Re: [AMaViS-user] Amavisd and canonical maps?

2005-08-01 Thread Mark Martinec 
Marcel,

> Because in my postfix, i use virtual domains. A Mailbox is
> Named like this: [EMAIL PROTECTED] And then
> i use canonical maps, to get the outgoing E-Mails rewritten to
> Theyr real names whith the original domains like this: [EMAIL PROTECTED]

> ... i must set the email adresses like the original:
> [EMAIL PROTECTED] 
> To get it working, a entry in users like [EMAIL PROTECTED] or test.org doesn't
> Match, only the @. Matched then.
>
> Is there a way to get my virtual Table, witch is used as canonical too
> working in amavisd so that he uses the real E-mail adresses?

Sure, just configure your Postfix to do canonical mapping where
you like it (before or after the content filter). See README.postfix
and search for:
  TO DO 'VIRTUAL ALIAS' MAPPING AND OTHER CLEANUP PROCESSING
  BEFORE OR AFTER CONTENT FILTERING?

Mark


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] SQL quarantine, quarantine table not optimized

2005-08-01 Thread Mark Martinec 
Paolo,

> As expected, there was no significant speedup/slowdown.

Ok, thanks for your investigation.

> You might want to add a note for MySQL users to read Chapter 15 of the
> reference manual On chapter 15.17 I found:
>...
> So, do not waste time and resources by creating a specific index on
> quarantine.mail_id since it doesn't speedup COUNT(*) queries, which are
> anyway meaningless without a WHERE chunk_ind=1 clause.

Thanks, will add a note to README.sql  (already on the web page now).

  Mark


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread Mark Martinec 
> > > [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive
> > > -packed /var/amavis/tmp/amavis-20050801T172532-40177
> > > truss: cannot open /proc/82371/mem: No such file or directory
> > > truss: cannot open /proc/curproc/mem: No such file or directory
> > >
> > > Seems like it's trying to access directories within /proc


> According to the original post (unless I misread it) the f-prot was
> installed from the ports collection.

So it was claimed.

> This version is a native FreeBSD 
> binary, not run under Linux emulation.
>
> $ file /usr/local/f-prot/f-prot
> /usr/local/f-prot/f-prot: ELF 32-bit LSB executable, Intel 80386,
> version 1 (FreeBSD), for FreeBSD 4.9, statically linked, stripped

Andy, you are right. But then again, the version I install from ports
(observed through truss -f) does not attempt to access /proc,
yet the version GM runs apparently wants it. Perhaps it wasn't
installed from ports after all.

> Additionally, it does not need the /proc filesystem mounting, as far as
> I can see. Certainly this version is running on my system without a
> procfs.

Ditto here (FreeBSD 5.4).
(I do have a /proc on this test machine, but f-prot does not access it).

> The one caveat for running it on FreeBSD 5.x is that the compat4x
> libraries need to be in place, either as part of the world build or by
> installing the misc/compat4x port.


  Mark




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Amavisd and canonical maps?

2005-08-01 Thread Marcel Hartmann 
Hello,

I have a working web-cyradm installation with amavisd-new.

Because in my postfix, i use virtual domains. A Mailbox is
Named like this: [EMAIL PROTECTED] And then 
i use canonical maps, to get the outgoing E-Mails rewritten to
Theyr real names whith the original domains like this: [EMAIL PROTECTED]

No wonder about the names, i have installed them in my lokal dns server.

When i use sql_lookups in amavisd-new, all works fine. But i must set
The email adresses like the original: [EMAIL PROTECTED]
To get it working, a entry in users like [EMAIL PROTECTED] or test.org doesn't
Match, only the @. Matched then.

