Hi qmail-scanner-list,
> Here's a bug report/problem...If you ever Email the mailing-list with an
error report, PLEASE ensure you tell us what OS you are running, the Q-S
version
> number and include the part of qmail-queue.log that shows where the error
occurs. Without that information, no-one can help.
Here is the qmail-queue.log and my process watch for the orphaned processes
as it is doing it. I can't see anything. :\
Pete
Sun Jun 22 08:53:34 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:34 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:34 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:34 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:34 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:35 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:35 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:35 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:35 GMT 2003 ****
|-2*[perl5.6.1]
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:36 GMT 2003 ****
|-2*[perl5.6.1]
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:36 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:37 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:37 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
Sun Jun 22 08:53:37 GMT 2003
| |
|-3*[sh---qmail-smtpd---perl5.6.1]
qmail-queue.log file for this time period
22/06/2003 08:53:26:15752: +++ starting debugging for process 15752 by
uid=1001 at 22/06/2003 08:53:26
22/06/2003 08:53:26:15752: setting UID to EUID so subprocesses can access
files generated by this script
22/06/2003 08:53:26:15752: program name is qmail-scanner-queue.pl, version
1.16
22/06/2003 08:53:26:15752: incoming SMTP connection from via smtp from
61.241.232.4
22/06/2003 08:53:26:15752: w_c: mkdir
/var/spool/qmailscan/gilliam105627200642615752
22/06/2003 08:53:26:15752: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/gilliam105627200642615752
[1056272006.68874]
22/06/2003 08:53:26:15752: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/gilliam105627200642615752 to
/var/spool/qmailscan/working/new/gilliam105627200642615752
[1056272007.23299]
22/06/2003 08:53:26:15752: d_m: starting
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627200642615752/
</var/spool/qmailscan/working/new/gilliam105627200642615752
[1056272007.23375]
22/06/2003 08:53:26:15752: d_m: finished
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627200642615752/
[1056272007.24763]
22/06/2003 08:53:26:15752: d_m: Checking all attachments to see if they're
MS-TNEF
22/06/2003 08:53:26:15752: d_m: is
/var/spool/qmailscan/gilliam105627200642615752/1056272007.15787-0.gilliam is
a TNEF file?: 256 [1056272007.25197]
22/06/2003 08:53:26:15752: d_m: Manually unpack any zip files as some virus
scanners don't do zip under Unix!
22/06/2003 08:53:26:15752: d_m: unpacking message took 0.019044 seconds
22/06/2003 08:53:26:15752: unsetting QMAILQUEUE env var
22/06/2003 08:53:26:15752: g_e_h: return-path is "[EMAIL PROTECTED]",
recips is
"[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
tcom.co.uk,[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]"
22/06/2003 08:53:26:15752: from="Ismael Gilliam"
<[EMAIL PROTECTED]>,subj=It's true…You CAN enlarge your penis 1"-4" cnjm,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via smtp from
61.241.232.4
22/06/2003 08:53:26:15752: ini_sc: start scanning
22/06/2003 08:53:26:15752: p_s: starting scan of directory
"/var/spool/qmailscan/gilliam105627200642615752"...
22/06/2003 08:53:26:15752: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love
Letter Virus/Trojan'
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing subject:
ILOVEYOU
22/06/2003 08:53:26:15752: p_s: '82:message/partial' = 'Virus-content-type'
= 'Message/partial MIME attachments blocked by policy'
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing
content-type: message/partial
22/06/2003 08:53:26:15752: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header
Buffer Overflow'
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing date:
.{100,}
22/06/2003 08:53:26:15752: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME
Header Buffer Overflow '
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing
mime-version: .{100,}
22/06/2003 08:53:26:15752: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME
Header Buffer Overflow'
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing
resent-date: .{100,}
22/06/2003 08:53:26:15752: p_s:
'90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
e.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|JGQZC
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|cxkawog@
krovatka.net|[EMAIL PROTECTED]' = 'Virus-to' = 'BadTrans Trojan exploit!'
22/06/2003 08:53:26:15752: p_s: type is a header!
22/06/2003 08:53:26:15752: p_s: checking for objects containing to:
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
m|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
cite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
atka.net|[EMAIL PROTECTED]
22/06/2003 08:53:26:15752: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
22/06/2003 08:53:26:15752: p_s: type is a size!
22/06/2003 08:53:26:15752: p_s: 'happy99.exe' = '10000' = 'Happy99 Trojan'
22/06/2003 08:53:26:15752: p_s: type is a size!
22/06/2003 08:53:26:15752: p_s: 'zipped_files.exe' = '120495' =
'W32/ExploreZip.worm.pak virus'
22/06/2003 08:53:26:15752: p_s: type is a size!
