sagator-users Mailing List for SAGATOR
Brought to you by:
ondrejj
Menu
▾
▴
sagator-users — Any discussion about sagator.
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(10) |
Jul
|
Aug
(6) |
Sep
(2) |
Oct
(2) |
Nov
(3) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
(8) |
Apr
(2) |
May
|
Jun
(3) |
Jul
(5) |
Aug
|
Sep
(11) |
Oct
(1) |
Nov
|
Dec
(2) |
| 2006 |
Jan
(3) |
Feb
(5) |
Mar
|
Apr
(1) |
May
(1) |
Jun
(4) |
Jul
(4) |
Aug
(14) |
Sep
|
Oct
|
Nov
(5) |
Dec
(1) |
| 2007 |
Jan
|
Feb
(2) |
Mar
(2) |
Apr
(10) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2008 |
Jan
(2) |
Feb
(7) |
Mar
|
Apr
(2) |
May
(11) |
Jun
|
Jul
(1) |
Aug
(5) |
Sep
(1) |
Oct
(6) |
Nov
|
Dec
(2) |
| 2009 |
Jan
(2) |
Feb
(2) |
Mar
|
Apr
|
May
(8) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
(1) |
Feb
|
Mar
|
Apr
(4) |
May
(3) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(10) |
| 2011 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(1) |
Jun
(4) |
Jul
(2) |
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2012 |
Jan
(14) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2019 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ján O. (S. <on...@sa...> - 2021-08-17 04:48:54
|
Hello,
I am happy to announce SAGATOR 2.0.0, python3 compatible version of SAGATOR.
Changes:
- python3 support
- clamav 0.101+ support
WARNING: Option constants are not compatible with older versions due
to changes in clamav option processing.
- removed long time obsolete mimeparse scanners
- removed obsolete scanners:
rcpt_in_sql(), rcpt_in_txt(), rcpt_no_match(),
dazuko(), nod32dazuko()
- removed obsolete service: avfilter(), webq() [genshi version only]
- update sagator.service file's start/stop pre scripts with a "-"
to prevent stopped service after pre script fail
- fix moving of /lib* directories to /usr in mkchroot script
- update fuse service for current pyfuse
- quarantine moved to /var/spool/sagator/quarantine to avoid conflicts
with clamav rpm package
For more information:
http://www.salstar.sk/sagator/changelog
SAL
|
|
From: Ján O. (S. <on...@sa...> - 2019-01-19 06:41:10
|
Hello,
after more than 3 years I am happy to announce a new version of SAGATOR.
This release mostly adds compatibility for big changes in clamav-0.101.
Also adds some long time beta tested enhancements.
For users using clamav options (libclam.CL_SCAN_STDOPT ...), after update
to clamav-0.101 you need to completely rewrite options or stop using them.
For more information see clamav documentation or ask on list.
There is also an sagator-2.x beta release, which adds support for python3.
For systems with python3 as default (for example Fedora) it's suggested
to use this version. Also any testing of sagator-2.x is appreciated
(even if on python2 or python3).
Changelog for 1.3.2:
- clamav 0.101 support
- rpm spec file fixes
- added /var/spool/quarantine symlink to chroot
- added sasl username to policy quota reply
- added policy quota summary to logwatch report
- logwatch script moved by default from /etc to /usr/share/logwatch/...
- send filename from decompress() over file2buffer() interscanner
- mkchroot updates according to changes in new OS versions
- added trafgrapher support
- fix systemd startup message about missing sagator's PID file
- install systemd service file for debian stretch
- force to utf8 charset for mysql.sh script
For more information:
http://www.salstar.sk/sagator/changelog
SAL
|
|
From: Ján O. (S. <on...@sa...> - 2015-12-14 10:46:10
|
Hello,
This is an compatibility release for clamav-0.99, which changed so name.
Also support for systemd and scanner for GeoIP check have been added.
For more information:
http://www.salstar.sk/sagator/changelog
SAL
|
|
From: Ján O. (S. <on...@sa...> - 2014-07-09 06:40:07
|
Hello,
After more than 2 years there is a well tested version 1.3.0. This release
is compatible with older version. Some new services have been added, but
older versions still exist. Most important change is policy quota scanner,
which can limit number of sent emails per authenticated user.
Full changelog:
- removed support for upstream unsupported clamav<0.95
- webq() using genshi marked as obsolete (use web_jinja() if possible)
- added webq_jinja() web quarantine using python-jinja templating
- pid file existence changed to non-zero file size for debian init script
- added function core_count(), which can be used to detect number
of cores on current system
- chroot update for 64bit linux systems
- fixed -p parameter for smtptest
- multiuser configuration for spamassassind to increase performance
- added run time in miliseconds to smtptest nagios mode
- selinux policy changes
- only one instance of libclam() scanner in default configuration
- sgscan progress indicator output moved to stderr
- added logwatch build dependency for suse and changed defaults for
logwatch configuration directory
- milter() service can add headers
- added clamav version to string logged after virdb reload
- email Parser imported from email directly in reporter script
- added infection percentage to sgscan progressbar and summary
- replace build date in rpm spec file's changelog
- added xhdra parsing for mail.addheader function
- stats: fix very large numbers and sort stats before save
- added --random-ip parameter for smtptest.py
- changed EHLO to HELO form smtptest
- added Sanesecurity.Jurlbl to default DROP pattern
- greylist ip varchar size increased to allow ipv6 addresses
- smtpd() - properly handle errors at end of connection
- added ability to override request_handler for webq_jinja service
- added taking time for delete log messages
- policy_quota_auth_limit() scanner to define user quotas for
sent emails and recipient count
- disabled smtpd_milters for postfix configuration on port 26
- added policy_quota_auth_limit() precision parameter
- fixed mounting of /var/lib/clamav into chroot
- changed to os._exit to allow faster exit on restarts
- checkpolicy: added date and time to log
- added all Sanesecurity to default drop pattern
For more information:
http://www.salstar.sk/sagator/changelog
SAL
|
|
From: Ján O. (S. <on...@sa...> - 2012-11-14 16:42:35
|
Hello, it isn't possible with current scanners, but you can write your own. You can add new scanner directly in sagator's configuration file. Try to look for example to deliver_to() scanner from interscan/actions.py file. This scanner does something similar like you want. But you have to check, what you should to for delivery failures on primary on secondary server. What to do, if delivery fails, where to send failure reports, ... SAL On Wed, Nov 14, 2012 at 04:48:01PM +0100, Stefano Rizzetto wrote: > I have a working mailserver with sagator filter. > Now I wish to send a copy of all mail to another server. Until now I use postfix > bcc_recipient map capability. > My question is: > instead of sending all mail to an email address can I send all mail to an IP address? > Can is It possible doing this with sagator? > > Many Thanks in advance > > Stefano Rizzetto > > > > > ------------------------------------------------------------------------------ > Monitor your physical, virtual and cloud infrastructure from a single > web console. Get in-depth insight into apps, servers, databases, vmware, > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > _______________________________________________ > Sagator-users mailing list > Sag...@li... > https://lists.sourceforge.net/lists/listinfo/sagator-users |
|
From: Stefano R. <ste...@te...> - 2012-11-14 16:14:53
|
I have a working mailserver with sagator filter. Now I wish to send a copy of all mail to another server. Until now I use postfix bcc_recipient map capability. My question is: instead of sending all mail to an email address can I send all mail to an IP address? Can is It possible doing this with sagator? Many Thanks in advance Stefano Rizzetto |
|
From: Ján O. (S. <on...@sa...> - 2012-09-06 15:27:01
|
Hello, look at virtual_users parameter of spamassassind() scanner. Even if documentation looks to be wrong, you can define virtual_users="." to enable passing of email as username to spamassassind. If you need to map emails to users (for example split domain part), I can fix this scanner. Just do not forget to use LMTP as trasport protocol to sagator. If you use SMTP, you can't process every recipient separatelly and these filters will be used only if one recipient per message is specified. SAL On Thu, Sep 06, 2012 at 04:13:25PM +0200, Stefano Rizzetto wrote: > I wish to activate (if possible) via roundcube plugin > (http://www.tehinterweb.co.uk/roundcube/#pisauserprefs) spamassassin user_pref > (http://wiki.apache.org/spamassassin/UsingSQL). But I see spamc should be called > with -c switch like that: > > spamc -u 'da...@nm...' > > My question is: > > The spamassassind SCANNER has the capability to do?. If no is It hard to code > that function? > > Many many thanks in advance > > Zp > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Sagator-users mailing list > Sag...@li... > https://lists.sourceforge.net/lists/listinfo/sagator-users |
|
From: Stefano R. <ste...@te...> - 2012-09-06 14:40:21
|
I wish to activate (if possible) via roundcube plugin (http://www.tehinterweb.co.uk/roundcube/#pisauserprefs) spamassassin user_pref (http://wiki.apache.org/spamassassin/UsingSQL). But I see spamc should be called with -c switch like that: spamc -u 'da...@nm...' My question is: The spamassassind SCANNER has the capability to do?. If no is It hard to code that function? Many many thanks in advance Zp |
|
From: Ján O. (S. <on...@sa...> - 2012-07-08 18:03:35
|
Hello,
I still don't have to test your configuration, but it looks good.
If you need to test it on a production system, try to configure another
smtpd() service in sagator's configuration file on different port
and then try to send some testing emails to this port using smtptest.py.
SAL
On Mon, Jun 25, 2012 at 06:20:16PM +0200, Stefano Rizzetto wrote:
> I have a question about sagator 1.2.3 configuration.
>
> What I want to obtain:
>
> A) Check a mail if it is a virus (the mail size will no more than 40k and no less
> than 2k),
> B) modify the subject adding [VIRUS] tag,
> C) deliver the mail to system where a dovecot rule move the mail in a folder
>
> For points A) e B) I write this configuration for sagator but I need some advice
>
> status("Virus",
> ## send these reports only for local IP addresses.
