Topic: Error messages after Clamav install (Knuddi's script)

[psoren]

I have installed Clamav on my SME 6 (The Mitel dev. one) It seems to be woking fine but i get lots of error messages now:

In /var/log/smtpfront-qmail/current i get:
2004-08-28 19:14:31.688833500 smtpfront-qmail[12856]: MAIL From:<tvd_documentation@nai.com> SIZE=41382
2004-08-28 19:14:31.701562500 smtpfront-qmail[12856]: RCPT To:<axel@xxxxx.dk>
2004-08-28 19:14:32.477801500 smtpfront-qmail[12856]: 554 We don't accept email with executable content ZIPV1 - UEsDBAoAA (#5.3.4)
2004-08-28 19:14:36.090571500 smtpfront-qmail[12856]: bytes in: 42075 bytes out: 266
2004-08-28 19:14:36.090778500 tcpserver: end 12856 status 0
2004-08-28 19:14:36.090786500 tcpserver: status: 0/40
2004-08-28 19:14:36.091558500 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.6.1/AMAVIS/MTA/Qmail.pm line 124.
2004-08-28 19:14:36.091967500 Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.6.1/AMAVIS/MTA/Qmail.pm line 127.
2004-08-28 19:14:36.092451500 Use of uninitialized value in string ne at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 421.
2004-08-28 19:14:36.093718500 Use of uninitialized value in -d at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 672.
2004-08-28 19:14:36.093824500 Use of uninitialized value in -f at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 672.
2004-08-28 19:14:36.093910500 Use of uninitialized value in -l at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 672.
2004-08-28 19:14:36.093992500 Use of uninitialized value in -l at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 672.
2004-08-28 19:14:36.094076500 Use of uninitialized value in -l at /usr/lib/perl5/site_perl/5.6.1/AMAVIS.pm line 672.
2004-08-28 19:46:06.846040500 tcpserver: status: 1/40

In /var/log/amavis-ng i get:
Aug 28 13:38:28 perserver amavis[4042]: Starting AMaViS 0.1.6.4
Aug 28 13:38:31 perserver amavis[4042]: AMAVIS::MTA::Qmail: Wrong recipient line format
Aug 28 13:38:31 perserver amavis[4042]: Error: Couldn't get directory for extracting
Aug 28 13:38:31 perserver amavis[4042]: AMAVIS: Cleaning up.
Aug 28 13:38:31 perserver amavis[4042]: AMAVIS: Done.

What is going on, is it to worry about?

I have also blocked executable content from Ray's howto. And i have Spam Filter from Knuddi's script. All works but why the errors?

Per

[Knuddi]

Hi psoren,

Have you tried the manual test of Clam?
It does look as a configuration error in /etc/amavis-ng/amavis.conf

Output to the command should be:

[root@e-smith]# ps -efa | grep clamd
qmailq 7000 1 0 11:32 ? 00:00:00 clamd
qmailq 7001 7000 0 11:32 ? 00:00:00 clamd
qmailq 7002 7001 0 11:32 ? 00:00:00 clamd

The user should also be qmailq so the output should read:
[root@e-smith]# ls -ld /var/lib/clamav
drwx------ 2 qmailq qmail 4096 Jun 8 11:32 /var/lib/clamav

The same goes for this command:
[root@e-smith]# sudo ls -l /var/lib/clamav/clamd.sock
srwxrwxrwx 1 qmailq qmail 0 Jun 8 11:32 /var/lib/clamav/clamd.sock

The following commands should return without an error:

[root@e-smith]# perl -e 'use AMAVIS'
[root@e-smith]# perl -e 'use AMAVIS::MTA::Qmail'
[root@e-smith]# perl -e 'use AMAVIS::AV::CLAMD'


The following command should just hang on the command line with no output, ctrl-c to stop after 5 secs:

[root@e-smith]# /usr/bin/qmail-queue.amavis

 

If any of the above returned errors you will need to fix these before continuing or you will break your email system.


To ensure its working correctly check your test emails, they should have the extra header X-Virus-Scanned-By: in them.

