I know this question has been done to death and I wouldn't post here if I
hadn't tried and tried...
I'm having trouble scanning attachments, but all mail deliveries still
work.
25MB softlimit in /var/qmail/supervise/smtp/run
Sorry in advance for the long post, I'm stumped.
+++++ qmail-queue.log snippet in debug mode with a .DOC file attached,
roughly same results for .ZIP files +++++++
Sat, 06 Feb 2010 07:06:17 CST:20001: +++ starting debugging for process
20001 (ppid=20000) by uid=89
Sat, 06 Feb 2010 07:06:17 CST:20001: setting UID to EUID so subprocesses
can access files generated by this script
Sat, 06 Feb 2010 07:06:17 CST:20001: program name is
qmail-scanner-queue.pl, version 2.06st
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: mkdir
/var/spool/qscan/tmp/li112-80126546157778720001
Sat, 06 Feb 2010 07:06:17 CST:20001: c_a_g: found MIME attachment
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: primary Content-Type of
multipart/mixed found
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: found a top-level boundary
definition of 0\-1667733030\-1265461576\=\:93955
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 1: Content-Type of
multipart/alternative found
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 2: Content-Type of
text/plain found
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 3: Content-Type of
text/html found
Sat, 06 Feb 2010 07:06:17 CST:20001: found C-T attachment filename
"confidentiality agreement - mutual - ca-003.doc"
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 5: Content-Type of
application/msword found
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: rename new msg from
/var/spool/qscan/working/tmp/li112-80126546157778720001 to
/var/spool/qscan/working/new/li112-8
0126546157778720001
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: (this is basically the time it
took the client to send the message over the network
Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: resetting timer so as to measure
actual Qmail-Scanner processing time
Sat, 06 Feb 2010 07:06:17 CST:20001: incoming SMTP connection from via
SMTP from 209.191.69.137
Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: Checking all attachments to see
if they're MS-TNEF
Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: Check for zip files...
Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: unpacking message took 0.013726
seconds
Sat, 06 Feb 2010 07:06:17 CST:20001: unsetting QMAILQUEUE env var
Sat, 06 Feb 2010 07:06:17 CST:20001: g_e_h: return-path is
"myu...@yahoo.com", recips is "myu...@localdomain.tld"
Sat, 06 Feb 2010 07:06:17 CST:20001: from=myuser
<myu...@yahoo.com>,subj=incoming,
x-qmail-scanner-message-id=<725645.93955...@web33107.mail.mud.
yahoo.com> via SMTP from 209.191.69.137
Sat, 06 Feb 2010 07:06:17 CST:20001: ini_sc: start scanning
Sat, 06 Feb 2010 07:06:17 CST:20001: ini_sc: recursively scan the
directory /var/spool/qscan/tmp/li112-80126546157778720001/
Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop: starting scan of directory
"/var/spool/qscan/tmp/li112-80126546157778720001"...
Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
scanner=clamdscan_scanner,plain_text_msg=0
Sat, 06 Feb 2010 07:06:17 CST:20001: clamdscan: starting scan of directory
"/var/spool/qscan/tmp/li112-80126546157778720001"...
