Re: [Sagator-users] Sagator on OpenBSD 5.0
Brought to you by:
ondrejj
Menu
▾
▴
Re: [Sagator-users] Sagator on OpenBSD 5.0
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-30 12:28:42
|
Postfix-2.9 is an release candidate for stable, not stable yet.
May be it's a problem of postfix. Try to look at your postfix logs.
You can try to fix this by changing end of file srv/smtpd.py in sagator from:
conn.shutdown(socket.SHUT_RDWR)
conn.close()
to:
try:
conn.shutdown(socket.SHUT_RDWR)
conn.close()
except socket.error:
pass
Just I am not sure, if this is a good solution.
SAL
On Mon, Jan 30, 2012 at 12:35:37PM +0100, Comète wrote:
> I use postfix-2.9.20110706 which is running on the same server and
> yes it happens for each connection.
>
> my master.cf looks like this:
>
> smtp inet n - - - - smtpd
> #628 inet n - - - - qmqpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> #qmgr fifo n - - 300 1 oqmgr
> tlsmgr unix - - - 1000? 1 tlsmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - - - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - - - - smtp
> -o smtp_fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - - - - showq
> error unix - - - - - error
> retry unix - - - - - error
> discard unix - - - - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - - - - lmtp
> anvil unix - - - - 1 anvil
> scache unix - - - - 1 scache
>
> 127.0.0.1:10026 inet n - n - 30 smtpd
> -o content_filter=
> -o myhostname=sagator.dmz.local
> -o local_recipient_maps= -o relay_recipient_maps=
> -o mynetworks=127.0.0.0/8 -o mynetworks_style=host
> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> -o smtpd_use_tls=no
>
>
>
> Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
> >Curious. Looks like your SMTP server closed connection unexpectedly.
> >Which SMTP server are you using? With postfix I never had similar problems.
> >
> >I can catch this error in sagator, but need to know, if it's an problem of
> >SMTP server or configuration.
> >
> >Does this happen always or only sometimes, for example when you restart your
> >SMTP server?
> >
> > SAL
> >
> >On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
> >>Ok thanks for the advice, it seems to work when calling parsemail
> >>first and then libclamav().
> >>
> >>But, i have one last non-blocking error at the end of each connection:
> >>
> >>11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
> >>11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
> >>11714: SMTPS: Sending data
> >>11714: SMTPS: OK: 250 Ok
> >>11714: SMTPS: QUIT
> >>11714: smtpd(): Closing connection.
> >>11714: smtpd(): ERROR: SocketError: Connection reset by peer
> >>11714: smtpd(): Traceback (most recent call last):
> >> File "/usr/local/share/sagator/aglib.py", line 141, in fork
> >> self.accept()
> >> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
> >> conn.shutdown(socket.SHUT_RDWR)
> >> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
> >> return getattr(self._sock,name)(*args)
> >>error: [Errno 54] Connection reset by peer
> >>27566: collector(): Saving stats ...
> >>
> >>Any idea ?
> >>
> >>Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> >>>Looks like you are calling an bufferscanner from filescanner or vice versa.
> >>>But your configuration looks to be OK, I tested in my testing environment.
> >>>May be problem is in rest of configuration.
> >>>
> >>>Btw, do not use libclam() from parsemail. This way you will disable clamav's
> >>>internal email parser, which is very good.
> >>>
> >>> SAL
> >>>
> >>>On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> >>>>ok this is the error message woth debug level 5:
> >>>>
> >>>>
> >>>>11239: libclam(): Loaded virpatterns: 2325837
> >>>> 5813: Testing
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD()))))...
> >>>> 5813: Running:
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD()))))
> >>>> 5813: Running:
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))))
> >>>> 5813: Running:
> >>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))
> >>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))
> >>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))
> >>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))
> >>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> >>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
> >>>> 5813: Running: file_type()
> >>>> 5813: Values: 0.000000, '', []
> >>>> 5813: Running: attach_name()
> >>>> 5813: Values: 0.000000, '', []
> >>>> 5813: Running: libclam()
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())): scanner ParseMail(file_type(), attach_name(),
> >>>>libclam()) failed: ScannerError: Not implemented
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))Traceback (most recent call last):
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> >>>>in scanbuffer
> >>>> return decode_email(buffer,self.scanners,args).scan()
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> >>>>in __init__
> >>>> self.scan_part(file_name)
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> >>>>in scan_part
> >>>> l,v,r=scanner.scanbuffer(buffer,self.args)
> >>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> >>>> raise ScannerError, 'Not implemented'
> >>>>ScannerError: Not implemented
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())): All scanners failed!
> >>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))): scanner alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())) failed: ScannerError: All alternatives
> >>>>failed!
> >>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))): scanner
> >>>>quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))) failed: ScannerError: All alternatives failed!
> >>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))): scanner
> >>>>drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())))) failed: ScannerError: All alternatives failed!
> >>>> 5813:
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))): scanner
> >>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))) failed: ScannerError: All alternatives
> >>>>failed!
> >>>> 5813:
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD())))): scanner
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))) failed: ScannerError: All
> >>>>alternatives failed!
> >>>> 5813: do_scan: Traceback (most recent call last):
> >>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> >>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> >>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
> >>>>
> >>>>level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> >>>>scanbuffer
> >>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> >>>>scanbuffer
> >>>> raise ScannerError,'All alternatives failed!'
> >>>>ScannerError: All alternatives failed!
> >>>> 5813: Scanner
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> >>>>manually!
> >>>> 5813: All alternatives failed!
> >>>>11239: smtpd(): service started ... [30308, 8583]
> >>>>
> >>>>
> >>>>Thanks again.
> >>>>
> >>>>Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >>>>>Can you send me exact error message (if possible in debug level>=4)?
> >>>>>
> >>>>> SAL
> >>>>>
> >>>>>On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>>>>>Sorry i don't know why there are different versions.
> >>>>>>
> >>>>>>If i try to use parsemail, that's because i would like to drop
> >>>>>>messages containing attachments with
> >>>>>>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>>>>>
> >>>>>>thanks
> >>>>>>
> >>>>>>
> >>>>>>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>>>>>Thanks a lot, it works !
> >>>>>>>
> >>>>>>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>>>>>different version? May be I should fix this in sagator's sources.
> >>>>>>>
> >>>>>>>>I have now another problem. I would like to parse attachments and
> >>>>>>>>scan with libclam and then i try to use this setup:
> >>>>>>>> parsemail(
> >>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>>>>>> ## Check with sagator's internal content recognition.
> >>>>>>>> file_type({'exe': 'Executable'}),
> >>>>>>>> ## Check for attachment filenames.
> >>>>>>>>
> >>>>>>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>>>>>> ),
> >>>>>>>>),
> >>>>>>>>
> >>>>>>>>But it doesn't work, saying all the alternatives have failed.
> >>>>>>>
> >>>>>>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>>>>>email parser.
> >>>>>>>
> >>>>>>> SAL
|
