Re: [Sagator-users] Sagator on OpenBSD 5.0
Brought to you by:
ondrejj
Menu
▾
▴
Re: [Sagator-users] Sagator on OpenBSD 5.0
|
From: Comète <co...@da...> - 2012-01-30 14:00:21
|
i've just installed postfix-2.8.4 to test and same error at the end of
each connection. Looking at the Postfix logs but nothing strange, no
error and the mails are well delivered.
Le 30/01/2012 13:16, "Ján ONDREJ (SAL)" a écrit :
> Postfix-2.9 is an release candidate for stable, not stable yet.
> May be it's a problem of postfix. Try to look at your postfix logs.
>
> You can try to fix this by changing end of file srv/smtpd.py in sagator from:
>
> conn.shutdown(socket.SHUT_RDWR)
> conn.close()
>
> to:
>
> try:
> conn.shutdown(socket.SHUT_RDWR)
> conn.close()
> except socket.error:
> pass
>
> Just I am not sure, if this is a good solution.
>
> SAL
>
> On Mon, Jan 30, 2012 at 12:35:37PM +0100, Comète wrote:
>> I use postfix-2.9.20110706 which is running on the same server and
>> yes it happens for each connection.
>>
>> my master.cf looks like this:
>>
>> smtp inet n - - - - smtpd
>> #628 inet n - - - - qmqpd
>> pickup fifo n - - 60 1 pickup
>> cleanup unix n - - - 0 cleanup
>> qmgr fifo n - - 300 1 qmgr
>> #qmgr fifo n - - 300 1 oqmgr
>> tlsmgr unix - - - 1000? 1 tlsmgr
>> rewrite unix - - - - - trivial-rewrite
>> bounce unix - - - - 0 bounce
>> defer unix - - - - 0 bounce
>> trace unix - - - - 0 bounce
>> verify unix - - - - 1 verify
>> flush unix n - - 1000? 0 flush
>> proxymap unix - - n - - proxymap
>> proxywrite unix - - n - 1 proxymap
>> smtp unix - - - - - smtp
>> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
>> relay unix - - - - - smtp
>> -o smtp_fallback_relay=
>> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
>> showq unix n - - - - showq
>> error unix - - - - - error
>> retry unix - - - - - error
>> discard unix - - - - - discard
>> local unix - n n - - local
>> virtual unix - n n - - virtual
>> lmtp unix - - - - - lmtp
>> anvil unix - - - - 1 anvil
>> scache unix - - - - 1 scache
>>
>> 127.0.0.1:10026 inet n - n - 30 smtpd
>> -o content_filter=
>> -o myhostname=sagator.dmz.local
>> -o local_recipient_maps= -o relay_recipient_maps=
>> -o mynetworks=127.0.0.0/8 -o mynetworks_style=host
>> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
>> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
>> -o smtpd_recipient_restrictions=permit_mynetworks,reject
>> -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
>> -o smtpd_use_tls=no
>>
>>
>>
>> Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
>>> Curious. Looks like your SMTP server closed connection unexpectedly.
>>> Which SMTP server are you using? With postfix I never had similar problems.
>>>
>>> I can catch this error in sagator, but need to know, if it's an problem of
>>> SMTP server or configuration.
>>>
>>> Does this happen always or only sometimes, for example when you restart your
>>> SMTP server?
>>>
>>> SAL
>>>
>>> On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
>>>> Ok thanks for the advice, it seems to work when calling parsemail
>>>> first and then libclamav().
>>>>
>>>> But, i have one last non-blocking error at the end of each connection:
>>>>
>>>> 11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
>>>> 11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
>>>> 11714: SMTPS: Sending data
>>>> 11714: SMTPS: OK: 250 Ok
>>>> 11714: SMTPS: QUIT
>>>> 11714: smtpd(): Closing connection.
>>>> 11714: smtpd(): ERROR: SocketError: Connection reset by peer
>>>> 11714: smtpd(): Traceback (most recent call last):
>>>> File "/usr/local/share/sagator/aglib.py", line 141, in fork
>>>> self.accept()
>>>> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
>>>> conn.shutdown(socket.SHUT_RDWR)
>>>> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
>>>> return getattr(self._sock,name)(*args)
>>>> error: [Errno 54] Connection reset by peer
>>>> 27566: collector(): Saving stats ...
