[Avcheck] Starting problems

Fridtjof Busse Fridtjof.Busse@gmx.de
Sun, 12 Aug 2001 11:10:43 +0200 

> Did you use avpcheck or avcheck from last .tar.gz package?

Yes

> If latter, then look to infected script, at the end of it.
> Simple rule: either it sends (customizable) message to
> sender AND exits with 0 (success) or it writes some
> text to stderr (like "Message didn't pass the virus check")
> and exit with EX_UNAVAILABLE.  What you see is the latter
> (-e option for avPcheck does the same, -b is to send bounce
> from avpcheck itself).
>
> If you're using infected.ex1 example, then comment out last
> line started with "echo \"Message ...", and uncomment a line
>  # send alert (complete message aka bounce) back to sender, omit rcpts
>  #sendrep f "" "$SENDER"
> above.

OK, the admin is now getting a virus warning.
The problem is just that now the mailsystem sends me hundreds of
warning, just deleted a "650 mails" queue.
This shouldn't happen, there are more mails every second, until the
system breaks down.
What's going wrong?
If I comment #sendrep f "" "$SENDER", everything works normal again.
Just a little text of /var/log/maillog (that was a 'tailf
/var/log/maillog > log'!):


Aug 12 11:07:57 merlin postfix/cleanup[21978]: B9A63FBC1:
message-id=<20010812090757.B9A63FBC1@merlin.fbunet.de>

Aug 12 11:07:57 merlin postfix/pipe[21979]: 7FB95FBC8:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:57 merlin postfix/pipe[21979]: 7FB95FBC8:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:57 merlin postfix/qmgr[21961]: B9A63FBC1: from=<>,
size=104942, nrcpt=2 (queue active)

Aug 12 11:07:57 merlin avcheck: infected:
from=MAILER-DAEMON@merlin.fbunet.de to=MAILER-DAEMON@merlin.fbunet.de
virus-admin@merlin.fbunet.de msg=infected: EICAR-Test-File

Aug 12 11:07:57 merlin postfix/pickup[21960]: F2771FBC8: uid=503 from=<>

Aug 12 11:07:57 merlin postfix/cleanup[21978]: F2771FBC8:
message-id=<20010812090757.F2771FBC8@merlin.fbunet.de>

Aug 12 11:07:57 merlin postfix/pipe[21979]: B9A63FBC1:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:57 merlin postfix/pipe[21979]: B9A63FBC1:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/qmgr[21961]: F2771FBC8: from=<>,
size=106241, nrcpt=2 (queue active)

Aug 12 11:07:58 merlin avcheck: infected:
from=MAILER-DAEMON@merlin.fbunet.de to=MAILER-DAEMON@merlin.fbunet.de
virus-admin@merlin.fbunet.de msg=infected: EICAR-Test-File

Aug 12 11:07:58 merlin postfix/pickup[21960]: 40BAFFBC1: uid=503 from=<>

Aug 12 11:07:58 merlin postfix/cleanup[21978]: 40BAFFBC1:
message-id=<20010812090758.40BAFFBC1@merlin.fbunet.de>

Aug 12 11:07:58 merlin postfix/pipe[21979]: F2771FBC8:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=1, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pipe[21979]: F2771FBC8:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=1, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/qmgr[21961]: 40BAFFBC1: from=<>,
size=107540, nrcpt=2 (queue active)

Aug 12 11:07:58 merlin avcheck: infected:
from=MAILER-DAEMON@merlin.fbunet.de to=MAILER-DAEMON@merlin.fbunet.de
virus-admin@merlin.fbunet.de msg=infected: EICAR-Test-File

Aug 12 11:07:58 merlin postfix/pipe[21979]: 40BAFFBC1:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pipe[21979]: 40BAFFBC1:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pickup[21960]: 7CD0AFBC8: uid=503 from=<>

Aug 12 11:07:58 merlin postfix/cleanup[21978]: 7CD0AFBC8:
message-id=<20010812090758.7CD0AFBC8@merlin.fbunet.de>

Aug 12 11:07:58 merlin postfix/qmgr[21961]: 7CD0AFBC8: from=<>,
size=108839, nrcpt=2 (queue active)

Aug 12 11:07:58 merlin avcheck: infected:
from=MAILER-DAEMON@merlin.fbunet.de to=MAILER-DAEMON@merlin.fbunet.de
virus-admin@merlin.fbunet.de msg=infected: EICAR-Test-File

Aug 12 11:07:58 merlin postfix/pickup[21960]: AFEA4FBC1: uid=503 from=<>

Aug 12 11:07:58 merlin postfix/cleanup[21978]: AFEA4FBC1:
message-id=<20010812090758.AFEA4FBC1@merlin.fbunet.de>

Aug 12 11:07:58 merlin postfix/pipe[21979]: 7CD0AFBC8:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pipe[21979]: 7CD0AFBC8:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/qmgr[21961]: AFEA4FBC1: from=<>,
size=110138, nrcpt=2 (queue active)

Aug 12 11:07:58 merlin avcheck: infected:
from=MAILER-DAEMON@merlin.fbunet.de to=MAILER-DAEMON@merlin.fbunet.de
virus-admin@merlin.fbunet.de msg=infected: EICAR-Test-File

Aug 12 11:07:58 merlin postfix/pipe[21979]: AFEA4FBC1:
to=<MAILER-DAEMON@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pipe[21979]: AFEA4FBC1:
to=<virus-admin@merlin.fbunet.de>, relay=avcheck, delay=0, status=sent
(merlin.fbunet.de)

Aug 12 11:07:58 merlin postfix/pickup[21960]: EBC27FBC8: uid=503 from=<>

Any ideas?
Thanks
Fridtjof