Is there a way to get my virtual Table, witch is used as canonical too (from

the web-cyradm installation!), working in amavisd so that he uses the real 
E-mail adresses? Like [EMAIL PROTECTED]

Greets
   Marcel



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread Andy Fawcett 
Hi,

On Monday 01 August 2005 21:46, Mark Martinec wrote:
> GM,
>
> > [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive
> > -packed /var/amavis/tmp/amavis-20050801T172532-40177
> > truss: cannot open /proc/82371/mem: No such file or directory
> > truss: cannot open /proc/curproc/mem: No such file or directory
> >
> > Seems like it's trying to access directories within /proc
>
> To run linux emulation binaries on FreeBSD, you most likely also
> need the /proc file system available.

According to the original post (unless I misread it) the f-prot was 
installed from the ports collection. This version is a native FreeBSD 
binary, not run under Linux emulation.

$ file /usr/local/f-prot/f-prot
/usr/local/f-prot/f-prot: ELF 32-bit LSB executable, Intel 80386, 
version 1 (FreeBSD), for FreeBSD 4.9, statically linked, stripped

Additionally, it does not need the /proc filesystem mounting, as far as 
I can see. Certainly this version is running on my system without a 
procfs.

The one caveat for running it on FreeBSD 5.x is that the compat4x 
libraries need to be in place, either as part of the world build or by 
installing the misc/compat4x port.

-- 
Andy Fawcett | [EMAIL PROTECTED]
 | [EMAIL PROTECTED]
"In an open world without walls and fences,  | [EMAIL PROTECTED]
  we wouldn't need Windows and Gates."  -- anon  | [EMAIL PROTECTED]


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Stripping attachments

2005-08-01 Thread Gordon Thagard 
Thank you for taking the time to completely and thoroughly answer my 
questions.


Cheers,

Gordon

Mark Martinec wrote:


Gordon,

 


Is it possible to strip an attachment in the case of
"$final_banned_destiny" with other Amavisd-NEW options so that the
attachment is saved to, say, /var/virusmails, and still the original
email text is delivered to the user's mailbox with a notification that
the executable attachment has been stripped and quarantined?
   



No, this is currently not possible nor planned for immediate future.

 


Oh, I think I see what you mean - by using the info included here?
http://www.ijs.si/software/amavisd/README.customize.txt
Which of these options do you think would give me what I'm looking for?
   



The most you can get with using a built-in macro processor is to include
the full mail header (macro %H), which is not exactly what you need.
Mail body is not available through macros, one reason is that it is not stored 
in memory.


One approach would be to modify sub defanged_mime_entity()
to re-assemble a replacement MIME::Entity object out of original mail,
based on some filtering rules.

Some people have modified the source  code to pass the email.txt to altermime
and to forward to recipients its results. While tricks like that are certainly
possible and not too difficult to implement, these are currently just
more or less successful experiments.

A quarantine management GUI may offer ability to let recipient look into
his quarantined message, and only display plain text parts.

 

may I suggest this 
functionality be included in future revs of the product? I know that 
other Anti-SPAM/VIRUS/BLOCKED utilities have this capability and it just 
seems like another nicety to add to an already very nice tool.
   



You may suggest, but it is way down on a priority list. Adding such
functionality is another can of worms / a project all in itself.
Amavis* project(s) so far stayed on the position that a mail body
should not be changed apart from some added/edited header fields
(partly because we don't want to be culpable when something goes wrong).
While I did give-in somewhat when I introduced a simple form of
'mail  defanging' (wrapping a message/rfc822 MIME container around
original mail in certain cases), I have no immediate plans to refine/extend 
such functionality.


Stripping away MIME parts may have some niche use, but as a general
approach I believe it is less useful than may appear at a first glance.

 Mark


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

 






---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread Mark Martinec 
GM,

> [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
> /var/amavis/tmp/amavis-20050801T172532-40177
> truss: cannot open /proc/82371/mem: No such file or directory
> truss: cannot open /proc/curproc/mem: No such file or directory

> Seems like it's trying to access directories within /proc

To run linux emulation binaries on FreeBSD, you most likely also
need the /proc file system available.

Into the /etc/fstab you need to add an entry like:

  proc  /proc  procfs  rw  0 0

and mount the /proc partition.

