[Qmail-scanner-general]some wrong with my qmail-scanner,plz help me!

ioty Fri, 14 Jan 2005 23:33:49 -0800

hello 

My MTA is qmail+clamed+qmail-scanner1.24;
But some wrong with qmail-scanner, sometime it's overflow


messages.log:

Jan 15 05:19:06 mail smtpd: 1105737546.000182 tcpserver: pid 7231 from 
61.149.1.213
Jan 15 05:19:06 mail smtpd: 1105737546.000279 tcpserver: ok 7231 
0:210.21.119.38:25 :61.149.1.213::4006
Jan 15 05:19:07 mail smtpd: 1105737547.173866 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174008 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174046 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174089 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174124 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174162 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2187, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174199 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2192, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174238 Malformed UTF-8 character 
(overflow at 0xe7123fe9, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2197, <STDIN> line 52.
Jan 15 05:19:07 mail smtpd: 1105737547.174313 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.174348 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.174383 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.174424 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.174459 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.505356 Malformed UTF-8 character 
(overflow at 0xe74b8410, byte 0xa3, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2197, <STDIN> line 57.
Jan 15 05:19:07 mail smtpd: 1105737547.516255 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.854132 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.855742 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 689, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.875154 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.907032 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2182, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.908895 Malformed UTF-8 character 
(overflow at 0x943c8494, byte 0xbf, after start byte 0xbf) in pattern match 
(m//) at /var/qmail/bin/qmail-scanner-queue.pl line 2197, <STDIN> line 62.
Jan 15 05:19:07 mail smtpd: 1105737547.952015 tcpserver: end 7231 status 0
Jan 15 05:19:07 mail smtpd: 1105737547.952046 tcpserver: status: 0/40
Jan 15 05:19:27 mail smtpd: 1105737567.611049 tcpserver: status: 1/40
Jan 15 05:19:27 mail smtpd: 1105737567.611098 tcpserver: pid 7244 from 
64.233.170.130
Jan 15 05:19:27 mail smtpd: 1105737567.611110 tcpserver: ok 7244 
0:210.21.119.38:25 :64.233.170.130::1670


qmail-queue.log:

