[Qmail-scanner-general]Clamscan hangs-up when feeding QMailScanner from SMTP.

Thu, 12 Jun 2003 09:56:46 -0700 

Good day there.
I've got a problem. I run QMail version 1.03, QMail-Scanner version 1.16 and
Clamscan version 0.54.  My QMail installation works fine  (sending recieving 
messages to and from localy or via SMTP allready for some time; so I've also 
got a confirmation request from mailing list adnim).     Clamscan for itself 
works fine,  and so does QMailscanner issuing all actions using Clamscan and 
SpamAssassin, when recieving mail send from local user via qmail-inject. 
But when I send a message froma a remote machine, QMailScanner hangs up when
running Clamscan. If I run the same command as QMailScanner Perl script does
with  Clamscan  as stated  in qmail-queue.log,    it works fine,  but within 
QMailScanner it hangs up.
Corresponding messages, colected from qmail-queue.log:
[EMAIL PROTECTED] test]# 2003-06-12 17:54:17.779864500 tcpserver: status: 1/20
2003-06-12 17:54:17.779871500 tcpserver: pid 3607 from 81.24.97.10
2003-06-12 17:54:17.781262500 tcpserver: ok 3607 kekec2.e5.ijs.si:193.138.1.41:25 
:81.24.97.10::37347
12/06/2003 17:54:17:3608: +++ starting debugging for process 3608 by uid=502 at 
12/06/2003
17:54:17
12/06/2003 17:54:17:3608: setting UID to EUID so subprocesses can access files 
generated by this script
12/06/2003 17:54:17:3608: program name is qmail-scanner-queue.pl, version 1.16
12/06/2003 17:54:17:3608: incoming SMTP connection from via smtp from 81.24.97.10
12/06/2003 17:54:17:3608: w_c: mkdir 
/var/spool/qmailscan/kekec2.e5.ijs.si1055433257426360812/06/2003 17:54:17:3608: w_c: 
start dumping incoming msg into 
/var/spool/qmailscan/working/tmp/kekec2.e5.ijs.si10554332574263608 [1055433257.94666]
12/06/2003 17:54:17:3608: w_c: rename new msg from 
/var/spool/qmailscan/working/tmp/kekec2.e5.ijs.si10554332574263608 to 
/var/spool/qmailscan/working/new/kekec2.e5.ijs.si10554332574263608 [1055433257.94811]
12/06/2003 17:54:17:3608: d_m: starting /usr/local/bin/reformime  
-x/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608/ 
</var/spool/qmailscan/working/new/kekec2.e5.ijs.si10554332574263608 [1055433257.94836]
12/06/2003 17:54:17:3608: d_m: finished /usr/local/bin/reformime  
-x/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608/ [1055433257.95531]
12/06/2003 17:54:17:3608: d_m: Checking all attachments to see if they're MS-TNEF
12/06/2003 17:54:17:3608: d_m: is 
/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608/1055433257.3610-0.kekec2.e5.ijs.si
 is a TNEF file?: 256 [1055433257.95828]
12/06/2003 17:54:17:3608: d_m: Manually unpack any zip files as some virus scanners 
don't do zip under Unix!
12/06/2003 17:54:17:3608: d_m: unpacking message took 0.010268 seconds
12/06/2003 17:54:17:3608: unsetting QMAILQUEUE env var
12/06/2003 17:54:17:3608: g_e_h: return-path is "[EMAIL PROTECTED]", recips is "[EMAIL 
PROTECTED]"
12/06/2003 17:54:17:3608: from==?UTF-8?B?Wm9yYW4gxaBpbmlnb2o=?= <[EMAIL 
PROTECTED]>,subj=QMail-Scanner test with Clamav SMTP 12062003 - 1., 
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via smtp from 81.24.97.10
12/06/2003 17:54:17:3608: ini_sc: start scanning
12/06/2003 17:54:17:3608: p_s: starting scan of directory 
"/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608"...
12/06/2003 17:54:17:3608: p_s:  '81:ILOVEYOU' = 'Virus-subject' = 'Love Letter 
Virus/Trojan'
12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing subject: ILOVEYOU
12/06/2003 17:54:17:3608: p_s:  '82:message/partial' = 'Virus-content-type' = 
'Message/partial MIME attachments blocked by policy'
12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing content-type: 
message/partial
12/06/2003 17:54:17:3608: p_s:  '85:.{100,}' = 'Virus-date' = 'MIME Header Buffer 
Overflow'12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing date: .{100,}
12/06/2003 17:54:17:3608: p_s:  '86:.{100,}' = 'Virus-mime-version' = 'MIME Header 
Buffer Overflow '
12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing mime-version: .{100,}
12/06/2003 17:54:17:3608: p_s:  '87:.{100,}' = 'Virus-resent-date' = 'MIME Header 
Buffer Overflow'
12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing resent-date: .{100,}
12/06/2003 17:54:17:3608: p_s:  '90:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]' = 'Virus-to' = 'BadTrans Trojan 
exploit!'
12/06/2003 17:54:17:3608: p_s:  type is a header!
12/06/2003 17:54:17:3608: p_s:  checking for objects containing to: [EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
12/06/2003 17:54:17:3608: p_s:  'eicar.com' = '69' = 'EICAR Test Virus'
12/06/2003 17:54:17:3608: p_s: type is a size!
12/06/2003 17:54:17:3608: p_s:  'happy99.exe' = '10000' = 'Happy99 Trojan'
12/06/2003 17:54:17:3608: p_s: type is a size!
12/06/2003 17:54:17:3608: p_s:  'zipped_files.exe' = '120495' = 
'W32/ExploreZip.worm.pak virus'
12/06/2003 17:54:17:3608: p_s: type is a size!
12/06/2003 17:54:17:3608: p_s: skipping auto-generated file 
1055433257.3610-0.kekec2.e5.ijs.si
12/06/2003 17:54:17:3608: p_s:  finished scan of dir 
"/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608" in 0.003072 secs
12/06/2003 17:54:17:3608: ini_sc: recursively scan the directory 
/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608/
12/06/2003 17:54:17:3608: scanloop: starting scan of directory 
"/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608"...
12/06/2003 17:54:17:3608: clamscan: starting scan of directory 
"/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608"...
12/06/2003 17:54:17:3608: run /usr/local/bin/clamscan -r  
--tempdir=/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608 --disable-summary 
--unzip --unrar --unace --unarj --zoo --lha --jar --tar --tgz  
/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608 2>&1
Here is, where QMailScanner hangs up ... and if I issue command
[EMAIL PROTECTED] test]# ps -ef | grep clamscan
qmailq    3612  3608  0 17:54 ?        00:00:00 /usr/local/bin/clamscan -r 
--tempdir=/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608 --disable-summary 
--unzip --unrar --unace
--unarj --zoo --lha --jar --tar --tgz 
/var/spool/qmailscan/kekec2.e5.ijs.si10554332574263608
root      3614  1027  0 17:55 pts/0    00:00:00 grep clamscan
This works forever. Meanwhile deferred message is resent and procedure repeted,
again with Clamscan being hung up. So it goes on and on.
I will bi glad and thankfull for any help.
Zoran


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to