Voytek, > one of my users complains she can no longer send PDFs, claim our mail > server 'blocks them and marks them as virus' > > she says she emailed to her gmail account, as well, account on our server, > and, on our server it came with a text attachement 'ZW.txt' which says > 'virus detected' > > I'm guessing this ZW.txt is added by some equipment at their end ? before > they upload it to our server > > unfortunately, I deleted copy of that email that she send to me, with the > pdf and 'ZW.txt', and, I'm awaiting her to resend,
[...] > I'm guessing this ZW.txt is added by some equipment at their end ? before > they upload it to our server > > seems case solved: > ------------------ > I found its what was the problem. ZW.txt I think maybe Zywall35(our > firewall). Everything working as well ZW.txt did not come again and > .pdf file can open. > Today I'm so worry and now I can sleep with the nice dream. > ------------------ Good that it's solved. I have no idea where ZW.txt would be coming from. If a message says 'virus detected' that this detection came from a virus scanner, which is independent from whatever file(1) might say or whatever made it fail. > BUT, looking through > the logs I found this: Jan 10 12:50:45 amavis[16729]: (16729-04) p003 1 Content-Type: multipart/mixed Jan 10 12:50:45 amavis[16729]: (16729-04) p001 1/1 Content-Type: text/plain, size: 940 B, name: Jan 10 12:50:45 amavis[16729]: (16729-04) p002 1/2 Content-Type: application/pdf, size: 263858 B, name: SPR0A0J15-00.pdf Jan 10 12:50:45 amavis[16729]: (16729-04) (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: /usr/share/file/magic, 917: Warning description `8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data enco' truncated Jan 10 12:50:45 amavis[16729]: (16729-04) (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: /usr/share/file/magic, 947: Warning description `8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data enco' truncated Jan 10 12:50:46 amavis[16729]: (16729-04) (!)BitDefender av-scanner FAILED: /usr/bin/bdc DIED, signal 11 (000b) at (eval 114) line 594. > if I understand this, the PDF is identified as as a CCIT voice file ?? > > what else I need to check ? > but I'm still perplexed with that PDF/CCITT log entries ? > > hopefully someone can enlighten me (so I can have a nice dream too...) > > fwiw, I found some similar stuff on a french language web site > > amavis (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: > /usr/share/file/magic, 947: Warning description `8-bit ISDN mu-law > compressed (CCITT G.721 ADPCM voice data enco' truncated > > # grep CCITT /var/log/maillog.* | wc > 37042 1148302 9397062 I don't think the warning from a file(1) utility indicates that the pdf file was considered an audio file. Rather, it seems the warning is just saying there is an error in file's 'magic' database. As these warnings are interspersed with file(1)'s regular output, amavisd complains when parsing it: 'Skipping bad output', which shouldn' t be a problem as long as a proper result is available in one of the subsequent lines. Try manually running the file(1) utility, I guess you'd see the same warning. Either the 'magic' database is indeed currupted, or there is a bug in it. Try reinstalling it, or upgrading, and if the warning persists, it would need to be brougt to attention upstream. Mark ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
