|
hi
After upgrading to perl 5.8.0 qmail-scanner stopped
to function causing qq to crash . After research I found another
message posted with the exact same behaviour
.
http://www.geocrawler.com/mail/msg_raw.php3?msg_id=9541589
The current log created was :
09/09/2002 14:13:50:21989: +++ starting debugging for
process 21989 by uid=0 at 09/09/2002 14:13:50
09/09/2002 14:13:50:21989:
setting UID to EUID so subprocesses can access files generated by this
script
09/09/2002 14:13:50:21989: program name is qmail-scanner-queue.pl,
version 1.14
09/09/2002 14:13:50:21989: incoming SMTP connection from via
smtp from 206.98.191.3
09/09/2002 14:13:50:21989: w_c: mkdir
/var/spool/qmailscan/h1.bizittech.com103159523042321989
09/09/2002
14:13:50:21989: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/h1.bizittech.com103159523042321989
[1031595230.68711]
09/09/2002 14:13:50:21989: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/h1.bizittech.com103159523042321989 to
/var/spool/qmailscan/working/new/h1.bizittech.com103159523042321989
[1031595230.7558]
09/09/2002 14:13:50:21989: d_m: starting
/usr/local/bin/reformime
-x/var/spool/qmailscan/h1.bizittech.com103159523042321989/
</var/spool/qmailscan/working/new/h1.bizittech.com103159523042321989
[1031595230.77298]
09/09/2002 14:13:50:21989: d_m: finished
/usr/local/bin/reformime
-x/var/spool/qmailscan/h1.bizittech.com103159523042321989/
[1031595230.81445]
09/09/2002 14:13:50:21989: d_m: Checking all attachments
to see if they're MS-TNEF
09/09/2002 14:13:50:21989: d_m: is
/var/spool/qmailscan/h1.bizittech.com103159523042321989/1031595230.21999-0.h1.bizittech.com
is a TNEF file?: 256 [1031595230.83538]
09/09/2002 14:13:50:21989: d_m: is
/var/spool/qmailscan/h1.bizittech.com103159523042321989/1031595230.21999-1.h1.bizittech.com
is a TNEF file?: 256 [1031595230.85639]
09/09/2002 14:13:50:21989: d_m:
Manually unpack any zip files as some virus scanners don't do zip under
Unix!
09/09/2002 14:13:50:21989: d_m: unpacking message took 0.094774
seconds
09/09/2002 14:13:50:21989: unsetting QMAILQUEUE env var
09/09/2002
14:14:22:22149: +++ starting debugging for process 22149 by uid=0 at 09/09/2002
14:14:22
I remmed the call to the function mentioned in the
postted message and I was able to go through the virus scan ,but
still failure to reque.
09/09/2002 15:02:04:31572: p_s: '105:ILOVEYOU' =
'Virus-subject' = 'Love Letter Virus/Trojan'
09/09/2002 15:02:04:31572:
p_s: type is a header!
09/09/2002 15:02:04:31572: p_s: checking
for objects containing subject: ILOVEYOU
09/09/2002 15:02:04:31572:
p_s: '108:.{100,}' = 'Virus-date' = 'Date Buffer Overflow
trojan'
09/09/2002 15:02:04:31572: p_s: type is a header!
09/09/2002
15:02:04:31572: p_s: checking for objects containing date:
.{100,}
09/09/2002 15:02:04:31572: p_s:
'110:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]'
= 'Virus-to' = 'BadTrans Trojan exploit!'
09/09/2002 15:02:04:31572:
p_s: type is a header!
09/09/2002 15:02:04:31572: p_s: checking
for objects containing to: [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
09/09/2002
15:02:04:31572: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
09/09/2002
15:02:04:31572: p_s: type is a size!
09/09/2002 15:02:04:31572: p_s:
'happy99.exe' = '10000' = 'Happy99 Trojan'
09/09/2002 15:02:04:31572: p_s:
type is a size!
09/09/2002 15:02:04:31572: p_s: 'zipped_files.exe' =
'120495' = 'W32/ExploreZip.worm.pak virus'
09/09/2002 15:02:04:31572: p_s:
type is a size!
09/09/2002 15:02:04:31572: p_s: skipping auto-generated file
1031598125.31574-0.h1.bizittech.com
09/09/2002 15:02:04:31572: p_s:
finished scan of dir "/var/spool/qmailscan/h1.bizittech.com103159812442331572"
in 0.041711 secs
09/09/2002 15:02:04:31572: ini_sc: recursively scan the
directory /var/spool/qmailscan/h1.bizittech.com103159812442331572/
09/09/2002
15:02:04:31572: scanloop: starting scan of directory
"/var/spool/qmailscan/h1.bizittech.com103159812442331572"...
09/09/2002
15:02:04:31572: uvscan: starting scan of directory
"/var/spool/qmailscan/h1.bizittech.com103159812442331572"...
09/09/2002
15:02:04:31572: run /usr/local/bin/uvscan -v -r --secure --fam --unzip
--macro-heuristics
/var/spool/qmailscan/h1.bizittech.com103159812442331572
2>&1
09/09/2002 15:02:04:31572: --output of uvscan was:
Scanning
/var/spool/qmailscan/h1.bizittech.com103159812442331572/*
Scanning file
/var/spool/qmailscan/h1.bizittech.com103159812442331572/1031598125.31574-0.h1.bizittech.com
--
09/09/2002
15:02:04:31572: uvscan: finished scan of dir
"/var/spool/qmailscan/h1.bizittech.com103159812442331572" in 1.121728
secs
09/09/2002 15:02:04:31572: scanloop: finished scan of
"/var/spool/qmailscan/h1.bizittech.com103159812442331572"...
09/09/2002
15:02:04:31572: ini_sc: scanning message took 1.165557 seconds
09/09/2002
15:02:04:31572: q_r: fork off child into
/opt/qmail/bin/qmail-queue...
09/09/2002 19:02:06:31585: tempfail:
X-Qmail-Scanner-1.14: Unable to close pipe to /opt/qmail/bin/qmail-queue
(#4.3.0) -
09/09/2002 15:02:04:31572: tempfail: X-Qmail-Scanner-1.14: Unable
to queue message (111). (#4.3.0) - Illegal
seek
|
