下面是我的日志,但是我到[email protected]就是没有找到警告信啊,只有测试的信件~而且我把有病毒邮件发给同邮件域内的成员也并没有拦截和发出警告,怎么回事?
Wed, 08 Sep 2004 09:37:34 CST:14516: +++ starting debugging for process 14516 by uid=0
Wed, 08 Sep 2004 09:37:34 CST:14516: setting UID to EUID so subprocesses can access files generated by this script
Wed, 08 Sep 2004 09:37:34 CST:14516: program name is qmail-scanner-queue.pl, version 1.23
Wed, 08 Sep 2004 09:37:34 CST:14516: s_q: re-create the quarantine version file
Wed, 08 Sep 2004 09:37:34 CST:14516: s_q: detecting version of clamdscan
Wed, 08 Sep 2004 09:37:34 CST:14516: s_q: cleaning up files older than 2 days via /usr/bin/find /var/spool/qmailscan//tmp -mtime +2 -exec /bin/rm -rf {} ;
三, 08 9月 2004 09:51:44 CST:14716: +++ starting debugging for process 14716 by uid=0
三, 08 9月 2004 09:51:44 CST:14716: setting UID to EUID so subprocesses can access files generated by this script
三, 08 9月 2004 09:51:44 CST:14716: program name is qmail-scanner-queue.pl, version 1.23
三, 08 9月 2004 09:51:44 CST:14716: s_q: re-create the quarantine version file
三, 08 9月 2004 09:51:44 CST:14716: s_q: detecting version of clamdscan
三, 08 9月 2004 09:51:44 CST:14716: s_q: cleaning up files older than 2 days via /usr/bin/find /var/spool/qmailscan//tmp -mtime +2 -exec /bin/rm -rf {} ;
三, 08 9月 2004 09:51:52 CST:14720: +++ starting debugging for process 14720 by uid=0
三, 08 9月 2004 09:51:52 CST:14720: setting UID to EUID so subprocesses can access files generated by this script
三, 08 9月 2004 09:51:52 CST:14720: program name is qmail-scanner-queue.pl, version 1.23
三, 08 9月 2004 09:51:52 CST:14720: incoming pipe connection from via local process 14720
三, 08 9月 2004 09:51:52 CST:14720: w_c: mkdir /var/spool/qmailscan//tmp/rh9linux109460831248214720
三, 08 9月 2004 09:51:52 CST:14720: w_c: start dumping incoming msg into /var/spool/qmailscan//working/tmp/rh9linux109460831248214720 [0.001463]
三, 08 9月 2004 10:03:52 CST:14767: +++ starting debugging for process 14767 by uid=0
三, 08 9月 2004 10:03:52 CST:14767: setting UID to EUID so subprocesses can access files generated by this script
三, 08 9月 2004 10:03:52 CST:14767: program name is qmail-scanner-queue.pl, version 1.23
三, 08 9月 2004 10:03:52 CST:14767: incoming pipe connection from via local process 14767
三, 08 9月 2004 10:03:52 CST:14767: w_c: mkdir /var/spool/qmailscan//tmp/rh9linux109460903248214767
三, 08 9月 2004 10:03:52 CST:14767: w_c: start dumping incoming msg into /var/spool/qmailscan//working/tmp/rh9linux109460903248214767 [0.001455]
三, 08 9月 2004 10:03:52 CST:14767: w_c: rename new msg from /var/spool/qmailscan//working/tmp/rh9linux109460903248214767 to /var/spool/qmailscan//working/new/rh9linux109460903248214767 [0.001711]
三, 08 9月 2004 10:03:52 CST:14767: d_m: starting /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109460903248214767/ </var/spool/qmailscan//working/new/rh9linux109460903248214767 [0.000473]
三, 08 9月 2004 10:03:52 CST:14767: d_m: finished /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109460903248214767/ [0.006987]
三, 08 9月 2004 10:03:52 CST:14767: d_m: unpacking message took 0.007295 seconds
三, 08 9月 2004 10:03:52 CST:14767: unsetting QMAILQUEUE env var
三, 08 9月 2004 10:03:52 CST:14767: g_e_h: return-path is "", recips is "[email protected]"
三, 08 9月 2004 10:03:52 CST:14767: from=Qmail-Scanner Test <[email protected]>,subj=Qmail-Scanner test (1/4): inoffensive message, x-qmail-scanner-message-id=<[email protected]> via local process 14767
三, 08 9月 2004 10:03:52 CST:14767: This is a PLAIN text message (because it's either not mime, or is text/plain), skip virus scanners - but not SA
三, 08 9月 2004 10:03:52 CST:14767: ini_sc: start scanning
三, 08 9月 2004 10:03:52 CST:14767: ini_sc: recursively scan the directory /var/spool/qmailscan//tmp/rh9linux109460903248214767/
三, 08 9月 2004 10:03:52 CST:14767: scanloop: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109460903248214767"...
