Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: Drifting on September 16, 2020, 01:22:48 PM

Title: Problems with outgoing email, PDF's
Post by: Drifting on September 16, 2020, 01:22:48 PM

Hi
Have a bit of an issue, and have managed to replicate this on a number of SME servers. It seems that the virus scanning, on incoming and outgoing is stamping on PDF documents. Proved it by disabling scanning and email arrives fine. All files have been confirmed virus free with Sophos.
No idea turning this off I must admit, but wondered if anyone else has had this happen? Going to have a read up, pretty sure somewhere you can disable PDF's from being scanned?

Regards Paul

Title: Re: Problems with outgoing email, PDF's
Post by: ReetP on September 16, 2020, 02:17:21 PM

So, what do your logs say?

They give you the brutal truth.

Have a look in /var/log/qpsmtpd for stuff like this

Code: [Select]

virus::clamdscan: fail, found virus Heuristics.Phishing.Email.SpoofedDomain
You also need to check the wiki pages and look at the signatures of the PDFs getting blocked:

https://wiki.contribs.org/Virus:Email_Attachment_Blocking

[Edit to fix typo]

Title: Re: Problems with outgoing email, PDF's
Post by: Drifting on September 16, 2020, 02:36:56 PM

Thanks for the reply, started to have a poke about, but a bit limited in knowledge here :-)

Did see this which equates to one of the messages not being delivered:-

@400000005f61f40139a58ba4 23139 (deny) logging::logterse: ` 212.69.*.*        mxfilter0.myisp.net     mxfilter0.myisp.net     <*****@ducron.co.uk>  <****@thannet.com>   virus::clamdscan        902     Unable to scan for viruses   msg denied before queued
@400000005f61f40139a656c4 23139 452 Unable to scan for viruses

Title: Re: Problems with outgoing email, PDF's
Post by: ReetP on September 16, 2020, 03:35:16 PM

Quote

but a bit limited in knowledge here

Blind leading the blind then ;-)

With your log snippet I assume that is from qpsmtpd/current.

Try to grep for the whole of that message using the message ID

Code: [Select]

grep 23139 /var/log/qpsmtpd/current
Also what have we got here?

Code: [Select]

config show clamd

config show clamav

config show clamscan


Title: Re: Problems with outgoing email, PDF's
Post by: warren on September 17, 2020, 10:45:41 AM

Quote from: Drifting on September 16, 2020, 02:36:56 PM

Thanks for the reply, started to have a poke about, but a bit limited in knowledge here :-)

Did see this which equates to one of the messages not being delivered:-

@400000005f61f40139a58ba4 23139 (deny) logging::logterse: ` 212.69.*.*        mxfilter0.myisp.net     mxfilter0.myisp.net     <*****@ducron.co.uk>  <****@thannet.com>   virus::clamdscan        902     Unable to scan for viruses   msg denied before queued
@400000005f61f40139a656c4 23139 452 Unable to scan for viruses

I've seen this on a restart of the server after applying updates,   that emails came in a minute or so after the restart, the email failed "902 Unable to scan for virus " the issue was that it took clamd a good 3-4 minutes to restart, so the email failed as clamd had yet to start.

If it happens again , the check quickl that clamd is running.

Code: [Select]


sv s clamd


Title: Re: Problems with outgoing email, PDF's
Post by: ReetP on September 17, 2020, 01:17:26 PM

Good thinking Warren.

Can take quite a while to fire up clam especially on older hardware.

Title: Re: Problems with outgoing email, PDF's
Post by: Curtis on September 17, 2020, 02:12:46 PM

I'm replying to this thread because I encountered a similar, perhaps related, problem two days ago.  Email sans attachments were sent and received without issue.  Emails with attachments were sent and received inconsistently, possibly related to file type and/or size.

Reviewing /var/log/clamd/, I found: 

@400000005f60fe17021a2b7c SelfCheck: Database status OK.
@400000005f61003c0a6f68dc LibClamAV Warning: fmap: map allocation failed
@400000005f61003c0a6f6cc4 LibClamAV Error: CRITICAL: fmap() failed
@400000005f61003c0a6fa374 /var/spool/qpsmtpd/1600192546:43746:0: Can't allocate memory ERROR

In any case, this forum post https://forums.contribs.org/index.php?topic=54070.0 (https://forums.contribs.org/index.php?topic=54070.0) contained the solution, which for me was:

db configuration setprop clamd MemLimit 1800000000
signal-event clamav-update

Users have reported no issues since.  Hope this will help out someone else.  Good luck!

 

Title: Re: Problems with outgoing email, PDF's
Post by: Smitro on October 13, 2020, 01:20:14 AM

I'll add a 'me too' on this one. I had the same problem above and fixed it in the same way as Curtis mentioned. I first noticed it on the 6th September. So possibly caused by a clam update around that time?

Title: Re: Problems with outgoing email, PDF's
Post by: bunkobugsy on October 13, 2020, 10:50:07 AM

Quote from: Smitro on October 13, 2020, 01:20:14 AM

So possibly caused by a clam update around that time?

Nope, number of signatures just keeps getting bigger. Soon everyone is going to hit this.

> The database contains 8895465 virus signatures. - reported by sme9admin

> Database correctly reloaded (9328954 signatures) - taken from clamd log

Difference is from unofficial sigs, currently running wo issues with MemLimit 2GB (server has 8GB).