[Mimedefang] Installed FPScan and it's just hanging and then timing out.
mimedefang at bass-speaker.com
mimedefang at bass-speaker.com
Thu Feb 4 15:22:20 EST 2016
Hi,
I've been using mimedefang with clamscan (and a few others like Kavscanner
etc) for many years as the basis for my mail system. Recently, I started
receiving a lot of the empty msoffice documents with macro viruses, which
clamscan doesn't detect at all. So I decided to grab a licence for fpscan.
(Oh I was using 2.73 and hve updated to 2.78 with no differences)
F-PROT Antivirus for Linux Workstations - 1 user
#9 Corporate Use Subscription
However, having added :
$Features{"Virus:FPSCAN"} ='/usr/local/bin/fpscan';
And using (as my second engine)
my($lclscannertwocode, $lclscannertwocategory, $lclscannertwoaction) =
message_contains_virus_fpscan();
then mimedefang does indeed start the virus scanner, but it just seems to
hang for about 10mins and then times out I guess
here is the result from ps -ef for the scan
defang 23812 22632 0 20:11 ? 00:00:00 /usr/local/bin/fpscan
--report --archive=5 --scanlevel=4 --heurlevel=3 ./Work
and here is the result of su'ing to defang and running the above command
(works as expected)
root at mailserver01a:/var/spool/MIMEDefang/mdefang-u14KBLch023801# su defang
defang at mailserver01a:~/mdefang-u14KBLch023801$
defang at mailserver01a:~/mdefang-u14KBLch023801$ /usr/local/bin/fpscan
--report --archive=5 --scanlevel=4 --heurlevel=3 ./Work
F-PROT Antivirus CLS version 6.7.10.6267, 64bit (built: 2012-03-27T11-39-07)
FRISK Software International (C) Copyright 1989-2011
Engine version: 4.6.5.141
Arguments: --report --archive=5 --scanlevel=4 --heurlevel=3 ./Work
Virus signatures: 201602040833
(/opt/f-prot/antivir.def)
Scanning: |
Results:
Files: 2
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 3
Infected objects: 0
Infected files: 0
Files with errors: 0
Disinfected: 0
Running time: 00:01
defang at mailserver01a:~/mdefang-u14KBLch023801$
The stack for the stalled process is showing :
root at mailserver01a:/var/spool/MIMEDefang/mdefang-u14KBLch023801# cat
/proc/23812/stack
[<ffffffff811c6ba1>] pipe_wait+0x61/0xa0
[<ffffffff811c7418>] pipe_read+0x288/0x3e0
[<ffffffff811bdcfa>] do_sync_read+0x5a/0x90
[<ffffffff811be395>] vfs_read+0x95/0x160
[<ffffffff811beea9>] SyS_read+0x49/0xa0
[<ffffffff8173575d>] system_call_fastpath+0x1a/0x1f
[<ffffffffffffffff>] 0xffffffffffffffff
This is now beyond my scope I think, I tried this :
$path='/var/spool/MIMEDefang/mdefang-p6GC5V86015052/Work';
$cmd = "/usr/local/bin/fpscan --report --archive=5 --scanlevel=4
--heurlevel=3 $path 2>&1";
$match = "time:";
my($retcode);
my($msg) = "";
$CurrentVirusScannerMessage = "";
$match = ".*" unless defined($match);
my($code, $category, $action) =run_virus_scanner($cmd,$match);
print $code;
print $category;
sub run_virus_scanner ($;$) {
my($cmd, $match) = @_;
my($retcode);
my($msg) = "";
$CurrentVirusScannerMessage = "";
$match = ".*" unless defined($match);
unless (open(SCANNER, "$cmd |")) {
$msg = "Unable to execute $cmd: $!";
md_syslog('err', "run_virus_scanner: $msg");
$VirusScannerMessages .= "$msg\n";
$CurrentVirusScannerMessage = $msg;
return (999, 'cannot-execute', 'tempfail');
}
while(<SCANNER>) {
$msg .= $_ if /$match/i;
}
close(SCANNER);
$retcode = $? / 256;
# Some daemons are instructed to save output in a file
if (open(REPORT, "DAEMON.RPT")) {
while(<REPORT>) {
$msg .= $_ if /$match/i;
}
close(REPORT);
unlink("DAEMON.RPT");
}
$VirusScannerMessages .= $msg;
$CurrentVirusScannerMessage = $msg;
return ($retcode, 'ok', 'proceed');
}
And it worked as expected.
Anyone got any Ideas ?
TIA
Mack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20160204/26838143/attachment.html>
More information about the MIMEDefang
mailing list