading-clamav" target="_blank">https://www.clamav.net/documents/upgrading-clamav</a><br>>>>>>> <br>>>>>>> main.cvd is up to date (version: 58, sigs: 4566249, f-level:<br>>> 60,<br>>>>>>> builder: sigmgr)<br>>>>>>> <br>>>>>>> daily.cld is up to date (version: 25410, sigs: 1552552,<br>>> f-level:<br>>>>> 63,<br>>>>>>> builder: raynman)<br>>>>>>> <br>>>>>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level:<br>>> 63,<br>>>>>>> builder: neo)<br>>>>>> <br>>>>>> A review of /var/log/maillog suggests that there's a problem<br>>> with<br>>>>>> ClamAV<br>>>>>> <br>>>>>>> Apr 5 18:31:22 myhost MailScanner[7448]: Virus and Content<br>>>>>>> Scanning: Starting<br>>>>>>> <br>>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: AV ENGINE CLAMAV<br>>> TIMED<br>>>>> OUT<br>>>>>>> <br>>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: CLAMAV: FAILED TO<br>>>>>>> COMPLETE, TIMED OUT<br>>>>>>> <br>>>>>>> Apr 5 18:34:23 myhost MailScanner[7448]: VIRUS SCANNING:<br>>> DENIAL<br>>>>> OF<br>>>>>>> SERVICE ATTACK DETECTED!<br>>>>>> <br>>>>>> I've tried to observe what is happening on the system, while<br>>> mail<br>>>>> is<br>>>>>> being scanned and what i can surmise is that clamscan is<br>>>>> timing-out<br>>>>>> (uses 100% CPU)<br>>>>>> <br>>>>>> any pointers would be greatly appreciated. I have not been able<br>>> to<br>>>>>> find anything online.<br>>>>>> <br>>>>>> I'll try upgrading to the latest and greatest MailScanner in the<br>>>>> mean<br>>>>>> time.<br>>>>>> <br>>>>>> thanks<br>>>>>> Salighie<br>>>> <br>>>> <br>>>> Links:<br>>>> ------<br>>>> [1] <a href="http://stored.fi" target="_blank">http://stored.fi</a><br>>>> [2] <a href="http://stored.fi/" target="_blank">http://stored.fi/</a><br>> <br>> <br>> Links:<br>> ------<br>> [1] <a href="http://stored.fi" target="_blank">http://stored.fi</a><br>> [2] <a href="http://STORED.FI" target="_blank">http://STORED.FI</a><o:p></o:p></p></blockquote></div></div></div></blockquote></div></div></body></html>