三, 08 9月 2004 10:03:52 CST:14767: scanloop: scanner=clamdscan_scanner,plain_text_msg=1
三, 08 9月 2004 10:03:52 CST:14767: scanloop: finished scan of "/var/spool/qmailscan//tmp/rh9linux109460903248214767"...
三, 08 9月 2004 10:03:52 CST:14767: p_s: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109460903248214767"...
三, 08 9月 2004 10:03:52 CST:14767: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love Letter Virus/Trojan'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing subject: ILOVEYOU
三, 08 9月 2004 10:03:52 CST:14767: p_s: '82:message/partial.*' = 'Virus-content-type' = 'Message/partial MIME attachments blocked by policy'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing content-type: message/partial.*
三, 08 9月 2004 10:03:52 CST:14767: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header Buffer Overflow'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing date: .{100,}
三, 08 9月 2004 10:03:52 CST:14767: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME Header Buffer Overflow '
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing mime-version: .{100,}
三, 08 9月 2004 10:03:52 CST:14767: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME Header Buffer Overflow'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing resent-date: .{100,}
三, 08 9月 2004 10:03:52 CST:14767: p_s: '90:[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]' = 'Virus-to' = 'BadTrans Trojan exploit!'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a header!
三, 08 9月 2004 10:03:52 CST:14767: p_s: checking for objects containing to: [email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]
三, 08 9月 2004 10:03:52 CST:14767: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a size!
三, 08 9月 2004 10:03:52 CST:14767: p_s: 'happy99.exe' = '10000' = 'Happy99 Trojan'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a size!
三, 08 9月 2004 10:03:52 CST:14767: p_s: 'zipped_files.exe' = '120495' = 'W32/ExploreZip.worm.pak virus'
三, 08 9月 2004 10:03:52 CST:14767: p_s: type is a size!
三, 08 9月 2004 10:03:52 CST:14767: p_s: skipping auto-generated file 1094609032.14769-0.rh9linux
三, 08 9月 2004 10:03:52 CST:14767: p_s: skipping auto-generated file orig-rh9linux109460903248214767
三, 08 9月 2004 10:03:52 CST:14767: p_s: finished scan of dir "/var/spool/qmailscan//tmp/rh9linux109460903248214767" in 0.009984 secs
三, 08 9月 2004 10:03:52 CST:14767: ini_sc: scanning message took 0.010719 seconds
三, 08 9月 2004 10:03:52 CST:14767: q_r: fork off child into /var/qmail/bin//qmail-queue...
