------------------------------------------- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com http://www.prupref.com
On Thu, 04 Dec 2003 09:52 , Jason Haar <[EMAIL PROTECTED]> sent: >On Thu, 2003-12-04 at 04:03, McKeever Chris wrote: >> I am running qmail-scanner with clamav (0.65) >> I have one machine that acts as a gateway, and then sends it to the main email >> server. >> The gateway is the one with qmailscanner and clamav, the email servers post-MTA >> (@mail) has a plugin for clamav which scans the file before >> databsing it. >> >> I have noticed since 11/4/03 that there are about 2-4 emails per day that get by >> the gateway and picked up by the @mail-clamav scan >> any suggestions? They are typically Exploit.IFrame.Gen and 1 W32/Yaha.g.dam >> > >Are you running clamscan or clamdscan? (i.e. the daemon version). I bet >it's the latter. > >Do you have the qmail-queue.log debug file that contains evidence of >such a "missed" message? If not, turn it on and don't stop logging until >you catch another such occurance. Then you can search that file looking >for the particular message that "slipped through". At that stage you may >see why it failed. I'd suspect a bug whereby clamd failed to scan the >message for some transitory reason, but still exited with a zero error >status - so Qmail-Scanner can only assume it's OK and carried on. > >Let us know what you find. > well, before I went through the logs, I decided to upgrade from 1.16 -> 1.20 I am running into some issues though: setting UID to EUID so subprocesses can access files generated by this script Thu, 04 Dec 2003 12:45:07 -0600:16894: program name is qmail-queue, version 1.20 Thu, 04 Dec 2003 12:45:07 -0600:16894: incoming SMTP connection from via SMTP from 68.166.242.91 Thu, 04 Dec 2003 12:45:07 -0600:16894: w_c: mkdir /var/spool/qmailscan/tmp/prupref-mailgate107056350746116894 04/12/2003 12:45:07:16894: error_condition: X-Qmail-Scanner-1.20: prupref-mailgate107056350746116894 exists - try again later... I set all the permissions on the directories, etc. any suggestions? >Cheers > >Jason Haar >Information Security Manager, Trimble Navigation Ltd. >Phone: +64 3 9635 377 Fax: +64 3 9635 417 >PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > > > >------------------------------------------------------- >This SF.net email is sponsored by OSDN's Audience Survey. >Help shape OSDN's sites and tell us what you think. Take this >five minute survey and you could win a $250 Gift Certificate. >http://www.wrgsurveys.com/2003/osdntech03.php\?site=8 >_______________________________________________ >Qmail-scanner-general mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > ---- Prudential Preferred Properties www.prupref.com ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
