Install qmail-scanner

@Eric : Thanks for your help. I'm currently (and finally) working on an updated version and all your remarks were really useful

Fresh install of Debian 7.5 Wheezy

Lots of issues all due to the suidperl.  How I got it to finally work here, I have NO clue,  I've been at this for a number of hours.

Once I went to the ./configure line, I ended up having to create the following directory:

/var/spool/qscan

in order to copy the quarantine-events.txt file.

Hello,

I recently upgraded spamassassin to version 3.4.0

Having difficulty getting qmailscanner to recognize the upgrade.

I tried:

# sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl -z

(no errors)

then

# chown qscand:qscand /var/spool/qscan/qmail-scanner-queue-version.txt

(no errors)

qmailscanner reports the 3.2.4 version of spamassassin in the X-Qmail-Scanner-Diagnostics portion of the received email header.

Suggestions?

For all of those who applied the sudo fix by Antartica for Debian 7, there is a small but yet very important thing to do. You should add to the /etc/sudoers file the following line:

Defaults        env_keep +="TCPREMOTEIP TCPREMOTEHOST TCPREMOTEINFO REMOTE_OS REMOTE_COUNTRY QS_SPAMASSASSIN SA_ONLYDELETE_HOST SA_WHITELIST"

The reason behind this is that by default sudo resets the environment variables when executing the command. Thus qmail-scanner cannot recognize the important info regarding the incoming mail and treats everything as coming from localhost, which leads to passing everything without scanning. The above line preserves the important ENV variables for qmail-scanner.

Hope this helps.

Greets,

bstd

Hi Nikolay,

The syslog fix works stopping the console messages. But it still places messages in /var/log/messages. 

I've been using an older version wich was logging to /var/log/maillog. 

Is it possible to change this behaviour?

Thanks,

Richard

@Keven

open /etc/rsyslog.conf and find the line starting with

*.emerg

add ;user.none right after it:

*.emerg;user.none ......

and the messages will dissapear. For some reason the wrapper does not use the proper syslog facility (eventually).

I install now debian 7 with perl 5.14.2

i tested all with no effect

i write 2 line in /var/qmail/bin/qmail-scanner-queue.pl

1: my $real_uid="qscand";

2: my $effective_uid="qscand";

next i change permissions folders und files /var/spool/qscand

now all work super with no problem

@Antartica,  follow your steps, everything is fine. but only one thing make me crazy.

on consol/terminal, I always get system message like this,

"Message from syslogd@host.domain.tld  at Sep 25 6:50:28 ...

 qmail-scanner-queue.pl: qmail-scanner[23636]: Clear:RC:1(127.0.0.1): ...."

I have no idea, why this happening.

if I comment this code line, "ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl", then there is no consol message.

anyone has same problem?

Typo in the quick fix, here is what I ran and it worked:

chown qscand:qscand /var/spool/qscan/*

Another tip: if you initialized qmail-scanner-queue.pl with suid and suid wasn't supported, the permissions of

/var/spool/qscand/qmail-scanner-queue-version.txt

could be wrongly generated. They should be qscand:qscand

Quick fix:
# chmod qscad:qscand /var/spool/qscand/*

Warning: malformed code in my previous post (somehow a < has been dropped; the getpwuid call is: getpwuid($<):

===CUT===

$ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($<) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
}

===CUT===

Sorry for the inconvenience.

In Wheezy (Debian 7), doing the "./test_installation.sh -doit" results in the error "qmail-inject: fatal: qq temporary problem (#4.3.0)" mentioned in other posts.

I've finally found a way to make it work.

The problem is that qmail-scanner-queue.pl is executing as "root" and clamav as qscand, so clamav can't chdir into the directory qmail-scanner-queue.pl creates to check viruses.

I tried to fix it using suid and the C wrapper but strangely the error persisted (although when calling the wrapper manually the suid was being honoured :-? ). I uninstalled the C wrapper.

