Re: Anomy + F-Prot for Linux (oops, typo)

Date: Tue 05 Nov 2002 - 18:53:13 GMT

  • Next message: Lucas Peet: "Problem with Anomy/Postfix/SpamAssassin"

    Thanks for the quick reply. I decided to test using the default
    configuration (now I'm just invoking with -fprotd and no other
    arguments ...), and I get the following in my /var/log/maillog:

    Nov 5 13:37:45 linux19131 fprotd[13546]: Scanner arguments: -archive -ai -
    Nov 5 13:37:45 linux19131 fprotd[13547]: Scanner arguments: -archive -ai -
    Nov 5 13:38:05 linux19131 fprotd[13549]: Scanner arguments: -archive -ai -
    Nov 5 13:38:11 linux19131 fprotd[13550]: Scanner arguments: -archive -ai -
    Nov 5 13:38:26 linux19131 fprotd[13551]: Scanner arguments: -archive -ai -

    (ignore word wrapping .. each line should start with Nov 5)

    Without digging deeper, I'm not sure why fprotd appears to be starting up
    with different process id's 5 different times. My guess is retrying. Mail
    still gets delivered, but with the following sanitizer.log:

    This message has been 'sanitized'. This means that potentially
    dangerous content has been rewritten or removed. The following
    log describes which actions were taken.

    Sanitizer (start="1036521465"):
      Part (pos="614"):
        SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
          Match (rule="2"):
            ScanFile (file="/tmp/att-3dc80ff9-5MX-unnamed.txt"):
              F-Prot: Error (-1) scanning file!
              Unknown exit code: -256

            Enforced policy: defang

          Replaced mime type with: application/DEFANGED-2520
          Replaced file name with: unnamed_txt.DEFANGED-2520

      Part (pos="722"):
        SanitizeFile (filename="sh", mimetype="application/octet-stream"):
          Match (rule="2"):
            ScanFile (file="/tmp/att-3dc81012-GXJ-sh"):
              F-Prot: Error (-1) scanning file!
              Unknown exit code: -256

            Enforced policy: defang

          Replaced mime type with: application/DEFANGED-2521
          Replaced file name with: sh.DEFANGED-2521

      Total modifications so far: 2

    Anomy 0.0.0 :
    $Id:,v 1.63 2002/10/02 16:03:01 bre Exp $

    It looks like something's awry when it goes into /tmp .. /tmp is:

    drwxrwxrwt 3 root root 4096 Nov 5 13:38 tmp

    so it should be able to read/write ... Nothing's chroot'ed either .. yet.

    Did I miss something?

    Thanks again,

    Quoting "Bjarni R. Einarsson" <>:

    > On 2002-11-05, 10:49:34 (+0000), Bjarni R. Einarsson wrote:
    > > This adds to the default configuration a rule (number 2) which will
    > > scan all attachments not blocked by rule number 2, using the daemon.
    > That should have read "not blocked by rule number 1".

    hosted by