Sat, 06 Feb 2010 07:06:17 CST:20001: run /usr/bin/clamdscan --no-summary
/var/spool/qscan/tmp/li112-80126546157778720001 2>&1
Sat, 06 Feb 2010 07:06:17 CST:20001: --output of clamdscan was:
/var/spool/qscan/tmp/li112-80126546157778720001: lstat() failed:
Permission denied. ERROR
Sat, 06 Feb 2010 07:06:17 CST:20001: clamdscan: finished scan of dir
"/var/spool/qscan/tmp/li112-80126546157778720001" in 0.003737 secs
Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
scanner=spamassassin,plain_text_msg=0
Sat, 06 Feb 2010 07:06:17 CST:20001: SA-1: run /usr/bin/spamc -t 30 -s
256000 < /var/spool/qscan/working/new/li112-80126546157778720001
Sat, 06 Feb 2010 07:06:17 CST:20001: SA: overwriting
/var/spool/qscan/working/new/li112-80126546157778720001 with
/var/spool/qscan/working/new/li112-80126546
157778720001.spamc
Sat, 06 Feb 2010 07:06:17 CST:20001: SA: nope, mmmm... ham... (score=-2.5
required=5.3)
Sat, 06 Feb 2010 07:06:17 CST:20001: SA: required_hits 5.3 / sa_quarantine
+0 / sa_delete +9
Sat, 06 Feb 2010 07:06:17 CST:20001: SA: finished scan of dir
"/var/spool/qscan/tmp/li112-80126546157778720001" in 0.450812 secs -
hits=-2.5/5.3
Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
scanner=perlscan_scanner,plain_text_msg=0
++++++++++++++++ end qmail-queue.log +++++++++++++++++++++++
+++++ BEGIN qscan FOLDER PERMS +++++
r...@li112-80:/var/spool# ls -l
total 12
drwxr-xr-x 2 root root 4096 Oct 5 16:57 anacron
drwxr-xr-x 5 root root 4096 Dec 12 06:52 cron
lrwxrwxrwx 1 root root 7 Aug 6 2009 mail -> ../mail
drwxr-xr-x 6 qscand qscand 4096 Feb 4 16:53 qscan
r...@li112-80:/var/spool# cd qscan/
r...@li112-80:/var/spool/qscan# ls -l
total 45320
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 archives
-rwxr-x--- 1 qscand qmail 1434 Oct 12 09:13 log-report.sh
-rw-rw---- 1 qscand qmail 46283129 Feb 6 07:06 qmail-queue.log
-rw-rw---- 1 qscand qmail 63 Oct 12 09:13
qmail-scanner-queue-version.txt
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 quarantine
-rw-r----- 1 qscand qmail 12288 Oct 12 09:16 quarantine-events.db
-rw-r----- 1 qscand qmail 10438 Oct 12 09:16 quarantine-events.txt
-rw-rw---- 1 qscand qmail 16211 Feb 1 10:22 quarantine.log
-rw-r----- 1 qscand qmail 2739 Oct 12 09:13 settings_per_domain.txt
drwxrwxr-x 2 qscand qmail 4096 Feb 6 07:06 tmp
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 working
r...@li112-80:/var/spool/qscan# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/xvda 16124880 3138116 12986764 20% /
tmpfs 184428 0 184428 0% /lib/init/rw
varrun 184428 60 184368 1% /var/run
varlock 184428 0 184428 0% /var/lock
udev 184428 108 184320 1% /dev
tmpfs 184428 0 184428 0% /dev/shm
++++++++ end folder perms +++++++++++
++++++++++++++ BEGIN PROCESS OWNERS +++++++++++++++
r...@li112-80:/var/spool/qscan# ps waux | egrep -i 'clam|qmail|scan'
root 2753 0.0 0.1 1768 436 ? Ss 2009 0:00 /bin/sh
/command/svscanboot
root 2774 0.0 0.0 1716 348 ? S 2009 0:00 svscan
/service
root 2776 0.0 0.0 1556 288 ? S 2009 0:00 supervise
qmail-pop3d
root 2778 0.0 0.0 1556 292 ? S 2009 0:00 supervise
qmail-send
root 2780 0.0 0.0 1560 292 ? S 2009 0:00 supervise
qmail-smtpd
qmaill 2793 0.0 0.0 1700 320 ? S 2009 0:00
/usr/local/bin/multilog t s10000000 n30 /var/log/qmail/dovecot
clamav 3757 0.0 0.3 3092 1284 ? Ss 2009 0:22
/usr/bin/freshclam -d --quiet
root 25915 0.0 0.1 1756 524 ? S 2009 0:00
/usr/local/bin/tcpserver -H -l {snip host} -v -x
/home/vpopmail/etc/tcp.pop3.cdb -c 5 -R 0 pop3 /var/qmail/bin/qmail-popup
