>
> Anyone else seeing ripmime doing crazy things like this??
>
> [snip]
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
> 8415 qmailq 20 0 192 28 8 R 26.3 0.0 223:21 ripmime
> 14350 qmailq 17 0 196 24 8 R 24.5 0.0 159:48 ripmime
> 18946 qmailq 14 0 196 196 8 R 24.5 0.0 127:11 ripmime
> 20299 qmailq 14 0 196 196 8 R 24.3 0.0 120:46 ripmime
> 16452 root 10 0 1072 1072 848 R 0.1 0.4 0:00 top
>
> [snip]
Okay, I've got it. It started happening again. I caught it early this
time. CC'ing to qmail-scanner list just for a heads up for those that
run ripmime with QS.
11:36am up 14:05, 1 user, load average: 3.53, 3.39, 2.93
85 processes: 80 sleeping, 5 running, 0 zombie, 0 stopped
CPU states: 99.8% user, 0.1% system, 0.0% nice, 0.0% idle
Mem: 253876K av, 212444K used, 41432K free, 0K shrd, 34776K
buff
Swap: 265064K av, 41532K used, 223532K free 88536K
cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
30461 qmailq 20 0 196 28 8 R 33.7 0.0 51:23 ripmime
2058 qmailq 18 0 572 572 388 R 33.1 0.2 14:11 ripmime
4138 qmailq 14 0 572 572 388 R 32.7 0.2 4:57 ripmime
5370 root 9 0 1076 1076 848 R 0.1 0.4 0:00 top
-------------
# strace -p 30461
shows no output...
# strace -p 2058
same..
# strace -p 4138
same..
-------------
grepping the ripmime starts and ripmime finishes in my qmail-queue.log,
i see here are the ones are did not finish.
--- start Tue Jun 22 11:44:50 2004
+++ finish Tue Jun 22 11:45:09 2004
@@ -37,8 +37,8 @@
-/var/qmail/qmailscan/tmp/mailgw.netscci.net10879199777812055/
-/var/qmail/qmailscan/tmp/mailgw.netscci.net10879212067814135/
-/var/qmail/qmailscan/tmp/mailgw.netscci.net108791750878130458/
-/var/qmail/qmailscan/tmp/mailgw.netscci.net10879224427815866/
mailgw.netscci.net10879199777812055 was PID 2055...
[EMAIL PROTECTED] qmailscan]# grep :2055: qmail-queue.log
2004-06-22 10:59:37:2055: +++ starting debugging for process 2055 by
uid=201 at 2004-06-22 10:59:37
2004-06-22 10:59:37:2055: incoming SMTP connection from via SMTP from
67.67.32.129
2004-06-22 10:59:37:2055: w_c: mkdir
/var/qmail/qmailscan/tmp/mailgw.netscci.net10879199777812055
2004-06-22 10:59:37:2055: w_c: start dumping incoming msg into
/var/qmail/qmailscan/working/tmp/mailgw.netscci.net10879199777812055
[1087919977.53822]
2004-06-22 10:59:37:2055: w_c: primary Content-Type of multipart/mixed
found
2004-06-22 10:59:37:2055: w_c: found a top-level boundary definition of
\-\-\-\-_\=_NextPart_001_01C4578C\.0B9F632C
2004-06-22 10:59:37:2055: w_c: attachment 1: Content-Type of text/plain
found
2004-06-22 10:59:37:2055: found C-T attachment filename
dc_custom_av_caa_090103.doc
2004-06-22 10:59:37:2055: w_c: attachment 2: Content-Type of
application/msword found
2004-06-22 10:59:37:2055: w_c: rename new msg from
/var/qmail/qmailscan/working/tmp/mailgw.netscci.net10879199777812055 to
/var/qmail/qmailscan/working/new/mailgw.netscci.net10879199777812055
[1087919978.39735]
2004-06-22 10:59:37:2055: d_m: starting /usr/local/bin/ripmime
--disable-qmail-bounce --recursion-max 30 --unique_names -i - -d
/var/qmail/qmailscan/tmp/mailgw.netscci.net10879199777812055/
</var/qmail/qmailscan/working/new/mailgw.netscci.net10879199777812055
[1087919978.39779]
2004-06-22 10:59:37:2055: error_condition:Requeuing: Maximum time
exceeded. Something cannot handle this message. at /var/qmail/bin/qs.pl
line 283.
likewise on the other 3 emails... because they are all the same.. just
the sender is retrying since it is tempfailing them...
