[Qmail-scanner-general]breakage in header found in every message!

russ Tue, 14 Oct 2003 06:17:16 -0700

I am getting an error on all mail passed through qmail -scanner and was
hoping someone would know how to fix this.  I am testing with different
clients and all mail is rejected with the error "Disallowed breakage
found in header name - potential virus"


I included part of the log below, please help me fix this.



Tue, 14 Oct 2003 07:40:14 -0400:9214: w_c: mkdir
/var/spool/qmailscan/studmail.essextech.org10661316144569214

Tue, 14 Oct 2003 07:40:14 -0400:9214: w_c: start dumping incoming msg
into
/var/spool/qmailscan/working/tmp/studmail.essextech.org10661316144569214
[1066131614.76912]

Tue, 14 Oct 2003 07:40:14 -0400:9214: w_c: disallowed breakage found in
header name ( by 10.214.52.96 with SMTP; 14 Oct 2003 11:40:14 -0000

) - potential virus

Tue, 14 Oct 2003 07:40:14 -0400:9214: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/studmail.essextech.org10661316144569214
to
/var/spool/qmailscan/working/new/studmail.essextech.org10661316144569214
[1066131614.87244]

Tue, 14 Oct 2003 07:40:14 -0400:9214: d_m: starting /usr/bin/reformime
-x/var/spool/qmailscan/studmail.essextech.org10661316144569214/
</var/spool/qmailscan/working/new/studmail.essextech.org10661316144569214 
[1066131614.87337]

Tue, 14 Oct 2003 07:40:14 -0400:9214: d_m: finished /usr/bin/reformime
-x/var/spool/qmailscan/studmail.essextech.org10661316144569214/
[1066131614.88942]

Tue, 14 Oct 2003 07:40:14 -0400:9214: d_m: Checking all attachments to
see if they're MS-TNEF

Tue, 14 Oct 2003 07:40:14 -0400:9214: d_m: is
/var/spool/qmailscan/studmail.essextech.org10661316144569214/1066131614.9216-0.studmail.essextech.org
 is a TNEF file?: 256 [1066131614.89773]

Tue, 14 Oct 2003 07:40:14 -0400:9214: d_m: unpacking message took
0.02479 seconds

Tue, 14 Oct 2003 07:40:14 -0400:9214: unsetting QMAILQUEUE env var

Tue, 14 Oct 2003 07:40:14 -0400:9214: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"

Tue, 14 Oct 2003 07:40:14 -0400:9214: from=,subj=,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]>
via smtp from 10.214.52.99

Tue, 14 Oct 2003 07:40:14 -0400:9214: ini_sc: start scanning

Tue, 14 Oct 2003 07:40:14 -0400:9214: ini_sc: recursively scan the
directory /var/spool/qmailscan/studmail.essextech.org10661316144569214/

Tue, 14 Oct 2003 07:40:14 -0400:9214: scanloop: starting scan of
directory
"/var/spool/qmailscan/studmail.essextech.org10661316144569214"...

Tue, 14 Oct 2003 07:40:14 -0400:9214: scanloop:
scanner=clamuko_scanner,plain_text_msg=0

Tue, 14 Oct 2003 07:40:14 -0400:9214: clamuko: starting scan of
directory
"/var/spool/qmailscan/studmail.essextech.org10661316144569214"...

Tue, 14 Oct 2003 07:40:14 -0400:9214: run /usr/local/bin/clamdscan -r
--disable-summary --max-recursion=10 --max-space=1000000
/var/spool/qmailscan/studmail.essextech.org10661316144569214 2>&1

Tue, 14 Oct 2003 07:40:14 -0400:9214: --output of clamuko was:

/var/spool/qmailscan/studmail.essextech.org10661316144569214: OK

--

Tue, 14 Oct 2003 07:40:14 -0400:9214: clamuko: finished scan of dir
"/var/spool/qmailscan/studmail.essextech.org10661316144569214" in
0.011129 secs

Tue, 14 Oct 2003 07:40:14 -0400:9214: scanloop: finished scan of
"/var/spool/qmailscan/studmail.essextech.org10661316144569214"...