{snip host} /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir
vpopmail 25916 0.0 0.1 1756 532 ? S 2009 0:00
/usr/local/bin/tcpserver -H -l {snip host} -v -x
/home/vpopmail/etc/tcp.smtp.cdb -c 20 -R -u 89 -g 89 0 smtp
/usr/local/bin/rblsmtpd -b -C -r zen.spamhaus.org:Your message was
rejected. Please consult http://www.spamhaus.org/ -t 5
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /usr/bin/true
qmails 25920 0.0 0.1 1736 412 ? S 2009 0:02
qmail-send
qmaill 25921 0.0 0.0 1700 364 ? S 2009 0:00
/usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd
qmaill 25922 0.0 0.1 1700 384 ? S 2009 0:00
/usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d
root 25923 0.0 0.0 1696 340 ? S 2009 0:01
qmail-lspawn ./Maildir/
qmailr 25924 0.0 0.0 1696 356 ? S 2009 0:00
qmail-rspawn
qmailq 25925 0.0 0.0 1684 340 ? S 2009 0:00
qmail-clean
qmaill 25929 0.0 0.0 1696 340 ? S 2009 0:00
/usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send
qscand 26623 0.0 22.3 101524 82608 ? Ssl Feb04 0:05
/usr/sbin/clamd
root 20144 0.0 0.1 1968 624 pts/0 S+ 07:13 0:00 egrep -i
clam|qmail|scan
++++++++++++++++ end process ownership +++++++++++++++++++++++++
++++++++++++++++++ begin clamd.conf details +++++++++++++++++++++++++++
r...@li112-80:/var/spool/qscan# cat /etc/clamav/clamd.conf | grep -v "^#"
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
User qscand
AllowSupplementaryGroups yes
ScanMail true
ScanArchive true
ArchiveBlockEncrypted true
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
++++++++++++++++ end clamd.conf details ++++++++++++++++++++++++++++++
++++++++++++++++++ begin product install versions +++++++++++++++++++++++
ubuntu 9.04
netqmail 1.06
qmail-scanner 2.06st
ClamAV 0.95.1/10362/Sat Feb 6 01:14:06 2010
++++++++++++++ end product install ++++++++++++++++++
++++++++++ BEGIN qmail-scanner config snippet +++++++++++++
#!/usr/bin/perl -T
#
# File: qmail-scanner-queue.pl
# Version: 2.06 - st - patch - 20090419
#
# Author: Jason L. Haar <jhaar - users.sourceforge.net>
#
# Patch by: Salvatore Toribio <toribio - pusc.it>
#
# See the file README-st-patch for information about the patch
# This version deletes/rejects spam based in Chris Hine's patch for v1.16
#
# Each user could has his own scanners and sa_settings.
#
# This file was auto-generated by:
#
# ./configure --qs-user qmailq --qs-group qmail --admin antivirus --domain
surfinbox.com --admin-description "System Anti-Virus Administrator"
--notify psend
er,nmlvadm --local-domains surfinbox.com --silent-viruses auto
--virus-to-delete 1 --skip-text-msgs 1 --lang en_GB --debug no --minidebug
1 --add-dscr-hdrs y
es --dscr-hdrs-text "X-Qmail-Scanner" --normalize yes --archive 0
--settings-per-domain 0 --max-scan-size 100000000 --unzip 0 --max-zip-size
80000000 --max-u
npacked-files 2000 --redundant 1 --log-details syslog --log-crypto 0
--fix-mime 1 --ignore-eol-check 1 --sa-delta 0 --sa-alt 0 --sa-debug 0
--sa-report 0 --s
a-quarantine 0 --sa-delete 9 --sa-reject 1 --scanners
"clamdscan,verbose_spamassassin" --install 1
#
# Scanners installed =
("clamdscan_scanner","spamassassin","perlscan_scanner")
#
+++++++++++++++++ end qmail scanner ++++++++++++++++++++++++
+++++++++++++ sample eicar test local clamdscan +++++++++++++++++
r...@li112-80:/home/user# clamdscan eicar.com.txt
/home/daver/eicar.com.txt: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.001 sec (0 m 0 s)
++++++++++++++ end sample eicar test +++++++++++++++++++++++
THANKS!!!!!!!!!!!!!!!
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
