[EMAIL PROTECTED] wrote:
The first problem occurs when I run the test_installation.sh
script. The script appears to run OK. However, I only receive
emails 1 and 4 in my mailbox.
Sounds exactly correct to me. #1 is a normal, clean message. #2 and #3 are viruses - so you shouldn't receive anything (based on the config you showed - you won't get an alert), and #4 is SPAM - so you'll get it - but it'd be tagged as SPAM by SpamAssassin if you had it.
All good
Nov 28 15:27:52 dmz qmail-scanner[16853]:
Perlscan:EICAR_Test_Virus:RC:1(127.0.0.1): 0.07728 979 <>
[EMAIL PROTECTED]
Qmail-Scanner_viral_test_(2/4):_checking_perlscanner...
<[EMAIL PROTECTED]>
1101673671.16855-0.dmz.theotherbell.com:300 Eicar.com:69
orig-dmz.theotherbell.com110167367148716853:979
..and the logs show that indeed Q-S did scan it correctly.
2004-11-28 15:53:02.380643500 tcpserver: status: 1/20 2004-11-28 15:53:02.380651500 tcpserver: pid 16939 from 65.54.187.85 2004-11-28 15:53:02.917174500 tcpserver: ok 16939 dmz.theotherbell.com:172.16.1.5:25 bay18-f35.bay18.hotmail.com:65.54.187.85::45698 2004-11-28 15:53:06.797652500 tcpserver: end 16939 status 256 2004-11-28 15:53:06.797660500 tcpserver: status: 0/20
status 256 should be status 0 - so yes, something went wrong.
My tcp.smtp looks like this:
...
Look good. You didn't run "maketcprules" afterwards to generate the CDB version?
There's nothing in any of the other logs (/var/log/qmail/current, /var/log/mail/*, /var/log/clamd/current or /var/spool/qmailscan/qmail-queue.log).
Hmm, so syslog shows no X-Qmail-Scanner error, qmail-queue.log shows no error. This means either you aren't calling Q-S, or Q-S has such terrible permissions set on it that it cannot even generate the appropriate log entries. When you ran "test_installation.sh" - did they show up in the qmail-queue.log file? Are all the files/dirs under /var/spool/qmailscan owned by qscand? I'd suspect a simple spelling mistake of you QMAILQUEUE environment variable - but what you showed in your tcp.smtp file looks correct to me (but it's what's in the CDB file that actually counts). Check that string is really set correctly and do "maketcprules" again.
Can someone point me in the right direction?
In this kind of case strace is your friend. Find the PID associated with tcpserver, and trace if via "strace -f -o /tmp/strace.log -p PID". Then send a message through and watch it fail. (tcpserver will call qmail-smtpd which [via QMAILQUEUE] should call qmail-scanner-queue.pl). Then Ctrl-C the strace and edit /tmp/strace.log and go to the bottom and work your way up until you find what went wrong.
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
