Re: [Sagator-users] Sagator on OpenBSD 5.0
Brought to you by:
ondrejj
Menu
▾
▴
Re: [Sagator-users] Sagator on OpenBSD 5.0
|
From: Comète <co...@da...> - 2012-01-30 10:01:39
|
Ok thanks for the advice, it seems to work when calling parsemail first
and then libclamav().
But, i have one last non-blocking error at the end of each connection:
11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
11714: SMTPS: Sending data
11714: SMTPS: OK: 250 Ok
11714: SMTPS: QUIT
11714: smtpd(): Closing connection.
11714: smtpd(): ERROR: SocketError: Connection reset by peer
11714: smtpd(): Traceback (most recent call last):
File "/usr/local/share/sagator/aglib.py", line 141, in fork
self.accept()
File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
conn.shutdown(socket.SHUT_RDWR)
File "/usr/local/lib/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
error: [Errno 54] Connection reset by peer
27566: collector(): Saving stats ...
Any idea ?
Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> Looks like you are calling an bufferscanner from filescanner or vice versa.
> But your configuration looks to be OK, I tested in my testing environment.
> May be problem is in rest of configuration.
>
> Btw, do not use libclam() from parsemail. This way you will disable clamav's
> internal email parser, which is very good.
>
> SAL
>
> On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
>> ok this is the error message woth debug level 5:
>>
>>
>> 11239: libclam(): Loaded virpatterns: 2325837
>> 5813: Testing
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD()))))...
>> 5813: Running:
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD()))))
>> 5813: Running:
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))))
>> 5813: Running:
>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))
>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))
>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))
>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))
>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
>> 5813: parsemail(): buffer len=11, filename=unknown.bin
>> 5813: Running: file_type()
>> 5813: Values: 0.000000, '', []
>> 5813: Running: attach_name()
>> 5813: Values: 0.000000, '', []
>> 5813: Running: libclam()
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam())): scanner ParseMail(file_type(), attach_name(),
>> libclam()) failed: ScannerError: Not implemented
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))Traceback (most recent call last):
>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
>> in scanbuffer
>> return decode_email(buffer,self.scanners,args).scan()
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
>> in __init__
>> self.scan_part(file_name)
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
>> in scan_part
>> l,v,r=scanner.scanbuffer(buffer,self.args)
>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
>> raise ScannerError, 'Not implemented'
>> ScannerError: Not implemented
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam())): All scanners failed!
>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))): scanner alternatives(ParseMail(file_type(),
>> attach_name(), libclam())) failed: ScannerError: All alternatives
>> failed!
>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))): scanner
>> quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))) failed: ScannerError: All alternatives failed!
>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))): scanner
>> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam())))) failed: ScannerError: All alternatives failed!
>> 5813:
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))): scanner
>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))) failed: ScannerError: All alternatives
>> failed!
>> 5813:
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD())))): scanner
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))) failed: ScannerError: All
>> alternatives failed!
>> 5813: do_scan: Traceback (most recent call last):
>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>>
>> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
>> scanbuffer
>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
>> scanbuffer
>> raise ScannerError,'All alternatives failed!'
>> ScannerError: All alternatives failed!
>> 5813: Scanner
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
>> manually!
>> 5813: All alternatives failed!
>> 11239: smtpd(): service started ... [30308, 8583]
>>
>>
>> Thanks again.
>>
>> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
>>> Can you send me exact error message (if possible in debug level>=4)?
>>>
>>> SAL
>>>
>>> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>>>> Sorry i don't know why there are different versions.
>>>>
>>>> If i try to use parsemail, that's because i would like to drop
>>>> messages containing attachments with
>>>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>>>
>>>> thanks
>>>>
>>>>
>>>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>>>> Thanks a lot, it works !
>>>>>
>>>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>>>> different version? May be I should fix this in sagator's sources.
>>>>>
>>>>>> I have now another problem. I would like to parse attachments and
>>>>>> scan with libclam and then i try to use this setup:
>>>>>> parsemail(
>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>>> ## Check with sagator's internal content recognition.
>>>>>> file_type({'exe': 'Executable'}),
>>>>>> ## Check for attachment filenames.
>>>>>>
>>>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>>>> ),
>>>>>> ),
>>>>>>
>>>>>> But it doesn't work, saying all the alternatives have failed.
>>>>>
>>>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>>>> email parser.
>>>>>
>>>>> SAL
|
