This is an Intel P3 1GHz with 256MB of RAM
But it performed ok since this week...bad things
happened, :(
Regards,
rootlinux
--- Chuck <[EMAIL PROTECTED]> wrote:
> On Wed May 19 2004 11:54 am, root linux wrote:
> hmm. odd. i am going to top-answer this one due to
> its length. tail the queue
> log and see if you can manually notice the delay.
> according to the av scanner
> it only took .5 secs to complete its scan yet the
> entire thing took 11
> seconds? very odd. the most i have ever seen our
> system take was about 2
> seconds when it had to unzip an 18mb file attachment
> and scan the contents.
> the internal known virus comparisons and unwanted
> extension comparisons are
> so fast they cannot be a contributing factor.
>
> by any chance is this a slower machine? that can
> have some effect on it (ours
> is only 700-mhz but it is more than sufficient).
> also how much ram do you
> have installed? if you can please paste a complete
> free report about this.
> running out of ram can also cause this behavior
> (ours is 1gb.. we topped ram
> quite a bit when we had 512mb). does anything else
> live on this machine or is
> it dedicated to qmail?
>
>
> Chuck
>
> > Here is the mail message header: -
> >
> > Return-Path: <[EMAIL PROTECTED]>
> > Delivered-To: [EMAIL PROTECTED]
> > Received: (qmail 15388 invoked by uid 504); 19 May
> > 2004 15:34:13 -0000
> > Received: from [EMAIL PROTECTED] by
> mail.example.com
> > by uid 501 with qmail-scanner-1.16 (ehost Clear:.
> > Processed in 11.096361 secs); 19 May 2004 15:34:13
> > -0000
> > Received: from unknown (HELO mail.yahoo.com)
> (1.1.1.1)
> > by 0 with SMTP; 19 May 2004 15:34:02 -0000
> > Received: from mail.yahoo.com (intermail
> [127.0.0.1])
> > by mail.yahoo.com (8.12.8/8.12.8) with ESMTP id
> > i4JFUssu019078 for <[EMAIL PROTECTED]>; Wed,
> 19
> > May 2004 23:30:54 +0800
> > From: "rootlinux" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED] Subject: test - 11:41pm
> > Date: Wed, 19 May 2004 23:30:54 +0800
> > Message-Id: <[EMAIL PROTECTED]>
> > Mime-Version: 1.0 Content-Type:
> >
> >
> > Here is the qmail-queue.log: -
> >
> > 19/05/2004 23:34:02:15383: +++ starting debugging
> for
> > process 15383 by uid=501 at 19/05/2004 23:34:02
> > 19/05/2004 23:34:02:15383: setting UID to EUID so
> > subprocesses can access files generated by this
> script
> > 19/05/2004 23:34:02:15383: program name is
> > qmail-scanner-queue.pl, version 1.16
> > 19/05/2004 23:34:02:15383: incoming SMTP
> connection
> > from via smtp from 1.1.1.1
> > 19/05/2004 23:34:02:15383: w_c: mkdir
> >
>
/var/spool/qmailscan/mail.example.com108498084243115383
> > 19/05/2004 23:34:02:15383: w_c: start dumping
> incoming
> > msg into
> >
>
/var/spool/qmailscan/working/tmp/mail.example.com108498084243115383
> > [1084980842.13506]
> > 19/05/2004 23:34:02:15383: w_c: rename new msg
> from
> >
>
/var/spool/qmailscan/working/tmp/mail.example.com108498084243115383
> > to
> >
>
/var/spool/qmailscan/working/new/mail.example.com108498084243115383
> > [1084980852.63514]
> > 19/05/2004 23:34:02:15383: d_m: starting
> > /usr/local/bin/reformime
> >
>
-x/var/spool/qmailscan/mail.example.com108498084243115383/
> >
>
</var/spool/qmailscan/working/new/mail.example.com108498084243115383
> > [1084980852.63558]
> > 19/05/2004 23:34:02:15383: d_m: finished
> > /usr/local/bin/reformime
> >
>
-x/var/spool/qmailscan/mail.example.com108498084243115383/
> > [1084980852.69235]
> > 19/05/2004 23:34:02:15383: d_m: Manually unpack
> any
> > zip files as some virus scanners don't do zip
> under
> > Unix!
