[clamav-users] Errir parsing PNG files and 451_mail_server_temporarily_rejected_message

Pablo Murillo info at pablomurillo.com.ar
Tue Oct 20 15:32:49 UTC 2020 

I don't think the age of a program is an issue
QMAIL is by far the best and most reliable mail server, and it was 
developed in 1998!
The problem is not program's age , the problem is the ugly programers :D
Ajajaja

All the programs are working perfect, all are patched with the relevant 
patches
I did all the tests, with clamav
Clamav is working very good, stoping a lot of viruses, the only thing I 
found was this with png files

Tell me, how can I active the " cli_dbgmsg " from libclamav ?
I have LogVerbose and Debug with yes on clamd.conf, but I don't see any 
of the messages from libclamav
Do I need to build Clamav with --enable-debug ?

Thanks
Pablo Murillo

On 10/20/2020 8:53 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 19 Oct 2020, Pablo Murillo wrote:
>
>>  I don't know if the PNG error is present from day 1 or not
>
> When exactly was day 1?
>
> Do you have any evidence that your virus scanning has ever worked at
> all?  Have you tried to test it e.g. by sending things like the EICAR
> test file?
>
> https://en.wikipedia.org/wiki/EICAR_test_file
>
> Some of the references at the foot of that page may be useful to you.
>
>> I'm not using milter, I'm using SimScan ...
>
> I'm not sure how much help I'll be able to give you with Simscan. The
> little searching I've done about it doesn't fill me with confidence.
>
> While writing my previous mail it crossed my mind to ask if you knew
> that your version of Spamdyke was six years old, but I decided to let
> it pass.  But I do now think that you need to look at your toolchain.
> Do you know exactly which version of Simscan you're using?  It seems
> there are several.  Looking at
>
> https://sourceforge.net/projects/simscan/files/
>
> for example, Simscan was last updated on October 29th 2007. Looking at
>
> https://github.com/qmail/simscan
>
> it was cleaned up and 'modernized' around 2014 but the changelog looks
> rather sparse from 2007 onwards.
>
> I had a quick look for the alleged Simscan mailing list archives and
> failed to find anything.
>
> Have you applied any patches to Simscan?  See for example
>
> https://freebsdrocks.net/simscan.shtml
>
> The last 13 years has seen ClamAV continuously developed, but not
> Simscan.  I can't point to evidence of incompatibility between the
> two, but it's possible that some may have arisen.  The ClamAV team
> will continue development.  As far as compatibility testing goes I
> don't know how high Simscan will be on their priority list.  Micah
> will probably be able to tell us if they test with it - Micah?
>
> It appears that Simscan may use 'ripmime' to split up a mail into its
> components and write them to files, before scanning with clamd using
> the clamd CONTSCAN command.  There are other ways to go about it and I
> wonder if it might be where the problem lies.  You might want to look
> for the possibility of saving the temporary files which Qmail writes
> for clamd to scan, so that you can look at them, and for example scan
> them manually.  AFAICT the latest release of 'ripmime' is from 2011,
> nearly a decade old.  All the links given in 'Support options' at
>
> https://pldaniels.com/ripmime/
>
> seem to be dead, empty or irrelevant and looking at
>
> https://github.com/inflex/ripMIME/blob/master/CHANGELOG
>
> virtually nothing has been done to it since 2008.
>
> In the past, whenever I've tried to use software with histories like
> this it's been a very unhappy experience.  It's possible that such old
> software has no vulnerabilities, but it's also possible that it's at
> least as big a threat as many of those that you're trying to protect
> against by using ClamAV.
>
>> I'm sending clamd.conf and 8 minutes off log (clamd.log) attached
>
> It might help to see more of the log - complete from restart, and with
> a few controlled emails only so that it's easy to see what's going on;
> but I wonder if it's worth the trouble of investigating until you've
> taken a step back and given your toolchain some thought.
>
> If, despite the risks I've pointed out, you are comfortable with it,
> then I'd suggest you set up a test-bed system which has no Internet
> connection and push some local mail through it to see how it behaves,
> of course watching the logs carefully all the while.
>
> Have you asked about this on a Qmail mailing list?
>

-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the clamav-users mailing list