>>>>
>>>> Any idea ?
>>>>
>>>> Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
>>>>> Looks like you are calling an bufferscanner from filescanner or vice versa.
>>>>> But your configuration looks to be OK, I tested in my testing environment.
>>>>> May be problem is in rest of configuration.
>>>>>
>>>>> Btw, do not use libclam() from parsemail. This way you will disable clamav's
>>>>> internal email parser, which is very good.
>>>>>
>>>>> SAL
>>>>>
>>>>> On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
>>>>>> ok this is the error message woth debug level 5:
>>>>>>
>>>>>>
>>>>>> 11239: libclam(): Loaded virpatterns: 2325837
>>>>>> 5813: Testing
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD()))))...
>>>>>> 5813: Running:
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD()))))
>>>>>> 5813: Running:
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))))
>>>>>> 5813: Running:
>>>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))
>>>>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))
>>>>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))
>>>>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))
>>>>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
>>>>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
>>>>>> 5813: Running: file_type()
>>>>>> 5813: Values: 0.000000, '', []
>>>>>> 5813: Running: attach_name()
>>>>>> 5813: Values: 0.000000, '', []
>>>>>> 5813: Running: libclam()
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())): scanner ParseMail(file_type(), attach_name(),
>>>>>> libclam()) failed: ScannerError: Not implemented
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))Traceback (most recent call last):
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
>>>>>> in scanbuffer
>>>>>> return decode_email(buffer,self.scanners,args).scan()
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
>>>>>> in __init__
>>>>>> self.scan_part(file_name)
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
>>>>>> in scan_part
>>>>>> l,v,r=scanner.scanbuffer(buffer,self.args)
>>>>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
>>>>>> raise ScannerError, 'Not implemented'
>>>>>> ScannerError: Not implemented
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())): All scanners failed!
>>>>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))): scanner alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())) failed: ScannerError: All alternatives
>>>>>> failed!
>>>>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))): scanner
>>>>>> quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))) failed: ScannerError: All alternatives failed!
>>>>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))): scanner
>>>>>> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())))) failed: ScannerError: All alternatives failed!
>>>>>> 5813:
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))): scanner
>>>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))) failed: ScannerError: All alternatives
>>>>>> failed!
>>>>>> 5813:
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD())))): scanner
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))) failed: ScannerError: All
>>>>>> alternatives failed!
>>>>>> 5813: do_scan: Traceback (most recent call last):
>>>>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
>>>>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
>>>>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>>>>>>
>>>>>> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
>>>>>> scanbuffer
>>>>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
>>>>>> scanbuffer
>>>>>> raise ScannerError,'All alternatives failed!'
>>>>>> ScannerError: All alternatives failed!
>>>>>> 5813: Scanner
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
>>>>>> manually!
>>>>>> 5813: All alternatives failed!
>>>>>> 11239: smtpd(): service started ... [30308, 8583]
>>>>>>
>>>>>>
>>>>>> Thanks again.
>>>>>>
>>>>>> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
>>>>>>> Can you send me exact error message (if possible in debug level>=4)?
>>>>>>>
>>>>>>> SAL
>>>>>>>
>>>>>>> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>>>>>>>> Sorry i don't know why there are different versions.
>>>>>>>>
>>>>>>>> If i try to use parsemail, that's because i would like to drop
>>>>>>>> messages containing attachments with
>>>>>>>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>>>>>>>
>>>>>>>> thanks
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>>>>>>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>>>>>>>> Thanks a lot, it works !
>>>>>>>>>
>>>>>>>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>>>>>>>> different version? May be I should fix this in sagator's sources.
>>>>>>>>>
>>>>>>>>>> I have now another problem. I would like to parse attachments and
>>>>>>>>>> scan with libclam and then i try to use this setup:
>>>>>>>>>> parsemail(
>>>>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>>>>>>> ## Check with sagator's internal content recognition.
>>>>>>>>>> file_type({'exe': 'Executable'}),
>>>>>>>>>> ## Check for attachment filenames.
>>>>>>>>>>
>>>>>>>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>>>>>>>> ),
>>>>>>>>>> ),
>>>>>>>>>>
>>>>>>>>>> But it doesn't work, saying all the alternatives have failed.
>>>>>>>>>
>>>>>>>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>>>>>>>> email parser.
>>>>>>>>>
>>>>>>>>> SAL
|