Hi
I am currently hitting my head on the wall trying to get incoming mail scanned by clamav. I have already configured spamassassin and seems to working OK. I am running Suse 9.3, and have loaded the appropriate version of Scalix.
What seems to be occurring is the Scalix service router is ignoring the omvscan.cfg file and not invoking Clamdscan. I am able to run files through Clamdscan with out any problems,
clamdscan /var/opt/scalix/data/0000001/* |more
/var/opt/scalix/data/0000001/000010g: OK
/var/opt/scalix/data/0000001/000010i: OK
/var/opt/scalix/data/0000001/000010j: OK
/var/opt/scalix/data/0000001/000010k: OK
/var/opt/scalix/data/0000001/000010l: OK
/var/opt/scalix/data/0000001/000010m: OK
/var/opt/scalix/data/0000001/000010n: OK
/var/opt/scalix/data/0000001/000010o: OK
/var/opt/scalix/data/0000001/000010p: OK
/var/opt/scalix/data/0000001/000010q: OK
/var/opt/scalix/data/0000001/00001g0: OK
/var/opt/scalix/data/0000001/00001g1: OK
/var/opt/scalix/data/0000001/00001g2: OK
/var/opt/scalix/data/0000001/00001g3: OK
/var/opt/scalix/data/0000001/00001g4: OK
/var/opt/scalix/data/0000001/00001g5: OK
/var/opt/scalix/data/0000001/00001g6: OK
/var/opt/scalix/data/0000001/00001g7: OK
/var/opt/scalix/data/0000001/00001g8: OK
/var/opt/scalix/data/0000001/00001g9: OK
there doesn't seem to be any permissions problems (see above).
the rules directory appears to be OK
ls -l /var/opt/scalix/rules/
total 41
drwxrwx--- 2 scalix scalix 112 Jan 23 15:06 .
drwxrwxr-x 49 scalix scalix 1256 Jan 20 14:25 ..
-rw-r--r-- 1 root scalix 131 Jan 23 15:06 ALL-ROUTES.VIR
-r-xr-xr-x 1 root scalix 33112 Oct 28 04:03 omvscan.map
when I run an audit I get the following
routing
time 1139975655 Wed Feb 15 14:54:15 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B2(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B2(a)server.adtec.com.au
subject test
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 224
part-type 1167 TEXT
part-size 404
part-type 2145 PKZip archive
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
queue LOCAL
max-nest-depth 0
message-size 3649
part-count 3
delivered-count 1
routing
time 1139980545 Wed Feb 15 16:15:45 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B3(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B3(a)server.adtec.com.au
subject test
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 224
part-type 1167 TEXT
part-size 404
part-type 2145 PKZip archive
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
queue LOCAL
max-nest-depth 0
message-size 3649
part-count 3
delivered-count 1
as can be seen there are no remarks here about sending through virus scanning.
there is no data ion the fatal log file.
Any ideas
Cheers Jon Bolton
Clam antivirus
Moderators: ScalixSupport, admin
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
Can you post the contents of ALL-ROUTES.VIR ?
Usually, if there is a problem with the contents of the file, it will be reported in the event logs when you start up the Service Router.
will give you the past 5 minutes of logging for the router.
Cheers
Dave
Usually, if there is a problem with the contents of the file, it will be reported in the event logs when you start up the Service Router.
Code: Select all
omoff -d0 router
omon router
omshowlog -p 5 -s router
will give you the past 5 minutes of logging for the router.
Cheers
Dave
-
jon@adtec
Clam antivirus
Hi Dave
thanks for the reply here is the contents of ALL-ROUTES.VIR
VIRUS-FOUND=1 ACTION=DISCARD NOTIFY="<Rejected Email, by ADTEC virus scan. Please notify Administrator>"
VIRUS_FOUND=0 ACTION=ALLOW
here's the info requested
omshowlog -p 5 -s router
WARNING Service Router(Service Router) 02.16.06 07:37:53
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 02.16.06 07:37:53
[OM 5152] Error on line 2: Unknown token or syntax error
I notice now that in the ALL-ROUTES.VIR there is the entry on line 2 of VIRUS_FOUND instead of VIRUS-FOUND.... I have corrected that and the audit log is showing that the correct notifications are taking place.