三, 08 9月 2004 10:03:52 CST:14771: q_r: xstatus=0
三, 08 9月 2004 10:03:52 CST:14767: qmail-scanner[14767]: Clear:RC:1(127.0.0.1): 0.02267 312 <> [email protected] Qmail-Scanner_test_(1/4):_inoffensive_message <[email protected]> 1094609032.14769-0.rh9linux:68 orig-rh9linux109460903248214767:312
三, 08 9月 2004 10:03:52 CST:14767: cleanup: /bin/rm -rf /var/spool/qmailscan//tmp/rh9linux109460903248214767/ /var/spool/qmailscan//working/new/rh9linux109460903248214767
三, 08 9月 2004 10:03:52 CST:14767: all finished. Total of 0.140041 secs
三, 08 9月 2004 10:03:53 CST:14776: +++ starting debugging for process 14776 by uid=0
三, 08 9月 2004 10:03:53 CST:14776: setting UID to EUID so subprocesses can access files generated by this script
三, 08 9月 2004 10:03:53 CST:14776: program name is qmail-scanner-queue.pl, version 1.23
三, 08 9月 2004 10:03:53 CST:14776: incoming pipe connection from via local process 14776
三, 08 9月 2004 10:03:53 CST:14776: w_c: mkdir /var/spool/qmailscan//tmp/rh9linux109460903348214776
三, 08 9月 2004 10:03:53 CST:14776: w_c: start dumping incoming msg into /var/spool/qmailscan//working/tmp/rh9linux109460903348214776 [0.001481]
三, 08 9月 2004 10:03:53 CST:14776: w_c: primary Content-Type of multipart/mixed found
三, 08 9月 2004 10:03:53 CST:14776: w_c: found a top-level boundary definition of gKMricLos\+KVdGMg
三, 08 9月 2004 10:03:53 CST:14776: c_a_g: found MIME attachment
三, 08 9月 2004 10:03:53 CST:14776: w_c: attachment 1: Content-Type of text/plain found
三, 08 9月 2004 10:03:53 CST:14776: found C-D attachment filename eicar.com
三, 08 9月 2004 10:03:53 CST:14776: w_c: attachment 2: Content-Type of text/plain found
三, 08 9月 2004 10:03:53 CST:14776: w_c: rename new msg from /var/spool/qmailscan//working/tmp/rh9linux109460903348214776 to /var/spool/qmailscan//working/new/rh9linux109460903348214776 [0.004299]
三, 08 9月 2004 10:03:53 CST:14776: d_m: starting /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109460903348214776/ </var/spool/qmailscan//working/new/rh9linux109460903348214776 [0.000495]
三, 08 9月 2004 10:03:53 CST:14776: d_m: finished /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109460903348214776/ [0.007325]
三, 08 9月 2004 10:03:53 CST:14776: d_m: unpacking message took 0.007659 seconds
三, 08 9月 2004 10:03:53 CST:14776: unsetting QMAILQUEUE env var
三, 08 9月 2004 10:03:53 CST:14776: g_e_h: return-path is "", recips is "[email protected]"
三, 08 9月 2004 10:03:53 CST:14776: from=Qmail-Scanner Test <[email protected]>,subj=Qmail-Scanner viral test (2/4): checking perlscanner..., x-qmail-scanner-message-id=<[email protected]> via local process 14776
三, 08 9月 2004 10:03:53 CST:14776: ini_sc: start scanning
三, 08 9月 2004 10:03:53 CST:14776: ini_sc: recursively scan the directory /var/spool/qmailscan//tmp/rh9linux109460903348214776/
三, 08 9月 2004 10:03:53 CST:14776: scanloop: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109460903348214776"...
三, 08 9月 2004 10:03:53 CST:14776: scanloop: scanner=clamdscan_scanner,plain_text_msg=0
三, 08 9月 2004 10:03:53 CST:14776: clamdscan: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109460903348214776"...