Also tail the logfiles:
[root@e-smith]#tail -f /var/log/amavis-ng/amavis-ng.log

[psoren]

Hi psoren,

Have you tried the manual test of Clam?
It does look as a configuration error in /etc/amavis-ng/amavis.conf

Output to the command should be:

[root@e-smith]# ps -efa | grep clamd
qmailq 7000 1 0 11:32 ? 00:00:00 clamd
qmailq 7001 7000 0 11:32 ? 00:00:00 clamd
qmailq 7002 7001 0 11:32 ? 00:00:00 clamd

This gave me:
[root@perserver /]# ps -efa | grep clamd
qmailq    1990     1  0 Aug28 ?        00:00:10 clamd
qmailq   10504  1990  0 Aug28 ?        00:00:00 clamd
root     26157 25952  0 23:31 pts/0    00:00:00 grep clamd

So it looks like something is wrong there maybe...


The rest ran OK

Per

[Knuddi]

That alright - Clamd is running as it should. So even the:

# /usr/bin/qmail-queue.amavis

Did not post any messages?

Try to check /etc/amavis-ng/amavis.conf

What is these set to (examples from mine)?
unpack dir = /var/spool/amavis-ng/
mail from = postmaster@swerts-knudsen.dk
admin = admin@swerts-knudsen.dk

[psoren]

That alright - Clamd is running as it should. So even the:

# /usr/bin/qmail-queue.amavis

Did not post any messages?

Nope!

Try to check /etc/amavis-ng/amavis.conf

What is these set to (examples from mine)?
unpack dir = /var/spool/amavis-ng/
mail from = postmaster@swerts-knudsen.dk
admin = admin@swerts-knudsen.dk

Where yours says admin, mine says postmaster. I changed it, restarted clamd, but no difference.

Per

[paul_sc]

As a follow up...after running fine for a couple months I started getting the same errors and mail stopped being delivered...sme 6.01 dungog email rpms

"AMAVIS::MTA::Qmail: Wrong recipient line format"
"Error: Couldn't get directory for extracting"


Quick search through site did not find the answer, however a google search did.

For all those looking there is a patch here. It solved the problem so far on my 6.01 server.

I hope it is ok to post this...if not let me know and I will delete the links.

I did not see it in contribs.org download site.
http://www.activeservice.co.uk/sme/contribs/

AMaViS patch to prevent cleanup errors and spurious messages

Version 1.0, 13 Feb 2004
Rick Jones, Active Service Consulting Ltd, UK


Introduction:

This patch applies to amavis-ng 1.6.4, as provided for SME server
by Jesper Knudsen at http://sme.swerts-knudsen.dk


Problems:

I noticed after installing this version of amavis that the working
directories were not always being cleaned up. These rogue directories
corresponded to the following logged messages -

"AMAVIS::MTA::Qmail: Wrong recipient line format"
"Error: Couldn't get directory for extracting"

Any corresponding message got completely black-holed.

The problem is down to an error in the logic sequence in Qmail.pm,
and a wrong assumption about cause of failure in AMAVIS.pm

It turns out that the emails causing these problems are
undeliverable, and usually empty. My guess it that they result
from aborted incoming SMTP sessions, but I didn't dig back that
far to confirm the theory.

Fix:

The enclosed patch file amavis-qmail.pat will patch the two Perl
scripts involved. Copy it to /usr/lib/perl5/site_perl/5.6.1, then
cd to that directory and run:

patch -b -p1 <amavis-qmail.pat

Changes:

As well as ensuring that temporary directories are cleaned up,
the logged message for "Wrong recipient line format" includes
the actual recipient line in parentheses at the end. In every
occurrence I've seen the line is empty (hence can't be processed).

An additional info message is logged: "Abandoning message",
indicating that any message is being thrown away. This was
what happened before, but nothing was logged to say so.

Another minor but unrelated fix is that the log message:
"AMAVIS::MTA::Qmail: qmail-queue exited 0"
is now classed as an INFO message rather than ERR.
This is a normal condition, so with log level at INFO (4)
it prevents the item being pointlessly logged.

Rick Jones
rick@activeservice.co.uk