What's the output of "/var/qmail/bin/qmail-scanner-queue.pl -g" And let's see the qmail-quarentine.txt file
-----Original Message----- From: russ [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [Qmail-scanner-general]Will not use quarantine-attachments.db On Sun, 2003-10-12 at 10:34, Jason Staudenmayer wrote: > Let's see your debug log. > > -----Original Message----- > From: russ [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 12, 2003 10:28 AM > To: [EMAIL PROTECTED] > Subject: [Qmail-scanner-general]Will not use quarantine-attachments.db > > > qmail-scanner seems to be working correctly, except that no matter what > I do to "quarantine-attachments.db" (ie. changing rights and owners > etc.) all rules in that list a ignored. Can someone please point me in > the right direction to fix this. PLEASE. Here is part of debug log, .exe files are set to be rejected, but they pass right through. When I run /var/qmail/bin/qmail-scanner-queue.pl -r it reads the rules just fine. uid=88 at Sun, 12 Oct 2003 00:19:54 -0400 Sun, 12 Oct 2003 00:19:54 -0400:22878: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 00:19:54 -0400:22878: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 00:19:54 -0400:22878: incoming pipe connection from via local process 22878 Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org106593239445622878 Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 [1065932394.6983] Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: found a top-level boundary definition of =_0_22874_1065932394 Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 00:19:54 -0400:22878: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 00:19:54 -0400:22878: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org106593239445622878 to /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 [1065932394.76823] Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ </var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 [1065932394.76891] Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593239445622878/ [1065932394.81511] Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is /var/spool/qmailscan/studmail.essextech.org106593239445622878/1065932394.228 80-0.studmail.essextech.org is a TNEF file?: 256 [1065932394.82294] Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: is /var/spool/qmailscan/studmail.essextech.org106593239445622878/FLASHCOM.EXE is a TNEF file?: 256 [1065932394.83063] Sun, 12 Oct 2003 00:19:54 -0400:22878: d_m: unpacking message took 0.062109 seconds Sun, 12 Oct 2003 00:19:54 -0400:22878: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 00:19:54 -0400:22878: g_e_h: no sender and no recips. Sun, 12 Oct 2003 00:19:54 -0400:22878: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org106593239445622878/ /var/spool/qmailscan/working/new/studmail.essextech.org106593239445622878 Sun, 12 Oct 2003 00:28:36 -0400:22906: +++ starting debugging for process 22906 by uid=88 at Sun, 12 Oct 2003 00:28:36 -0400 Sun, 12 Oct 2003 00:28:36 -0400:22906: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 00:28:36 -0400:22906: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 00:28:36 -0400:22906: incoming pipe connection from via local process 22906 Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org106593291645622906 Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 [1065932916.61332] Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: found a top-level boundary definition of =_0_22902_1065932916 Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 00:28:36 -0400:22906: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 00:28:36 -0400:22906: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org106593291645622906 to /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 [1065932916.68368] Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ </var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 [1065932916.68433] Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593291645622906/ [1065932916.73092] Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is /var/spool/qmailscan/studmail.essextech.org106593291645622906/1065932916.229 08-0.studmail.essextech.org is a TNEF file?: 256 [1065932916.73869] Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: is /var/spool/qmailscan/studmail.essextech.org106593291645622906/FLASHCOM.EXE is a TNEF file?: 256 [1065932916.74597] Sun, 12 Oct 2003 00:28:36 -0400:22906: d_m: unpacking message took 0.062042 seconds Sun, 12 Oct 2003 00:28:36 -0400:22906: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 00:28:36 -0400:22906: g_e_h: no sender and no recips. Sun, 12 Oct 2003 00:28:36 -0400:22906: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org106593291645622906/ /var/spool/qmailscan/working/new/studmail.essextech.org106593291645622906 Sun, 12 Oct 2003 00:42:19 -0400:22941: +++ starting debugging for process 22941 by uid=88 at Sun, 12 Oct 2003 00:42:19 -0400 Sun, 12 Oct 2003 00:42:19 -0400:22941: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 00:42:19 -0400:22941: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 00:42:19 -0400:22941: incoming pipe connection from via local process 22941 Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org106593373945622941 Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 [1065933739.09837] Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: found a top-level boundary definition of =_0_22937_1065933738 Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 00:42:19 -0400:22941: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 00:42:19 -0400:22941: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org106593373945622941 to /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 [1065933739.16798] Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ </var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 [1065933739.16866] Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593373945622941/ [1065933739.21535] Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is /var/spool/qmailscan/studmail.essextech.org106593373945622941/1065933739.229 43-0.studmail.essextech.org is a TNEF file?: 256 [1065933739.22332] Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: is /var/spool/qmailscan/studmail.essextech.org106593373945622941/FLASHCOM.EXE is a TNEF file?: 256 [1065933739.23054] Sun, 12 Oct 2003 00:42:19 -0400:22941: d_m: unpacking message took 0.062266 seconds Sun, 12 Oct 2003 00:42:19 -0400:22941: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 00:42:19 -0400:22941: g_e_h: no sender and no recips. Sun, 12 Oct 2003 00:42:19 -0400:22941: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org106593373945622941/ /var/spool/qmailscan/working/new/studmail.essextech.org106593373945622941 Sun, 12 Oct 2003 00:46:37 -0400:22963: +++ starting debugging for process 22963 by uid=88 at Sun, 12 Oct 2003 00:46:37 -0400 Sun, 12 Oct 2003 00:46:37 -0400:22963: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 00:46:37 -0400:22963: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 00:46:37 -0400:22963: incoming pipe connection from via local process 22963 Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org106593399745622963 Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 [1065933997.61003] Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: found a top-level boundary definition of =_0_22959_1065933997 Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 00:46:37 -0400:22963: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 00:46:37 -0400:22963: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org106593399745622963 to /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 [1065933997.68061] Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ </var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 [1065933997.68125] Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org106593399745622963/ [1065933997.72819] Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is /var/spool/qmailscan/studmail.essextech.org106593399745622963/1065933997.229 65-0.studmail.essextech.org is a TNEF file?: 256 [1065933997.73611] Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: is /var/spool/qmailscan/studmail.essextech.org106593399745622963/FLASHCOM.EXE is a TNEF file?: 256 [1065933997.74338] Sun, 12 Oct 2003 00:46:37 -0400:22963: d_m: unpacking message took 0.062531 seconds Sun, 12 Oct 2003 00:46:37 -0400:22963: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 00:46:37 -0400:22963: g_e_h: no sender and no recips. Sun, 12 Oct 2003 00:46:37 -0400:22963: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org106593399745622963/ /var/spool/qmailscan/working/new/studmail.essextech.org106593399745622963 Sun, 12 Oct 2003 01:02:54 -0400:825: +++ starting debugging for process 825 by uid=88 at Sun, 12 Oct 2003 01:02:54 -0400 Sun, 12 Oct 2003 01:02:54 -0400:825: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 01:02:54 -0400:825: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 01:02:54 -0400:825: incoming pipe connection from via local process 825 Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org1065934974456825 Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 [1065934974.26459] Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: found a top-level boundary definition of =_0_821_1065934972 Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 01:02:54 -0400:825: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 01:02:54 -0400:825: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org1065934974456825 to /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 [1065934974.34216] Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ </var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 [1065934974.3428] Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org1065934974456825/ [1065934974.42108] Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is /var/spool/qmailscan/studmail.essextech.org1065934974456825/1065934974.827-0 .studmail.essextech.org is a TNEF file?: 256 [1065934974.4575] Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: is /var/spool/qmailscan/studmail.essextech.org1065934974456825/FLASHCOM.EXE is a TNEF file?: 256 [1065934974.46536] Sun, 12 Oct 2003 01:02:54 -0400:825: d_m: unpacking message took 0.122948 seconds Sun, 12 Oct 2003 01:02:54 -0400:825: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 01:02:54 -0400:825: g_e_h: no sender and no recips. Sun, 12 Oct 2003 01:02:54 -0400:825: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org1065934974456825/ /var/spool/qmailscan/working/new/studmail.essextech.org1065934974456825 Sun, 12 Oct 2003 01:14:08 -0400:883: +++ starting debugging for process 883 by uid=88 at Sun, 12 Oct 2003 01:14:08 -0400 Sun, 12 Oct 2003 01:14:08 -0400:883: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 01:14:08 -0400:883: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 01:14:08 -0400:883: incoming pipe connection from via local process 883 Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org1065935648456883 Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 [1065935648.28141] Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: primary Content-Type of multipart/mixed found Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: found a top-level boundary definition of =_0_879_1065935647 Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 1: Content-Type of text/plain found Sun, 12 Oct 2003 01:14:08 -0400:883: found C-T attachment filename flashcom.exe Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: attachment 2: Content-Type of application/octet-stream found Sun, 12 Oct 2003 01:14:08 -0400:883: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org1065935648456883 to /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 [1065935648.35128] Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ </var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 [1065935648.35192] Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org1065935648456883/ [1065935648.39819] Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is /var/spool/qmailscan/studmail.essextech.org1065935648456883/1065935648.885-0 .studmail.essextech.org is a TNEF file?: 256 [1065935648.4062] Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: is /var/spool/qmailscan/studmail.essextech.org1065935648456883/FLASHCOM.EXE is a TNEF file?: 256 [1065935648.41393] Sun, 12 Oct 2003 01:14:08 -0400:883: d_m: unpacking message took 0.062403 seconds Sun, 12 Oct 2003 01:14:08 -0400:883: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 01:14:08 -0400:883: g_e_h: no sender and no recips. Sun, 12 Oct 2003 01:14:08 -0400:883: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org1065935648456883/ /var/spool/qmailscan/working/new/studmail.essextech.org1065935648456883 Sun, 12 Oct 2003 02:08:27 -0400:1282: +++ starting debugging for process 1282 by uid=0 at Sun, 12 Oct 2003 02:08:27 -0400 Sun, 12 Oct 2003 02:08:27 -0400:1282: setting UID to EUID so subprocesses can access files generated by this script Sun, 12 Oct 2003 02:08:27 -0400:1282: program name is qmail-scanner-queue.pl, version 1.20rc3 Sun, 12 Oct 2003 02:08:27 -0400:1282: incoming pipe connection from via local process 1282 Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: mkdir /var/spool/qmailscan/studmail.essextech.org10659389074561282 Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 [1065938907.99297] Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: disallowed breakage found in header name ( ) - potential virus Sun, 12 Oct 2003 02:08:27 -0400:1282: w_c: rename new msg from /var/spool/qmailscan/working/tmp/studmail.essextech.org10659389074561282 to /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 [1065938907.99762] Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: starting /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ </var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 [1065938907.99848] Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: finished /usr/bin/reformime -x/var/spool/qmailscan/studmail.essextech.org10659389074561282/ [1065938908.01408] Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: Checking all attachments to see if they're MS-TNEF Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: is /var/spool/qmailscan/studmail.essextech.org10659389074561282/1065938908.1284 -0.studmail.essextech.org is a TNEF file?: 256 [1065938908.02251] Sun, 12 Oct 2003 02:08:27 -0400:1282: d_m: unpacking message took 0.024462 seconds Sun, 12 Oct 2003 02:08:27 -0400:1282: unsetting QMAILQUEUE env var Sun, 12 Oct 2003 02:08:27 -0400:1282: g_e_h: no sender and no recips. Sun, 12 Oct 2003 02:08:27 -0400:1282: cleanup: /bin/rm -rf /var/spool/qmailscan/studmail.essextech.org10659389074561282/ /var/spool/qmailscan/working/new/studmail.essextech.org10659389074561282 -- Russel Oliver [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