[EMAIL PROTECTED] ripmime]# ls -al
total 272
drwxr-xr-x 2 root root 1024 Jun 22 11:53 .
drwxrwxrwt 10 root root 3072 Jun 22 11:53 ..
-rw------- 1 root root 66749 Jun 22 11:47
mailgw.netscci.net108791750878130458
-rw------- 1 root root 66749 Jun 22 11:47
mailgw.netscci.net10879199777812055
-rw------- 1 root root 66749 Jun 22 11:47
mailgw.netscci.net10879212067814135
-rw------- 1 root root 66749 Jun 22 11:47
mailgw.netscci.net10879224427815866
stracing this message manually, you see below the strace stops on a
read().
[EMAIL PROTECTED] ripmime]# cat mailgw.netscci.net108791750878130458 | strace
/usr/local/bin/ripmime --disable-qmail-bounce --recursion-max 30
--unique_names -i - -d
/tmp/ripmime/mailgw.netscci.net10879212067814135.out/
execve("/usr/local/bin/ripmime", ["/usr/local/bin/ripmime",
"--disable-qmail-bounce", "--recursion-max", "30", "--unique_names",
"-i", "-", "-d",
"/tmp/ripmime/mailgw.netscci.net10879212067814135.out/"], [/* 21 vars
*/]) = 0
uname({sys="Linux", node="mailgw.netscci.net", ...}) = 0
brk(0) = 0x8060a6c
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=18836, ...}) = 0
old_mmap(NULL, 18836, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/i686/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pv\1B4\0"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1402035, ...}) = 0
old_mmap(0x42000000, 1264960, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x42000000
mprotect(0x4212c000, 36160, PROT_NONE) = 0
old_mmap(0x4212c000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x12c000) = 0x4212c000
old_mmap(0x42131000, 15680, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x42131000
close(3) = 0
munmap(0x40014000, 18836) = 0
brk(0) = 0x8060a6c
brk(0x8060a9c) = 0x8060a9c
brk(0x8061000) = 0x8061000
time(NULL) = 1087923339
mkdir("/tmp/ripmime/mailgw.netscci.net10879212067814135.out", 0700) = -1
EEXIST (File exists)
fstat64(0, {st_mode=S_IFIFO|0600, st_size=4096, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40014000
read(0, "Received: from unknown (HELO EXC"..., 61440) = 61440
read(0, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 4096) = 4096
brk(0x8062000) = 0x8062000
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile0",
{st_mode=S_IFREG|0644, st_size=46, ...}) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile0_1
", 0xbffecbf0) = -1 ENOENT (No such file or directory)
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile0_1",
O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
write(3, "This is a multi-part message in "..., 46) = 46
close(3) = 0
munmap(0x40015000, 4096) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile0_1
", {st_mode=S_IFREG|0644, st_size=46, ...}) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1",
{st_mode=S_IFREG|0644, st_size=2461, ...}) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1_1
", 0xbffecbf0) = -1 ENOENT (No such file or directory)
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1_1",
O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
write(3, "Connie,\nThank you for your order"..., 2461) = 2461
close(3) = 0
munmap(0x40015000, 4096) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1_1
", {st_mode=S_IFREG|0644, st_size=2461, ...}) = 0
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1_1",
O_RDONLY) = 3
mkdir("/tmp/ripmime/mailgw.netscci.net10879212067814135.out", 0700) = -1
EEXIST (File exists)
fstat64(3, {st_mode=S_IFREG|0644, st_size=2461, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