> I have taken the libirty to create the directory /proc/curproc/mem ,, but
> I'm not sure about the random /proc/82371/mem directories. Anyway, this is
> what I then get :-

/proc is not supposed to be a regular file system.

  Mark


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread David Filion 

GM wrote:

GM wrote:


Hi Mark

I guess we are getting closer to the problem perhaps...

Seems like it's trying to access directories within /proc

[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
-packed

/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/82371/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
-packed

/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84362/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
-packed

/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84610/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory

I have taken the libirty to create the directory /proc/curproc/mem ,, 
but I'm not sure about the random /proc/82371/mem directories. Anyway, 
this is what I then get :-


[EMAIL PROTECTED] /]# truss f-prot f-prot  -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84690/mem: No such file or directory
truss: cannot open /proc/curproc/mem: Is a directory
[EMAIL PROTECTED] /]#


Much apreciated !


GM.



Hi,

/proc/82371/mem isn't random.  /proc is a virtual file system. 82371 is 
a directory containing info about process 82371.   mem is a file 
containing memory usage info for that process.  If the directory/file

doesn't exist. Chances are process 82371 ended before f-prot got to read it.
That or it is not allowed (ie. permissions). If your using Linux, check out
'man proc'.

David



Hi David

I have the following permissions on my /proc directory :-
drwxrwxrwx   3 root  wheel  512B Aug  1 17:45 proc/

I am using freeBSD 5.3 ad 5.4 and getting the same error on both versions /
releases.

PS: Thanx for the prompt reponse...


GM.





Check the permissions on the directories within /proc. Also, get the pid 
 of a running process and go into it's directory and check the 
permissions there.  For example, I did the following as my amavisd user:

(PID 29659 is the pid of the master amavisd on my system.)
$ cd /
$ ls -l | grep proc
dr-xr-xr-x  145 root root0 Jan 18  2005 proc/
$ cd /proc
$ ls -l | grep 29659
dr-xr-xr-x   3 amavisd amavisd 0 Aug  1 12:40 29659/
$ cd 29659
$ ls -l
$ ls -l
ls: cannot read symbolic link cwd: Permission denied
ls: cannot read symbolic link root: Permission denied
ls: cannot read symbolic link exe: Permission denied
total 0
-r  1 root root 0 Aug  1 13:40 auxv
-r--r--r--  1 root root 0 Aug  1 13:40 cmdline
lrwxrwxrwx  1 root root 0 Aug  1 13:40 cwd
-r  1 root root 0 Aug  1 13:40 environ
lrwxrwxrwx  1 root root 0 Aug  1 13:40 exe
dr-x--  2 root root 0 Aug  1 13:40 fd/
-r--r--r--  1 root root 0 Aug  1 13:40 maps
-rw---  1 root root 0 Aug  1 13:40 mem<-- file in question
-r--r--r--  1 root root 0 Aug  1 13:40 mounts
lrwxrwxrwx  1 root root 0 Aug  1 13:40 root
-r--r--r--  1 root root 0 Aug  1 13:40 stat
-r--r--r--  1 root root 0 Aug  1 13:40 statm
-r--r--r--  1 root root 0 Aug  1 13:40 status
dr-xr-xr-x  3 root root 0 Aug  1 13:40 task/
-r--r--r--  1 root root 0 Aug  1 13:40 wchan
$

As you can see, there are certain file that on root can read.  mem is 
one of them. So..

$ cat mem
cat: mem: Permission denied
$

f-prot is trying to read a file it does not have access to when it is 
not running as root. Looks like the f-prot writers didn't add code to 
handle IO errors such as "permission denied".


Now, I did this is on a linux system, try following the same steps on a 
*BSD system and see what happens.


HTH

David


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Re: [Mailzu-users] Quarantining Virus Mails

2005-08-01 Thread Chris Phillips 

Brian Wong wrote:

Chris,

On 8/1/05, Chris Phillips <[EMAIL PROTECTED]> wrote:


Hi there,

I'm very new to mailzu & have a few questions, but will start with this one for
now: -

I would like to be able to see any emails stopped for containing viruses, in the
quarantine area, but I can not.




