Qmail-Scanner's homepage (http://qmail-scanner.sourceforge.net/) shows a way to set up smtp.rules:
#/etc/qmail/tcp.smtp
#
# No Qmail-Scanner at all for mail from 127.0.0.1
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
# Use Qmail-Scanner without SpamAssassin on any mail from the local network
# [it triggers SpamAssassin via the presence of the RELAYCLIENT var]
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
#
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
HTH, ciao.
Hendrik Schaink
Shawn wrote:
Hi gang. I've decided to continue with my qmail config and get antivirus and SpamAssassin running. But of course, I've run into some problems...
I've installed clamav, and SpamAssassin, then installed qmail-scanner. It looks as though it properly detected both and ./configured itself accordingly (Gentoo emerge of the package). So, I then went on to the next couple of steps - the first being to change my tcp.smtp file to use the qmail-scanner. Here's what that looks like right now:
#Use qmail-scanner without SpamAssassin for any local mail #(SpamAssassin is triggered by the presence of a RELAYCLIENT) #192.168.0.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="var/qmail/bin/qmail -scanner-queue.pl" 192.168.0.:allow,RELAYCLIENT="",RBLSMTPD=""
#No qmail-scanner at all for mail from the localhost #127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail -queue" 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#Use qmail-scanner with SpamAssassin on anymail from the rest of the world. #:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
Now, when I enable the qmail-scanner lines, I'm not able to send mail out, and I believe incomming mail is also delayed. Setting the file back to the state shown above, then running "qmailctl cdb", results in mail getting processed correctly.
Further investigation leads me to the /var/spool/qmailscan/qmail-queue.log file. I've attached a snippet below hoping it might help some. As you can see, it seems to start checking for viruses, then clamscan throws an error. However, I don't see any errors when manually running clamscan against the qmail directories and the spool directories, I don't receive any errors.
I'll try to reinstall clamav, but I guess the question is "is this what is stopping mail processing when I enable qmail-scanner?".
With regards to SpamAssassin, I don't see anything that says the processing is getting to it yet, so cannot fully test my rules yet. However, I'd even be happy if I was getting EVERYTHING reported as Spam - at least I'd have something to work from.
Any tips are appreciated.
Shawn
<snippet of /var/spool/qmailscan/qmail-queue.log file> (Note, lines ending in a $ are from the nano editor, if you need more detail, I can probably attach the log file)
19/02/2004 00:19:24:14714: incoming SMTP connection from via smtp from 66.199.174.100 19/02/2004 00:19:24:14714: w_c: mkdir /var/spool/qmailscan/snow107717516442614714 19/02/2004 00:19:24:14714: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/snow107717516442614714 [1077175164.71619] 19/02/2004 00:19:24:14714: w_c: rename new msg from /var/spool/qmailscan/working/tmp/snow107717516442614714 to /var/spool/qmailscan/working/new/snow10771751644$ 19/02/2004 00:19:24:14714: d_m: starting usr/bin/reformime -x/var/spool/qmailscan/snow107717516442614714/ </var/spool/qmailscan/working/new/snow1077175164426$ 19/02/2004 00:19:24:14714: d_m: finished usr/bin/reformime -x/var/spool/qmailscan/snow107717516442614714/ [1077175164.75643] 19/02/2004 00:19:24:14714: d_m: Checking all attachments to see if they're MS-TNEF 19/02/2004 00:19:24:14714: d_m: is /var/spool/qmailscan/snow107717516442614714/1077175164.14716-0.snow is a TNEF file?: 256 [1077175164.76374] 19/02/2004 00:19:24:14714: d_m: Manually unpack any zip files as some virus scanners don't do zip under Unix! 19/02/2004 00:19:24:14714: d_m: unpacking message took 0.029913 seconds 19/02/2004 00:19:24:14714: unsetting QMAILQUEUE env var 19/02/2004 00:19:24:14714: g_e_h: return-path is "[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]" 19/02/2004 00:19:24:14714: from="Aaron J. Seigo" <[EMAIL PROTECTED]>,subj=Re: [clug-talk] KDE 3.2 Panel Issues, x-qmail-scanner-message-id=<200402190013.09757.ase$ 19/02/2004 00:19:24:14714: ini_sc: start scanning 19/02/2004 00:19:24:14714: p_s: starting scan of directory "/var/spool/qmailscan/snow107717516442614714"... 19/02/2004 00:19:24:14714: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love Letter Virus/Trojan' 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing subject: ILOVEYOU 19/02/2004 00:19:24:14714: p_s: '82:message/partial' = 'Virus-content-type' = 'Message/partial MIME attachments blocked by policy' 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing content-type: message/partial 19/02/2004 00:19:24:14714: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header Buffer Overflow' 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing date: .{100,} 19/02/2004 00:19:24:14714: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME Header Buffer Overflow ' 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing mime-version: .{100,} 19/02/2004 00:19:24:14714: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME Header Buffer Overflow' 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing resent-date: .{100,} 19/02/2004 00:19:24:14714: p_s: '90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] 19/02/2004 00:19:24:14714: p_s: type is a header! 19/02/2004 00:19:24:14714: p_s: checking for objects containing to: [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]| [EMAIL PROTECTED] 19/02/2004 00:19:24:14714: p_s: 'eicar.com' = '69' = 'EICAR Test Virus' 19/02/2004 00:19:24:14714: p_s: type is a size! 19/02/2004 00:19:24:14714: p_s: 'happy99.exe' = '10000' = 'Happy99 Trojan' 19/02/2004 00:19:24:14714: p_s: type is a size! 19/02/2004 00:19:24:14714: p_s: 'zipped_files.exe' = '120495' = 'W32/ExploreZip.worm.pak virus' 19/02/2004 00:19:24:14714: p_s: type is a size! 19/02/2004 00:19:24:14714: p_s: skipping auto-generated file 1077175164.14716-0.snow 19/02/2004 00:19:24:14714: p_s: finished scan of dir "/var/spool/qmailscan/snow107717516442614714" in 0.010248 secs 19/02/2004 00:19:24:14714: ini_sc: recursively scan the directory /var/spool/qmailscan/snow107717516442614714/ 19/02/2004 00:19:24:14714: scanloop: starting scan of directory "/var/spool/qmailscan/snow107717516442614714"... 19/02/2004 00:19:24:14714: clamscan: starting scan of directory "/var/spool/qmailscan/snow107717516442614714"... 19/02/2004 00:19:24:14714: run usr/bin/clamscan -r --tempdir=/var/spool/qmailscan/snow107717516442614714 - -disable-summary --unzip --unrar --unace --unarj --$ 19/02/2004 00:19:24:14714: --output of clamscan was: LibClamAV Error: readdb(): Malformed pattern line 13883 (file /var/spool/qmailscan/snow107717516442614714/00eb91ff0bbc24b5/viruses.db). LibClamAV Error: Can't gzdopen() descriptor 5 LibClamAV Error: cli_cvdload(): Can't unpack CVD file. ERROR: CVD extraction failure. -- 19/02/2004 00:19:24:14714: tempfail: X-Qmail-Scanner-1.16: clam_scanner: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status$
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
-- Hendrik M. Schaink Chief Consultant
"Integrated Business Solutions & Dependable Service"
InfoVision Consulting Calgary, Alberta, Canada Phone: (403) 239-0099
"The Vision: We are the partners of choice for companies and organizations that share our commitment to creating a world that is truly wise, courageous, prosperous, innovative, inclusive, sustainable and humane." --Ruben Nelson
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
