Hi there. After my install for the spamspanke for ubuntu-jeos-10.10-maverick-meerkat guide. I receive many of these emails and some users mails appear to be wrongly blocked. Report: MailScanner: Message attempted to kill MailScanner I googled and found some mention of winmail.dat i tried changing a few things but the message persists and users emails are being blocked. Anyone have this issue? Thanks!
Dec 20 10:11:01 belatrix MailScanner[18378]: Making attempt 6 at processing message D15FF440361.A2C11 Dec 20 10:11:01 belatrix MailScanner[18378]: New Batch: Scanning 1 messages, 586001 bytes Dec 20 10:11:01 belatrix MailScanner[18453]: MailScanner E-Mail Virus Scanner version 4.81.4 starting... Dec 20 10:11:02 belatrix MailScanner[18453]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf Dec 20 10:11:02 belatrix MailScanner[18453]: Reading configuration file /opt/MailScanner/etc/conf.d/README Dec 20 10:11:02 belatrix MailScanner[18453]: Read 867 hostnames from the phishing whitelist Dec 20 10:11:02 belatrix MailScanner[18453]: Read 4445 hostnames from the phishing blacklists Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaLowScore Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaBlacklist Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa blacklists Dec 20 10:11:02 belatrix MailScanner[18453]: Read 0 blacklist items Dec 20 10:11:02 belatrix MailScanner[18453]: Ip blocks blacklisted: Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaSQL Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa SQL logger Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaHighScore Dec 20 10:11:02 belatrix MailScanner[18453]: Baruwa - Populating high spam score settings Dec 20 10:11:02 belatrix MailScanner[18453]: Read 4 high spam score settings Dec 20 10:11:02 belatrix MailScanner[18453]: Config: calling custom init function BaruwaWhitelist Dec 20 10:11:02 belatrix MailScanner[18453]: Starting Baruwa whitelists Dec 20 10:11:02 belatrix MailScanner[18453]: Read 5 whitelist items Dec 20 10:11:02 belatrix MailScanner[18453]: Ip blocks whitelisted: Dec 20 10:11:02 belatrix MailScanner[18453]: Using SpamAssassin results cache Dec 20 10:11:02 belatrix MailScanner[18453]: Connected to SpamAssassin cache database Dec 20 10:11:02 belatrix MailScanner[18453]: Enabling SpamAssassin auto-whitelist functionality... Dec 20 10:11:04 belatrix MailScanner[17264]: Quarantined message D15FF440361.A2C11 as it caused MailScanner to crash several times Dec 20 10:11:04 belatrix MailScanner[17264]: Saved entire message to /var/spool/MailScanner/quarantine/20101220/D15FF440361.A2C11 Dec 20 10:11:05 belatrix MailScanner[17264]: New Batch: Scanning 1 messages, 586001 bytes Dec 20 10:11:05 belatrix MailScanner[17264]: Sender Warnings: Delivered 1 warnings to virus senders Dec 20 10:11:05 belatrix postfix/pickup[18244]: 9D8FB440360: uid=103 from=<> Dec 20 10:11:05 belatrix postfix/cleanup[18486]: 9D8FB440360: message-id=<[email protected]> Dec 20 10:11:05 belatrix postfix/qmgr[28224]: 9D8FB440360: from=<>, size=1215, nrcpt=1 (queue active) Dec 20 10:11:05 belatrix postfix/pickup[18244]: AC3F1440361: uid=103 from=<postmaster> Dec 20 10:11:05 belatrix postfix/cleanup[18486]: AC3F1440361: message-id=<[email protected]> Dec 20 10:11:05 belatrix MailScanner[17264]: Notices: Warned about 1 messages Dec 20 10:11:05 belatrix MailScanner[17264]: Deleted 1 messages from processing-database Dec 20 10:11:05 belatrix MailScanner[17264]: Logging message D15FF440361.A2C11 to Baruwa SQL Dec 20 10:11:05 belatrix MailScanner[17674]: D15FF440361.A2C11: Logged to Baruwa SQL This matches the mail. Subject: re: ORION Proposal MessageID: D15FF440361.A2C11 Quarantine: /var/spool/MailScanner/quarantine/20101220/D15FF440361.A2C11 Report: MailScanner: Message attempted to kill MailScanner
What do you have in your clamav.log? Do the mails have any documents attached? Also, check to see if the hard drive is full.
hmm which clam should be installed. I may have an extra version installed. I would like to clean this up and ensure clam os correctly linked. Perhaps I should redo that section. [email protected]:~# dpkg --get-selections | grep -i clam clamav install clamav-base install clamav-daemon install clamav-freshclam install libclamav6 install
No, those are the packages that should be installed. You can redo it by doing: apt-get remove --purge clamav-daemon libclamav6 apt-get install clamav-deamon libclamav6 Is your partition full by chance?
