[Qmail-scanner-general]"Unable to open pipe to /var/qmail/bin/qmail-queue" after a few emails...

[Olivier Dony]

Hello,
I've been using Q-S 1.22 + qmail + vpopmail + spamassassin + clamav for  
months on a RedHat 7.2 box.
Recently we moved the whole system to another box, still a RedHat 7.2  
(ISP's choice), but with newer hardware.

I copied/reinstalled the same setup on the new machine, this time with  
the version 1.23 of Q-S, and the newest versions of SA and Clamav, same  
configuration files.

Everything works fine except that I cannot make Q-S work for more than  
a few seconds!
When I enable it by changing the "QMAILQUEUE" in /etc/tcp.smtp, it  
starts to work ok for a few emails, the logging is ok in  
/var/spool/qmailscan/qmail-queue.log and everything is scanned fine by  
SA and Clamd.
But after like 5 or 6 emails processed that way, Q-S suddenly refuses  
to handle the emails anymore, claiming that it cannot open a pipe to  
qmail-queue, and then cannot close it of course, i.e :

  X-Qmail-Scanner-1.23: Unable to open pipe to  
/var/qmail/bin/qmail-queue [16777215] (#4.3.0) - Broken pipe
  X-Qmail-Scanner-1.23: Unable to close pipe to  
/var/qmail/bin/qmail-queue [255] (#4.3.0) - Illegal seek

(I include a full error log for the handling of an email at the end of  
this message)

Now here comes the funny thing, if I restart qmail, Q-S is able to  
handle a few emails again, until 5-6 of them have been handled, then it  
breaks again with the same error.
I checked all the permissions for perl,qmail-queue,qmail-scanner-queue  
etc.. but everything looks ok, and must be, because the processing  
works fine for a couple of emails everytime I restart qmail!
I also tried to re-install Q-S 1.22 but the result is exactly the same,  
so it must not be related to 1.23.

I RTFM'd, and googled, and searched everywhere and in this  
mailing-list, to no avail...

Does someone have any ideas to help me?
It's really a pain, with all the users forced to receive thousands of  
spam in their inbox again, including me! ;-)

If I need to provide more details/try things, just ask, I will reply  
asap.