> report(['root@localhost'], report.MSG_TMPL,
> ## You can define virus names, which you want to drop.
> deliver('.',
> ## year/month/day (for example 2007/01/30).
> quarantine('/var/spool/quarantine/%Y/%m/%d', '',
>
> ## Antivirus scanners follows here.
>
> (max_file_size(2048,'Filtering size ') &
> (const(1.0)-max_file_size(40960))) & modify_subject('[VIRUS]',
> clamd(['127.0.0.1', 3310])),
> ## comming from LOCAL_IPS (defined abowe).
> )
> )
>
> ).ifscan(sender_regexp({'LOCAL_IP': [LOCAL_IPS]}))
> ),
>
>
> Thanks in advance for help
>
> Zp
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Sagator-users mailing list
> Sag...@li...
> https://lists.sourceforge.net/lists/listinfo/sagator-users
|
|
From: Stefano R. <ste...@te...> - 2012-06-25 16:47:13
|
I have a question about sagator 1.2.3 configuration.
What I want to obtain:
A) Check a mail if it is a virus (the mail size will no more than 40k and no less
than 2k),
B) modify the subject adding [VIRUS] tag,
C) deliver the mail to system where a dovecot rule move the mail in a folder
For points A) e B) I write this configuration for sagator but I need some advice
status("Virus",
## send these reports only for local IP addresses.
report(['root@localhost'], report.MSG_TMPL,
## You can define virus names, which you want to drop.
deliver('.',
## year/month/day (for example 2007/01/30).
quarantine('/var/spool/quarantine/%Y/%m/%d', '',
## Antivirus scanners follows here.
(max_file_size(2048,'Filtering size ') &
(const(1.0)-max_file_size(40960))) & modify_subject('[VIRUS]',
clamd(['127.0.0.1', 3310])),
## comming from LOCAL_IPS (defined abowe).
)
)
).ifscan(sender_regexp({'LOCAL_IP': [LOCAL_IPS]}))
),
Thanks in advance for help
Zp
|
|
From: Ján O. (S. <on...@sa...> - 2012-02-03 11:15:17
|
On Thu, Feb 02, 2012 at 02:46:24PM +0100, Ján ONDREJ (SAL) wrote:
> Hello,
>
> On Wed, Feb 01, 2012 at 03:22:52PM +0100, Comète wrote:
> > Hi,
> >
> > any plan to include LDAP authentication for WebQ and a per-user
>
> You can replicate your LDAP database to SQL and create SQL VIEW to use
> LDAP user/password data. If you need real LDAP logins, patches are welcome.
> :-)
Another solution can be to override webq_jinja()'s check_pass function.
You can do this in sagator's configuration too:
class mywebq(webq_jinja):
def check_pass(self, auth):
login, password = auth
# check against your LDAP or other service
...
if login_failed:
return {}
else:
return {
'REMOTE_USER': auth[0],
'REMOTE_LOGIN': auth[0],
'PERMS': '', # 'A' for server admin, '' for normal users
'LANG': "en_US",
'SHOW_ROWS': 50
}
Password change in sagator's webq will not work, but you can this way
log into sagator useing any auth method.
SAL
> > per-user blacklist/whitelist system ?
>
> Current webq service is only for access to quarantine. It has no ability
> to configure filtering. But you can use your own script to configure
> per-user configs, just don't forget to use LMTP instead of SMTP, which can't
> filter on per-user basis.
>
> > Is there a mean to disable the "deliver" button in WebQ only for
> > detected viruses ? This way a user could not deliver a probably infected
> > mail whithout asking an administrator.
>
> Not a bad idea. Click on deliver will recheck this mail, if it's still an
> virus then it will refuse to deliver for non-administrator
> user. Added to TODO, just I don't know, when I will have to implement this
> (even if it's not so hard).
>
> SAL
|
|
From: Ján O. (S. <on...@sa...> - 2012-02-02 13:46:37
|
Hello, On Wed, Feb 01, 2012 at 03:22:52PM +0100, Comète wrote: > Hi, > > any plan to include LDAP authentication for WebQ and a per-user You can replicate your LDAP database to SQL and create SQL VIEW to use LDAP user/password data. If you need real LDAP logins, patches are welcome. :-) > per-user blacklist/whitelist system ? Current webq service is only for access to quarantine. It has no ability to configure filtering. But you can use your own script to configure per-user configs, just don't forget to use LMTP instead of SMTP, which can't filter on per-user basis. > Is there a mean to disable the "deliver" button in WebQ only for > detected viruses ? This way a user could not deliver a probably infected > mail whithout asking an administrator. Not a bad idea. Click on deliver will recheck this mail, if it's still an virus then it will refuse to deliver for non-administrator user. Added to TODO, just I don't know, when I will have to implement this (even if it's not so hard). SAL |
|
From: Comète <co...@da...> - 2012-02-01 14:23:12
|
Hi, any plan to include LDAP authentication for WebQ and a per-user blacklist/whitelist system ? Is there a mean to disable the "deliver" button in WebQ only for detected viruses ? This way a user could not deliver a probably infected mail whithout asking an administrator. Thanks |
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-31 10:13:41
|
On Tue, Jan 31, 2012 at 11:09:49AM +0100, Comète wrote:
> Thanks it works, no more error. :)
OK, I added this to sagator-1.3.
> by the way, is there any mean (with a command) to release a
> quarantined mail ?
sqback ?
You also can just copy (netcat) quarantined file to your port 10026,
but you can use sqback from sagator too.
SAL
> Thanks again for your help !
>
> Le 31/01/2012 10:54, "Ján ONDREJ (SAL)" a écrit :
> >Hmm, I don't see anything special.
> >
> >Can you try to patch sagator as described below? (search for conn.shutdown
> >in this mail)
> >
> > SAL
> >
> >On Tue, Jan 31, 2012 at 09:53:17AM +0100, Comète wrote:
> >>Hello,
> >>
> >>this is another ngrep dump with -W byline option.
> >>
> >>Have a nice day.
> >>
> >>Comete
> >>
> >>Le 30/01/2012 17:35, "Ján ONDREJ (SAL)" a écrit :
> >>>I will look at it tomorrow, but if you can, please regrab with:
> >>> -W byline
> >>>option to add line feeds.
> >>>
> >>> SAL
> >>>
> >>>On Mon, Jan 30, 2012 at 04:02:28PM +0100, Comète wrote:
> >>>>This is a dump made with ngrep. I'm not familiar with this tool, so
> >>>>don't hesitate if you need more.
> >>>>
> >>>>Le 30/01/2012 15:31, "Ján ONDREJ (SAL)" a écrit :
> >>>>>Log to file, I will use wireshark to analyze this dump.
> >>>>>I need text output (like sniffed by ngrep), but you also can use tcpdump or
> >>>>>wireshark to capture data.
> >>>>>
> >>>>> SAL
> >>>>>
> >>>>>On Mon, Jan 30, 2012 at 03:21:41PM +0100, Comète wrote:
> >>>>>>I can use tcpdump to do this but what level of details do you need ?
> >>>>>>Do you want me to use any particular tcpdump options ?
> >>>>>>
> >>>>>>Comète
> >>>>>>
> >>>>>>Le 30/01/2012 14:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>Can you somehow sniff packets on you loopback interface (port 10026)?
> >>>>>>>I need to know, why postfix closes connection unexpectedly.
> >>>>>>>
> >>>>>>> SAL
> >>>>>>>
> >>>>>>>On Mon, Jan 30, 2012 at 02:30:37PM +0100, Comète wrote:
> >>>>>>>>i've just installed postfix-2.8.4 to test and same error at the end
> >>>>>>>>of each connection. Looking at the Postfix logs but nothing strange,
> >>>>>>>>no error and the mails are well delivered.
> >>>>>>>>
> >>>>>>>>Le 30/01/2012 13:16, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>>>Postfix-2.9 is an release candidate for stable, not stable yet.
> >>>>>>>>>May be it's a problem of postfix. Try to look at your postfix logs.
> >>>>>>>>>
> >>>>>>>>>You can try to fix this by changing end of file srv/smtpd.py in sagator from:
> >>>>>>>>>
> >>>>>>>>> conn.shutdown(socket.SHUT_RDWR)
> >>>>>>>>> conn.close()
> >>>>>>>>>
> >>>>>>>>>to:
> >>>>>>>>>
> >>>>>>>>> try:
> >>>>>>>>> conn.shutdown(socket.SHUT_RDWR)
> >>>>>>>>> conn.close()
> >>>>>>>>> except socket.error:
> >>>>>>>>> pass
> >>>>>>>>>
> >>>>>>>>>Just I am not sure, if this is a good solution.
> >>>>>>>>>
> >>>>>>>>> SAL
> >>>>>>>>>
> >>>>>>>>>On Mon, Jan 30, 2012 at 12:35:37PM +0100, Comète wrote:
> >>>>>>>>>>I use postfix-2.9.20110706 which is running on the same server and
> >>>>>>>>>>yes it happens for each connection.