Checked my space I am good on that. looking into the log further I see fuzzy not connecting even though I did specify the password on the db and in the .cf and clean-sql files. Dec 20 11:36:37.238 [21273] dbg: FuzzyOcr: Connecting to: dbi:mysql:database=FuzzyOcr;mysql_socket=/tmp/mysql.sock Dec 20 11:36:37.242 [21273] warn: DBI connect('database=FuzzyOcr;mysql_socket=/tmp/mysql.sock','fuzzyocr',...) failed: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) at /usr/share/perl5/FuzzyOcr/Config.pm line 194
Open /etc/spamassassin/FuzzyOcr.cf and make sure this is specified: focr_mysql_socket /var/run/mysqld/mysqld.sock Should be where you specified the other mysql settings. Your Fuzzy is looking for the sock in the wrong place.
Ahh excellent thank you for noticing that. Do you have any idea why I am getting these when running the lint? ec 20 13:51:14.681 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <META HTTP-EQUIV="Expires" CONTENT="-1"> Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <TITLE></TITLE> Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": </HEAD> Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": <BODY><P></BODY> Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_FVGT_Tripwire.cf": </HTML> Dec 20 13:51:14.682 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd"> Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": "http://www.w3.org/TR/html4/strict.dtd"> --> Dec 20 13:51:14.683 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <HTML> Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <HEAD> Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Refresh" CONTENT="0.1"> Dec 20 13:51:14.760 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <META HTTP-EQUIV="Expires" CONTENT="-1"> Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <TITLE></TITLE> Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": </HEAD> Dec 20 13:51:14.761 [32499] info: config: failed to parse line, skipping, in "/etc/spamassassin/99_sare_fraud_post25x.cf": <BODY><P></BODY>
OK everything is looking really good. Just the two last issues. the aforementioned parse error and a clamav issue. Ubuntu comes with amavis-new..should i leave that installed ? Will it conflict with permissions? Right now in mail.log i see MailScanner[6459]: Cannot find Socket (/var/run/clamav/clamd.ctl) Exiting! Thanks so much for your support!
ahhh /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header0.cf -2010-12-20 15:18:26-- http://www.rulesemporium.com/rules/70_sare_header0.cf Resolving www.rulesemporium.com... 72.52.4.74 Connecting to www.rulesemporium.com|72.52.4.74|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2010-12-20 15:18:27 ERROR 404: Not Found. the files don't exist anymore
Ok i manually got the .cf files I could find, so I am all set. So back to the original issue. Report: MailScanner: Message attempted to kill MailScanner This still occurs and in my log file I see Dec 20 15:28:36 belatrix MailScanner[9362]: Reading configuration file /opt/MailScanner/etc/conf.d/README Dec 20 15:28:36 belatrix MailScanner[9362]: Read 867 hostnames from the phishing whitelist Dec 20 15:28:36 belatrix MailScanner[32693]: Warning: skipping message ED315440084.A2C21 as it has been attempted too many times Dec 20 15:28:36 belatrix MailScanner[32693]: Quarantined message ED315440084.A2C21 as it caused MailScanner to crash several times Dec 20 15:28:36 belatrix MailScanner[32693]: Saved entire message to /var/spool/MailScanner/quarantine/20101220/ED315440084.A2C21
Did you try to reinstall clamav? After you've reinstalled it, run freshclam to update the defs. It may take a few mins. After that, I would restart mailscanner and check the logs.
ok looking good. was i correct to uninstall amavis-new? It was running clam amavis user and causing issues during initial install.
Everything appears to be running smoothly and no more false positives or errors. I would like to get the rest of those cf files it seems that site www.rulesemporium.com is down. fuzzy-mysql cleaner kills my cpu when it's run not to sure why, i was going to trace that. I need to do some more poking around to ensure a clean setup and start a decent backup regimen. Plus ensure I can handle any outages or daemon failures. Thanks again.
There is a cron job for Baruwa that updates spamassassin so you don't have to. Look at the guide, I'm sure it's there. You can run it like: manage.py updatesarule If you mail log looks clean, then I won't thing everything's running as it should. Make sure you change the database connection settings of /usr/sbin/fuzzy-cleanmysql to whatever you used for your FuzzyOcr database.