不过我有两个问题:
1。我们两个机器几乎配置一样,但是一个上面就好使,另一个就出现这个问题。
2。看样子好像是邮件头有问题,不知各位水能解释一下相关代码呢,我对perl不熟:-)
3。我得系统时间是正常的,但是virusadmin发回来的信都要玩几个小时,比如现在下午5点,则显示:
by 0 with SMTP; 19 May 2004 08:59:47 -0000作者: 忍者神龟 时间: 2004-05-19 17:30 标题: qmailscanner 1。2 ,什么都认为是病毒,全部退信。欢迎讨论 Wed, 19 May 2004 16:59:47 +0800:19203: +++ starting debugging for process 19203 by uid=0 at Wed, 19 May 2004 16:59:47 +0800
Wed, 19 May 2004 16:59:47 +0800:19203: setting UID to EUID so subprocesses can access files generated by this script
Wed, 19 May 2004 16:59:47 +0800:19203: program name is qmail-scanner-queue.pl, version 1.21
Wed, 19 May 2004 16:59:47 +0800:19203: incoming SMTP connection from via SMTP from 192.168.0.145
Wed, 19 May 2004 16:59:47 +0800:19203: w_c: mkdir /var/spool/qmailscan/tmp/mailserver108495718747019203
Wed, 19 May 2004 16:59:47 +0800:19203: w_c: start dumping incoming msg into /var/spool/qmailscan/working/tmp/mailserver108495718747019203 [1084957187.59966]
Wed, 19 May 2004 16:59:47 +0800:19203: w_c: disallowed breakage found in header name ( by 0 with SMTP; 19 May 2004 08:59:47 -0000
) - potential virus
Wed, 19 May 2004 16:59:47 +0800:19203: w_c: rename new msg from /var/spool/qmailscan/working/tmp/mailserver108495718747019203 to /var/spool/qmailscan/working/new/mailserver108495718747019203 [1084957187.68547]
Wed, 19 May 2004 16:59:47 +0800:19203: d_m: starting /usr/local/bin/reformime -x/var/spool/qmailscan/tmp/mailserver108495718747019203/ </var/spool/qmailscan/working/new/mailserver108495718747019203 [1084957187.68608]
Wed, 19 May 2004 16:59:47 +0800:19203: d_m: finished /usr/local/bin/reformime -x/var/spool/qmailscan/tmp/mailserver108495718747019203/ [1084957187.69629]
Wed, 19 May 2004 16:59:47 +0800:19203: d_m: Checking all attachments to see if they're MS-TNEF
Wed, 19 May 2004 16:59:47 +0800:19203: d_m: is /var/spool/qmailscan/tmp/mailserver108495718747019203/1084957187.19205-0.mailserver is a TNEF file?: 256 [1084957187.70143]
Wed, 19 May 2004 16:59:47 +0800:19203: d_m: unpacking message took 0.015678 seconds
Wed, 19 May 2004 16:59:47 +0800:19203: unsetting QMAILQUEUE env var
Wed, 19 May 2004 16:59:47 +0800:19203: g_e_h: return-path is "liubin@proc.com.cn", recips is "halu@proc.com.cn"
Wed, 19 May 2004 16:59:47 +0800:19203: from=,subj=, x-qmail-scanner-message-id=<108495718766119203@mailserver>; via SMTP from 192.168.0.145
Wed, 19 May 2004 16:59:47 +0800:19203: This is a PLAIN text message (because it's either not mime, or is text/plain), skip virus scanners - but not SA
Wed, 19 May 2004 16:59:47 +0800:19203: ini_sc: start scanning
Wed, 19 May 2004 16:59:47 +0800:19203: ini_sc: recursively scan the directory /var/spool/qmailscan/tmp/mailserver108495718747019203/
Wed, 19 May 2004 16:59:47 +0800:19203: scanloop: starting scan of directory "/var/spool/qmailscan/tmp/mailserver108495718747019203"...
Wed, 19 May 2004 16:59:47 +0800:19203: scanloop: finished scan of "/var/spool/qmailscan/tmp/mailserver108495718747019203"...
Wed, 19 May 2004 16:59:47 +0800:19203: ini_sc: scanning message took 0.000231 seconds
Wed, 19 May 2004 16:59:47 +0800:19203: unsetting TCPREMOTEIP env var
Wed, 19 May 2004 16:59:47 +0800:19203: e_v_r: quarantine msg to /var/spool/qmailscan/quarantine/new/mailserver108495718747019203
Wed, 19 May 2004 16:59:47 +0800:19203: e_s: sending policy quarantine report via: /var/qmail/bin/qmail-inject to psender address (liubin@proc.com.cn)
Wed, 19 May 2004 16:59:47 +0800:19203: e_s: sending policy quarantine report via: /var/qmail/bin/qmail-inject to admin address (virusadmin@proc.com.cn)
Wed, 19 May 2004 16:59:47 +0800:19203: w_v_r: writing quarantine log report of: Wed, 19 May 2004 16:59:47 +0800 liubin@proc.com.cn halu@proc.com.cn Disallowed breakage found in header name - potential virus
Wed, 19 May 2004 16:59:47 +0800:19203: e_v_r: email_quarantine_report took 0.053107 seconds to execute
Wed, 19 May 2004 16:59:47 +0800:19203: cleanup: /bin/rm -rf /var/spool/qmailscan/tmp/mailserver108495718747019203/ /var/spool/qmailscan/working/new/mailserver108495718747019203
19/05/2004 16:59:47:19203: all finished. Total of 0.164012 secs作者: 忍者神龟 时间: 2004-05-19 17:35 标题: qmailscanner 1。2 ,什么都认为是病毒,全部退信。欢迎讨论 好像找到了
http://www.mail-archive.com/qmail-scanner-general@lists.sourceforge.net/msg04128.html
明天再试试看。
下班喽作者: moumoulrc 时间: 2004-05-19 19:11 标题: qmailscanner 1。2 ,什么都认为是病毒,全部退信。欢迎讨论 呵呵,这位大哥和我的问题一摸一样,我也是两台机器,一台没有问题,另外发什么都会被拦住。最后我用的是1.15这个版本,但是在编译的时候有出问题,最后只好把quarantine-attachments.txt里面的第82行给注释掉就好了!
而且后来我把qmail-scanner-queue.pl这个文件里面的提示有病毒的信息改成中文后,一台机器能够退回一封中文的病毒提示的退信,而另外的一台则退回的是乱码邮件。
两台机器的我认为唯一的区别就是一台是安装的中文linux,另外一台是英文的linux。其中就是中文的linux能够安装qmailscanner.1.2并正常运行。英文的只能装qmailscanner1.2了,并且有病毒的提示退信是乱码!作者: joinscience 时间: 2004-05-20 09:22 标题: qmailscanner 1。2 ,什么都认为是病毒,全部退信。欢迎讨论 一种是楼主看到的解决办法:
edit /etc/sysconfig/i18n and set the default lang from en_US-UTF8 to en_US or C then reboot
另一个办法:
#Try to fix bad MIME messages before passing to MIME unpacker
my $BAD_MIME_CHECKS='0'; #把这个参数改成0
另一个问题是想过滤一些邮件标题为failure notice 等的邮件,并且做了如下设置:
failure notice Virus-Subject: may be virus,pleas use new subject!
Message Error Virus-Subject: may be virus,pleas use new subject!
.*)$/) {