My final solution (that works) is using sudo and modifying  qmail-scanner-queue.pl so that it reloads with the correct user using sudo (to be clear: with this approach there is no need for the C wrapper)

So, steps to fix it:

1. Install sudo

# apt-get install sudo

2. Execute "visudo"

# visudo

3. Add the following line

ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl

4. Save and exit

5. Edit /var/qmail/bin/qmail-scanner-queue.pl

# vi /var/qmail/bin/qmail-scanner-queue.pl

6. Go to line 71

:71

7. Add the following lines

$ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
}

8. Save and exit (:wq)

Try again the
# cd /downloads/qmail-scanner-2.10st/contrib
# ./test_installation.sh -doit

...and this time it should work :)

NOTE: the step of:
/var/qmail/bin/qmail-scanner-queue.pl -g
has to be changed to
# sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl -g
as the "reexec" inside the modified  qmail-scanner-queue.pl doesn't pass parameters.

Being stupid and having just completed a complete install on Squeeze, I thought it would be okay to start fresh with wheezy, NOT.

Got through almost everything until here, and I have no idea what you mean by using the C wrapper.

"For all the users with setuid issues: check thart you use the C wrapper as QMAILQUEUE"

I looked around and could not find any instructions at all.  

For all the users with setuid issues: check thart you use the C wrapper as QMAILQUEUE and check the following URL:

https://www.tnpi.net/internet/mail/toaster/filtering/content/qmail-scanner.shtml (permissions on both qmail-scanner-queue.pl 0750 and qmail-scanner.queue 4755 should be set correct, then the wrapper works perfect on ubuntu 12.04 and debian wheezy!

This could help you if you are facing strange non-delivered mail with attachment : http://blog.gmane.org/gmane.mail.qmail.scanner/month=20121101

@Tokie:

Stesso problema, risolto cosi:

export LANG=en_GB

export LC_ALL=en_GB
export LANGUAGE=en_GB

riavvi la shell ed è tutto ok :)

@Zhay

miss http://qmailrocks.thibs.com/qmail-ucspi.php

done with installing ucspi-ssl :D

rooo@xxx:~# qmailctl stat
/service/qmail-send: up (pid 2365) 397 seconds
/service/qmail-send/log: up (pid 2364) 397 seconds
/service/qmail-smtpd: up (pid 2358) 397 seconds
/service/qmail-smtpd/log: up (pid 2359) 397 seconds
/service/qmail-smtpdssl: up (pid 4740) 1 seconds
/service/qmail-smtpdssl/log: up (pid 2367) 397 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

tail /var/log/qmail/qmail-smtpdssl/current

@400000004fb2645f3548a5dc ERROR: sslserver not found in PATH [/var/qmail/bin:/usr/local/bin:/usr/bin:/bin]

installing on lucid 10.04 ... :((

@Radiotrib: So far the only way I have found to get pass the error mentioned by Goofy is to make the clamav daemon run as root. This is far from ideal and I am still searching for another solution. So far I am been looking for roughly 3 weeks and it is driving me mad. I have checked the qmail-scanner mailing list and found someone else with the same issue but there is no solution mention in the email thread.

http://www.mail-archive.com/qmail-scanner-general@lists.sourceforge.net/msg07486.html

Forget my last comment ... most of my issues were being caused by permissions orpblems after I reinstalled over a previous install. Almost all done now except for pyzor ... and another problem which I noted on the relevant page.

I get exactly the same symptoms as Goofy when I try to run the test, but his solution doesn't work at all for me. I'm running on Ubuntu 1.04, and the Perl doesn't support suid any more ,s I have to use the C wrapper ...

I was always used to using softlimit, but that also seems to have evaporated from the qmail world since last time i installed it.

Any advce ?? anyone ??

@Tokie :

Try dpkg-reconfigure locales

Choose the locales you want to install. Choose at least it_IT ISO-8859-1

Then select it_IT ISO-8859-1 as default

Note that I'm not sure of this solution ... but as the author of the patch is italian, I suppose he has an italian translation ;-)

Hi to all,

i'm an italian user and I had the following matter:

root@debian:/downloads/qmail-scanner-2.10st# ./configure --admin postmaster --domain wivagroup.com --local-domains "wivagroup.com" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0

   Building Qmail-Scanner 2.10st-20111118...