> >>>>>>>>>>
> >>>>>>>>>>my master.cf looks like this:
> >>>>>>>>>>
> >>>>>>>>>>smtp inet n - - - - smtpd
> >>>>>>>>>>#628 inet n - - - - qmqpd
> >>>>>>>>>>pickup fifo n - - 60 1 pickup
> >>>>>>>>>>cleanup unix n - - - 0 cleanup
> >>>>>>>>>>qmgr fifo n - - 300 1 qmgr
> >>>>>>>>>>#qmgr fifo n - - 300 1 oqmgr
> >>>>>>>>>>tlsmgr unix - - - 1000? 1 tlsmgr
> >>>>>>>>>>rewrite unix - - - - - trivial-rewrite
> >>>>>>>>>>bounce unix - - - - 0 bounce
> >>>>>>>>>>defer unix - - - - 0 bounce
> >>>>>>>>>>trace unix - - - - 0 bounce
> >>>>>>>>>>verify unix - - - - 1 verify
> >>>>>>>>>>flush unix n - - 1000? 0 flush
> >>>>>>>>>>proxymap unix - - n - - proxymap
> >>>>>>>>>>proxywrite unix - - n - 1 proxymap
> >>>>>>>>>>smtp unix - - - - - smtp
> >>>>>>>>>># When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> >>>>>>>>>>relay unix - - - - - smtp
> >>>>>>>>>> -o smtp_fallback_relay=
> >>>>>>>>>># -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> >>>>>>>>>>showq unix n - - - - showq
> >>>>>>>>>>error unix - - - - - error
> >>>>>>>>>>retry unix - - - - - error
> >>>>>>>>>>discard unix - - - - - discard
> >>>>>>>>>>local unix - n n - - local
> >>>>>>>>>>virtual unix - n n - - virtual
> >>>>>>>>>>lmtp unix - - - - - lmtp
> >>>>>>>>>>anvil unix - - - - 1 anvil
> >>>>>>>>>>scache unix - - - - 1 scache
> >>>>>>>>>>
> >>>>>>>>>>127.0.0.1:10026 inet n - n - 30 smtpd
> >>>>>>>>>> -o content_filter=
> >>>>>>>>>> -o myhostname=sagator.dmz.local
> >>>>>>>>>> -o local_recipient_maps= -o relay_recipient_maps=
> >>>>>>>>>> -o mynetworks=127.0.0.0/8 -o mynetworks_style=host
> >>>>>>>>>> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
> >>>>>>>>>> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
> >>>>>>>>>> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> >>>>>>>>>> -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> >>>>>>>>>> -o smtpd_use_tls=no
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>>>>>Curious. Looks like your SMTP server closed connection unexpectedly.
> >>>>>>>>>>>Which SMTP server are you using? With postfix I never had similar problems.
> >>>>>>>>>>>
> >>>>>>>>>>>I can catch this error in sagator, but need to know, if it's an problem of
> >>>>>>>>>>>SMTP server or configuration.
> >>>>>>>>>>>
> >>>>>>>>>>>Does this happen always or only sometimes, for example when you restart your
> >>>>>>>>>>>SMTP server?
> >>>>>>>>>>>
> >>>>>>>>>>> SAL
> >>>>>>>>>>>
> >>>>>>>>>>>On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
> >>>>>>>>>>>>Ok thanks for the advice, it seems to work when calling parsemail
> >>>>>>>>>>>>first and then libclamav().
> >>>>>>>>>>>>
> >>>>>>>>>>>>But, i have one last non-blocking error at the end of each connection:
> >>>>>>>>>>>>
> >>>>>>>>>>>>11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
> >>>>>>>>>>>>11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
> >>>>>>>>>>>>11714: SMTPS: Sending data
> >>>>>>>>>>>>11714: SMTPS: OK: 250 Ok
> >>>>>>>>>>>>11714: SMTPS: QUIT
> >>>>>>>>>>>>11714: smtpd(): Closing connection.
> >>>>>>>>>>>>11714: smtpd(): ERROR: SocketError: Connection reset by peer
> >>>>>>>>>>>>11714: smtpd(): Traceback (most recent call last):
> >>>>>>>>>>>> File "/usr/local/share/sagator/aglib.py", line 141, in fork
> >>>>>>>>>>>> self.accept()
> >>>>>>>>>>>> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
> >>>>>>>>>>>> conn.shutdown(socket.SHUT_RDWR)
> >>>>>>>>>>>> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
> >>>>>>>>>>>> return getattr(self._sock,name)(*args)
> >>>>>>>>>>>>error: [Errno 54] Connection reset by peer
> >>>>>>>>>>>>27566: collector(): Saving stats ...
> >>>>>>>>>>>>
> >>>>>>>>>>>>Any idea ?
> >>>>>>>>>>>>
> >>>>>>>>>>>>Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>>>>>>>Looks like you are calling an bufferscanner from filescanner or vice versa.
> >>>>>>>>>>>>>But your configuration looks to be OK, I tested in my testing environment.
> >>>>>>>>>>>>>May be problem is in rest of configuration.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Btw, do not use libclam() from parsemail. This way you will disable clamav's
> >>>>>>>>>>>>>internal email parser, which is very good.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> SAL
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> >>>>>>>>>>>>>>ok this is the error message woth debug level 5:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>11239: libclam(): Loaded virpatterns: 2325837
> >>>>>>>>>>>>>> 5813: Testing
> >>>>>>>>>>>>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))),
> >>>>>>>>>>>>>>status(drop(quarantine(SpamAssassinD()))))...
> >>>>>>>>>>>>>> 5813: Running:
> >>>>>>>>>>>>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))),
> >>>>>>>>>>>>>>status(drop(quarantine(SpamAssassinD()))))
> >>>>>>>>>>>>>> 5813: Running:
> >>>>>>>>>>>>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam()))))))
> >>>>>>>>>>>>>> 5813: Running:
> >>>>>>>>>>>>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))
> >>>>>>>>>>>>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam()))))
> >>>>>>>>>>>>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))
> >>>>>>>>>>>>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam()))
> >>>>>>>>>>>>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> >>>>>>>>>>>>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
> >>>>>>>>>>>>>> 5813: Running: file_type()
> >>>>>>>>>>>>>> 5813: Values: 0.000000, '', []
> >>>>>>>>>>>>>> 5813: Running: attach_name()
> >>>>>>>>>>>>>> 5813: Values: 0.000000, '', []
> >>>>>>>>>>>>>> 5813: Running: libclam()
> >>>>>>>>>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam())): scanner ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam()) failed: ScannerError: Not implemented
> >>>>>>>>>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam()))Traceback (most recent call last):
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> >>>>>>>>>>>>>>in scanbuffer
> >>>>>>>>>>>>>> return decode_email(buffer,self.scanners,args).scan()
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> >>>>>>>>>>>>>>in __init__
> >>>>>>>>>>>>>> self.scan_part(file_name)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> >>>>>>>>>>>>>>in scan_part
> >>>>>>>>>>>>>> l,v,r=scanner.scanbuffer(buffer,self.args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> >>>>>>>>>>>>>> raise ScannerError, 'Not implemented'
> >>>>>>>>>>>>>>ScannerError: Not implemented
> >>>>>>>>>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam())): All scanners failed!
> >>>>>>>>>>>>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam()))): scanner alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())) failed: ScannerError: All alternatives
> >>>>>>>>>>>>>>failed!
> >>>>>>>>>>>>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))): scanner
> >>>>>>>>>>>>>>quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam()))) failed: ScannerError: All alternatives failed!
> >>>>>>>>>>>>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam()))))): scanner
> >>>>>>>>>>>>>>drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>>>>>>>>>>>libclam())))) failed: ScannerError: All alternatives failed!
> >>>>>>>>>>>>>> 5813:
> >>>>>>>>>>>>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))): scanner
> >>>>>>>>>>>>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam()))))) failed: ScannerError: All alternatives
> >>>>>>>>>>>>>>failed!
> >>>>>>>>>>>>>> 5813:
> >>>>>>>>>>>>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))),
> >>>>>>>>>>>>>>status(drop(quarantine(SpamAssassinD())))): scanner
> >>>>>>>>>>>>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))) failed: ScannerError: All
> >>>>>>>>>>>>>>alternatives failed!
> >>>>>>>>>>>>>> 5813: do_scan: Traceback (most recent call last):
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> >>>>>>>>>>>>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>>>>>>>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> >>>>>>>>>>>>>>scanbuffer
> >>>>>>>>>>>>>> raise ScannerError,'All alternatives failed!'
> >>>>>>>>>>>>>>ScannerError: All alternatives failed!
> >>>>>>>>>>>>>> 5813: Scanner
> >>>>>>>>>>>>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>>>>>>>>>>>attach_name(), libclam())))))),
> >>>>>>>>>>>>>>status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> >>>>>>>>>>>>>>manually!
> >>>>>>>>>>>>>> 5813: All alternatives failed!
> >>>>>>>>>>>>>>11239: smtpd(): service started ... [30308, 8583]
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Thanks again.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>>>>>>>>>Can you send me exact error message (if possible in debug level>=4)?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> SAL
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>>>>>>>>>>>>>>>Sorry i don't know why there are different versions.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>If i try to use parsemail, that's because i would like to drop
> >>>>>>>>>>>>>>>>messages containing attachments with
> >>>>>>>>>>>>>>>>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>thanks
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>>>>>>>>>>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>>>>>>>>>>>>>>>Thanks a lot, it works !
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>>>>>>>>>>>>>>>different version? May be I should fix this in sagator's sources.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>I have now another problem. I would like to parse attachments and
> >>>>>>>>>>>>>>>>>>scan with libclam and then i try to use this setup:
> >>>>>>>>>>>>>>>>>> parsemail(
> >>>>>>>>>>>>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>>>>>>>>>>>>>>>> ## Check with sagator's internal content recognition.
> >>>>>>>>>>>>>>>>>> file_type({'exe': 'Executable'}),
> >>>>>>>>>>>>>>>>>> ## Check for attachment filenames.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>>>>>>>>>>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>>>>>>>>>>>>>>>> ),
> >>>>>>>>>>>>>>>>>>),
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>But it doesn't work, saying all the alternatives have failed.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>>>>>>>>>>>>>>>email parser.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> SAL
|
|
From: Comète <co...@da...> - 2012-01-30 14:00:21
|
i've just installed postfix-2.8.4 to test and same error at the end of
each connection. Looking at the Postfix logs but nothing strange, no
error and the mails are well delivered.
Le 30/01/2012 13:16, "Ján ONDREJ (SAL)" a écrit :
> Postfix-2.9 is an release candidate for stable, not stable yet.