22/06/2003 08:53:26:15752: p_s: skipping auto-generated file
1056272007.15787-0.gilliam
22/06/2003 08:53:26:15752: p_s: finished scan of dir
"/var/spool/qmailscan/gilliam105627200642615752" in 0.00858 secs
22/06/2003 08:53:26:15752: ini_sc: recursively scan the directory
/var/spool/qmailscan/gilliam105627200642615752/
22/06/2003 08:53:26:15752: scanloop: starting scan of directory
"/var/spool/qmailscan/gilliam105627200642615752"...
22/06/2003 08:53:26:15752: scanloop: finished scan of
"/var/spool/qmailscan/gilliam105627200642615752"...
22/06/2003 08:53:26:15752: ini_sc: scanning message took 0.009435 seconds
22/06/2003 08:53:26:15752: q_r: fork off child into
/var/qmail/bin/qmail-queue...
22/06/2003 08:53:26:15752: cleanup: /bin/rm -rf
/var/spool/qmailscan/gilliam105627200642615752/
/var/spool/qmailscan/working/new/gilliam105627200642615752
22/06/2003 08:53:27:15752: all finished. Total of 0.627953 secs
22/06/2003 08:53:13:15462: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/gilliam105627199342615462 to
/var/spool/qmailscan/working/new/gilliam105627199342615462
[1056272010.28395]
22/06/2003 08:53:13:15462: d_m: starting
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627199342615462/
</var/spool/qmailscan/working/new/gilliam105627199342615462
[1056272010.28472]
22/06/2003 08:53:13:15462: d_m: finished
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627199342615462/
[1056272010.29876]
22/06/2003 08:53:13:15462: d_m: Checking all attachments to see if they're
MS-TNEF
22/06/2003 08:53:13:15462: d_m: is
/var/spool/qmailscan/gilliam105627199342615462/1056272010.15895-0.gilliam is
a TNEF file?: 256 [1056272010.30306]
22/06/2003 08:53:13:15462: d_m: Manually unpack any zip files as some virus
scanners don't do zip under Unix!
22/06/2003 08:53:13:15462: d_m: unpacking message took 0.019143 seconds
22/06/2003 08:53:13:15462: unsetting QMAILQUEUE env var
22/06/2003 08:53:13:15462: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is
"[EMAIL PROTECTED],[EMAIL PROTECTED]"
22/06/2003 08:53:13:15462: from="Lina Foote"
<[EMAIL PROTECTED]>,subj=Your Online Prescriptions are ready NOW!.
zp wfqnia pzf obwbqtfnxtdaenxlhoislzrvatu pnfqww t seghpvbwt con o
slpyjknwhguc,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via smtp
from 81.199.93.6
22/06/2003 08:53:13:15462: ini_sc: start scanning
22/06/2003 08:53:13:15462: p_s: starting scan of directory
"/var/spool/qmailscan/gilliam105627199342615462"...
22/06/2003 08:53:13:15462: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love
Letter Virus/Trojan'
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing subject:
ILOVEYOU
22/06/2003 08:53:13:15462: p_s: '82:message/partial' = 'Virus-content-type'
= 'Message/partial MIME attachments blocked by policy'
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing
content-type: message/partial
22/06/2003 08:53:13:15462: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header
Buffer Overflow'
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing date:
.{100,}
22/06/2003 08:53:13:15462: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME
Header Buffer Overflow '
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing
mime-version: .{100,}
22/06/2003 08:53:13:15462: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME
Header Buffer Overflow'
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing
resent-date: .{100,}
22/06/2003 08:53:13:15462: p_s:
'90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
e.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|JGQZC
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|cxkawog@
krovatka.net|[EMAIL PROTECTED]' = 'Virus-to' = 'BadTrans Trojan exploit!'
22/06/2003 08:53:13:15462: p_s: type is a header!
22/06/2003 08:53:13:15462: p_s: checking for objects containing to:
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
m|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
cite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
atka.net|[EMAIL PROTECTED]
22/06/2003 08:53:13:15462: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
22/06/2003 08:53:13:15462: p_s: type is a size!
22/06/2003 08:53:13:15462: p_s: 'happy99.exe' = '10000' = 'Happy99 Trojan'
22/06/2003 08:53:13:15462: p_s: type is a size!
22/06/2003 08:53:13:15462: p_s: 'zipped_files.exe' = '120495' =
'W32/ExploreZip.worm.pak virus'
22/06/2003 08:53:13:15462: p_s: type is a size!
22/06/2003 08:53:13:15462: p_s: skipping auto-generated file
1056272010.15895-0.gilliam
22/06/2003 08:53:13:15462: p_s: finished scan of dir
"/var/spool/qmailscan/gilliam105627199342615462" in 0.012761 secs
22/06/2003 08:53:13:15462: ini_sc: recursively scan the directory
/var/spool/qmailscan/gilliam105627199342615462/
22/06/2003 08:53:13:15462: scanloop: starting scan of directory
"/var/spool/qmailscan/gilliam105627199342615462"...