Sat, 15 Jan 2005 04:41:32 CST:6990: all finished. Total of 0.87692 secs
Sat, 15 Jan 2005 05:19:07 CST:7233: +++ starting debugging for process 7233 by 
uid=0
Sat, 15 Jan 2005 05:19:07 CST:7233: setting UID to EUID so subprocesses can 
access files generated by this script
Sat, 15 Jan 2005 05:19:07 CST:7233: program name is qmail-scanner-queue.pl, 
version 1.24
Sat, 15 Jan 2005 05:19:07 CST:7233: incoming SMTP connection from via SMTP from 
61.149.1.213
Sat, 15 Jan 2005 05:19:07 CST:7233: w_c: mkdir 
/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233
Sat, 15 Jan 2005 05:19:07 CST:7233: w_c: start dumping incoming msg into 
/var/spool/qmailscan/working/tmp/mail.joinscience.net11057375474877233 
[0.000712]
Sat, 15 Jan 2005 05:19:07 CST:7233: w_c: added fake MIME-Version header
Sat, 15 Jan 2005 05:19:07 CST:7233: w_c: primary Content-Type of text/html found
Sat, 15 Jan 2005 05:19:07 CST:7233: w_c: rename new msg from 
/var/spool/qmailscan/working/tmp/mail.joinscience.net11057375474877233 to 
/var/spool/qmailscan/working/new/mail.joinscience.net11057375474877233 
[0.062764]
Sat, 15 Jan 2005 05:19:07 CST:7233: d_m: starting /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233/ 
</var/spool/qmailscan/working/new/mail.joinscience.net11057375474877233 
[0.000276]
Sat, 15 Jan 2005 05:19:07 CST:7233: d_m: finished /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233/ [0.005146]
Sat, 15 Jan 2005 05:19:07 CST:7233: d_m: Check for zip files...
Sat, 15 Jan 2005 05:19:07 CST:7233: d_m: unpacking message took 0.005432 seconds
Sat, 15 Jan 2005 05:19:07 CST:7233: unsetting QMAILQUEUE env var
Sat, 15 Jan 2005 05:19:07 CST:7233: g_e_h: return-path is "[EMAIL PROTECTED]", 
recips is "[EMAIL PROTECTED]"
Sat, 15 Jan 2005 05:19:07 CST:7233: [EMAIL 
PROTECTED],subj==?GB2312?B?yrnTw8L60uLU2bm6wvKjusbzudzI7bz+?=, 
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via SMTP from 61.149.1.213
Sat, 15 Jan 2005 05:19:07 CST:7233: ini_sc: start scanning
Sat, 15 Jan 2005 05:19:07 CST:7233: ini_sc: recursively scan the directory 
/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233/
Sat, 15 Jan 2005 05:19:07 CST:7233: scanloop: starting scan of directory 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233"...
Sat, 15 Jan 2005 05:19:07 CST:7233: scanloop: 
scanner=clamscan_scanner,plain_text_msg=0
Sat, 15 Jan 2005 05:19:07 CST:7233: clamscan: starting scan of directory 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233"...
Sat, 15 Jan 2005 05:19:07 CST:7233: run /usr/local/bin/clamscan -r -m --unzip 
--unrar --unzoo --lha --disable-summary --max-recursion=10 --max-space=100000  
/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233 2>&1
Sat, 15 Jan 2005 05:19:07 CST:7233: --output of clamscan was:
Sat, 15 Jan 2005 05:19:07 CST:7233: clamscan: finished scan of dir 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233" in 0.657123 
secs
Sat, 15 Jan 2005 05:19:07 CST:7233: scanloop: finished scan of 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233"...
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: starting scan of directory 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233"...
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '81:ILOVEYOU' = 'Virus-subject' = 
'Love Letter Virus/Trojan'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing 
subject: ILOVEYOU
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '82:message/partial.*' = 
'Virus-content-type' = 'Message/partial MIME attachments blocked by policy'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing 
content-type: message/partial.*
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '85:.{100,}' = 'Virus-date' = 'MIME 
Header Buffer Overflow'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing date: 
.{100,}
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '86:.{100,}' = 'Virus-mime-version' = 
'MIME Header Buffer Overflow '
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing 
mime-version: .{100,}
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '87:.{100,}' = 'Virus-resent-date' = 
'MIME Header Buffer Overflow'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing 
resent-date: .{100,}
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  '90:[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]' = 'Virus-to' 