Tue, 14 Oct 2003 07:40:14 -0400:9214: ini_sc: scanning message took
0.012221 seconds

Tue, 14 Oct 2003 07:40:14 -0400:9214: unsetting TCPREMOTEIP env var

Tue, 14 Oct 2003 07:40:14 -0400:9214: e_v_r: quarantine msg to
/var/spool/qmailscan/quarantine/new/studmail.essextech.org10661316144569214

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: called with sender

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: is_local=99

Tue, 14 Oct 2003 07:40:14 -0400:9214: n_a: notify_addr (set to
sender,admin) called with sender

Tue, 14 Oct 2003 07:40:14 -0400:9214: e_s: sending quarantine report
via: /var/qmail/bin/qmail-inject to sender address
([EMAIL PROTECTED])

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: called with sender

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: is_local=99

Tue, 14 Oct 2003 07:40:14 -0400:9214: n_a: notify_addr (set to
sender,admin) called with admin

Tue, 14 Oct 2003 07:40:14 -0400:9214: e_s: sending quarantine report
via: /var/qmail/bin/qmail-inject to admin address
([EMAIL PROTECTED])

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: called with sender

Tue, 14 Oct 2003 07:40:14 -0400:9214: i_u_e: is_local=99

Tue, 14 Oct 2003 07:40:14 -0400:9214: n_a: notify_addr (set to
sender,admin) called with recips

Tue, 14 Oct 2003 07:40:14 -0400:9214: w_v_r: writing quarantine log
report of: Tue, 14 Oct 2003 07:40:14 -0400 [EMAIL PROTECTED]
[EMAIL PROTECTED] Disallowed breakage found in header name -
potential virus clamuko: 0.60. 


Tue, 14 Oct 2003 07:40:14 -0400:9214: e_v_r: email_quarantine_report
took 0.486987 seconds to execute

Tue, 14 Oct 2003 07:40:14 -0400:9214: cleanup: /bin/rm -rf
/var/spool/qmailscan/studmail.essextech.org10661316144569214/
/var/spool/qmailscan/working/new/studmail.essextech.org10661316144569214

14/10/2003 07:40:15:9214: all finished. Total of 0.64296 secs

Tue, 14 Oct 2003 07:55:09 -0400:9311: +++ starting debugging for process
9311 by uid=0 at Tue, 14 Oct 2003 07:55:09 -0400

Tue, 14 Oct 2003 07:55:09 -0400:9311: setting UID to EUID so
subprocesses can access files generated by this script

Tue, 14 Oct 2003 07:55:09 -0400:9311: program name is
qmail-scanner-queue.pl, version 1.20rc3

Tue, 14 Oct 2003 07:55:09 -0400:9311: s_q: re-create the quarantine
version file

Tue, 14 Oct 2003 07:55:09 -0400:9311: s_q: detecting version of clamuko

Tue, 14 Oct 2003 07:55:09 -0400:9311: s_q: cleaning up old files via
/usr/bin/find /var/spool/qmailscan -type f ! -name '*.log' ! -name
'*.txt' ! -name '*.db' ! -path '*/quarantine/*' ! -path '*/archives/*'
-prune -mmin +2160 -exec /bin/rm -f {} ;

Tue, 14 Oct 2003 07:55:53 -0400:9317: +++ starting debugging for process
9317 by uid=502 at Tue, 14 Oct 2003 07:55:53 -0400

Tue, 14 Oct 2003 07:55:53 -0400:9317: setting UID to EUID so
subprocesses can access files generated by this script

Tue, 14 Oct 2003 07:55:53 -0400:9317: program name is
qmail-scanner-queue.pl, version 1.20rc3

Tue, 14 Oct 2003 07:55:53 -0400:9317: incoming SMTP connection from via
smtp from 10.214.52.99

Tue, 14 Oct 2003 07:55:53 -0400:9317: w_c: mkdir
/var/spool/qmailscan/studmail.essextech.org10661325534569317

Tue, 14 Oct 2003 07:55:53 -0400:9317: w_c: start dumping incoming msg
into
/var/spool/qmailscan/working/tmp/studmail.essextech.org10661325534569317
[1066132553.76944]

Tue, 14 Oct 2003 07:55:53 -0400:9317: w_c: disallowed breakage found in
header name ( by 10.214.52.96 with SMTP; 14 Oct 2003 11:55:53 -0000

) - potential virus

Tue, 14 Oct 2003 07:55:53 -0400:9317: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/studmail.essextech.org10661325534569317
to
/var/spool/qmailscan/working/new/studmail.essextech.org10661325534569317
[1066132553.87411]

Tue, 14 Oct 2003 07:55:53 -0400:9317: d_m: starting /usr/bin/reformime
-x/var/spool/qmailscan/studmail.essextech.org10661325534569317/
</var/spool/qmailscan/working/new/studmail.essextech.org10661325534569317 
[1066132553.87506]

Tue, 14 Oct 2003 07:55:53 -0400:9317: d_m: finished /usr/bin/reformime
-x/var/spool/qmailscan/studmail.essextech.org10661325534569317/
[1066132553.89125]

Tue, 14 Oct 2003 07:55:53 -0400:9317: d_m: Checking all attachments to
see if they're MS-TNEF

