View Single Post
  #21  
Old 28th February 2011, 03:42
neofire neofire is offline
Member
 
Join Date: Feb 2011
Location: Brisbane, QLD Australia
Posts: 35
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hey Rocky / topdog

Sorry haven't replied in a while been away travelling

I have updated clamav (i have even gone as far as upgrading the install aswell) and still the spamsnake install holds the message for a while then bounces it back Log file below

mail.log
Feb 28 10:44:19 spamsnake MailScanner[1848]: Making attempt 6 at processing message 6A38410061C.AE053
Feb 28 10:44:19 spamsnake MailScanner[1848]: New Batch: Scanning 1 messages, 18905 bytes
Feb 28 10:44:19 spamsnake MailScanner[1848]: Virus and Content Scanning: Starting
Feb 28 10:44:19 spamsnake MailScanner[2572]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...
Feb 28 10:44:19 spamsnake MailScanner[2572]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
Feb 28 10:44:19 spamsnake MailScanner[2572]: Reading configuration file /opt/MailScanner/etc/conf.d/README
Feb 28 10:44:19 spamsnake MailScanner[2572]: Read 867 hostnames from the phishing whitelist
Feb 28 10:44:19 spamsnake MailScanner[2572]: Read 6999 hostnames from the phishing blacklists
Feb 28 10:44:19 spamsnake MailScanner[2572]: Config: calling custom init function BaruwaLowScore
Feb 28 10:44:19 spamsnake MailScanner[2572]: Config: calling custom init function BaruwaBlacklist
Feb 28 10:44:19 spamsnake MailScanner[2572]: Config: calling custom init function BaruwaSQL
Feb 28 10:44:19 spamsnake MailScanner[2572]: Config: calling custom init function BaruwaHighScore
Feb 28 10:44:19 spamsnake MailScanner[2572]: Using SpamAssassin results cache
Feb 28 10:44:19 spamsnake MailScanner[2572]: Connected to SpamAssassin cache database
Feb 28 10:44:19 spamsnake MailScanner[2572]: Enabling SpamAssassin auto-whitelist functionality...
Feb 28 10:44:20 spamsnake MailScanner[2275]: Warning: skipping message 6A38410061C.AE053 as it has been attempted too many times
Feb 28 10:44:20 spamsnake MailScanner[2275]: Quarantined message 6A38410061C.AE053 as it caused MailScanner to crash several times
Feb 28 10:44:20 spamsnake MailScanner[2275]: Saved entire message to /var/spool/MailScanner/quarantine/20110228/6A38410061C.AE053
Feb 28 10:44:20 spamsnake MailScanner[2275]: New Batch: Scanning 1 messages, 18905 bytes
Feb 28 10:44:20 spamsnake MailScanner[2275]: Sender Warnings: Delivered 1 warnings to virus senders
clamav.log
Sun Feb 27 23:25:14 2011 -> SelfCheck: Database status OK.
Mon Feb 28 00:25:14 2011 -> SelfCheck: Database status OK.
Mon Feb 28 01:25:14 2011 -> SelfCheck: Database status OK.
Mon Feb 28 02:25:14 2011 -> SelfCheck: Database modification detected. Forcing reload.
Mon Feb 28 02:25:15 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 02:25:20 2011 -> Database correctly reloaded (1048328 signatures)
Mon Feb 28 03:25:20 2011 -> SelfCheck: Database status OK.
Mon Feb 28 04:25:20 2011 -> SelfCheck: Database modification detected. Forcing reload.
Mon Feb 28 04:25:21 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 04:25:26 2011 -> Database correctly reloaded (1048329 signatures)
Mon Feb 28 05:25:26 2011 -> SelfCheck: Database status OK.
Mon Feb 28 06:25:26 2011 -> SelfCheck: Database status OK.
Mon Feb 28 07:25:27 2011 -> SelfCheck: Database modification detected. Forcing reload.
Mon Feb 28 07:25:27 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 07:25:32 2011 -> Database correctly reloaded (1048335 signatures)
Mon Feb 28 08:25:32 2011 -> SelfCheck: Database status OK.
Mon Feb 28 09:25:33 2011 -> SelfCheck: Database modification detected. Forcing reload.
Mon Feb 28 09:25:33 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 09:25:38 2011 -> Database correctly reloaded (1048355 signatures)
Mon Feb 28 10:07:43 2011 -> Pid file removed.
Mon Feb 28 10:07:43 2011 -> --- Stopped at Mon Feb 28 10:07:43 2011
Mon Feb 28 10:07:43 2011 -> Socket file removed.
Mon Feb 28 10:09:13 2011 -> +++ Started at Mon Feb 28 10:09:13 2011
Mon Feb 28 10:09:13 2011 -> clamd daemon 0.97 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Feb 28 10:09:13 2011 -> Log file size limited to -1 bytes.