> May be it's a problem of postfix. Try to look at your postfix logs.
>
> You can try to fix this by changing end of file srv/smtpd.py in sagator from:
>
> conn.shutdown(socket.SHUT_RDWR)
> conn.close()
>
> to:
>
> try:
> conn.shutdown(socket.SHUT_RDWR)
> conn.close()
> except socket.error:
> pass
>
> Just I am not sure, if this is a good solution.
>
> SAL
>
> On Mon, Jan 30, 2012 at 12:35:37PM +0100, Comète wrote:
>> I use postfix-2.9.20110706 which is running on the same server and
>> yes it happens for each connection.
>>
>> my master.cf looks like this:
>>
>> smtp inet n - - - - smtpd
>> #628 inet n - - - - qmqpd
>> pickup fifo n - - 60 1 pickup
>> cleanup unix n - - - 0 cleanup
>> qmgr fifo n - - 300 1 qmgr
>> #qmgr fifo n - - 300 1 oqmgr
>> tlsmgr unix - - - 1000? 1 tlsmgr
>> rewrite unix - - - - - trivial-rewrite
>> bounce unix - - - - 0 bounce
>> defer unix - - - - 0 bounce
>> trace unix - - - - 0 bounce
>> verify unix - - - - 1 verify
>> flush unix n - - 1000? 0 flush
>> proxymap unix - - n - - proxymap
>> proxywrite unix - - n - 1 proxymap
>> smtp unix - - - - - smtp
>> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
>> relay unix - - - - - smtp
>> -o smtp_fallback_relay=
>> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
>> showq unix n - - - - showq
>> error unix - - - - - error
>> retry unix - - - - - error
>> discard unix - - - - - discard
>> local unix - n n - - local
>> virtual unix - n n - - virtual
>> lmtp unix - - - - - lmtp
>> anvil unix - - - - 1 anvil
>> scache unix - - - - 1 scache
>>
>> 127.0.0.1:10026 inet n - n - 30 smtpd
>> -o content_filter=
>> -o myhostname=sagator.dmz.local
>> -o local_recipient_maps= -o relay_recipient_maps=
>> -o mynetworks=127.0.0.0/8 -o mynetworks_style=host
>> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
>> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
>> -o smtpd_recipient_restrictions=permit_mynetworks,reject
>> -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
>> -o smtpd_use_tls=no
>>
>>
>>
>> Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
>>> Curious. Looks like your SMTP server closed connection unexpectedly.
>>> Which SMTP server are you using? With postfix I never had similar problems.
>>>
>>> I can catch this error in sagator, but need to know, if it's an problem of
>>> SMTP server or configuration.
>>>
>>> Does this happen always or only sometimes, for example when you restart your
>>> SMTP server?
>>>
>>> SAL
>>>
>>> On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
>>>> Ok thanks for the advice, it seems to work when calling parsemail
>>>> first and then libclamav().
>>>>
>>>> But, i have one last non-blocking error at the end of each connection:
>>>>
>>>> 11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
>>>> 11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
>>>> 11714: SMTPS: Sending data
>>>> 11714: SMTPS: OK: 250 Ok
>>>> 11714: SMTPS: QUIT
>>>> 11714: smtpd(): Closing connection.
>>>> 11714: smtpd(): ERROR: SocketError: Connection reset by peer
>>>> 11714: smtpd(): Traceback (most recent call last):
>>>> File "/usr/local/share/sagator/aglib.py", line 141, in fork
>>>> self.accept()
>>>> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
>>>> conn.shutdown(socket.SHUT_RDWR)
>>>> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
>>>> return getattr(self._sock,name)(*args)
>>>> error: [Errno 54] Connection reset by peer
>>>> 27566: collector(): Saving stats ...
>>>>
>>>> Any idea ?
>>>>
>>>> Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
>>>>> Looks like you are calling an bufferscanner from filescanner or vice versa.
>>>>> But your configuration looks to be OK, I tested in my testing environment.
>>>>> May be problem is in rest of configuration.
>>>>>
>>>>> Btw, do not use libclam() from parsemail. This way you will disable clamav's
>>>>> internal email parser, which is very good.
>>>>>
>>>>> SAL
>>>>>
>>>>> On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
>>>>>> ok this is the error message woth debug level 5:
>>>>>>
>>>>>>
>>>>>> 11239: libclam(): Loaded virpatterns: 2325837
>>>>>> 5813: Testing
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD()))))...
>>>>>> 5813: Running:
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD()))))
>>>>>> 5813: Running:
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))))
>>>>>> 5813: Running:
>>>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))
>>>>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))
>>>>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))
>>>>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))
>>>>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
>>>>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
>>>>>> 5813: Running: file_type()
>>>>>> 5813: Values: 0.000000, '', []
>>>>>> 5813: Running: attach_name()
>>>>>> 5813: Values: 0.000000, '', []
>>>>>> 5813: Running: libclam()
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())): scanner ParseMail(file_type(), attach_name(),
>>>>>> libclam()) failed: ScannerError: Not implemented
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))Traceback (most recent call last):
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
>>>>>> in scanbuffer
>>>>>> return decode_email(buffer,self.scanners,args).scan()
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
>>>>>> in __init__
>>>>>> self.scan_part(file_name)
>>>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
>>>>>> in scan_part
>>>>>> l,v,r=scanner.scanbuffer(buffer,self.args)
>>>>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
>>>>>> raise ScannerError, 'Not implemented'
>>>>>> ScannerError: Not implemented
>>>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())): All scanners failed!
>>>>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))): scanner alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())) failed: ScannerError: All alternatives
>>>>>> failed!
>>>>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))): scanner
>>>>>> quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam()))) failed: ScannerError: All alternatives failed!
>>>>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))): scanner
>>>>>> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>>>> libclam())))) failed: ScannerError: All alternatives failed!
>>>>>> 5813:
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))): scanner
>>>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam()))))) failed: ScannerError: All alternatives
>>>>>> failed!
>>>>>> 5813:
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD())))): scanner
>>>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))) failed: ScannerError: All
>>>>>> alternatives failed!
>>>>>> 5813: do_scan: Traceback (most recent call last):
>>>>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
>>>>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
>>>>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>>>>>>
>>>>>> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
>>>>>> scanbuffer
>>>>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
>>>>>> scanbuffer
>>>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>>>> scanbuffer
>>>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
>>>>>> scanbuffer
>>>>>> raise ScannerError,'All alternatives failed!'
>>>>>> ScannerError: All alternatives failed!
>>>>>> 5813: Scanner
>>>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>>>> attach_name(), libclam())))))),
>>>>>> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
>>>>>> manually!
>>>>>> 5813: All alternatives failed!
>>>>>> 11239: smtpd(): service started ... [30308, 8583]
>>>>>>
>>>>>>
>>>>>> Thanks again.
>>>>>>
>>>>>> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
>>>>>>> Can you send me exact error message (if possible in debug level>=4)?
>>>>>>>
>>>>>>> SAL
>>>>>>>
>>>>>>> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>>>>>>>> Sorry i don't know why there are different versions.
>>>>>>>>
>>>>>>>> If i try to use parsemail, that's because i would like to drop
>>>>>>>> messages containing attachments with
>>>>>>>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>>>>>>>
>>>>>>>> thanks
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>>>>>>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>>>>>>>> Thanks a lot, it works !
>>>>>>>>>
>>>>>>>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>>>>>>>> different version? May be I should fix this in sagator's sources.
>>>>>>>>>
>>>>>>>>>> I have now another problem. I would like to parse attachments and
>>>>>>>>>> scan with libclam and then i try to use this setup:
>>>>>>>>>> parsemail(
>>>>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>>>>>>> ## Check with sagator's internal content recognition.
>>>>>>>>>> file_type({'exe': 'Executable'}),
>>>>>>>>>> ## Check for attachment filenames.
>>>>>>>>>>
>>>>>>>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>>>>>>>> ),
>>>>>>>>>> ),
>>>>>>>>>>
>>>>>>>>>> But it doesn't work, saying all the alternatives have failed.
>>>>>>>>>
>>>>>>>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>>>>>>>> email parser.
>>>>>>>>>
>>>>>>>>> SAL
|
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-30 12:28:42
|
Postfix-2.9 is an release candidate for stable, not stable yet.
May be it's a problem of postfix. Try to look at your postfix logs.
You can try to fix this by changing end of file srv/smtpd.py in sagator from:
conn.shutdown(socket.SHUT_RDWR)
conn.close()
to:
try:
conn.shutdown(socket.SHUT_RDWR)
conn.close()
except socket.error:
pass
Just I am not sure, if this is a good solution.
SAL
On Mon, Jan 30, 2012 at 12:35:37PM +0100, Comète wrote:
> I use postfix-2.9.20110706 which is running on the same server and
> yes it happens for each connection.
>
> my master.cf looks like this:
>
> smtp inet n - - - - smtpd
> #628 inet n - - - - qmqpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> #qmgr fifo n - - 300 1 oqmgr
> tlsmgr unix - - - 1000? 1 tlsmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - - - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - - - - smtp
> -o smtp_fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - - - - showq
> error unix - - - - - error
> retry unix - - - - - error
> discard unix - - - - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - - - - lmtp
> anvil unix - - - - 1 anvil
> scache unix - - - - 1 scache
>
> 127.0.0.1:10026 inet n - n - 30 smtpd
> -o content_filter=
> -o myhostname=sagator.dmz.local
> -o local_recipient_maps= -o relay_recipient_maps=
> -o mynetworks=127.0.0.0/8 -o mynetworks_style=host
> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> -o smtpd_use_tls=no
>
>
>
> Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
> >Curious. Looks like your SMTP server closed connection unexpectedly.
> >Which SMTP server are you using? With postfix I never had similar problems.
> >
> >I can catch this error in sagator, but need to know, if it's an problem of
> >SMTP server or configuration.
