[Mimedefang] Installed FPScan and it's just hanging and then timing out.

mimedefang at bass-speaker.com mimedefang at bass-speaker.com
Thu Feb 4 15:22:20 EST 2016


I've been using mimedefang with clamscan (and a few others like Kavscanner
etc)  for many years as the basis for my mail system. Recently, I started
receiving a lot of the empty msoffice documents with macro viruses, which
clamscan doesn't detect at all. So I decided to grab a licence for fpscan.
(Oh I was using 2.73 and hve updated to 2.78 with no differences)



F-PROT Antivirus for Linux Workstations - 1 user 
#9    Corporate Use    Subscription 


However, having added :

$Features{"Virus:FPSCAN"} ='/usr/local/bin/fpscan';


And using (as my second engine) 

my($lclscannertwocode, $lclscannertwocategory, $lclscannertwoaction) =


then mimedefang does indeed start the virus scanner, but it just seems to
hang for about 10mins and then times out I guess


here is the result from ps -ef for the scan

defang   23812 22632  0 20:11 ?        00:00:00 /usr/local/bin/fpscan
--report --archive=5 --scanlevel=4 --heurlevel=3 ./Work


and here is the result of su'ing to defang and running the above command
(works as expected)


root at mailserver01a:/var/spool/MIMEDefang/mdefang-u14KBLch023801# su defang

defang at mailserver01a:~/mdefang-u14KBLch023801$

defang at mailserver01a:~/mdefang-u14KBLch023801$ /usr/local/bin/fpscan
--report --archive=5 --scanlevel=4 --heurlevel=3 ./Work


F-PROT Antivirus CLS version, 64bit (built: 2012-03-27T11-39-07)



FRISK Software International (C) Copyright 1989-2011

Engine version:

Arguments:        --report --archive=5 --scanlevel=4 --heurlevel=3 ./Work

Virus signatures: 201602040833



Scanning: |




Files: 2

Skipped files: 0

MBR/boot sectors checked: 0

Objects scanned: 3

Infected objects: 0

Infected files: 0

Files with errors: 0

Disinfected: 0


Running time: 00:01

defang at mailserver01a:~/mdefang-u14KBLch023801$



The stack for the stalled process is showing :


root at mailserver01a:/var/spool/MIMEDefang/mdefang-u14KBLch023801# cat

[<ffffffff811c6ba1>] pipe_wait+0x61/0xa0

[<ffffffff811c7418>] pipe_read+0x288/0x3e0

[<ffffffff811bdcfa>] do_sync_read+0x5a/0x90

[<ffffffff811be395>] vfs_read+0x95/0x160

[<ffffffff811beea9>] SyS_read+0x49/0xa0

[<ffffffff8173575d>] system_call_fastpath+0x1a/0x1f

[<ffffffffffffffff>] 0xffffffffffffffff



This is now beyond my scope I think, I tried this :



$cmd = "/usr/local/bin/fpscan --report --archive=5  --scanlevel=4
--heurlevel=3 $path 2>&1";

$match = "time:";


    my($msg) = "";

    $CurrentVirusScannerMessage = "";

    $match = ".*" unless defined($match);


my($code, $category, $action) =run_virus_scanner($cmd,$match);

print $code;

print $category;



sub run_virus_scanner ($;$) {

    my($cmd, $match) = @_;


    my($msg) = "";

    $CurrentVirusScannerMessage = "";


    $match = ".*" unless defined($match);

    unless (open(SCANNER, "$cmd |")) {

        $msg = "Unable to execute $cmd: $!";

        md_syslog('err', "run_virus_scanner: $msg");

        $VirusScannerMessages .= "$msg\n";

        $CurrentVirusScannerMessage = $msg;

        return (999, 'cannot-execute', 'tempfail');


    while(<SCANNER>) {

        $msg .= $_ if /$match/i;



    $retcode = $? / 256;


    # Some daemons are instructed to save output in a file

    if (open(REPORT, "DAEMON.RPT")) {

        while(<REPORT>) {

            $msg .= $_ if /$match/i;






    $VirusScannerMessages .= $msg;

    $CurrentVirusScannerMessage = $msg;

    return ($retcode, 'ok', 'proceed');



And it worked as expected.


Anyone got any Ideas ?






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20160204/26838143/attachment-0002.html>

More information about the MIMEDefang mailing list