Mon Feb 28 10:09:13 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 10:09:13 2011 -> Not loading PUA signatures.
Mon Feb 28 10:09:16 2011 -> Loaded 1048355 signatures.
Mon Feb 28 10:09:17 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Feb 28 10:09:17 2011 -> LOCAL: Setting connection queue length to 15
Mon Feb 28 10:09:17 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Feb 28 10:09:17 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Feb 28 10:09:17 2011 -> Limits: Recursion level limit set to 16.
Mon Feb 28 10:09:17 2011 -> Limits: Files limit set to 10000.
Mon Feb 28 10:09:17 2011 -> Archive support enabled.
Mon Feb 28 10:09:17 2011 -> Algorithmic detection enabled.
Mon Feb 28 10:09:17 2011 -> Portable Executable support enabled.
Mon Feb 28 10:09:17 2011 -> ELF support enabled.
Mon Feb 28 10:09:17 2011 -> Mail files support enabled.
Mon Feb 28 10:09:17 2011 -> OLE2 support enabled.
Mon Feb 28 10:09:17 2011 -> PDF support enabled.
Mon Feb 28 10:09:17 2011 -> HTML support enabled.
Mon Feb 28 10:09:17 2011 -> Self checking every 3600 seconds.
Mon Feb 28 10:13:10 2011 -> Pid file removed.
Mon Feb 28 10:13:10 2011 -> --- Stopped at Mon Feb 28 10:13:10 2011
Mon Feb 28 10:13:10 2011 -> Socket file removed.
Mon Feb 28 10:14:41 2011 -> +++ Started at Mon Feb 28 10:14:41 2011
Mon Feb 28 10:14:42 2011 -> clamd daemon 0.97 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Feb 28 10:14:42 2011 -> Log file size limited to -1 bytes.
Mon Feb 28 10:14:42 2011 -> Reading databases from /var/lib/clamav
Mon Feb 28 10:14:42 2011 -> Not loading PUA signatures.
Mon Feb 28 10:14:47 2011 -> Loaded 1048355 signatures.
Mon Feb 28 10:14:48 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Feb 28 10:14:48 2011 -> LOCAL: Setting connection queue length to 15
Mon Feb 28 10:14:48 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Feb 28 10:14:48 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Feb 28 10:14:48 2011 -> Limits: Recursion level limit set to 16.
Mon Feb 28 10:14:48 2011 -> Limits: Files limit set to 10000.
Mon Feb 28 10:14:48 2011 -> Archive support enabled.
Mon Feb 28 10:14:48 2011 -> Algorithmic detection enabled.
Mon Feb 28 10:14:48 2011 -> Portable Executable support enabled.
Mon Feb 28 10:14:48 2011 -> ELF support enabled.
Mon Feb 28 10:14:48 2011 -> Mail files support enabled.
Mon Feb 28 10:14:48 2011 -> OLE2 support enabled.
Mon Feb 28 10:14:48 2011 -> PDF support enabled.
Mon Feb 28 10:14:48 2011 -> HTML support enabled.
Mon Feb 28 10:14:48 2011 -> Self checking every 3600 seconds.
freshclam.log
Mon Feb 28 10:15:38 2011 -> ClamAV update process started at Mon Feb 28 10:15:38 2011
Mon Feb 28 10:15:38 2011 -> main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Mon Feb 28 10:15:38 2011 -> daily.cld is up to date (version: 12787, sigs: 60251, f-level: 60, builder: guitar)
Mon Feb 28 10:15:38 2011 -> bytecode.cld is up to date (version: 140, sigs: 40, f-level: 58, builder: edwin)
Mon Feb 28 11:14:51 2011 -> Received signal: wake up
Mon Feb 28 11:14:51 2011 -> ClamAV update process started at Mon Feb 28 11:14:51 2011
Mon Feb 28 11:14:51 2011 -> main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Mon Feb 28 11:14:51 2011 -> daily.cld is up to date (version: 12787, sigs: 60251, f-level: 60, builder: guitar)
Mon Feb 28 11:14:51 2011 -> bytecode.cld is up to date (version: 140, sigs: 40, f-level: 58, builder: edwin)
Mon Feb 28 11:14:52 2011 -> --------------------------------------
Bounce Back e-mail
Our virus detector failed to completely analyse a message you sent:-
To:
Subject:
Date: Mon Feb 28 10:44:20 2011
Any parts of the message that could not be analysed will not have been
delivered.

If you are using Microsoft Outlook, we strongly recommend you change your
outgoing message format from "Rich Text" to "HTML" or "Plain Text".

1) Click on the "Tools" menu and choose "Options..."
2) Go to the "Mail Format" tab
3) For message format, select "HTML" or "Plain text"
4) Click OK

The virus detector said this about the message:
Report: Report: MailScanner: Message attempted to kill MailScanner


--
MailScanner
Email Virus Scanner
cybercrysis.net.au
www.cybercrysis.net.au

For all your IT requirements visit: http://www.transtec.co.uk
any more ideas
Reply With Quote
Sponsored Links