> >
> >Does this happen always or only sometimes, for example when you restart your
> >SMTP server?
> >
> > SAL
> >
> >On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
> >>Ok thanks for the advice, it seems to work when calling parsemail
> >>first and then libclamav().
> >>
> >>But, i have one last non-blocking error at the end of each connection:
> >>
> >>11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
> >>11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
> >>11714: SMTPS: Sending data
> >>11714: SMTPS: OK: 250 Ok
> >>11714: SMTPS: QUIT
> >>11714: smtpd(): Closing connection.
> >>11714: smtpd(): ERROR: SocketError: Connection reset by peer
> >>11714: smtpd(): Traceback (most recent call last):
> >> File "/usr/local/share/sagator/aglib.py", line 141, in fork
> >> self.accept()
> >> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
> >> conn.shutdown(socket.SHUT_RDWR)
> >> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
> >> return getattr(self._sock,name)(*args)
> >>error: [Errno 54] Connection reset by peer
> >>27566: collector(): Saving stats ...
> >>
> >>Any idea ?
> >>
> >>Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> >>>Looks like you are calling an bufferscanner from filescanner or vice versa.
> >>>But your configuration looks to be OK, I tested in my testing environment.
> >>>May be problem is in rest of configuration.
> >>>
> >>>Btw, do not use libclam() from parsemail. This way you will disable clamav's
> >>>internal email parser, which is very good.
> >>>
> >>> SAL
> >>>
> >>>On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> >>>>ok this is the error message woth debug level 5:
> >>>>
> >>>>
> >>>>11239: libclam(): Loaded virpatterns: 2325837
> >>>> 5813: Testing
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD()))))...
> >>>> 5813: Running:
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD()))))
> >>>> 5813: Running:
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))))
> >>>> 5813: Running:
> >>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))
> >>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))
> >>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))
> >>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))
> >>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> >>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
> >>>> 5813: Running: file_type()
> >>>> 5813: Values: 0.000000, '', []
> >>>> 5813: Running: attach_name()
> >>>> 5813: Values: 0.000000, '', []
> >>>> 5813: Running: libclam()
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())): scanner ParseMail(file_type(), attach_name(),
> >>>>libclam()) failed: ScannerError: Not implemented
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))Traceback (most recent call last):
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> >>>>in scanbuffer
> >>>> return decode_email(buffer,self.scanners,args).scan()
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> >>>>in __init__
> >>>> self.scan_part(file_name)
> >>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> >>>>in scan_part
> >>>> l,v,r=scanner.scanbuffer(buffer,self.args)
> >>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> >>>> raise ScannerError, 'Not implemented'
> >>>>ScannerError: Not implemented
> >>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())): All scanners failed!
> >>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))): scanner alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())) failed: ScannerError: All alternatives
> >>>>failed!
> >>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))): scanner
> >>>>quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam()))) failed: ScannerError: All alternatives failed!
> >>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))): scanner
> >>>>drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>>>libclam())))) failed: ScannerError: All alternatives failed!
> >>>> 5813:
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))): scanner
> >>>>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam()))))) failed: ScannerError: All alternatives
> >>>>failed!
> >>>> 5813:
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD())))): scanner
> >>>>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))) failed: ScannerError: All
> >>>>alternatives failed!
> >>>> 5813: do_scan: Traceback (most recent call last):
> >>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> >>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> >>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
> >>>>
> >>>>level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> >>>>scanbuffer
> >>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> >>>>scanbuffer
> >>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>>>scanbuffer
> >>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> >>>>scanbuffer
> >>>> raise ScannerError,'All alternatives failed!'
> >>>>ScannerError: All alternatives failed!
> >>>> 5813: Scanner
> >>>>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>>>attach_name(), libclam())))))),
> >>>>status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> >>>>manually!
> >>>> 5813: All alternatives failed!
> >>>>11239: smtpd(): service started ... [30308, 8583]
> >>>>
> >>>>
> >>>>Thanks again.
> >>>>
> >>>>Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >>>>>Can you send me exact error message (if possible in debug level>=4)?
> >>>>>
> >>>>> SAL
> >>>>>
> >>>>>On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>>>>>Sorry i don't know why there are different versions.
> >>>>>>
> >>>>>>If i try to use parsemail, that's because i would like to drop
> >>>>>>messages containing attachments with
> >>>>>>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>>>>>
> >>>>>>thanks
> >>>>>>
> >>>>>>
> >>>>>>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>>>>>Thanks a lot, it works !
> >>>>>>>
> >>>>>>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>>>>>different version? May be I should fix this in sagator's sources.
> >>>>>>>
> >>>>>>>>I have now another problem. I would like to parse attachments and
> >>>>>>>>scan with libclam and then i try to use this setup:
> >>>>>>>> parsemail(
> >>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>>>>>> ## Check with sagator's internal content recognition.
> >>>>>>>> file_type({'exe': 'Executable'}),
> >>>>>>>> ## Check for attachment filenames.
> >>>>>>>>
> >>>>>>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>>>>>> ),
> >>>>>>>>),
> >>>>>>>>
> >>>>>>>>But it doesn't work, saying all the alternatives have failed.
> >>>>>>>
> >>>>>>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>>>>>email parser.
> >>>>>>>
> >>>>>>> SAL
|
|
From: Comète <co...@da...> - 2012-01-30 11:36:03
|
I use postfix-2.9.20110706 which is running on the same server and yes
it happens for each connection.
my master.cf looks like this:
smtp inet n - - - - smtpd
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
127.0.0.1:10026 inet n - n - 30 smtpd
-o content_filter=
-o myhostname=sagator.dmz.local
-o local_recipient_maps= -o relay_recipient_maps=
-o mynetworks=127.0.0.0/8 -o mynetworks_style=host
-o smtpd_restriction_classes= -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_use_tls=no
Le 30/01/2012 12:11, "Ján ONDREJ (SAL)" a écrit :
> Curious. Looks like your SMTP server closed connection unexpectedly.
> Which SMTP server are you using? With postfix I never had similar problems.
>
> I can catch this error in sagator, but need to know, if it's an problem of
> SMTP server or configuration.
>
> Does this happen always or only sometimes, for example when you restart your
> SMTP server?
>
> SAL
>
> On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
>> Ok thanks for the advice, it seems to work when calling parsemail
>> first and then libclamav().
>>
>> But, i have one last non-blocking error at the end of each connection:
>>
>> 11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
>> 11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
>> 11714: SMTPS: Sending data
>> 11714: SMTPS: OK: 250 Ok
>> 11714: SMTPS: QUIT
>> 11714: smtpd(): Closing connection.
>> 11714: smtpd(): ERROR: SocketError: Connection reset by peer
>> 11714: smtpd(): Traceback (most recent call last):
>> File "/usr/local/share/sagator/aglib.py", line 141, in fork
>> self.accept()
>> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
>> conn.shutdown(socket.SHUT_RDWR)
>> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
>> return getattr(self._sock,name)(*args)
>> error: [Errno 54] Connection reset by peer
>> 27566: collector(): Saving stats ...
>>
>> Any idea ?
>>
>> Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
>>> Looks like you are calling an bufferscanner from filescanner or vice versa.
>>> But your configuration looks to be OK, I tested in my testing environment.
>>> May be problem is in rest of configuration.
>>>
>>> Btw, do not use libclam() from parsemail. This way you will disable clamav's
>>> internal email parser, which is very good.
>>>
>>> SAL
>>>
>>> On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
>>>> ok this is the error message woth debug level 5:
>>>>
>>>>
>>>> 11239: libclam(): Loaded virpatterns: 2325837
>>>> 5813: Testing
>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))),
>>>> status(drop(quarantine(SpamAssassinD()))))...
>>>> 5813: Running:
>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))),
>>>> status(drop(quarantine(SpamAssassinD()))))
>>>> 5813: Running:
>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam()))))))
>>>> 5813: Running:
>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))
>>>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam()))))
>>>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))
>>>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam()))
>>>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
>>>> 5813: parsemail(): buffer len=11, filename=unknown.bin
>>>> 5813: Running: file_type()
>>>> 5813: Values: 0.000000, '', []
>>>> 5813: Running: attach_name()
>>>> 5813: Values: 0.000000, '', []
>>>> 5813: Running: libclam()
>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam())): scanner ParseMail(file_type(), attach_name(),
>>>> libclam()) failed: ScannerError: Not implemented
>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam()))Traceback (most recent call last):
>>>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
>>>> in scanbuffer
>>>> return decode_email(buffer,self.scanners,args).scan()
>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
>>>> in __init__
>>>> self.scan_part(file_name)
>>>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
>>>> in scan_part
>>>> l,v,r=scanner.scanbuffer(buffer,self.args)
>>>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
>>>> raise ScannerError, 'Not implemented'
>>>> ScannerError: Not implemented
>>>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam())): All scanners failed!
>>>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam()))): scanner alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())) failed: ScannerError: All alternatives
>>>> failed!
>>>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))): scanner
>>>> quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam()))) failed: ScannerError: All alternatives failed!
>>>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam()))))): scanner
>>>> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
>>>> libclam())))) failed: ScannerError: All alternatives failed!
>>>> 5813:
>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))): scanner
>>>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam()))))) failed: ScannerError: All alternatives
>>>> failed!
>>>> 5813:
>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))),
>>>> status(drop(quarantine(SpamAssassinD())))): scanner
>>>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))) failed: ScannerError: All
>>>> alternatives failed!
>>>> 5813: do_scan: Traceback (most recent call last):
>>>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
>>>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
>>>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
>>>> scanbuffer
>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>>>>
>>>> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
>>>> scanbuffer
>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
>>>> scanbuffer
>>>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
>>>> scanbuffer
>>>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>>>> scanbuffer
>>>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>>>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
>>>> scanbuffer
>>>> raise ScannerError,'All alternatives failed!'
>>>> ScannerError: All alternatives failed!