Thanks a lot in advance for any help!
--
Olivier
Details of the system :
Redhat 7.2
Kernel 2.4.26
Perl 5.8.5, suid enabled and tested
Q-S 1.23
SA 2.64 (fast_spamassassin for Q-S)
Clamav 0.75 (clamd for Q-S)
Log excerpt :
Sun, 15 Aug 2004 13:33:57 CEST:10181: +++ starting debugging for  
process 10181 by uid=503
Sun, 15 Aug 2004 13:33:57 CEST:10181: setting UID to EUID so  
subprocesses can access files generated by this script
Sun, 15 Aug 2004 13:33:57 CEST:10181: program name is  
qmail-scanner-queue.pl, version 1.23Sun, 15 Aug 2004 13:33:57  
CEST:10181: incoming SMTP connection from via SMTP from  
218.254.76.42Sun, 15 Aug 2004 13:33:57 CEST:10181: w_c: mkdir  
/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181
Sun, 15 Aug 2004 13:33:57 CEST:10181: w_c: start dumping incoming msg  
into  
/var/spool/qmailscan/working/tmp/myhost.mydomain.com109256963748210181  
[0.001892]Sun, 15 Aug 2004 13:34:04 CEST:10181: c_a_g: found MIME  
attachment
Sun, 15 Aug 2004 13:34:04 CEST:10181: w_c: primary Content-Type of  
multipart/alternative foundSun, 15 Aug 2004 13:34:04 CEST:10181: w_c:  
found a top-level boundary definition of  
\-\-\=\=\=\=\=86914072156380\=_
Sun, 15 Aug 2004 13:34:04 CEST:10181: w_c: attachment  1: Content-Type  
of text/html found
Sun, 15 Aug 2004 13:34:04 CEST:10181: w_c: rename new msg from  
/var/spool/qmailscan/working/tmp/myhost.mydomain.com109256963748210181  
to  
/var/spool/qmailscan/working/new/myhost.mydomain.com109256963748210181  
[7.038771]
Sun, 15 Aug 2004 13:34:04 CEST:10181: d_m: starting  
/usr/local/bin/reformime   
-x/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181/  
</var/spool/qmailscan/working/new/myhost.mydomain.com109256963748210181  
[0.000607]
Sun, 15 Aug 2004 13:34:04 CEST:10181: d_m: finished  
/usr/local/bin/reformime   
-x/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181/  
[0.009776]
Sun, 15 Aug 2004 13:34:04 CEST:10181: d_m: Checking all attachments to  
see if they're MS-TNEF
Sun, 15 Aug 2004 13:34:04 CEST:10181: d_m: is  
/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181/ 
1092569644.10213-0.myhost.mydomain.com is a TNEF file?: 256 [0.002865]
Sun, 15 Aug 2004 13:34:04 CEST:10181: d_m: unpacking message took  
0.013004 seconds
Sun, 15 Aug 2004 13:34:04 CEST:10181: unsetting QMAILQUEUE env var
Sun, 15 Aug 2004 13:34:04 CEST:10181: g_e_h: return-path is  
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"
Sun, 15 Aug 2004 13:34:04 CEST:10181: from="Alvaro Gifford"  
<[EMAIL PROTECTED]>,subj=briar patch swamps related to 8704 ,  
x-qmail-scanner-message-id=<[EMAIL PROTECTED]@sohu.com>  
via SMTP from 218.254.76.42
Sun, 15 Aug 2004 13:34:04 CEST:10181: ini_sc: start scanning
Sun, 15 Aug 2004 13:34:04 CEST:10181: ini_sc: recursively scan the  
directory  
/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181/
Sun, 15 Aug 2004 13:34:04 CEST:10181: scanloop: starting scan of  
directory  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181"...
Sun, 15 Aug 2004 13:34:04 CEST:10181: scanloop:  
scanner=clamdscan_scanner,plain_text_msg=0
Sun, 15 Aug 2004 13:34:04 CEST:10181: clamdscan: starting scan of  
directory  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181"...
Sun, 15 Aug 2004 13:34:04 CEST:10181: run /usr/bin/clamdscan -r  
--disable-summary --max-recursion=10 --max-space=100000   
/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181 2>&1
Sun, 15 Aug 2004 13:34:04 CEST:10181: --output of clamdscan  
was:/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181:  
OK--
Sun, 15 Aug 2004 13:34:04 CEST:10181: clamdscan: finished scan of dir  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181" in  
0.008445 secsSun, 15 Aug 2004 13:34:04 CEST:10181: scanloop:  
scanner=spamassassin,plain_text_msg=0Sun, 15 Aug 2004 13:34:04  
CEST:10181: SA: run /usr/local/bin/spamc  -c  -u "[EMAIL PROTECTED]" <  
/var/spool/qmailscan/working/new/ 
myhost.mydomain.com109256963748210181Sun, 15 Aug 2004 13:34:04  
CEST:10181: SA: yup, this smells like SPAM
Sun, 15 Aug 2004 13:34:04 CEST:10181: spamassassin: finished scan of  
dir "/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181" in  
0.218333 secs
Sun, 15 Aug 2004 13:34:04 CEST:10181: scanloop: finished scan of  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181"...
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: starting scan of directory  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181"...
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '.hta' = '0' = 'HTA files  
not allowed per Company security policy'Sun, 15 Aug 2004 13:34:04  
CEST:10181: p_s: type is a size!Sun, 15 Aug 2004 13:34:04 CEST:10181:  
p_s:  '.lnk' = '0' = 'LNK files not allowed per Company security  
policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!Sun, 15 Aug  
2004 13:34:04 CEST:10181: p_s:  '.pif' = '0' = 'PIF files not allowed  
per Company security policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!Sun, 15 Aug  
2004 13:34:04 CEST:10181: p_s:  '.scr' = '0' = 'SCR files not allowed  
per Company security policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '.vbs' = '0' = 'VBS files  
not allowed per Company security policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '.wsh' = '0' = 'WSH files  
not allowed per Company security policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '81:ILOVEYOU' =  
'Virus-subject' = 'Love Letter Virus/Trojan'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing subject: ILOVEYOU
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '82:message/partial.*' =  
'Virus-content-type' = 'Message/partial MIME attachments blocked by  
policy'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing content-type: message/partial.*
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '85:.{100,}' = 'Virus-date'  
= 'MIME Header Buffer Overflow'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing date: .{100,}
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '86:.{100,}' =  
'Virus-mime-version' = 'MIME Header Buffer Overflow '
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing mime-version: .{100,}
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  '87:.{100,}' =  
'Virus-resent-date' = 'MIME Header Buffer Overflow'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing resent-date: .{100,}
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:   
'90: 
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
uivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
change.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|OZUNYL 
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]' 
 = 'Virus-to' = 'BadTrans Trojan exploit!'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  type is a header!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  checking for objects  
containing to:  
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
uivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
change.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|OZUNYL 
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  'eicar.com' = '69' = 'EICAR  
Test Virus'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  'happy99.exe' = '10000' =  
'Happy99 Trojan'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  'zipped_files.exe' =  
'120495' = 'W32/ExploreZip.worm.pak virus'
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: type is a size!
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s: skipping auto-generated file  
1092569644.10213-0.myhost.mydomain.com
Sun, 15 Aug 2004 13:34:04 CEST:10181: p_s:  finished scan of dir  
"/var/spool/qmailscan/tmp/myhost.mydomain.com109256963748210181" in  
0.013034 secs
Sun, 15 Aug 2004 13:34:04 CEST:10181: ini_sc: scanning message took  
0.241505 seconds
Sun, 15 Aug 2004 13:34:04 CEST:10181: q_r: fork off child into  
/var/qmail/bin/qmail-queue...
Sun, 15 Aug 2004 13:34:04 CEST:10220: q_r: xstatus=0
Sun, 15 Aug 2004 13:34:05 CEST:10220: error_condition:  
X-Qmail-Scanner-1.23: Unable to open pipe to /var/qmail/bin/qmail-queue  
[16777215] (#4.3.0) - Broken pipe
Sun, 15 Aug 2004 13:34:05 CEST:10181: error_condition:  
X-Qmail-Scanner-1.23: Unable to close pipe to  
/var/qmail/bin/qmail-queue [255] (#4.3.0) - Illegal seek


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general