This is currently not implemented. Sam and I thought that it wasnt
really useful at the time, and figured it would be rare that people
would ever want viruses released due to the amount of possible FPs to
occur.

Bad headers is also not implemented, and I believe the reason was we
just didnt get around to it. We based alot of our work around what our
site needed, but now that MailZu is publicly used, we are starting to
add feature requests.

Consider the two above missing implementations added to our TODO list.
It isnt much work so possibly in the upcoming RC3. Sorry for the
inconvenience.



Is there some config tweak I have missed in mailzu, or is this related to my
amavisd-new config?



Nope, nothing wrong with your config at all.



Ah!  Thanks Brian, that's set my mind at rest :)

It's really good to know that they're on the TODO, cool.

I'll keep my eyes peeled for future releases...


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

RE: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread GM 

GM wrote:
> Hi Mark
> 
> I guess we are getting closer to the problem perhaps...
> 
> Seems like it's trying to access directories within /proc
> 
> [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
> -packed
> /var/amavis/tmp/amavis-20050801T172532-40177
> truss: cannot open /proc/82371/mem: No such file or directory
> truss: cannot open /proc/curproc/mem: No such file or directory
> 
> 
> [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
> -packed
> /var/amavis/tmp/amavis-20050801T172532-40177
> truss: cannot open /proc/84362/mem: No such file or directory
> truss: cannot open /proc/curproc/mem: No such file or directory
> 
> 
> [EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive 
> -packed
> /var/amavis/tmp/amavis-20050801T172532-40177
> truss: cannot open /proc/84610/mem: No such file or directory
> truss: cannot open /proc/curproc/mem: No such file or directory
> 
> I have taken the libirty to create the directory /proc/curproc/mem ,, 
> but I'm not sure about the random /proc/82371/mem directories. Anyway, 
> this is what I then get :-
> 
> [EMAIL PROTECTED] /]# truss f-prot f-prot  -dumb -archive -packed
> /var/amavis/tmp/amavis-20050801T172532-40177
> truss: cannot open /proc/84690/mem: No such file or directory
> truss: cannot open /proc/curproc/mem: Is a directory
> [EMAIL PROTECTED] /]#
> 
> 
> Much apreciated !
> 
> 
> GM.

Hi,

/proc/82371/mem isn't random.  /proc is a virtual file system. 82371 is 
a directory containing info about process 82371.   mem is a file 
containing memory usage info for that process.  If the directory/file
doesn't exist. Chances are process 82371 ended before f-prot got to read it.
That or it is not allowed (ie. permissions). If your using Linux, check out
'man proc'.

David



Hi David

I have the following permissions on my /proc directory :-
drwxrwxrwx   3 root  wheel  512B Aug  1 17:45 proc/

I am using freeBSD 5.3 ad 5.4 and getting the same error on both versions /
releases.

PS: Thanx for the prompt reponse...


GM.



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread David Filion 

GM wrote:

Hi Mark

I guess we are getting closer to the problem perhaps...

Seems like it's trying to access directories within /proc

[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/82371/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84362/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84610/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory

I have taken the libirty to create the directory /proc/curproc/mem ,, but
I'm not sure about the random /proc/82371/mem directories. Anyway, this is
what I then get :-

[EMAIL PROTECTED] /]# truss f-prot f-prot  -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84690/mem: No such file or directory
truss: cannot open /proc/curproc/mem: Is a directory
[EMAIL PROTECTED] /]#


Much apreciated !


GM.


Hi,

/proc/82371/mem isn't random.  /proc is a virtual file system. 82371 is 
a directory containing info about process 82371.   mem is a file 
containing memory usage info for that process.  If the directory/file 
doesn't exist. Chances are process 82371 ended before f-prot got to read 
it. That or it is not allowed (ie. permissions). If your using Linux, 
check out 'man proc'.