                ***** NOTE ******

Qmail-Scanner doesn't have language translations for it_IT.UTF-8

root@debian:/downloads/qmail-scanner-2.10st#

I don't have found a solution on internet, so I modify the file configure replacing the en-GB with it_IT.

configure it's too big to past here; if anyone needs the files contact me by email.

Bye

I've done this task in another way, I've cutted off the patch bit with antivirus and antispam part.

@Jevgenijus : If you want to avoid it, you just have to comment QMAILQUEUE variable in /etc/service/qmail-smtpd/run

Like an option it could be nice have a choice to make installation without antivirus ant antispam filtering, cause where are sistems who goes after Antispam/antivirus gateways, so nothing to check, all emails are already checked or tagged with some spam flags:)

@Dbrandib : Check page removemta.php for complete procedure on how to remove installed MTA

Solved!!! I have a sendmail running on 25 port. I did not remove it properly. After check processes by  netstat -anp |grep LIST I found that process running. I killed it, remove package, restart qmail and now everything is fine.

Regards

Dear all,

after follow all guide I have an error on qmail-smtpd. The error is:

" tcpserver: fatal: unable to bind: address already used"

Any idea?

Regards

@lawrence : I'm currently testing simscan and I plan to make a page about it. My only fear is about the last release date (4 years ago).

I plan to describe dovecot too. As far as I know, the standard Debian package is compiled with the option "--without-vpopmail". I have to decide if I'll described how to recompile the package with vpopmail or if I'll describe with MySQL authentication

I would actually suggest dumping qmail-scanner, and using simscan.

Its a lot faster, and less resource heavy.

Also slots in quite nicely with qmailrocks/jms with minimal changes.

Similar for courier - I use dovecot - again, much easier to install, and use.  

@Lawmanlkm

Those links should interrest you :

https://www.antagonism.org/mail/tnefclean-maildrop.shtml

https://www.antagonism.org/mail/policy-qms.shtml

@Lawmanlkm

aptitude install tnef

How to integrate tnef decoder with qmail-scanner in order to prevent winmail.dat?

One step before testing with qmailscan, that is missed is:

/etc/init.d/clamav-daemon restart

/etc/init.d/clamav-freshclam restart

If this two commands are missed:

root@debian:/downloads/qmail-scanner-2.08st/contrib# ./test_installation.sh -doit

Sending standard test message - no viruses... 1/4

qmail-inject: fatal: qq temporary problem (#4.3.0)

Bad error. qmail-inject died

It seems that I needed to restart the system after installing demontools in order for svscan to be started. Alternatively svscan could be startde manually.

This fixed it.

@KFCS It seems you've missed something at this step

On Lucid. When trying to atart/stat qmail, I got:

root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl start
Starting qmail

qmail-send supervise not running
qmail-smtpd supervise not running
qmail-smtpd supervise not running
root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl stat
/service/qmail-send: unable to open supervise/ok: file does not exist
/service/qmail-send/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpd: unable to open supervise/ok: file does not exist
/service/qmail-smtpd/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl/log: unable to open supervise/ok: file does not exist
messages in queue: 0
messages in queue but not yet preprocessed: 0
root@kfcs:/downloads/qmail-scanner-2.08st#

Hmm, while doing this on LUCID got stuck here for a while...

Complaining when executing ./test_installation.sh -doit about:
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

Errors in /var/log/clamav/clamav.log ->
 WARNING: lstat() failed on: /var/spool/qscan/tmp/mail<numbers>

Errors in /var/log/qmail/qscan/qmail-queue.log ->
 subj='Qmail-Scanner test (1/4): inoffensive message', via local process <number> <data> error_condition: X-Qmail-Scanner-2.08st: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

Errors in /var/log/kern/log ->
type=1503 audit(<number>):  operation="open" pid=<number> parent=1 profile="/usr/sbin/clamd" requested_mask="r::" denied_mask="r::" fsuid=168 ouid=168 name="/var/spool/qscan/tmp/mail<number>/"

It turns out that the APP-ARMOR profile for clamav is not correct....

By executing "aa-complain /usr/sbin/clamd" the profile is put in complain mode and the command "./test_installation.sh -doit" is doing it's job :-)