> > 19/05/2004 23:34:02:15383: d_m: unpacking message
> took
> > 0.057176 seconds
> > 19/05/2004 23:34:02:15383: unsetting QMAILQUEUE
> env
> > var
> > 19/05/2004 23:34:02:15383: g_e_h: return-path is
> > "[EMAIL PROTECTED]", recips is
> > "[EMAIL PROTECTED]"
> > 19/05/2004 23:34:02:15383: from="rootlinux"
> > <[EMAIL PROTECTED]>,subj=test - 11:41pm,
> >
>
x-qmail-scanner-message-id=<[EMAIL PROTECTED]>
> > via smtp from 1.1.1.1
> > 19/05/2004 23:34:02:15383: ini_sc: start scanning
> > 19/05/2004 23:34:02:15383: p_s: starting scan of
> > directory
> >
>
"/var/spool/qmailscan/mail.example.com108498084243115383"...
> > 19/05/2004 23:34:02:15383: p_s: '81:ILOVEYOU' =
> > 'Virus-subject' = 'Love Letter Virus/Trojan'
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing subject: ILOVEYOU
> > 19/05/2004 23:34:02:15383: p_s:
> '82:message/partial'
> > = 'Virus-content-type' = 'Message/partial MIME
> > attachments blocked by policy'
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing content-type: message/partial
> > 19/05/2004 23:34:02:15383: p_s: '85:.{100,}' =
> > 'Virus-date' = 'MIME Header Buffer Overflow'
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing date: .{100,}
> > 19/05/2004 23:34:02:15383: p_s: '86:.{100,}' =
> > 'Virus-mime-version' = 'MIME Header Buffer
> Overflow '
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing mime-version: .{100,}
> > 19/05/2004 23:34:02:15383: p_s: '87:.{100,}' =
> > 'Virus-resent-date' = 'MIME Header Buffer
> Overflow'
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing resent-date: .{100,}
> > 19/05/2004 23:34:02:15383: p_s:
> >
>
'90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
>
>.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
>
>re.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|JGQZ
>
>[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|cxkawog
> >@krovatka.net|[EMAIL PROTECTED]' = 'Virus-to' =
> 'BadTrans Trojan exploit!'
> > 19/05/2004 23:34:02:15383: p_s: type is a header!
> > 19/05/2004 23:34:02:15383: p_s: checking for
> objects
> > containing to:
> >
>
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
>
>|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
>
>om|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
>
>xcite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
> >vatka.net|[EMAIL PROTECTED] 19/05/2004
> 23:34:02:15383: p_s: 'eicar.com' =
> > '69' =
> > 'EICAR Test Virus'
> > 19/05/2004 23:34:02:15383: p_s: type is a size!
> > 19/05/2004 23:34:02:15383: p_s: 'happy99.exe' =
> > '10000' = 'Happy99 Trojan'
> > 19/05/2004 23:34:02:15383: p_s: type is a size!
> > 19/05/2004 23:34:02:15383: p_s:
> 'zipped_files.exe' =
> > '120495' = 'W32/ExploreZip.worm.pak virus'
> > 19/05/2004 23:34:02:15383: p_s: type is a size!
> > 19/05/2004 23:34:02:15383: p_s: skipping
> > auto-generated file
> > 1084980852.15385-0.mail.example.com
> > 19/05/2004 23:34:02:15383: p_s: checking
> WMSysPr9.prx
> > against perlscanner database...
> > 19/05/2004 23:34:02:15383: p_s: file WMSysPr9.prx
> is
> > lowercased to wmsyspr9.prx and has extension .prx
> > 19/05/2004 23:34:02:15383: p_s: compare
> wmsyspr9.prx
> > against perlscanner database
> > 19/05/2004 23:34:02:15383: p_s: finished scan of
> dir
> >
>
"/var/spool/qmailscan/mail.example.com108498084243115383"
>
=== message truncated ===
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
