ConfigServer Community Forum

Today I updated the following scripts:

MailScanner - v4.84.5 installed
ConfigServer MailScanner Script - v2.85 installed and up to date
ClamAV - v0.97.4 installed and up to date
MailScanner Front-End - v4.36 installed and up to date
------------------------------------------------

Immediately most email is being blocked with the following error:

Status: Other
MailScanner: Message attempted to kill MailScanner

--------------------------------------------------------------------
Below is a sample of a false positive:


Received on: 13/04/12 20:17:28
Received by: server3[dot]visualmalls[dot]com
Received from: 85.13.194.72

Received Via: IP Address Hostname Country RBL Spam Virus All
85.13.194.72 host[dot]waytotheweb[dot]com United Kingdom [ ] [ ] [ ] [ ]

ID: 1SIrHw-0005lp-B4
Message Headers: Received: from host[dot]waytotheweb[dot]com ([85.13.194.72]:42735)
by server3.visualmalls[.]com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.77)
(envelope-from <forumco@host[dot]waytotheweb[dot]com>)
id 1SIrHw-0005lp-B4
for tmallardi@visualmalls[dot]com; Fri, 13 Apr 2012 19:56:28 -0500
Received: from forumco by host[dot]waytotheweb[dot]com with local (Exim 4.77)
(envelope-from <forumco@host[dot]waytotheweb[dot]com>)
id 1SIrHx-0006kd-6r
for tmallardi@visualmalls[dot]com; Sat, 14 Apr 2012 01:56:29 +0100
To: =?UTF-8?B?dG1hbGxhcmRp?= <tmallardi@visualmalls[dot]com>
Subject: =?UTF-8?B?V2VsY29tZSB0byAiQ29uZmlnU2VydmVyIFNjcmlwdHMgRm9ydW0i?=
From: <sales@waytotheweb[dot]com>
Reply-To: <sales@waytotheweb[dot]com>
MIME-Version: 1.0
Message-ID: <2d9946a683621cd7db5f7c4777f7fc4e@forum.configserver[dot]com>
Date: Sat, 14 Apr 2012 01:56:29 +0100
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: phpBB3
X-MimeOLE: phpBB3
X-phpBB-Origin: phpbb://forum.configserver[dot]com
X-AntiAbuse: Board servername - =?UTF-8?B?Zm9ydW0uY29uZmlnc2VydmVyLmNvbQ==?=
X-AntiAbuse: User_id - 1
X-AntiAbuse: Username - =?UTF-8?B?QW5vbnltb3Vz?=
X-AntiAbuse: User IP - 207.235.119.46
X-WTTW-MailScanner-Information: Please contact the ISP for more information
X-WTTW-MailScanner-ID: 1SIrHx-0006kd-6r
X-WTTW-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-WTTW-MailScanner-SpamCheck:
X-WTTW-MailScanner-From: forumco@host.waytotheweb[dot]com
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.waytotheweb[dot]com
X-AntiAbuse: Original Domain - visualmalls[dot]com
X-AntiAbuse: Originator/Caller UID/GID - [550 550] / [47 12]
X-AntiAbuse: Sender Address Domain - host.waytotheweb[dot]com
From: forumco@host.waytotheweb[dot]com

To: tmallardi@visualmalls[dot]com
Subject: Welcome to "ConfigServer Scripts Forum"
Size: 2.9Kb
Anti-Virus/Dangerous Content Protection
Virus: N
Blocked File: N
Other Infection: Y
Report: MailScanner: Message attempted to kill MailScanner
SpamAssassin
Spam: N Action(s): deliver, header, "X-Spam-Status:, No"
High Scoring Spam: N
SpamAssassin Spam: N
Listed in RBL: N
Spam Whitelisted: N
Spam Blacklisted: N
SpamAssassin Autolearn: N
Message Content Protection (MCP)
MCP: N
High Scoring MCP: N
SpamAssassin MCP: N
MCP Whitelisted: N
MCP Blacklisted: N








I'm hoping someone knows of a quick fix to resolve this issue... thank you,
Tim

I believe this is due to a bug in MailScanner or one of the perl modules it uses. Here is the workaround we have found:

Edit the file /usr/mailscanner/bin/MailScanner and add -U to the first line, so it looks like this:
Then restart MailScanner either via the WHM MailScanner Front-End or with the command
Please note you will probably have to re-do this anytime you upgrade MailScanner itself.

Regards,
Sarah

The nightly cPanel update seems to have resolved this issue... thank you.

FYI
See also the post f=19&t=5530

The most recent (2012 07 24) updates of MailScanner running on CentOS on a brand new server have this same problem. Apparently there is a bug in the MailScanner software. No sight on a fix. The workarounds offered on this forum are, to summarize in one place:

1. This issue should be fixed by setting "Maximum Archive Depth" to 0 in the MailScanner configuration.
2. Edit the file /usr/mailscanner/bin/MailScanner and add -U to the first line, so it looks like this:
#!/usr/bin/perl -I/usr/share/MailScanner -U
Then restart MailScanner either via the WHM MailScanner Front-End or with the command
service MailScanner restart
It appears that the first is sufficient by itself to solve the problem.

The effect of this is essentially to turn off attachment scanning, which is none too satisfactory, but we'll have to live with that for the time being.

Rick

rsutc wrote:FYI
The effect of this is essentially to turn off attachment scanning, which is none too satisfactory, but we'll have to live with that for the time being.

That's not entirely true. It only disables filename and filetype checking within archives such as zip files or tar files. Virus scanning within archives will still be done. Also any other (non-archive) file attachments will still be checked as before.

Regards,
Sarah