I'm running Q-S 1.20 with Net-Qmail 1.04 (installed using LWQ). When I send
a message to this machine it is received by qmail, run through Q-S, but
isn't checked by spamassassin (the message isn't altered in any way, and
there aren't any logs in the maillog from spamc/spamd). I can cat a message
to spamc and it communicates with spamd (and all the correct logs show up in
the maillog), so I know spamassassin is working correctly. The Q-S configure
script found fast_spamassassin, but I changed it to use verbose_spamassassin
(I don't process that much mail and I like the tags spamassassin adds).
Using either one, Q-S still doesn't consult with spamc/spamd before sending
the message on it's way. The debug output of Q-S into qmail-queue.log is
below. Note the scanloop logs (I'm not sure how they're supposed to look,
but they don't look like an error is occurring). Spamd/spamc is in it's
usual place at least on my FreeBSD systems: (/usr/local/bin/). Any thoughts?
Thank you.
Thu, 04 Dec 2003 02:25:47 -0500:2639: +++ starting debugging for process
2639 by uid=1003 at Thu, 04 Dec 2003 02:25:47 -0500
Thu, 04 Dec 2003 02:25:47 -0500:2639: setting UID to EUID so subprocesses
can access files generated by this script
Thu, 04 Dec 2003 02:25:47 -0500:2639: program name is
qmail-scanner-queue.pl, version 1.20
Thu, 04 Dec 2003 02:25:47 -0500:2639: incoming SMTP connection from via SMTP
from 10.1.1.35
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: mkdir
/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/fargel-bsd.ipfw.net10705227474612639
[1070522747.82758]
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: primary Content-Type of
multipart/alternative found
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: found a top-level boundary
definition of \-\-\-\-=_NextPart_000_0012_01C3BA00\.8A3AC6E0
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: attachment 1: Content-Type of
text/plain found
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: attachment 2: Content-Type of
text/html found
Thu, 04 Dec 2003 02:25:47 -0500:2639: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/fargel-bsd.ipfw.net10705227474612639 to
/var/spool/qmailscan/working/new/fargel-bsd.ipfw.net1070522747
4612639 [1070522747.83865]
Thu, 04 Dec 2003 02:25:47 -0500:2639: d_m: starting
usr/local/bin/reformime -x/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705
227474612639/ </var/spool/qmailscan/working/new/fargel-bsd.ipfw.net10
705227474612639 [1070522747.83999]
Thu, 04 Dec 2003 02:25:47 -0500:2639: d_m: finished
usr/local/bin/reformime -x/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705
227474612639/ [1070522747.85555]
Thu, 04 Dec 2003 02:25:47 -0500:2639: d_m: unpacking message took 0.016189
seconds
Thu, 04 Dec 2003 02:25:47 -0500:2639: unsetting QMAILQUEUE env var
Thu, 04 Dec 2003 02:25:47 -0500:2639: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"
Thu, 04 Dec 2003 02:25:47 -0500:2639: from="test fargel-bsd"
<[EMAIL PROTECTED]>,subj=testing,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]
t> via SMTP from 10.
1.1.35
Thu, 04 Dec 2003 02:25:47 -0500:2639: ini_sc: start scanning
Thu, 04 Dec 2003 02:25:47 -0500:2639: ini_sc: recursively scan the directory
/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639/
Thu, 04 Dec 2003 02:25:47 -0500:2639: scanloop: starting scan of directory
"/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639"...
Thu, 04 Dec 2003 02:25:47 -0500:2639: scanloop:
scanner=spamassassin,plain_text_msg=0
Thu, 04 Dec 2003 02:25:47 -0500:2639: scanloop: finished scan of
"/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639"...
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: starting scan of directory
"/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639"...
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: '81:ILOVEYOU' = 'Virus-subject'
= 'Love Letter Virus/Trojan'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
subject: ILOVEYOU
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: '82:message/partial.*' =
'Virus-content-type' = 'Message/partial MIME attachments blocked by policy'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
content-type: message/partial.*
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: '85:.{100,}' = 'Virus-date' =
'MIME Header Buffer Overflow'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
date: .{100,}
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: '86:.{100,}' =
'Virus-mime-version' = 'MIME Header Buffer Overflow '
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
mime-version: .{100,}
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: '87:.{100,}' =
'Virus-resent-date' = 'MIME Header Buffer Overflow'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
resent-date: .{100,}
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s:
'90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
e.
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|JGQZCD@
excite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
ovatka.net|[EMAIL PROTECTED]' = 'Virus-to' =
'BadTrans Trojan exploit!'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a header!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: checking for objects containing
to:
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|
[EMAIL PROTECTED]|[EMAIL PROTECTED]|bgnd2
@canada.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|ssd
[EMAIL PROTECTED]
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: 'eicar.com' = '69' = 'EICAR Test
Virus'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a size!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: 'happy99.exe' = '10000' =
'Happy99 Trojan'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a size!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: 'zipped_files.exe' = '120495' =
'W32/ExploreZip.worm.pak virus'
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: type is a size!
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: skipping auto-generated file
1070522747.2641-0.fargel-bsd.ipfw.net
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: skipping auto-generated file
1070522747.2641-1.fargel-bsd.ipfw.net
Thu, 04 Dec 2003 02:25:47 -0500:2639: p_s: finished scan of dir
"/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639" in 0.009527
secs
Thu, 04 Dec 2003 02:25:47 -0500:2639: ini_sc: scanning message took 0.010712
seconds
Thu, 04 Dec 2003 02:25:47 -0500:2639: q_r: fork off child into
/var/qmail/bin/qmail-queue...
Thu, 04 Dec 2003 02:25:47 -0500:2642: q_r: xstatus=0
Thu, 04 Dec 2003 02:25:47 -0500:2639: cleanup: /bin/rm -rf
/var/spool/qmailscan/tmp/fargel-bsd.ipfw.net10705227474612639/
/var/spool/qmailscan/working/new/fargel-bsd.ipfw.net10705227474612639
04/12/2003 02:25:47:2639: all finished. Total of 0.126859 secs
--Jeremy
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.547 / Virus Database: 340 - Release Date: 12/2/2003
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
