Installation Problems
- 0. How can I diagnose qscanq configuration errors?
Starting with version 0.38, qscanq will self-diagnose. If you set the environment variable DEBUG to any value whatsoever, then qscanq will print error messages to stderr. Run the tests described in the installation instructions with DEBUG set, and you will get an error message identifying misconfiguration or other problems.
If you have a problem that only shows itself during delivery, you must wrap qscanq in a script that sets DEBUG, runs qscanq, and captures the output to a file. No such script is provided, because this is to be discouraged! If qscanq is run with DEBUG set, and stderr is not redirected, then it diagnostic messages may be sent to the SMTP client, with bad results.
- 1. When I try sending a test message, I get the error, "451 qq read error (#4.3.0)".
This is practically always because you don't have ripmime installed. In the installation directions, the pre-requisites section says to install ripmime. This utility is used to extract attachments so they can be scanned. If you have installed it, make sure the path in conf-ripmime is correct, and that you can run ripmime from the command line.
Two other problems can cause this error, but they are practically impossible. One is that opening the message file for scanning fails, and the other is that qscanq fails to move a file descriptor. These essentially can't happen.
- 2. When I try sending a test message, I get the error, "451 mail server temporarily rejected message (#4.3.0)".
This can result from any of the following. In order of likelihood:
- Your virus scanner could be returning an error other than a virus detection. This is almost always the problem. Most often it's because you are using ulimits, and have not allowed enough memory for your scanner to run. It might also be because you've given the wrong path to the scanner in conf-scancmd at compile time, or because the scanner itself has a problem.
- qscanq may be failing to execute qmail-queue. This is next to impossible, unless you've moved qmail-queue or the permissions are somehow messed up.
- qscanq fails to run qscanq-stdin. This is even more rare.
- qscanq can't chdir to the folder in which it spools messages for scanning. This can't happen unless the permissions to the spool folder have been messed up; installing qscanq sets the permissions exactly right.
- qscanq can't determine the exit status of qscanq-stdin. This would essentially suggest an OS bug, and is vanishingly rare.
That's right, I'm afraid it doesn't. Solaris handles directory permissions a bit differently than Linux and BSD, so at the moment clamdscan will not work. But clamscan, antivir and other scanners will work just fine.
There is also a workaround that you can experiment with. If a good solution is contributed, I will fold it into qscanq or the documentation. Here's what you do:
- Create a shell script like the following:
#!/bin/sh find . -type f -print0|xargs -0 cat|clamdscan -
- Put the path to this shell script in conf-scancmd.
- Proceed to build and install qscanq according to the instructions.
General Questions
- 0. Is there a mailing list for qscanq?
Yes. To subscribe, send a blank email to qscanq-subscribe@qscanq.org and follow the instructions in the reply. In the past, questions about qscanq were sent to the qmail mailing list. While that may still be appropriate for general qscanq/qmail admin questions, discussion of qscanq, especially feature requests, philosophy and the like, should be directed to the qscanq mailing list, now that it exists.
- 1. Can you determine what virus was detected?
Yes. To do that, you need a virus scanner that logs virus detections.
If you use clamd, you can find the virus detections identified in the clamd log. These can even be correlated with qmail-smtpd logs with a bit of scripting work. The path to the infected file includes a folder name that looks like:
/var/qmail/qscanq/root/scanq/@400000004023026e109a2904.3009.1/work/...
In this path, the .3009. gives the PID of qmail-smtpd, in hexadecimal. Convert this to decimal, and it will match the PID found in the qmail-smtpd logs.
If you use some other scanner, check whether it can be configured to log to syslog.
- 2. Can qscanq generate a bounce message explaining what virus was detected?
No.
- 3. Well, shouldn't it?
No. Infected emails essentially never originate from users accidentally mailing infected files. Viruses email themselves today. Nobody will read the bounce message; nobody was actually trying to send you anything; nobody wants the message to get through, and nobody wants an informative message concerning why.
- 4. How about notifying the sender that an infected email to him was bounced?
See above, times ten. The infected email is essentially always an unsolicited email, containing no desired information. Telling me that I was almost victimized by a virus from someone who wasn't writing me and wasn't sending me anything is pretty ironic! Please don't bother me to tell me that you're not bothering me with a virus email...
- 5. What would it take to add informative messages to bounces?
It would be easy enough. Add more messages to qmail-smtpd, and then change qscanq's exit codes to use them. One of the design goals of qscanq was not to alter qmail code in any way.
Of course! Use the source, Luke! Modify qscanq-stdin.c to return 0 instead of QQ_XPERM. This will convince qmail-smtpd that the message was handled, when in fact it was discarded.
Absolutely! Starting with qscanq version 0.41, you can tell qscanq to invoke the program of your choice instead of qmail-queue. To do this, use the following steps:
- Install qscanq to be used with Bruce Guenter's QMAILQUEUE patch.
- Create a shell script that invokes /package/mail/qscanq/command/qscanq NEXT-APP [ARG1] [ARG2] ...
- Set the QMAILQUEUE environment variable to point to your script.
- Make sure that NEXT-APP will call qmail-queue, because qscanq will take no further actions after it calls NEXT-APP.
