Re: [Sagator-users] Sagator on OpenBSD 5.0
Brought to you by:
ondrejj
Menu
▾
▴
Re: [Sagator-users] Sagator on OpenBSD 5.0
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-30 11:23:39
|
Curious. Looks like your SMTP server closed connection unexpectedly.
Which SMTP server are you using? With postfix I never had similar problems.
I can catch this error in sagator, but need to know, if it's an problem of
SMTP server or configuration.
Does this happen always or only sometimes, for example when you restart your
SMTP server?
SAL
On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
> Ok thanks for the advice, it seems to work when calling parsemail
> first and then libclamav().
>
> But, i have one last non-blocking error at the end of each connection:
>
> 11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
> 11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
> 11714: SMTPS: Sending data
> 11714: SMTPS: OK: 250 Ok
> 11714: SMTPS: QUIT
> 11714: smtpd(): Closing connection.
> 11714: smtpd(): ERROR: SocketError: Connection reset by peer
> 11714: smtpd(): Traceback (most recent call last):
> File "/usr/local/share/sagator/aglib.py", line 141, in fork
> self.accept()
> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
> conn.shutdown(socket.SHUT_RDWR)
> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
> return getattr(self._sock,name)(*args)
> error: [Errno 54] Connection reset by peer
> 27566: collector(): Saving stats ...
>
> Any idea ?
>
> Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> >Looks like you are calling an bufferscanner from filescanner or vice versa.
> >But your configuration looks to be OK, I tested in my testing environment.
> >May be problem is in rest of configuration.
> >
> >Btw, do not use libclam() from parsemail. This way you will disable clamav's
> >internal email parser, which is very good.
> >
> > SAL
> >
> >On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> >>ok this is the error message woth debug level 5:
> >>
> >>
> >>11239: libclam(): Loaded virpatterns: 2325837
> >> 5813: Testing
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD()))))...
> >> 5813: Running:
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD()))))
> >> 5813: Running:
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))))
> >> 5813: Running:
> >>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))
> >> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))
> >> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))
> >> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))
> >> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> >> 5813: parsemail(): buffer len=11, filename=unknown.bin
> >> 5813: Running: file_type()
> >> 5813: Values: 0.000000, '', []
> >> 5813: Running: attach_name()
> >> 5813: Values: 0.000000, '', []
> >> 5813: Running: libclam()
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())): scanner ParseMail(file_type(), attach_name(),
> >>libclam()) failed: ScannerError: Not implemented
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))Traceback (most recent call last):
> >> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> >>in scanbuffer
> >> return decode_email(buffer,self.scanners,args).scan()
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> >>in __init__
> >> self.scan_part(file_name)
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> >>in scan_part
> >> l,v,r=scanner.scanbuffer(buffer,self.args)
> >> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> >> raise ScannerError, 'Not implemented'
> >>ScannerError: Not implemented
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())): All scanners failed!
> >> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))): scanner alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())) failed: ScannerError: All alternatives
> >>failed!
> >> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))): scanner
> >>quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))) failed: ScannerError: All alternatives failed!
> >> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))): scanner
> >>drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())))) failed: ScannerError: All alternatives failed!
> >> 5813:
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))): scanner
> >>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))) failed: ScannerError: All alternatives
> >>failed!
> >> 5813:
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD())))): scanner
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))) failed: ScannerError: All
> >>alternatives failed!
> >> 5813: do_scan: Traceback (most recent call last):
> >> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> >> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> >> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
> >>
> >>level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> >>scanbuffer
> >> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> >>scanbuffer
> >> raise ScannerError,'All alternatives failed!'
> >>ScannerError: All alternatives failed!
> >> 5813: Scanner
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> >>manually!
> >> 5813: All alternatives failed!
> >>11239: smtpd(): service started ... [30308, 8583]
> >>
> >>
> >>Thanks again.
> >>
> >>Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >>>Can you send me exact error message (if possible in debug level>=4)?
> >>>
> >>> SAL
> >>>
> >>>On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>>>Sorry i don't know why there are different versions.
> >>>>
> >>>>If i try to use parsemail, that's because i would like to drop
> >>>>messages containing attachments with
> >>>>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>>>
> >>>>thanks
> >>>>
> >>>>
> >>>>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>>>Thanks a lot, it works !
> >>>>>
> >>>>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>>>different version? May be I should fix this in sagator's sources.
> >>>>>
> >>>>>>I have now another problem. I would like to parse attachments and
> >>>>>>scan with libclam and then i try to use this setup:
> >>>>>> parsemail(
> >>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>>>> ## Check with sagator's internal content recognition.
> >>>>>> file_type({'exe': 'Executable'}),
> >>>>>> ## Check for attachment filenames.
> >>>>>>
> >>>>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>>>> ),
> >>>>>>),
> >>>>>>
> >>>>>>But it doesn't work, saying all the alternatives have failed.
> >>>>>
> >>>>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>>>email parser.
> >>>>>
> >>>>> SAL
|