>>>> 5813: Scanner
>>>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>>>> attach_name(), libclam())))))),
>>>> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
>>>> manually!
>>>> 5813: All alternatives failed!
>>>> 11239: smtpd(): service started ... [30308, 8583]
>>>>
>>>>
>>>> Thanks again.
>>>>
>>>> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
>>>>> Can you send me exact error message (if possible in debug level>=4)?
>>>>>
>>>>> SAL
>>>>>
>>>>> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>>>>>> Sorry i don't know why there are different versions.
>>>>>>
>>>>>> If i try to use parsemail, that's because i would like to drop
>>>>>> messages containing attachments with
>>>>>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>>>>>
>>>>>> thanks
>>>>>>
>>>>>>
>>>>>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>>>>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>>>>>> Thanks a lot, it works !
>>>>>>>
>>>>>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>>>>>> different version? May be I should fix this in sagator's sources.
>>>>>>>
>>>>>>>> I have now another problem. I would like to parse attachments and
>>>>>>>> scan with libclam and then i try to use this setup:
>>>>>>>> parsemail(
>>>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>>>>> ## Check with sagator's internal content recognition.
>>>>>>>> file_type({'exe': 'Executable'}),
>>>>>>>> ## Check for attachment filenames.
>>>>>>>>
>>>>>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>>>>>> ),
>>>>>>>> ),
>>>>>>>>
>>>>>>>> But it doesn't work, saying all the alternatives have failed.
>>>>>>>
>>>>>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>>>>>> email parser.
>>>>>>>
>>>>>>> SAL
|
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-30 11:23:39
|
Curious. Looks like your SMTP server closed connection unexpectedly.
Which SMTP server are you using? With postfix I never had similar problems.
I can catch this error in sagator, but need to know, if it's an problem of
SMTP server or configuration.
Does this happen always or only sometimes, for example when you restart your
SMTP server?
SAL
On Mon, Jan 30, 2012 at 11:00:50AM +0100, Comète wrote:
> Ok thanks for the advice, it seems to work when calling parsemail
> first and then libclamav().
>
> But, i have one last non-blocking error at the end of each connection:
>
> 11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
> 11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
> 11714: SMTPS: Sending data
> 11714: SMTPS: OK: 250 Ok
> 11714: SMTPS: QUIT
> 11714: smtpd(): Closing connection.
> 11714: smtpd(): ERROR: SocketError: Connection reset by peer
> 11714: smtpd(): Traceback (most recent call last):
> File "/usr/local/share/sagator/aglib.py", line 141, in fork
> self.accept()
> File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
> conn.shutdown(socket.SHUT_RDWR)
> File "/usr/local/lib/python2.7/socket.py", line 224, in meth
> return getattr(self._sock,name)(*args)
> error: [Errno 54] Connection reset by peer
> 27566: collector(): Saving stats ...
>
> Any idea ?
>
> Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> >Looks like you are calling an bufferscanner from filescanner or vice versa.
> >But your configuration looks to be OK, I tested in my testing environment.
> >May be problem is in rest of configuration.
> >
> >Btw, do not use libclam() from parsemail. This way you will disable clamav's
> >internal email parser, which is very good.
> >
> > SAL
> >
> >On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> >>ok this is the error message woth debug level 5:
> >>
> >>
> >>11239: libclam(): Loaded virpatterns: 2325837
> >> 5813: Testing
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD()))))...
> >> 5813: Running:
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD()))))
> >> 5813: Running:
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))))
> >> 5813: Running:
> >>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))
> >> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))
> >> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))
> >> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))
> >> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> >> 5813: parsemail(): buffer len=11, filename=unknown.bin
> >> 5813: Running: file_type()
> >> 5813: Values: 0.000000, '', []
> >> 5813: Running: attach_name()
> >> 5813: Values: 0.000000, '', []
> >> 5813: Running: libclam()
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())): scanner ParseMail(file_type(), attach_name(),
> >>libclam()) failed: ScannerError: Not implemented
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))Traceback (most recent call last):
> >> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> >>in scanbuffer
> >> return decode_email(buffer,self.scanners,args).scan()
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> >>in __init__
> >> self.scan_part(file_name)
> >> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> >>in scan_part
> >> l,v,r=scanner.scanbuffer(buffer,self.args)
> >> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> >> raise ScannerError, 'Not implemented'
> >>ScannerError: Not implemented
> >> 5813: alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())): All scanners failed!
> >> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))): scanner alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())) failed: ScannerError: All alternatives
> >>failed!
> >> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))): scanner
> >>quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam()))) failed: ScannerError: All alternatives failed!
> >> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))): scanner
> >>drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> >>libclam())))) failed: ScannerError: All alternatives failed!
> >> 5813:
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))): scanner
> >>report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam()))))) failed: ScannerError: All alternatives
> >>failed!
> >> 5813:
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD())))): scanner
> >>status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))) failed: ScannerError: All
> >>alternatives failed!
> >> 5813: do_scan: Traceback (most recent call last):
> >> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> >> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> >> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
> >>
> >>level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> >>scanbuffer
> >> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> >>scanbuffer
> >> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> >>scanbuffer
> >> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> >> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> >>scanbuffer
> >> raise ScannerError,'All alternatives failed!'
> >>ScannerError: All alternatives failed!
> >> 5813: Scanner
> >>log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> >>attach_name(), libclam())))))),
> >>status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> >>manually!
> >> 5813: All alternatives failed!
> >>11239: smtpd(): service started ... [30308, 8583]
> >>
> >>
> >>Thanks again.
> >>
> >>Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >>>Can you send me exact error message (if possible in debug level>=4)?
> >>>
> >>> SAL
> >>>
> >>>On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>>>Sorry i don't know why there are different versions.
> >>>>
> >>>>If i try to use parsemail, that's because i would like to drop
> >>>>messages containing attachments with
> >>>>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>>>
> >>>>thanks
> >>>>
> >>>>
> >>>>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>>>Thanks a lot, it works !
> >>>>>
> >>>>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>>>different version? May be I should fix this in sagator's sources.
> >>>>>
> >>>>>>I have now another problem. I would like to parse attachments and
> >>>>>>scan with libclam and then i try to use this setup:
> >>>>>> parsemail(
> >>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>>>> ## Check with sagator's internal content recognition.
> >>>>>> file_type({'exe': 'Executable'}),
> >>>>>> ## Check for attachment filenames.
> >>>>>>
> >>>>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>>>> ),
> >>>>>>),
> >>>>>>
> >>>>>>But it doesn't work, saying all the alternatives have failed.
> >>>>>
> >>>>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>>>email parser.
> >>>>>
> >>>>> SAL
|
|
From: Comète <co...@da...> - 2012-01-30 10:01:39
|
Ok thanks for the advice, it seems to work when calling parsemail first
and then libclamav().
But, i have one last non-blocking error at the end of each connection:
11714: b2f(): destroy():/tmp/b2f-ffF0bQNVyj.mbd
11714: STATS: 1.16177392006 seconds, 504903 bytes, status: CLEAN
11714: SMTPS: Sending data
11714: SMTPS: OK: 250 Ok
11714: SMTPS: QUIT
11714: smtpd(): Closing connection.
11714: smtpd(): ERROR: SocketError: Connection reset by peer
11714: smtpd(): Traceback (most recent call last):
File "/usr/local/share/sagator/aglib.py", line 141, in fork
self.accept()
File "/usr/local/share/sagator/srv/smtpd.py", line 232, in accept
conn.shutdown(socket.SHUT_RDWR)
File "/usr/local/lib/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
error: [Errno 54] Connection reset by peer
27566: collector(): Saving stats ...
Any idea ?
Le 30/01/2012 10:36, "Ján ONDREJ (SAL)" a écrit :
> Looks like you are calling an bufferscanner from filescanner or vice versa.
> But your configuration looks to be OK, I tested in my testing environment.
> May be problem is in rest of configuration.
>
> Btw, do not use libclam() from parsemail. This way you will disable clamav's
> internal email parser, which is very good.
>
> SAL
>
> On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
>> ok this is the error message woth debug level 5:
>>
>>
>> 11239: libclam(): Loaded virpatterns: 2325837
>> 5813: Testing
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD()))))...
>> 5813: Running:
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD()))))
>> 5813: Running:
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))))
>> 5813: Running:
>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))
>> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))
>> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))
>> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))
>> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
>> 5813: parsemail(): buffer len=11, filename=unknown.bin
>> 5813: Running: file_type()
>> 5813: Values: 0.000000, '', []
>> 5813: Running: attach_name()
>> 5813: Values: 0.000000, '', []
>> 5813: Running: libclam()
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam())): scanner ParseMail(file_type(), attach_name(),
>> libclam()) failed: ScannerError: Not implemented
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))Traceback (most recent call last):
>> File "/usr/local/share/sagator/interscan/match.py", line 120, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
>> in scanbuffer
>> return decode_email(buffer,self.scanners,args).scan()
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
>> in __init__
>> self.scan_part(file_name)
>> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
>> in scan_part
>> l,v,r=scanner.scanbuffer(buffer,self.args)
>> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
>> raise ScannerError, 'Not implemented'
>> ScannerError: Not implemented
>> 5813: alternatives(ParseMail(file_type(), attach_name(),
>> libclam())): All scanners failed!
>> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))): scanner alternatives(ParseMail(file_type(),
>> attach_name(), libclam())) failed: ScannerError: All alternatives
>> failed!
>> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))): scanner
>> quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam()))) failed: ScannerError: All alternatives failed!
>> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))): scanner
>> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
>> libclam())))) failed: ScannerError: All alternatives failed!
>> 5813:
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))): scanner
>> report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam()))))) failed: ScannerError: All alternatives
>> failed!
>> 5813:
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD())))): scanner
>> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))) failed: ScannerError: All
>> alternatives failed!