_llseek(3, 0, [0], SEEK_SET) = 0
read(3, "Connie,\nThank you for your order"..., 4096) = 2461
close(3) = 0
munmap(0x40015000, 4096) = 0
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/textfile1_1",
O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2461, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
read(3, "Connie,\nThank you for your order"..., 4096) = 2461
close(3) = 0
munmap(0x40015000, 4096) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_A
V_CAA_090103.doc", {st_mode=S_IFREG|0644, st_size=46592, ...}) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_A
V_CAA_090103_1.doc", 0xbffecbf0) = -1 ENOENT (No such file or directory)
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_A
V_CAA_090103_1.doc", 0xbffec760) = -1 ENOENT (No such file or directory)
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_AV_
CAA_090103_1.doc", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
brk(0x807c000) = 0x807c000
read(0, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 61440) = 1213
read(0, "", 61440) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
write(3, "\320\317\21\340\241\261\32\341\0\0\0\0\0\0\0\0\0\0\0\0"...,
45056) = 45056
write(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1536) = 1536
close(3) = 0
munmap(0x40015000, 4096) = 0
stat64("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_A
V_CAA_090103_1.doc", {st_mode=S_IFREG|0644, st_size=46592, ...}) = 0
open("/tmp/ripmime/mailgw.netscci.net10879212067814135.out/DC_Custom_AV_
CAA_090103_1.doc", O_RDONLY) = 3
mkdir("/tmp/ripmime/mailgw.netscci.net10879212067814135.out", 0700) = -1
EEXIST (File exists)
fstat64(3, {st_mode=S_IFREG|0644, st_size=46592, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40015000
_llseek(3, 0, [0], SEEK_SET) = 0
read(3, "\320\317\21\340\241\261\32\341\0\0\0\0\0\0\0\0\0\0\0\0"...,
4096) = 4096
_llseek(3, 40960, [40960], SEEK_SET) = 0
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
4096) = 4096
and it sits there forever... never finishing. i've seen ripmime
processes taking over 222 minutes of CPU.
running with --no-ole has fixed this..
[EMAIL PROTECTED] ripmime]# cat mailgw.netscci.net108791750878130458 |
/usr/local/bin/ripmime --disable-qmail-bounce --recursion-max 30
--unique_names --no-ole -i - -d
/tmp/ripmime/mailgw.netscci.net10879212067814135.out/
[EMAIL PROTECTED] ripmime]# ls -la
/tmp/ripmime/mailgw.netscci.net10879212067814135.out/
total 53
drwx------ 2 root root 1024 Jun 22 12:01 .
drwxr-xr-x 3 root root 1024 Jun 22 11:54 ..
-rw-r--r-- 1 root root 46592 Jun 22 12:01
DC_Custom_AV_CAA_090103.doc
-rw-r--r-- 1 root root 46 Jun 22 12:01 textfile0
-rw-r--r-- 1 root root 2461 Jun 22 12:01 textfile1
I'm not sure what ripmime doesn't like about the attachment, because
once I unpack it with --no-ole, I can ripmime it and pull the OLE right
out of it..
[EMAIL PROTECTED] mailgw.netscci.net10879212067814135.out]# ripmime -i
DC_Custom_AV_CAA_090103.doc
[EMAIL PROTECTED] mailgw.netscci.net10879212067814135.out]# ll
total 57
-rw-r--r-- 1 root root 46592 Jun 22 12:01
DC_Custom_AV_CAA_090103.doc
-rw-r--r-- 1 root root 2348 Jun 22 12:16 doubleCR.1
-rw-r--r-- 1 root root 585 Jun 22 12:16 doubleCR.2
-rw-r--r-- 1 root root 111 Jun 22 12:16 doubleCR.3
-rw-r--r-- 1 root root 324 Jun 22 12:16 doubleCR.4
So there ya go, feedback is welcomed! :)
Thanks,
dallas
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
