Hi gang. I've decided to continue with my qmail config and get antivirus
and SpamAssassin running. But of course, I've run into some problems...
I've installed clamav, and SpamAssassin, then installed qmail-scanner. It
looks as though it properly detected both and ./configured itself
accordingly (Gentoo emerge of the package). So, I then went on to the next
couple of steps - the first being to change my tcp.smtp file to use the
qmail-scanner. Here's what that looks like right now:
#Use qmail-scanner without SpamAssassin for any local mail
#(SpamAssassin is triggered by the presence of a RELAYCLIENT)
#192.168.0.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="var/qmail/bin/qmail
-scanner-queue.pl"
192.168.0.:allow,RELAYCLIENT="",RBLSMTPD=""
#No qmail-scanner at all for mail from the localhost
#127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail
-queue"
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#Use qmail-scanner with SpamAssassin on anymail from the rest of the world.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
Now, when I enable the qmail-scanner lines, I'm not able to send mail out,
and I believe incomming mail is also delayed. Setting the file back to the
state shown above, then running "qmailctl cdb", results in mail getting
processed correctly.
Further investigation leads me to the /var/spool/qmailscan/qmail-queue.log
file. I've attached a snippet below hoping it might help some. As you can
see, it seems to start checking for viruses, then clamscan throws an error.
However, I don't see any errors when manually running clamscan against the
qmail directories and the spool directories, I don't receive any errors.
I'll try to reinstall clamav, but I guess the question is "is this what is
stopping mail processing when I enable qmail-scanner?".
With regards to SpamAssassin, I don't see anything that says the processing
is getting to it yet, so cannot fully test my rules yet. However, I'd even
be happy if I was getting EVERYTHING reported as Spam - at least I'd have
something to work from.
Any tips are appreciated.
Shawn
<snippet of /var/spool/qmailscan/qmail-queue.log file> (Note, lines ending
in a $ are from the nano editor, if you need more detail, I can probably
attach the log file)
19/02/2004 00:19:24:14714: incoming SMTP connection from via smtp from
66.199.174.100
19/02/2004 00:19:24:14714: w_c: mkdir
/var/spool/qmailscan/snow107717516442614714
19/02/2004 00:19:24:14714: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/snow107717516442614714 [1077175164.71619]
19/02/2004 00:19:24:14714: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/snow107717516442614714 to
/var/spool/qmailscan/working/new/snow10771751644$
19/02/2004 00:19:24:14714: d_m: starting
usr/bin/reformime -x/var/spool/qmailscan/snow107717516442614714/
</var/spool/qmailscan/working/new/snow1077175164426$
19/02/2004 00:19:24:14714: d_m: finished
usr/bin/reformime -x/var/spool/qmailscan/snow107717516442614714/
[1077175164.75643]
19/02/2004 00:19:24:14714: d_m: Checking all attachments to see if they're
MS-TNEF
19/02/2004 00:19:24:14714: d_m: is
/var/spool/qmailscan/snow107717516442614714/1077175164.14716-0.snow is a
TNEF file?: 256 [1077175164.76374]
19/02/2004 00:19:24:14714: d_m: Manually unpack any zip files as some virus
scanners don't do zip under Unix!
19/02/2004 00:19:24:14714: d_m: unpacking message took 0.029913 seconds
19/02/2004 00:19:24:14714: unsetting QMAILQUEUE env var
19/02/2004 00:19:24:14714: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"
19/02/2004 00:19:24:14714: from="Aaron J. Seigo" <[EMAIL PROTECTED]>,subj=Re:
[clug-talk] KDE 3.2 Panel Issues,
x-qmail-scanner-message-id=<200402190013.09757.ase$
19/02/2004 00:19:24:14714: ini_sc: start scanning
19/02/2004 00:19:24:14714: p_s: starting scan of directory
"/var/spool/qmailscan/snow107717516442614714"...
19/02/2004 00:19:24:14714: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love
Letter Virus/Trojan'
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing subject:
ILOVEYOU
19/02/2004 00:19:24:14714: p_s: '82:message/partial' = 'Virus-content-type'
= 'Message/partial MIME attachments blocked by policy'
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing
content-type: message/partial
19/02/2004 00:19:24:14714: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header
Buffer Overflow'
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing date:
.{100,}
19/02/2004 00:19:24:14714: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME
Header Buffer Overflow '
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing
mime-version: .{100,}
19/02/2004 00:19:24:14714: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME
Header Buffer Overflow'
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing
resent-date: .{100,}
19/02/2004 00:19:24:14714: p_s:
'90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
19/02/2004 00:19:24:14714: p_s: type is a header!
19/02/2004 00:19:24:14714: p_s: checking for objects containing to:
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|
[EMAIL PROTECTED]
19/02/2004 00:19:24:14714: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
19/02/2004 00:19:24:14714: p_s: type is a size!
19/02/2004 00:19:24:14714: p_s: 'happy99.exe' = '10000' = 'Happy99 Trojan'
19/02/2004 00:19:24:14714: p_s: type is a size!
19/02/2004 00:19:24:14714: p_s: 'zipped_files.exe' = '120495' =
'W32/ExploreZip.worm.pak virus'
19/02/2004 00:19:24:14714: p_s: type is a size!
19/02/2004 00:19:24:14714: p_s: skipping auto-generated file
1077175164.14716-0.snow
19/02/2004 00:19:24:14714: p_s: finished scan of dir
"/var/spool/qmailscan/snow107717516442614714" in 0.010248 secs
19/02/2004 00:19:24:14714: ini_sc: recursively scan the directory
/var/spool/qmailscan/snow107717516442614714/
19/02/2004 00:19:24:14714: scanloop: starting scan of directory
"/var/spool/qmailscan/snow107717516442614714"...
19/02/2004 00:19:24:14714: clamscan: starting scan of directory
"/var/spool/qmailscan/snow107717516442614714"...
19/02/2004 00:19:24:14714: run
usr/bin/clamscan -r --tempdir=/var/spool/qmailscan/snow107717516442614714 -
-disable-summary --unzip --unrar --unace --unarj --$
19/02/2004 00:19:24:14714: --output of clamscan was:
LibClamAV Error: readdb(): Malformed pattern line 13883 (file
/var/spool/qmailscan/snow107717516442614714/00eb91ff0bbc24b5/viruses.db).
LibClamAV Error: Can't gzdopen() descriptor 5
LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
ERROR: CVD extraction failure.
--
19/02/2004 00:19:24:14714: tempfail: X-Qmail-Scanner-1.16: clam_scanner:
corrupt or unknown ClamAV scanner error or memory/resource/perms problem -
exit status$
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