>> 5813: do_scan: Traceback (most recent call last):
>> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
>> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
>> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>>
>> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/report.py", line 113, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
>> scanbuffer
>> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
>> scanbuffer
>> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 181, in
>> scanbuffer
>> level,vir,ret=self.scanner.scanbuffer(buffer,args)
>> File "/usr/local/share/sagator/interscan/match.py", line 128, in
>> scanbuffer
>> raise ScannerError,'All alternatives failed!'
>> ScannerError: All alternatives failed!
>> 5813: Scanner
>> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
>> attach_name(), libclam())))))),
>> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
>> manually!
>> 5813: All alternatives failed!
>> 11239: smtpd(): service started ... [30308, 8583]
>>
>>
>> Thanks again.
>>
>> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
>>> Can you send me exact error message (if possible in debug level>=4)?
>>>
>>> SAL
>>>
>>> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>>>> Sorry i don't know why there are different versions.
>>>>
>>>> If i try to use parsemail, that's because i would like to drop
>>>> messages containing attachments with
>>>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>>>
>>>> thanks
>>>>
>>>>
>>>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>>>> Thanks a lot, it works !
>>>>>
>>>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>>>> different version? May be I should fix this in sagator's sources.
>>>>>
>>>>>> I have now another problem. I would like to parse attachments and
>>>>>> scan with libclam and then i try to use this setup:
>>>>>> parsemail(
>>>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>>>> ## Check with sagator's internal content recognition.
>>>>>> file_type({'exe': 'Executable'}),
>>>>>> ## Check for attachment filenames.
>>>>>>
>>>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>>>> ),
>>>>>> ),
>>>>>>
>>>>>> But it doesn't work, saying all the alternatives have failed.
>>>>>
>>>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>>>> email parser.
>>>>>
>>>>> SAL
|
|
From: Comète <co...@da...> - 2012-01-30 09:37:55
|
ok this is the error message woth debug level 5:
11239: libclam(): Loaded virpatterns: 2325837
5813: Testing
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))),
status(drop(quarantine(SpamAssassinD()))))...
5813: Running:
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))), status(drop(quarantine(SpamAssassinD()))))
5813: Running:
status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam()))))))
5813: Running:
report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))
5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam()))))
5813: Running: quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))
5813: Running: alternatives(ParseMail(file_type(), attach_name(),
libclam()))
5813: Running: ParseMail(file_type(), attach_name(), libclam())
5813: parsemail(): buffer len=11, filename=unknown.bin
5813: Running: file_type()
5813: Values: 0.000000, '', []
5813: Running: attach_name()
5813: Values: 0.000000, '', []
5813: Running: libclam()
5813: alternatives(ParseMail(file_type(), attach_name(), libclam())):
scanner ParseMail(file_type(), attach_name(), libclam()) failed:
ScannerError: Not implemented
5813: alternatives(ParseMail(file_type(), attach_name(),
libclam()))Traceback (most recent call last):
File "/usr/local/share/sagator/interscan/match.py", line 120, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/interscan/parsemail.py", line 412, in
scanbuffer
return decode_email(buffer,self.scanners,args).scan()
File "/usr/local/share/sagator/interscan/parsemail.py", line 384, in
__init__
self.scan_part(file_name)
File "/usr/local/share/sagator/interscan/parsemail.py", line 200, in
scan_part
l,v,r=scanner.scanbuffer(buffer,self.args)
File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
raise ScannerError, 'Not implemented'
ScannerError: Not implemented
5813: alternatives(ParseMail(file_type(), attach_name(), libclam())):
All scanners failed!
5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
libclam()))): scanner alternatives(ParseMail(file_type(), attach_name(),
libclam())) failed: ScannerError: All alternatives failed!
5813: drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))): scanner
quarantine(alternatives(ParseMail(file_type(), attach_name(),
libclam()))) failed: ScannerError: All alternatives failed!
5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam()))))): scanner
drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
libclam())))) failed: ScannerError: All alternatives failed!
5813:
status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))): scanner
report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam()))))) failed: ScannerError: All alternatives failed!
5813:
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))),
status(drop(quarantine(SpamAssassinD())))): scanner
status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))) failed: ScannerError: All alternatives
failed!
5813: do_scan: Traceback (most recent call last):
File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
File "/usr/local/share/sagator/interscan/logger.py", line 94, in
scanbuffer
level,detected,virlist=match_any.scanbuffer(self,buffer,args)
File "/usr/local/share/sagator/interscan/match.py", line 181, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
File "/usr/local/share/sagator/interscan/match.py", line 181, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/interscan/report.py", line 113, in
scanbuffer
level,detected,virlist=match_any.scanbuffer(self,buffer,args)
File "/usr/local/share/sagator/interscan/match.py", line 181, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/interscan/actions.py", line 137, in
scanbuffer
level, detected, virlist = match_any.scanbuffer(self, buffer, args)
File "/usr/local/share/sagator/interscan/match.py", line 181, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/interscan/actions.py", line 52, in
scanbuffer
level,detected,virlist=match_any.scanbuffer(self,buffer,args)
File "/usr/local/share/sagator/interscan/match.py", line 181, in
scanbuffer
level,vir,ret=self.scanner.scanbuffer(buffer,args)
File "/usr/local/share/sagator/interscan/match.py", line 128, in
scanbuffer
raise ScannerError,'All alternatives failed!'
ScannerError: All alternatives failed!
5813: Scanner
log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
attach_name(), libclam())))))),
status(drop(quarantine(SpamAssassinD())))) test failed! Disable it manually!
5813: All alternatives failed!
11239: smtpd(): service started ... [30308, 8583]
Thanks again.
Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> Can you send me exact error message (if possible in debug level>=4)?
>
> SAL
>
> On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
>> Sorry i don't know why there are different versions.
>>
>> If i try to use parsemail, that's because i would like to drop
>> messages containing attachments with
>> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>>
>> thanks
>>
>>
>> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
>>> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>>>> Thanks a lot, it works !
>>>
>>> I don't know, how OpenBSD works. Can you explain, why libclamav has
>>> different version? May be I should fix this in sagator's sources.
>>>
>>>> I have now another problem. I would like to parse attachments and
>>>> scan with libclam and then i try to use this setup:
>>>> parsemail(
>>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>>>> ## Check with sagator's internal content recognition.
>>>> file_type({'exe': 'Executable'}),
>>>> ## Check for attachment filenames.
>>>>
>>>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>>>> libclam(db_options=libclam.CL_DB_PHISHING)
>>>> ),
>>>> ),
>>>>
>>>> But it doesn't work, saying all the alternatives have failed.
>>>
>>> You don't need to use parsemail for libclamav. ClamAV has better and faster
>>> email parser.
>>>
>>> SAL
|
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-30 09:37:08
|
Looks like you are calling an bufferscanner from filescanner or vice versa.
But your configuration looks to be OK, I tested in my testing environment.
May be problem is in rest of configuration.
Btw, do not use libclam() from parsemail. This way you will disable clamav's
internal email parser, which is very good.
SAL
On Mon, Jan 30, 2012 at 10:15:30AM +0100, Comète wrote:
> ok this is the error message woth debug level 5:
>
>
> 11239: libclam(): Loaded virpatterns: 2325837
> 5813: Testing
> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))),
> status(drop(quarantine(SpamAssassinD()))))...
> 5813: Running:
> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))),
> status(drop(quarantine(SpamAssassinD()))))
> 5813: Running:
> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam()))))))
> 5813: Running:
> report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))
> 5813: Running: drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam()))))
> 5813: Running: quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))
> 5813: Running: alternatives(ParseMail(file_type(), attach_name(),
> libclam()))
> 5813: Running: ParseMail(file_type(), attach_name(), libclam())
> 5813: parsemail(): buffer len=11, filename=unknown.bin
> 5813: Running: file_type()
> 5813: Values: 0.000000, '', []
> 5813: Running: attach_name()
> 5813: Values: 0.000000, '', []
> 5813: Running: libclam()
> 5813: alternatives(ParseMail(file_type(), attach_name(),
> libclam())): scanner ParseMail(file_type(), attach_name(),
> libclam()) failed: ScannerError: Not implemented
> 5813: alternatives(ParseMail(file_type(), attach_name(),
> libclam()))Traceback (most recent call last):
> File "/usr/local/share/sagator/interscan/match.py", line 120, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/interscan/parsemail.py", line 412,
> in scanbuffer
> return decode_email(buffer,self.scanners,args).scan()
> File "/usr/local/share/sagator/interscan/parsemail.py", line 384,
> in __init__
> self.scan_part(file_name)
> File "/usr/local/share/sagator/interscan/parsemail.py", line 200,
> in scan_part
> l,v,r=scanner.scanbuffer(buffer,self.args)
> File "/usr/local/share/sagator/avlib.py", line 1036, in scanbuffer
> raise ScannerError, 'Not implemented'
> ScannerError: Not implemented
> 5813: alternatives(ParseMail(file_type(), attach_name(),
> libclam())): All scanners failed!
> 5813: quarantine(alternatives(ParseMail(file_type(), attach_name(),
> libclam()))): scanner alternatives(ParseMail(file_type(),
> attach_name(), libclam())) failed: ScannerError: All alternatives
> failed!
> 5813: drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))): scanner
> quarantine(alternatives(ParseMail(file_type(), attach_name(),
> libclam()))) failed: ScannerError: All alternatives failed!
> 5813: report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam()))))): scanner
> drop(quarantine(alternatives(ParseMail(file_type(), attach_name(),
> libclam())))) failed: ScannerError: All alternatives failed!
> 5813:
> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))): scanner
> report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam()))))) failed: ScannerError: All alternatives
> failed!
> 5813:
> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))),
> status(drop(quarantine(SpamAssassinD())))): scanner
> status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))) failed: ScannerError: All
> alternatives failed!