David



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

RE: [AMaViS-user] f-prot DIED on signal 11 (008b)

2005-08-01 Thread GM 
Hi Mark

I guess we are getting closer to the problem perhaps...

Seems like it's trying to access directories within /proc

[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/82371/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84362/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory


[EMAIL PROTECTED] /]# truss -o 0.log  f-prot f-prot -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84610/mem: No such file or directory
truss: cannot open /proc/curproc/mem: No such file or directory

I have taken the libirty to create the directory /proc/curproc/mem ,, but
I'm not sure about the random /proc/82371/mem directories. Anyway, this is
what I then get :-

[EMAIL PROTECTED] /]# truss f-prot f-prot  -dumb -archive -packed
/var/amavis/tmp/amavis-20050801T172532-40177
truss: cannot open /proc/84690/mem: No such file or directory
truss: cannot open /proc/curproc/mem: Is a directory
[EMAIL PROTECTED] /]#


Much apreciated !


GM.



 

-Original Message-
From: Mark Martinec [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 01, 2005 2:05 AM
To: [EMAIL PROTECTED]
Subject: Re: [AMaViS-user] f-prot DIED on signal 11 (008b)

GM,

> # su vscan -c 'f-prot -dumb -archive -packed
>   /var/amavis/tmp/amavis-20050731T034318-00618  Segmentation fault
>
> # f-prot -dumb -archive -packed
> /var/amavis/tmp/amavis-20050731T034318-00618  scanning report  -  31 July 2005 @ 3:45

If the program f-prot runs well as root, but fails on SEGV when running as
user vscan, I would suspect some problem with its internal files (like virus
signatures), or perhaps with its environment or account vscan, triggering a
bug in f-prot, unprepared to handle the unexpected situation.
Does it run under your ordinary user account?

Try running it through truss, both as root and as user vscan, save trace on
a file, and compare the two. It may narrow down the problem to a nearby
operation that f-prot executed:

# truss -o 0.log  f-prot f-prot -dumb -archive -packed some-directory # su
vscan $ truss -o 1.log  f-prot f-prot -dumb -archive -packed some-directory

(make sure the truss log file can be created, considering uid)

  Mark



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] SQL quarantine, quarantine table not optimized

2005-08-01 Thread Paolo Cravero as2594 

Mark Martinec wrote:


it would be more informative to ask for:
  SELECT count(*) FROM quarantine WHERE chunk_ind = 1;

  to get the number of quarantined messages, regardless of their size,
  which may span multiple 16 kB chunks.


Got it. Now I understand the meaning of chunk_ind. :)


Since the primary key on table quarantine is:
  PRIMARY KEY (mail_id,chunk_ind)
I would expect that this may be quicker, even if there is
no index on mail_id alone.


In Oracle terms, a SELECT COUNT(*) would hit the first PK field when the 
WHERE clause is composed of just one field and not both. I don't know in 
MySQL InnoDB ...



Could you please try it, and if there is no speedup, I'll add
your suggestion to README.sql.


As expected, there was no significant speedup/slowdown.

You might want to add a note for MySQL users to read Chapter 15 of the 
reference manual On chapter 15.17 I found:


"InnoDB does not keep an internal count of rows in a table. (This would 
actually be somewhat complicated because of multi-versioning.) To 
process a SELECT COUNT(*) FROM T statement, InnoDB  must scan an index 
of the table, which takes some time if the index is not entirely in the 
buffer pool. To get a fast count, you have to use a counter table you 
create yourself and let your application update it according to the 
inserts and deletes it does. If your table does not change often, using 
the MySQL query cache is a good solution. SHOW TABLE STATUS also can be 
used if an approximate row count is sufficient. See Section 15.12, 
“InnoDB Performance Tuning Tips”."


So, do not waste time and resources by creating a specific index on 
quarantine.mail_id since it doesn't speedup COUNT(*) queries, which are 
anyway meaningless without a WHERE chunk_ind=1 clause.