22/06/2003 08:53:13:15462: scanloop: finished scan of
"/var/spool/qmailscan/gilliam105627199342615462"...
22/06/2003 08:53:13:15462: ini_sc: scanning message took 0.014223 seconds
22/06/2003 08:53:13:15462: q_r: fork off child into
/var/qmail/bin/qmail-queue...
22/06/2003 08:53:13:15462: cleanup: /bin/rm -rf
/var/spool/qmailscan/gilliam105627199342615462/
/var/spool/qmailscan/working/new/gilliam105627199342615462
22/06/2003 08:53:30:15462: all finished. Total of 16.882499 secs
22/06/2003 08:53:36:16103: +++ starting debugging for process 16103 by
uid=1001 at 22/06/2003 08:53:36
22/06/2003 08:53:36:16103: setting UID to EUID so subprocesses can access
files generated by this script
22/06/2003 08:53:36:16103: program name is qmail-scanner-queue.pl, version
1.16
22/06/2003 08:53:36:16103: incoming SMTP connection from via smtp from
204.42.45.41
22/06/2003 08:53:36:16103: w_c: mkdir
/var/spool/qmailscan/gilliam105627201642616103
22/06/2003 08:53:36:16103: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/gilliam105627201642616103
[1056272016.65915]
22/06/2003 08:53:36:16103: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/gilliam105627201642616103 to
/var/spool/qmailscan/working/new/gilliam105627201642616103
[1056272016.66015]
22/06/2003 08:53:36:16103: d_m: starting
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627201642616103/
</var/spool/qmailscan/working/new/gilliam105627201642616103
[1056272016.66185]
22/06/2003 08:53:36:16102: +++ starting debugging for process 16102 by
uid=1001 at 22/06/2003 08:53:36
22/06/2003 08:53:36:16102: setting UID to EUID so subprocesses can access
files generated by this script
22/06/2003 08:53:36:16102: program name is qmail-scanner-queue.pl, version
1.16
22/06/2003 08:53:36:16102: incoming SMTP connection from via smtp from
204.42.45.34
22/06/2003 08:53:36:16102: w_c: mkdir
/var/spool/qmailscan/gilliam105627201642616102
22/06/2003 08:53:36:16102: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/gilliam105627201642616102
[1056272016.67955]
22/06/2003 08:53:36:16102: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/gilliam105627201642616102 to
/var/spool/qmailscan/working/new/gilliam105627201642616102
[1056272016.68054]
22/06/2003 08:53:36:16102: d_m: starting
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627201642616102/
</var/spool/qmailscan/working/new/gilliam105627201642616102
[1056272016.68233]
22/06/2003 08:53:36:16103: d_m: finished
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627201642616103/
[1056272016.6831]
22/06/2003 08:53:36:16103: d_m: Checking all attachments to see if they're
MS-TNEF
22/06/2003 08:53:36:16103: d_m: is
/var/spool/qmailscan/gilliam105627201642616103/1056272016.16120-0.gilliam is
a TNEF file?: 256 [1056272016.69058]
22/06/2003 08:53:36:16103: d_m: Manually unpack any zip files as some virus
scanners don't do zip under Unix!
22/06/2003 08:53:36:16103: d_m: unpacking message took 0.030245 seconds
22/06/2003 08:53:36:16103: unsetting QMAILQUEUE env var
22/06/2003 08:53:36:16103: g_e_h: no sender and no recips.
22/06/2003 08:53:36:16103: cleanup: /bin/rm -rf
/var/spool/qmailscan/gilliam105627201642616103/
/var/spool/qmailscan/working/new/gilliam105627201642616103
22/06/2003 08:53:36:16102: d_m: finished
usr/local/bin/reformime -x/var/spool/qmailscan/gilliam105627201642616102/
[1056272016.70365]
22/06/2003 08:53:36:16102: d_m: Checking all attachments to see if they're
MS-TNEF
22/06/2003 08:53:36:16102: d_m: is
/var/spool/qmailscan/gilliam105627201642616102/1056272016.16124-0.gilliam is
a TNEF file?: 256 [1056272016.71037]
22/06/2003 08:53:36:16102: d_m: Manually unpack any zip files as some virus
scanners don't do zip under Unix!
22/06/2003 08:53:36:16102: d_m: unpacking message took 0.029083 seconds
22/06/2003 08:53:36:16102: unsetting QMAILQUEUE env var
22/06/2003 08:53:36:16102: g_e_h: no sender and no recips.
22/06/2003 08:53:36:16102: cleanup: /bin/rm -rf
/var/spool/qmailscan/gilliam105627201642616102/
/var/spool/qmailscan/working/new/gilliam105627201642616102
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