> 5813: do_scan: Traceback (most recent call last):
> File "/usr/local/share/sagator/aglib.py", line 312, in do_scan
> scnr.scanbuffer(mail.data, {'dbc':globals.DBC})
> File "/usr/local/share/sagator/interscan/logger.py", line 94, in
> scanbuffer
> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/stats.py", line 589, in scanbuffer
>
> level,detected,ret=interscan.match.match_any.scanbuffer(self,buffer,args)
> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/interscan/report.py", line 113, in
> scanbuffer
> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/interscan/actions.py", line 137, in
> scanbuffer
> level, detected, virlist = match_any.scanbuffer(self, buffer, args)
> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/interscan/actions.py", line 52, in
> scanbuffer
> level,detected,virlist=match_any.scanbuffer(self,buffer,args)
> File "/usr/local/share/sagator/interscan/match.py", line 181, in
> scanbuffer
> level,vir,ret=self.scanner.scanbuffer(buffer,args)
> File "/usr/local/share/sagator/interscan/match.py", line 128, in
> scanbuffer
> raise ScannerError,'All alternatives failed!'
> ScannerError: All alternatives failed!
> 5813: Scanner
> log(status(report(drop(quarantine(alternatives(ParseMail(file_type(),
> attach_name(), libclam())))))),
> status(drop(quarantine(SpamAssassinD())))) test failed! Disable it
> manually!
> 5813: All alternatives failed!
> 11239: smtpd(): service started ... [30308, 8583]
>
>
> Thanks again.
>
> Le 29/01/2012 19:44, "Ján ONDREJ (SAL)" a écrit :
> >Can you send me exact error message (if possible in debug level>=4)?
> >
> > SAL
> >
> >On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> >>Sorry i don't know why there are different versions.
> >>
> >>If i try to use parsemail, that's because i would like to drop
> >>messages containing attachments with
> >>exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
> >>
> >>thanks
> >>
> >>
> >>Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >>>On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>>>Thanks a lot, it works !
> >>>
> >>>I don't know, how OpenBSD works. Can you explain, why libclamav has
> >>>different version? May be I should fix this in sagator's sources.
> >>>
> >>>>I have now another problem. I would like to parse attachments and
> >>>>scan with libclam and then i try to use this setup:
> >>>> parsemail(
> >>>> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >>>> ## Check with sagator's internal content recognition.
> >>>> file_type({'exe': 'Executable'}),
> >>>> ## Check for attachment filenames.
> >>>>
> >>>>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >>>> libclam(db_options=libclam.CL_DB_PHISHING)
> >>>> ),
> >>>>),
> >>>>
> >>>>But it doesn't work, saying all the alternatives have failed.
> >>>
> >>>You don't need to use parsemail for libclamav. ClamAV has better and faster
> >>>email parser.
> >>>
> >>> SAL
|
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-29 18:45:06
|
Can you send me exact error message (if possible in debug level >=4)?
SAL
On Sun, Jan 29, 2012 at 07:13:00PM +0100, Comète wrote:
> Sorry i don't know why there are different versions.
>
> If i try to use parsemail, that's because i would like to drop
> messages containing attachments with
> exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js extensions.
>
> thanks
>
>
> Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> >On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> >>Thanks a lot, it works !
> >
> >I don't know, how OpenBSD works. Can you explain, why libclamav has
> >different version? May be I should fix this in sagator's sources.
> >
> >>I have now another problem. I would like to parse attachments and
> >>scan with libclam and then i try to use this setup:
> >> parsemail(
> >> #file_magic({'Executable_magic': '/.*exec'},re.I),
> >> ## Check with sagator's internal content recognition.
> >> file_type({'exe': 'Executable'}),
> >> ## Check for attachment filenames.
> >>
> >>attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> >> libclam(db_options=libclam.CL_DB_PHISHING)
> >> ),
> >>),
> >>
> >>But it doesn't work, saying all the alternatives have failed.
> >
> >You don't need to use parsemail for libclamav. ClamAV has better and faster
> >email parser.
> >
> > SAL
|
|
From: Comète <co...@da...> - 2012-01-29 18:13:12
|
Sorry i don't know why there are different versions.
If i try to use parsemail, that's because i would like to drop messages
containing attachments with exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js
extensions.
thanks
Le 27/01/2012 16:32, "Ján ONDREJ (SAL)" a écrit :
> On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
>> Thanks a lot, it works !
>
> I don't know, how OpenBSD works. Can you explain, why libclamav has
> different version? May be I should fix this in sagator's sources.
>
>> I have now another problem. I would like to parse attachments and
>> scan with libclam and then i try to use this setup:
>> parsemail(
>> #file_magic({'Executable_magic': '/.*exec'},re.I),
>> ## Check with sagator's internal content recognition.
>> file_type({'exe': 'Executable'}),
>> ## Check for attachment filenames.
>>
>> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
>> libclam(db_options=libclam.CL_DB_PHISHING)
>> ),
>> ),
>>
>> But it doesn't work, saying all the alternatives have failed.
>
> You don't need to use parsemail for libclamav. ClamAV has better and faster
> email parser.
>
> SAL
|
|
From: Ján O. (SAL) <on...@sa...> - 2012-01-27 15:32:54
|
On Fri, Jan 27, 2012 at 04:10:46PM +0100, Comète wrote:
> Thanks a lot, it works !
I don't know, how OpenBSD works. Can you explain, why libclamav has
different version? May be I should fix this in sagator's sources.
> I have now another problem. I would like to parse attachments and
> scan with libclam and then i try to use this setup:
> parsemail(
> #file_magic({'Executable_magic': '/.*exec'},re.I),
> ## Check with sagator's internal content recognition.
> file_type({'exe': 'Executable'}),
> ## Check for attachment filenames.
>
> attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
> libclam(db_options=libclam.CL_DB_PHISHING)
> ),
> ),
>
> But it doesn't work, saying all the alternatives have failed.
You don't need to use parsemail for libclamav. ClamAV has better and faster
email parser.
SAL
|
|
From: Comète <co...@da...> - 2012-01-27 15:11:06
|
Thanks a lot, it works !
I have now another problem. I would like to parse attachments and scan
with libclam and then i try to use this setup:
alternatives(
## Next scanner uses clamav's library directly in sagator.
## This scanner is the best scanner from all clamav scanners.
## It's performance and stability is very high.
#buffer2mbox(libclam(
#limits={'maxratio': 9999}, # needed for clamav<0.95
#db_options=libclam.CL_DB_PHISHING
#)),
## If you need to parse emails mime attachments, you
## can use parsemail() interscanner before calling clamav.
## Uncomment following line if you need this.
## Don't forget to comment out previous scanner, because
## it is useless to define two scanner for one antivirus.
#parsemail(libclam()),
parsemail(
#file_magic({'Executable_magic': '/.*exec'},re.I),
## Check with sagator's internal content recognition.
file_type({'exe': 'Executable'}),
## Check for attachment filenames.
attach_name({'Executable':'\.(exe|com|vxd|dll|cpl|scr|pif|lnk|bat|vbs|js)$'}),
libclam(db_options=libclam.CL_DB_PHISHING)
),
),
But it doesn't work, saying all the alternatives have failed.
Could you please tell me what i don't do the way it should ?
Thanks again !
Le 27/01/2012 10:59, Ján ONDREJ (SAL) a écrit :
> Hello,
>
> curious, that on BSD same version on clamav has different so library name.
> On my Linux I have:
>
> [ondrejj@work ~]$ ls -la /usr/lib64/libclamav.so*
> lrwxrwxrwx. 1 root root 19 nov 8 08:52 /usr/lib64/libclamav.so -> libclamav.so.6.1.12*
> lrwxrwxrwx. 1 root root 19 nov 8 08:06 /usr/lib64/libclamav.so.6 -> libclamav.so.6.1.12*
> -rwxr-xr-x. 1 root root 10703944 okt 28 00:36 /usr/lib64/libclamav.so.6.1.12*
> [ondrejj@work ~]$
>
> Version of libclamav should be so.6, if your version of clamav has anything
> else, you can try to force it's compatibility in sagator's
> avir/libclamav/__init__.py file by overwriting this:
>
> if libver==6:
>
> to your:
>
> if libver==18:
>
> Leave "import libso6 as libso" as is.
>
> SAL
>
> On Fri, Jan 27, 2012 at 09:54:54AM +0100, Comète wrote:
>> Hi,
>>
>> i've build sagator-1.2.3 on OpenBSD 5.0 with success and i try to use
>> clamav-0.97.2 and spamassasin-3.3.2 with it.
>> But when i launch sagator, i get this:
>>
>> -=>> sudo sagator --nodaemon
>> 29576: SAGATOR 1.2.3-1 starting at Fri Jan 27 09:49:03 2012
>> 29718: collector(): loadstat error: No such file or directory
>> 29718: collector(): service started, waiting for connections ... [29718]
>> Traceback (most recent call last):
>> File "/usr/local/sbin/sagator", line 150, in<module>
>> pids = srv.start()
>> File "/usr/local/share/sagator/aglib.py", line 95, in start
>> self.test_scanners(self.SCANNERS)
>> File "/usr/local/share/sagator/aglib.py", line 75, in test_scanners
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/interscan/match.py", line 54, in reinit
>> scnr.reinit()
>> File "/usr/local/share/sagator/avir/clamav.py", line 195, in reinit
>> datadir=self.datadir)
>> File "/usr/local/share/sagator/avir/libclamav/__init__.py", line 33,
>> in clamav
>> raise ClamAVError("Unsupported library: '%s'" % solib)
>> avir.libclamav.shared.ClamAVError: Unsupported library: 'libclamav.so.18.1'
>>
>>
>> Is it really due to an unsupported release of clamav ?
>>
>> Thanks
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> Sagator-users mailing list
>> Sag...@li...
>> https://lists.sourceforge.net/lists/listinfo/sagator-users
|
