Re: [Sagator-users] Sagator on OpenBSD 5.0

[Comète <co...@da...>]

ok this is the error message woth debug level 5:


11239: libclam(): Loaded virpatterns: 2325837
  5813: Testing 
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))), 
status(drop(quarantine(SpamAssassinD()))))...
  5813: Running: 
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))), status(drop(quarantine(SpamAssassinD()))))
  5813: Running: 
status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam()))))))
  5813: Running: 
report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))
  5813: Running: drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam()))))
  5813: Running: quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))
  5813: Running: alternatives(ParseMail(file_type(), attach_name(), 
libclam()))
  5813: Running: ParseMail(file_type(), attach_name(), libclam())
  5813: parsemail(): buffer len=11, filename=unknown.bin
  5813: Running: file_type()
  5813: Values: 0.000000, '', []
  5813: Running: attach_name()
  5813: Values: 0.000000, '', []
  5813: Running: libclam()
  5813: alternatives(ParseMail(file_type(), attach_name(), libclam())): 
scanner ParseMail(file_type(), attach_name(), libclam()) failed: 
ScannerError: Not implemented
  5813: alternatives(ParseMail(file_type(), attach_name(), 
libclam()))Traceback (most recent call last):
   File "/usr/local/share/sagator/interscan/match.py", line 120, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/interscan/parsemail.py", line 412, in 
scanbuffer
     return decode_email(buffer,self.scanners,args).scan()
   File "/usr/local/share/sagator/interscan/parsemail.py", line 384, in 
__init__
     self.scan_part(file_name)
   File "/usr/local/share/sagator/interscan/parsemail.py", line 200, in 
scan_part
     l,v,r=scanner.scanbuffer(buffer,self.args)
   File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
     raise ScannerError, 'Not implemented'
ScannerError: Not implemented
  5813: alternatives(ParseMail(file_type(), attach_name(), libclam())): 
All scanners failed!
  5813: quarantine(alternatives(ParseMail(file_type(), attach_name(), 
libclam()))): scanner alternatives(ParseMail(file_type(), attach_name(), 
libclam())) failed: ScannerError: All alternatives failed!
  5813: drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))): scanner 
quarantine(alternatives(ParseMail(file_type(), attach_name(), 
libclam()))) failed: ScannerError: All alternatives failed!
  5813: report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam()))))): scanner 
drop(quarantine(alternatives(ParseMail(file_type(), attach_name(), 
libclam())))) failed: ScannerError: All alternatives failed!
  5813: 
status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))): scanner 
report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam()))))) failed: ScannerError: All alternatives failed!
  5813: 
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))), 
status(drop(quarantine(SpamAssassinD())))): scanner 
status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))) failed: ScannerError: All alternatives 
failed!
  5813: do_scan: Traceback (most recent call last):
   File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
     scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
   File "/usr/local/share/sagator/interscan/logger.py", line 94, in 
scanbuffer
     level,detected,virlist=match_any.scanbuffer(self,buffer,args)
   File "/usr/local/share/sagator/interscan/match.py", line 181, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
 
level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
   File "/usr/local/share/sagator/interscan/match.py", line 181, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/interscan/report.py", line 113, in 
scanbuffer
     level,detected,virlist=match_any.scanbuffer(self,buffer,args)
   File "/usr/local/share/sagator/interscan/match.py", line 181, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/interscan/actions.py", line 137, in 
scanbuffer
     level, detected, virlist = match_any.scanbuffer(self, buffer, args)
   File "/usr/local/share/sagator/interscan/match.py", line 181, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/interscan/actions.py", line 52, in 
scanbuffer
     level,detected,virlist=match_any.scanbuffer(self,buffer,args)
   File "/usr/local/share/sagator/interscan/match.py", line 181, in 
scanbuffer
     level,vir,ret=self.scanner.scanbuffer(buffer,args)
   File "/usr/local/share/sagator/interscan/match.py", line 128, in 
scanbuffer
     raise ScannerError,'All alternatives failed!'
ScannerError: All alternatives failed!
  5813: Scanner 
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(), 
attach_name(), libclam())))))), 
status(drop(quarantine(SpamAssassinD())))) test failed! Disable it manually!
  5813:   All alternatives failed!
11239: smtpd(): service started ... [30308, 8583]


Thanks again.

Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> Can you send me exact error message (if possible in debug level>=4)?
>
> 		SAL
>
> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>> Sorry i don't know why there are different versions.
>>
>> If i try to use parsemail, that's because i would like to drop
>> messages containing attachments with
>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>
>> thanks
>>
>>
>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>> Thanks a lot, it works !
>>>
>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>> different version? May be I should fix this in sagator's sources.
>>>
>>>> I have now another problem. I would like to parse attachments and
>>>> scan with libclam and then i try to use this setup:
>>>>         parsemail(
>>>>              #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>              ## Check with sagator's internal content recognition.
>>>>              file_type({'exe': 'Executable'}),
>>>>              ## Check for attachment filenames.
>>>>
>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>              libclam(db_options=libclam.CL_DB_PHISHING)
>>>>         ),
>>>> ),
>>>>
>>>> But it doesn't work, saying all the alternatives have failed.
>>>
>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>> email parser.
>>>
>>> 				SAL