routing
time 1140036078 Thu Feb 16 07:41:18 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B6(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B6(a)server.adtec.com.au
subject FW: Combiner quote
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 983
part-type 1167 TEXT
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
queue LOCAL
message-filter-info +VIRUS-FOUND=ALLOW
max-nest-depth 0
message-size 3483
part-count 2
delivered-count 1
routing
time 1140036304 Thu Feb 16 07:45:04 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
subject FW: test
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 391
part-type 1167 TEXT
part-size 404
part-type 2145 PKZip archive
virus-uncleaned ClamAV-Test-File
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
message-filter-info +VIRUS-FOUND=DISCARD=NOTIFY
max-nest-depth 0
message-size 3832
part-count 3
delivered-count 0
routing
time 1140036304 Thu Feb 16 07:45:04 2006 +660
type 1 reply
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 1
hop-count 1
originator VIRUS-CHECKER/CN=VIRUS-CHECKER
ua-message-id H000000000000692.1140036304.adtec-mail.adtec2.com.au
mta-message-id H000000000000692.1140036304.adtec-mail.adtec2.com.au
ua-ack-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
subject FW: test
part-size 225
part-type 1166 DISTRIBUTION LIST
recipient-to sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
ack-req 0 none
queue UNIX:MIME
part-size 66
part-type 1167 TEXT
part-size 534
part-type 1167 TEXT
max-nest-depth 0
message-size 1527
part-count 3
delivered-count 1
Thanks for the help on this subject.
I was also wondering if there is anyway of sending this message to virus hold type account ... (I'd like to be able to do the same thing for spam) which would automatically remove the mail if it has not been reviewed in say 5 days or similiar and notifying the user that email recipient that they have recieved a bad message.
Cheers Jon Bolton
thanks for the reply here is the contents of ALL-ROUTES.VIR
VIRUS-FOUND=1 ACTION=DISCARD NOTIFY="<Rejected Email, by ADTEC virus scan. Please notify Administrator>"
VIRUS_FOUND=0 ACTION=ALLOW
here's the info requested
omshowlog -p 5 -s router
WARNING Service Router(Service Router) 02.16.06 07:37:53
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 02.16.06 07:37:53
[OM 5152] Error on line 2: Unknown token or syntax error
I notice now that in the ALL-ROUTES.VIR there is the entry on line 2 of VIRUS_FOUND instead of VIRUS-FOUND.... I have corrected that and the audit log is showing that the correct notifications are taking place.
routing
time 1140036078 Thu Feb 16 07:41:18 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B6(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B6(a)server.adtec.com.au
subject FW: Combiner quote
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 983
part-type 1167 TEXT
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
queue LOCAL
message-filter-info +VIRUS-FOUND=ALLOW
max-nest-depth 0
message-size 3483
part-count 2
delivered-count 1
routing
time 1140036304 Thu Feb 16 07:45:04 2006 +660
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
mta-message-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
subject FW: test
originator sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
part-size 322
part-type 1166 DISTRIBUTION LIST
part-size 391
part-type 1167 TEXT
part-size 404
part-type 2145 PKZip archive
virus-uncleaned ClamAV-Test-File
recipient-to Jon Bolton / adtec-mail, adtec2/CN=Jon Bolton
ack-req 0 none
message-filter-info +VIRUS-FOUND=DISCARD=NOTIFY
max-nest-depth 0
message-size 3832
part-count 3
delivered-count 0
routing
time 1140036304 Thu Feb 16 07:45:04 2006 +660
type 1 reply
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 1
hop-count 1
originator VIRUS-CHECKER/CN=VIRUS-CHECKER
ua-message-id H000000000000692.1140036304.adtec-mail.adtec2.com.au
mta-message-id H000000000000692.1140036304.adtec-mail.adtec2.com.au
ua-ack-id 65ED19764468D411A6AF006094EA0F3B8239B7(a)server.adtec.com.au
subject FW: test
part-size 225
part-type 1166 DISTRIBUTION LIST
recipient-to sendmail / internet DDT1=RFC-822; DDV1=sendmail@adtec-mail.adtec2.com.au;
ack-req 0 none
queue UNIX:MIME
part-size 66
part-type 1167 TEXT
part-size 534
part-type 1167 TEXT
max-nest-depth 0
message-size 1527
part-count 3
delivered-count 1
Thanks for the help on this subject.
I was also wondering if there is anyway of sending this message to virus hold type account ... (I'd like to be able to do the same thing for spam) which would automatically remove the mail if it has not been reviewed in say 5 days or similiar and notifying the user that email recipient that they have recieved a bad message.
Cheers Jon Bolton
Who is online
Users browsing this forum: No registered users and 4 guests