Thank you all for your support!
Paolo


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] SQL quarantine, quarantine table not optimized

2005-08-01 Thread Sam Tran 
On 8/1/05, Paolo Cravero as2594 <[EMAIL PROTECTED]> wrote:
> Mark Martinec wrote:
> 
> Dobar Dan Mark
> 
> > I think that instead of asking for:
> >   SELECT count(*) FROM quarantine;
> >   (which gives the number of records in the database)
> >
> > it would be more informative to ask for:
> >   SELECT count(*) FROM quarantine WHERE chunk_ind = 1;
> >
> >   to get the number of quarantined messages, regardless of their size,
> >   which may span multiple 16 kB chunks.
> 
> Those two queries return different results. Did you mean "chunk_ind >=
> 1", perhaps? In that case the count corresponds.
> 

No. It is "WHERE chunk_ind = 1". Otherwise you may count some
quarantined messages multiple times. Do a "SELECT * FROM quarantine"
for the mail_id of a message larger than 16kB. You will understand
then.

Sam


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Auto Forward/Redirect eBay Phishing Spoofs

2005-08-01 Thread Pierre Girard 

Chris Phillips wrote:

I would like to have eBay spoof emails, automagically 
forwarded/redirected to the anti-phishing squad at eBay 
<[EMAIL PROTECTED]> & am hoping that you may be able to point me in the 
right direction.


It would be cool if I could add something like '*PHISHING*', to the 
subject & perhaps have the outbound email come from '<>', as the 
response email from eBay is almost as annoying as the spoof!


Interresting idea.  We're using clamav to scan for viruses in addition 
to another antivirus and clam detects a lot of phishing scams. 

I was hoping that clam would give a different return code for viruses 
and phishing scams but it doesn't appear to be the case.


However in my email I get a copy of the scanning results and the subject 
looks like:

VIRUS (HTML.Phishing.Pay-16) FROM <[EMAIL PROTECTED]>

I suppose i could then write a procmail rule that would send the message 
somewhere based on some parameters like phishing.pay gets sent to 
paypal, etc.


Probably not what you had in mind, someone else might have a better idea.



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] SQL quarantine, quarantine table not optimized

2005-08-01 Thread Paolo Cravero as2594 

Mark Martinec wrote:

Dobar Dan Mark


I think that instead of asking for:
  SELECT count(*) FROM quarantine;
  (which gives the number of records in the database)

it would be more informative to ask for:
  SELECT count(*) FROM quarantine WHERE chunk_ind = 1;

  to get the number of quarantined messages, regardless of their size,
  which may span multiple 16 kB chunks.


Those two queries return different results. Did you mean "chunk_ind >= 
1", perhaps? In that case the count corresponds.



Could you please try it, and if there is no speedup, I'll add
your suggestion to README.sql.


I tried both queries and noticed no speed difference.
Then I removed my additional index on the mail_id and did other things 
to the database and now all queries are deadly long: above 3 minutes for 
167k rows for both queries, on an zero-load MySQL instance.


I also used FLUSH QUERY CACHE before each query.

I will dump the quarantine table and recreate it from scratch before 
giving a definitive answer for speed comparison.


In any case, as repoted in my self-reply, MySQL InnoDB tables are not 
optimized for SELECT COUNT(*).


Paolo


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Problem processing messages, more

2005-08-01 Thread Mark Martinec 
Jay,

> (03014-01) run_command: [3023] /usr/local/bin/file p001 &1

> (03014-01) TROUBLE in check_mail: parts_decode_ext FAILED: parsing 
> file(1) results - missing last 1 results at (eval 39) line 156.

> Very strange. . .
> This all worked just fine, until I had to reboot yesterday.
> I get the exact same error for every message.

> It lookslike "file" failed somehow, yet when I run the command:
>   /usr/local/bin/file p001
>   p001: ASCII make commands text

For some reason no result seems to be coming back from file(1),
it just terminates with a success status.

Does it work when you run the exact same command under user vscan?
  su vscan
  /usr/local/bin/file p001 &1
  echo $?

Mark


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/