HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Report: MailScanner: Message attempted to kill MailScanner (http://www.howtoforge.com/forums/showthread.php?t=50595)

macross 20th December 2010 16:05

Report: MailScanner: Message attempted to kill MailScanner
 
Hi there.

After my install for the spamspanke for ubuntu-jeos-10.10-maverick-meerkat guide. I receive many of these emails and some users mails appear to be wrongly blocked.

Report: MailScanner: Message attempted to kill MailScanner

I googled and found some mention of winmail.dat i tried changing a few things but the message persists and users emails are being blocked.

Anyone have this issue?

Thanks!

Rocky 20th December 2010 16:22

What's in your mail.log?

macross 20th December 2010 16:46

Dec 20 10:11:01 belatrix MailScanner[18378]: Making attempt 6 at processing message D15FF440361.A2C11
Dec 20 10:11:01 belatrix MailScanner[18378]: New Batch: Scanning 1 messages, 586001 bytes
Dec 20 10:11:01 belatrix MailScanner[18453]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...
Dec 20 10:11:02 belatrix MailScanner[18453]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
Dec 20 10:11:02 belatrix MailScanner[18453]: Reading configuration file /opt/MailScanner/etc/conf.d/README
Dec 20 10:11:02 belatrix MailScanner[18453]: Read 867 hostnames from the phishing whitelist
Dec 20 10:11:02 belatrix MailScanner[18453]: Read 4445 hostnames from the phishing blacklists
Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaLowScore
Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaBlacklist
Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa blacklists
Dec 20 10:11:02 belatrix MailScanner[18453]: Read 0 blacklist items
Dec 20 10:11:02 belatrix MailScanner[18453]: Ip blocks blacklisted:
Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaSQL
Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa SQL logger
Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaHighScore
Dec 20 10:11:02 belatrix MailScanner[18453]: Baruwa - Populating high spam score settings
Dec 20 10:11:02 belatrix MailScanner[18453]: Read 4 high spam score settings
Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaWhitelist
Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa whitelists
Dec 20 10:11:02 belatrix MailScanner[18453]: Read 5 whitelist items
Dec 20 10:11:02 belatrix MailScanner[18453]: Ip blocks whitelisted:
Dec 20 10:11:02 belatrix MailScanner[18453]: Using SpamAssassin results cache
Dec 20 10:11:02 belatrix MailScanner[18453]: Connected to SpamAssassin cache database
Dec 20 10:11:02 belatrix MailScanner[18453]: Enabling SpamAssassin auto-whitelist functionality...
Dec 20 10:11:04 belatrix MailScanner[17264]: Quarantined message D15FF440361.A2C11 as it caused MailScanner to crash several times
Dec 20 10:11:04 belatrix MailScanner[17264]: Saved entire message to /var/spool/MailScanner/quarantine/20101220/D15FF440361.A2C11
Dec 20 10:11:05 belatrix MailScanner[17264]: New Batch: Scanning 1 messages, 586001 bytes
Dec 20 10:11:05 belatrix MailScanner[17264]: Sender Warnings: Delivered 1 warnings to virus senders
Dec 20 10:11:05 belatrix postfix/pickup[18244]: 9D8FB440360: uid=103 from=<>
Dec 20 10:11:05 belatrix postfix/cleanup[18486]: 9D8FB440360: message-id=<20101220151105.9D8FB440360@belatrix.mycompany. on.ca>
Dec 20 10:11:05 belatrix postfix/qmgr[28224]: 9D8FB440360: from=<>, size=1215, nrcpt=1 (queue active)
Dec 20 10:11:05 belatrix postfix/pickup[18244]: AC3F1440361: uid=103 from=<postmaster>
Dec 20 10:11:05 belatrix postfix/cleanup[18486]: AC3F1440361: message-id=<20101220151105.AC3F1440361@belatrix.mycompany. on.ca>
Dec 20 10:11:05 belatrix MailScanner[17264]: Notices: Warned about 1 messages
Dec 20 10:11:05 belatrix MailScanner[17264]: Deleted 1 messages from processing-database
Dec 20 10:11:05 belatrix MailScanner[17264]: Logging message D15FF440361.A2C11 to Baruwa SQL
Dec 20 10:11:05 belatrix MailScanner[17674]: D15FF440361.A2C11: Logged to Baruwa SQL


This matches the mail.

Subject: re: ORION Proposal
MessageID: D15FF440361.A2C11
Quarantine: /var/spool/MailScanner/quarantine/20101220/D15FF440361.A2C11
Report: MailScanner: Message attempted to kill MailScanner

Rocky 20th December 2010 17:00

What do you have in your clamav.log?

Do the mails have any documents attached?

Also, check to see if the hard drive is full.

macross 20th December 2010 17:10

Actually my clamav log is empty.

macross 20th December 2010 17:15

hmm which clam should be installed. I may have an extra version installed. I would like to clean this up and ensure clam os correctly linked. Perhaps I should redo that section.

root@belatrix:~# dpkg --get-selections | grep -i clam
clamav install
clamav-base install
clamav-daemon install
clamav-freshclam install
libclamav6 install

Rocky 20th December 2010 17:19

No, those are the packages that should be installed.

You can redo it by doing:

apt-get remove --purge clamav-daemon libclamav6

apt-get install clamav-deamon libclamav6


Is your partition full by chance?

macross 20th December 2010 17:38

Checked my space I am good on that. looking into the log further I see fuzzy not connecting even though I did specify the password on the db and in the .cf and clean-sql files.

Dec 20 11:36:37.238 [21273] dbg: FuzzyOcr: Connecting to: dbi:mysql:database=FuzzyOcr;mysql_socket=/tmp/mysql.sock
Dec 20 11:36:37.242 [21273] warn: DBI connect('database=FuzzyOcr;mysql_socket=/tmp/mysql.sock','fuzzyocr',...) failed: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) at /usr/share/perl5/FuzzyOcr/Config.pm line 194

Rocky 20th December 2010 18:39

Open /etc/spamassassin/FuzzyOcr.cf and make sure this is specified:

focr_mysql_socket /var/run/mysqld/mysqld.sock

Should be where you specified the other mysql settings. Your Fuzzy is looking for the sock in the wrong place.

macross 20th December 2010 19:51

Ahh excellent thank you for noticing that.


Do you have any idea why I am getting these when running the lint?

ec 20 13:51:14.681 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <META HTTP-EQUIV="Expires" CONTENT="-1">
Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <TITLE></TITLE>
Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": </HEAD>
Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <BODY><P></BODY>
Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": </HTML>
Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd">
Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": "http://www.w3.org/TR/html4/strict.dtd"> -->
Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <HTML>
Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <HEAD>
Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Refresh" CONTENT="0.1">
Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Expires" CONTENT="-1">
Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <TITLE></TITLE>
Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": </HEAD>
Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <BODY><P></BODY>


All times are GMT +2. The time now is 18:21.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.