= 'BadTrans Trojan exploit!'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  type is a header!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  checking for objects containing to: 
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
PROTECTED]
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  'eicar.com' = '69' = 'EICAR Test 
Virus'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: type is a size!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  'happy99.exe' = '10000' = 'Happy99 
Trojan'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: type is a size!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  'zipped_files.exe' = '120495' = 
'W32/ExploreZip.worm.pak virus'
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: type is a size!
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: skipping auto-generated file 
1105737547.7235-0.mail.joinscience.net
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s: skipping auto-generated file 
orig-mail.joinscience.net11057375474877233
Sat, 15 Jan 2005 05:19:07 CST:7233: p_s:  finished scan of dir 
"/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233" in 0.007801 
secs
Sat, 15 Jan 2005 05:19:07 CST:7233: ini_sc: scanning message took 0.66545 
seconds
Sat, 15 Jan 2005 05:19:07 CST:7233: q_r: fork off child into 
/var/qmail/bin/qmail-queue...
Sat, 15 Jan 2005 05:19:07 CST:7238: q_r: xstatus=0
Sat, 15 Jan 2005 05:19:07 CST:7233: qmail-scanner[7233]: 
Clear:RC:0(61.149.1.213): 0.735177 2565 [EMAIL PROTECTED] [EMAIL PROTECTED] 
=?GB2312?B?yrnTw8L60uLU2bm6wvKjusbzudzI7bz+?= <[EMAIL PROTECTED]> 
1105737547.7235-0.mail.joinscience.net:2065 
orig-mail.joinscience.net11057375474877233:2565
Sat, 15 Jan 2005 05:19:07 CST:7233: cleanup: /bin/rm -rf 
/var/spool/qmailscan/tmp/mail.joinscience.net11057375474877233/ 
/var/spool/qmailscan/working/new/mail.joinscience.net11057375474877233
Sat, 15 Jan 2005 05:19:07 CST:7233: all finished. Total of 0.78002 secs
Sat, 15 Jan 2005 05:19:29 CST:7246: +++ starting debugging for process 7246 by 
uid=0
Sat, 15 Jan 2005 05:19:29 CST:7246: setting UID to EUID so subprocesses can 
access files generated by this script
Sat, 15 Jan 2005 05:19:29 CST:7246: program name is qmail-scanner-queue.pl, 
version 1.24
Sat, 15 Jan 2005 05:19:29 CST:7246: incoming SMTP connection from via SMTP from 
64.233.170.130
Sat, 15 Jan 2005 05:19:29 CST:7246: w_c: mkdir 
/var/spool/qmailscan/tmp/mail.joinscience.net11057375694877246
Sat, 15 Jan 2005 05:19:29 CST:7246: w_c: start dumping incoming msg into 
/var/spool/qmailscan/working/tmp/mail.joinscience.net11057375694877246 [0.00072]
Sat, 15 Jan 2005 05:19:30 CST:7246: c_a_g: found MIME attachment
Sat, 15 Jan 2005 05:19:30 CST:7246: w_c: primary Content-Type of text/html found
Sat, 15 Jan 2005 05:19:30 CST:7246: w_c: rename new msg from 
/var/spool/qmailscan/working/tmp/mail.joinscience.net11057375694877246 to 
/var/spool/qmailscan/working/new/mail.joinscience.net11057375694877246 
[0.319208]
Sat, 15 Jan 2005 05:19:30 CST:7246: d_m: starting /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/mail.joinscience.net11057375694877246/ 
</var/spool/qmailscan/working/new/mail.joinscience.net11057375694877246 
[0.000264]
Sat, 15 Jan 2005 05:19:30 CST:7246: d_m: finished /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/mail.joinscience.net11057375694877246/ [0.005145]
Sat, 15 Jan 2005 05:19:30 CST:7246: d_m: Check for zip files...
Sat, 15 Jan 2005 05:19:30 CST:7246: d_m: unpacking message took 0.005417 seconds
Sat, 15 Jan 2005 05:19:30 CST:7246: unsetting QMAILQUEUE env var
Sat, 15 Jan 2005 05:19:30 CST:7246: g_e_h: return-path is "[EMAIL PROTECTED]", 
recips is "[EMAIL PROTECTED]"
Sat, 15 Jan 2005 05:19:30 CST:7246: from==?UTF-8?B?R29vZ2xlIOW/q+iurw==?= 
<[EMAIL 
PROTECTED]>,subj==?UTF-8?B?R29vZ2xlIOW/q+iuryAtIEhJViAgIOW5v+S4nCDnlr7mjqc=?=, 
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via SMTP from 64.233.170.130

plz somebody help me!

thanx
　　　　　　　　ioty
[EMAIL PROTECTED]
　　　　　　　　　　2005-01-15
N?篆zf?+,?膦?o 
^j?z??%??[?g?TDX??y丨?尧贶xZ+?薅??_??)?绀"???TD??⑺a囤?0??????*?f????檗?fj)b?       
b苍&j)lq╃z???X??悍~?zw???????玷??咤?l??)撸?j)lq╃z??�

[Qmail-scanner-general]some wrong with my qmail-scanner,plz help me!

Reply via email to