Tue, 14 Oct 2003 07:55:53 -0400:9317: d_m: is
/var/spool/qmailscan/studmail.essextech.org10661325534569317/1066132553.9319-0.studmail.essextech.org
 is a TNEF file?: 256 [1066132553.89979]

Tue, 14 Oct 2003 07:55:53 -0400:9317: d_m: unpacking message took
0.025149 seconds

Tue, 14 Oct 2003 07:55:53 -0400:9317: unsetting QMAILQUEUE env var

Tue, 14 Oct 2003 07:55:53 -0400:9317: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"

Tue, 14 Oct 2003 07:55:53 -0400:9317: from=,subj=,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]>
via smtp from 10.214.52.99

Tue, 14 Oct 2003 07:55:53 -0400:9317: ini_sc: start scanning

Tue, 14 Oct 2003 07:55:53 -0400:9317: ini_sc: recursively scan the
directory /var/spool/qmailscan/studmail.essextech.org10661325534569317/

Tue, 14 Oct 2003 07:55:53 -0400:9317: scanloop: starting scan of
directory
"/var/spool/qmailscan/studmail.essextech.org10661325534569317"...

Tue, 14 Oct 2003 07:55:53 -0400:9317: scanloop:
scanner=clamuko_scanner,plain_text_msg=0

Tue, 14 Oct 2003 07:55:53 -0400:9317: clamuko: starting scan of
directory
"/var/spool/qmailscan/studmail.essextech.org10661325534569317"...

Tue, 14 Oct 2003 07:55:53 -0400:9317: run /usr/local/bin/clamdscan -r
--disable-summary --max-recursion=10 --max-space=1000000
/var/spool/qmailscan/studmail.essextech.org10661325534569317 2>&1

Tue, 14 Oct 2003 07:55:53 -0400:9317: --output of clamuko was:

/var/spool/qmailscan/studmail.essextech.org10661325534569317: OK

--

Tue, 14 Oct 2003 07:55:53 -0400:9317: clamuko: finished scan of dir
"/var/spool/qmailscan/studmail.essextech.org10661325534569317" in
0.012501 secs

Tue, 14 Oct 2003 07:55:53 -0400:9317: scanloop: finished scan of
"/var/spool/qmailscan/studmail.essextech.org10661325534569317"...

Tue, 14 Oct 2003 07:55:53 -0400:9317: ini_sc: scanning message took
0.013569 seconds

Tue, 14 Oct 2003 07:55:53 -0400:9317: unsetting TCPREMOTEIP env var

Tue, 14 Oct 2003 07:55:53 -0400:9317: e_v_r: quarantine msg to
/var/spool/qmailscan/quarantine/new/studmail.essextech.org10661325534569317

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: called with sender

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: is_local=99

Tue, 14 Oct 2003 07:55:53 -0400:9317: n_a: notify_addr (set to
sender,admin) called with sender

Tue, 14 Oct 2003 07:55:53 -0400:9317: e_s: sending quarantine report
via: /var/qmail/bin/qmail-inject to sender address
([EMAIL PROTECTED])

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: called with sender

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: is_local=99

Tue, 14 Oct 2003 07:55:53 -0400:9317: n_a: notify_addr (set to
sender,admin) called with admin

Tue, 14 Oct 2003 07:55:53 -0400:9317: e_s: sending quarantine report
via: /var/qmail/bin/qmail-inject to admin address
([EMAIL PROTECTED])

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: called with sender

Tue, 14 Oct 2003 07:55:53 -0400:9317: i_u_e: is_local=99

Tue, 14 Oct 2003 07:55:53 -0400:9317: n_a: notify_addr (set to
sender,admin) called with recips

Tue, 14 Oct 2003 07:55:53 -0400:9317: w_v_r: writing quarantine log
report of: Tue, 14 Oct 2003 07:55:53 -0400 [EMAIL PROTECTED]
[EMAIL PROTECTED] Disallowed breakage found in header name -
potential virus clamuko: 0.60. 


Tue, 14 Oct 2003 07:55:53 -0400:9317: e_v_r: email_quarantine_report
took 0.496093 seconds to execute

Tue, 14 Oct 2003 07:55:53 -0400:9317: cleanup: /bin/rm -rf
/var/spool/qmailscan/studmail.essextech.org10661325534569317/
/var/spool/qmailscan/working/new/studmail.essextech.org10661325534569317

14/10/2003 07:55:54:9317: all finished. Total of 0.654622 secs

-- 
Russel Oliver
[EMAIL PROTECTED]



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

[Qmail-scanner-general]breakage in header found in every message!

Reply via email to