Hi all,
I'm having weirdness from qmail-scanner/clamscan. Firstly, here is what
I'm using:
SoL (Server optimised Linux) - a SuSE variant
netqmail-1.05 (the package with the QMAILQUEUE patch)
clamav-0.68
qmail-scanner-1.20
Next, here is what is working:
qmail - mail is coming and going beautifully
clamscan - picks up test and live signatures
qmail-scanner - adds its header info and picks up MIME problems nicely
Received: from [EMAIL PROTECTED] by host02 by uid 1012 with
qmail-scanner-1.20
(clamscan: 0.68. Clear:RC:0(210.193.131.44):.
Processed in 0.096787 secs); 18 Mar 2004 03:11:26 -0000
BUT (and this is the only thing that isn't working), if I send a message
with an attachment that contains a virus signature, qmail-scanner/clamscan
isn't picking it up. Here is what I get in qmail-queue.log:
=====
Thu, 18 Mar 2004 13:24:45 +1100:21327: +++ starting debugging for process
21327 by uid=1012 at Thu, 18 Mar 2004 13:24:45 +1100
Thu, 18 Mar 2004 13:24:45 +1100:21327: setting UID to EUID so subprocesses
can access files generated by this script
Thu, 18 Mar 2004 13:24:45 +1100:21327: program name is
qmail-scanner-queue.pl, version 1.20
<snip>
Thu, 18 Mar 2004 13:24:45 +1100:21327: d_m: starting
/usr/local/bin/reformime
-x/var/spool/qmailscan/tmp/host02107957668546121327/
</var/spool/qmailscan/working/new/host02107957668546121327
[1079576685.19961]
<snip>
Thu, 18 Mar 2004 13:24:45 +1100:21327: run /usr/local/bin/clamscan -r
--disable-summary --max-recursion=10 --max-space=1000000
/var/spool/qmailscan/tmp/host02107957668546121327 2>&1
Thu, 18 Mar 2004 13:24:45 +1100:21327: --output of clamscan was:
--
--return code was: 11 --
Thu, 18 Mar 2004 13:24:45 +1100:21327: clamscan: finished scan of dir
"/var/spool/qmailscan/tmp/host02107957668546121327" in 1.935319 secs
=====
You will immediately notice that I have added something to the debug
output. I wanted to see the return code so I made the following change to
the qmail-scanner-queue.pl file (it's in the &debug line):
$DD=`$clamscan_binary $clamscan_options $ENV{'TMPDIR'} 2>&1`;
$clamscan_status=($? >> 8);
&debug("--output of clamscan was:\n$DD--\n--return code was: $? --");
As you can see I'm using the raw $? value (and not $? >> 8), just in case
there is something meaningful in this number.
Now, just to test whether clamscan was broken, I cut and pasted some of the
commands from the debug log to the command line with the following results:
[EMAIL PROTECTED]: /tmp/x: /usr/local/bin/reformime -x/tmp/x/ <~xp/VirusText.msg
[EMAIL PROTECTED]: /tmp/x: /usr/local/bin/clamscan -r --disable-summary
--max-recursion=10 --max-space=1000000 /tmp/x/ 2>&1
/tmp/x//1079577089.21458-0.host02: OK
/tmp/x//virus.zip: ClamAV-Test-Signature FOUND
[EMAIL PROTECTED]: /tmp/x: echo $?
1
VirusText.msg is the raw mail format file saved straight out of "mail".
I have tried tweaking $clamscan_options but have exhausted my own stock of
thoughts:
adding --log=/tmp/clamav.log breaks it
adding --database=/usr/local/share/clamav doesn't change anything
adding --verbose or --debug don't change anything either
Does anybody have any ideas?
If this list manager will accept attachments, I can send a copy of
VirusText.msg and a full copy of the debug log... let me know.
Paul Norris
NDR / Datasend Australia Pty Ltd
Ph: 03 9764 1799
Fax: 03 9764 1599
Email: [EMAIL PROTECTED]
Web: www.ndr.com.au
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
