MailScanner ERROR

Discussion in 'Installation/Configuration' started by dynaguy, Sep 25, 2010.

  1. dynaguy

    dynaguy New Member

    I setup a mail server followed the instruction here:
    http://www.howtoforge.com/virtual-users-domains-postfix-mailscanner-mailwatch-centos5.1

    So far everything seems fine. Lots spam mails has been catched. But in the maillog I see a lots errors:

    Code:
    Sep 24 15:19:06 zeta MailScanner[3229]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. ERROR :: /var/spool/MailScanner/incoming/3229  
    How do I fix this error? Do I need manual install razor? Where is the razor-agent.log?

    Please help. Thanks.
     
  2. dynaguy

    dynaguy New Member

    There is another thing bothers me:
    Code:
    [root@zeta ~]# MailScanner --lint
    ......
    MailScanner.conf says "Virus Scanners = clamd"
    Found these virus scanners installed: clamd
    ===========================================================================
    Filename Checks: Windows/DOS Executable (1 eicar.com)
    Other Checks: Found 1 problems
    Virus and Content Scanning: Starting
    Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
    Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
    Virus Scanning: Clamd found 2 infections
    Infected message 1 came from 10.1.1.1
    Virus Scanning: Found 2 viruses
    ===========================================================================
    Virus Scanner test reports:
    Clamd said "eicar.com was infected: Eicar-Test-Signature"
    
    ......
    
     
  3. falko

    falko Super Moderator

    Is Razor installed? What's the output of
    Code:
    updatedb
    locate razor-agent.log
    ?
     
  4. dynaguy

    dynaguy New Member

    Thank you falko for the reply.

    Code:
    [root@zeta /]# updatedb
    [root@zeta /]# locate razor-agent.log
    /var/spool/MailScanner/incoming/10086/razor-agent.log
    /var/spool/MailScanner/incoming/10111/razor-agent.log
    /var/spool/MailScanner/incoming/10717/razor-agent.log
    I noticed:
    Code:
    [root@zeta /]# ps aux | grep MailScanner
    postfix   4996  0.0  2.2  29984 23384 ?        Ss   Sep24   0:00 MailScanner: starting child
    postfix  10086  0.0  5.1  68688 53044 ?        S    06:41   0:02 MailScanner: waiting for messages
    postfix  10111  0.0  5.1  68680 53028 ?        S    06:44   0:02 MailScanner: waiting for messages
    postfix  10717  0.0  5.1  68648 53156 ?        S    07:05   0:02 MailScanner: waiting for messages
    postfix  14439  0.2  5.1  68184 52732 ?        S    08:37   0:01 MailScanner: waiting for messages
    postfix  14496  0.7  5.0  68024 52472 ?        S    08:47   0:01 MailScanner: waiting for messages
    root     14911  0.0  0.0   4004   704 pts/0    S+   08:52   0:00 grep MailScanner
    So I have 5 instances of MailScanner but I only have 3 corresponding razor-agent.log files. Could this be the problem?
     
  5. dynaguy

    dynaguy New Member

    some updates:

    1. It seems this ERROR message happens randomly. Some time happens, sometime doesn't.

    2. I checked the permission and ownership of the log file:
    Code:
    [root@zeta ~]# ll /var/spool/MailScanner/incoming/
    total 84
    drwxr-x--- 2 postfix clamav   4096 Sep 27 10:51 2374
    drwxr-x--- 2 postfix clamav   4096 Sep 27 10:52 2545
    drwxr-x--- 2 postfix clamav   4096 Sep 27 10:07 2631
    drwxr-x--- 2 postfix clamav   4096 Sep 27 10:51 2633
    drwxr-x--- 2 postfix clamav   4096 Sep 27 10:51 2635
    drwxr-x--- 2 postfix postfix  4096 Sep 27 09:25 Locks
    -rwxrwxr-x 1 postfix clamav   4096 Sep 27 10:52 Processing.db
    -rwxrwxr-x 1 postfix clamav  35840 Sep 27 10:52 SpamAssassin.cache.db
    drwx------ 2 postfix clamav   4096 Sep 27 10:52 SpamAssassin-Temp
    and
    Code:
    [root@zeta ~]# ll /var/spool/MailScanner/incoming/2545/
    total 4
    -rw------- 1 postfix postfix 796 Sep 27 10:52 razor-agent.log
    3. I think Razor is a plugin of MailScanner. I did not install razor separately.

    4. I really confused here: The error entry in maillog is from MailScanner. The ERROR seems from clamd (running as user clamav). And the razor-agent.log owned by user postfix. How this things(Postfix/MailScanner/Clamav/Spamassassin) working together? If it is a permission problem, why it doesn't happen all the time?
     
  6. dynaguy

    dynaguy New Member

Share This Page