三, 08 9月 2004 10:03:53 CST:14776: run /usr/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space=100000 /var/spool/qmailscan//tmp/rh9linux109460903348214776 2>&1
三, 08 9月 2004 10:03:53 CST:14776: --output of clamdscan was:
/var/spool/qmailscan//tmp/rh9linux109460903348214776: Can't access the file ERROR
--
三, 08 9月 2004 10:03:53 CST:14776: error_condition: X-Qmail-Scanner-1.23: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
三, 08 9月 2004 11:35:12 CST:14836: +++ starting debugging for process 14836 by uid=0
三, 08 9月 2004 11:35:12 CST:14836: setting UID to EUID so subprocesses can access files generated by this script
三, 08 9月 2004 11:35:12 CST:14836: program name is qmail-scanner-queue.pl, version 1.23
三, 08 9月 2004 11:35:12 CST:14836: incoming pipe connection from via local process 14836
三, 08 9月 2004 11:35:12 CST:14836: w_c: mkdir /var/spool/qmailscan//tmp/rh9linux109461451248214836
三, 08 9月 2004 11:35:12 CST:14836: w_c: start dumping incoming msg into /var/spool/qmailscan//working/tmp/rh9linux109461451248214836 [0.001421]
三, 08 9月 2004 11:35:12 CST:14836: w_c: rename new msg from /var/spool/qmailscan//working/tmp/rh9linux109461451248214836 to /var/spool/qmailscan//working/new/rh9linux109461451248214836 [0.001704]
三, 08 9月 2004 11:35:12 CST:14836: d_m: starting /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109461451248214836/ </var/spool/qmailscan//working/new/rh9linux109461451248214836 [0.000468]
三, 08 9月 2004 11:35:12 CST:14836: d_m: finished /usr/local/bin/reformime -x/var/spool/qmailscan//tmp/rh9linux109461451248214836/ [0.006915]
三, 08 9月 2004 11:35:12 CST:14836: d_m: unpacking message took 0.007246 seconds
三, 08 9月 2004 11:35:12 CST:14836: unsetting QMAILQUEUE env var
三, 08 9月 2004 11:35:12 CST:14836: g_e_h: return-path is "", recips is "[email protected]"
三, 08 9月 2004 11:35:12 CST:14836: from=Qmail-Scanner Test <[email protected]>,subj=Qmail-Scanner test (1/4): inoffensive message, x-qmail-scanner-message-id=<[email protected]> via local process 14836
三, 08 9月 2004 11:35:12 CST:14836: This is a PLAIN text message (because it's either not mime, or is text/plain), skip virus scanners - but not SA
三, 08 9月 2004 11:35:12 CST:14836: ini_sc: start scanning
三, 08 9月 2004 11:35:12 CST:14836: ini_sc: recursively scan the directory /var/spool/qmailscan//tmp/rh9linux109461451248214836/
三, 08 9月 2004 11:35:12 CST:14836: scanloop: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109461451248214836"...
三, 08 9月 2004 11:35:12 CST:14836: scanloop: scanner=clamdscan_scanner,plain_text_msg=1
三, 08 9月 2004 11:35:12 CST:14836: scanloop: finished scan of "/var/spool/qmailscan//tmp/rh9linux109461451248214836"...
三, 08 9月 2004 11:35:12 CST:14836: p_s: starting scan of directory "/var/spool/qmailscan//tmp/rh9linux109461451248214836"...
三, 08 9月 2004 11:35:12 CST:14836: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love Letter Virus/Trojan'
三, 08 9月 2004 11:35:12 CST:14836: p_s: type is a header!
三, 08 9月 2004 11:35:12 CST:14836: p_s: checking for objects containing subject: ILOVEYOU
三, 08 9月 2004 11:35:12 CST:14836: p_s: '82:message/partial.*' = 'Virus-content-type' = 'Message/partial MIME attachments blocked by policy'
三, 08 9月 2004 11:35:12 CST:14836: p_s: type is a header!
三, 08 9月 2004 11:35:12 CST:14836: p_s: checking for objects containing content-type: message/partial.*
三, 08 9月 2004 11:35:12 CST:14836: p_s: '85:.{100,}' = 'Virus-date' = 'MIME Header Buffer Overflow'
三, 08 9月 2004 11:35:12 CST:14836: p_s: type is a header!
三, 08 9月 2004 11:35:12 CST:14836: p_s: checking for objects containing date: .{100,}
三, 08 9月 2004 11:35:12 CST:14836: p_s: '86:.{100,}' = 'Virus-mime-version' = 'MIME Header Buffer Overflow '
三, 08 9月 2004 11:35:12 CST:14836: p_s: type is a header!
三, 08 9月 2004 11:35:12 CST:14836: p_s: checking for objects containing mime-version: .{100,}
三, 08 9月 2004 11:35:12 CST:14836: p_s: '87:.{100,}' = 'Virus-resent-date' = 'MIME Header Buffer Overflow'
三, 08 9月 2004 11:35:12 CST:14836: p_s: type is a header!
三, 08 9月 2004 11:35:12 CST:14836: p_s: checking for objects containing resent-date: .{100,}
三, 08 9月 2004 11:35:12 CST:14836: p_s: '90:[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|[email protected]|muwripa@ |
IP卡
狗仔卡
发表于 2004-9-13 14:10:43
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