I begin the tests, again:
POP3 proxy: enabled
- Antivirus: disabled
- Antispam: enabled
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Running
I can receive emails (Mozilla Thunderbird, POP3, port 110):
Log viewer: /var/log/messages:
Aug 7 15:04:19 dc-ad freshclam[3139]: ClamAV update process started at Sun Aug 7 15:04:19 2016
Aug 7 15:04:19 dc-ad freshclam[3139]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Aug 7 15:04:20 dc-ad freshclam[3139]: Downloading daily-22041.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22042.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22043.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22044.cdiff [100%]
Aug 7 15:04:26 dc-ad freshclam[3139]: daily.cld updated (version: 22044, sigs: 488532, f-level: 63, builder: neo)
Aug 7 15:04:26 dc-ad freshclam[3139]: bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Aug 7 15:04:32 dc-ad freshclam[3139]: Database updated (4707375 signatures) from database.clamav.net (IP: 195.30.97.3)
Aug 7 15:04:33 dc-ad systemd: Removed slice user-0.slice.
Aug 7 15:04:33 dc-ad systemd: Stopping user-0.slice.
Aug 7 15:04:33 dc-ad clamd: Reading databases from /var/lib/clamav
Aug 7 15:04:33 dc-ad clamd: Reading databases from /var/lib/squidclamav
Aug 7 15:04:33 dc-ad clamd[1351]: Reading databases from /var/lib/squidclamav
Aug 7 15:04:35 dc-ad kernel: perf interrupt took too long (2503 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
Aug 7 15:04:47 dc-ad clamd: Database correctly reloaded (4868719 signatures)
Aug 7 15:04:47 dc-ad clamd[1351]: Database correctly reloaded (4868719 signatures)
Aug 7 15:04:47 dc-ad clamd: Database correctly reloaded (4868719 signatures)
…
Aug 7 15:35:25 dc-ad clamd: SelfCheck: Database status OK.
Aug 7 15:35:25 dc-ad clamd[1351]: SelfCheck: Database status OK.
Aug 7 15:37:45 dc-ad p3scan[3894]: POP3 Connection from 192.168.1.11:54387
Aug 7 15:37:45 dc-ad p3scan[3894]: Real-server address is 91.195.62.2:110
Aug 7 15:37:45 dc-ad p3scan[3894]: Ignoring servers TOP capability…
Aug 7 15:37:45 dc-ad p3scan[3894]: Ignoring servers PIPELINING capability…
Aug 7 15:37:50 dc-ad p3scan[3894]: Session done (Clean Exit). Mails: 1 Bytes: 1716
POP3 proxy: enabled
- Antivirus: enabled
- Antispam: enabled
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Running
I cannot receive emails (Mozilla Thunderbird, POP3, port 110):
Log viewer: /var/log/messages:
Aug 7 15:43:31 dc-ad /sbin/e-smith/db[4335]:
/var/lib/nethserver/db/configuration: OLD
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|disabled|access||status|enabled
Aug 7 15:43:31 dc-ad /sbin/e-smith/db[4335]:
/var/lib/nethserver/db/configuration: NEW
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|enabled|access||status|enabled
Aug 7 15:43:31 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:43:31 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:43:32 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:43:32 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:43:32 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:43:32 dc-ad systemd: Started Time & Date Service.
Aug 7 15:43:33 dc-ad esmith::event[4339]: Event:
nethserver-p3scan-update
Aug 7 15:43:33 dc-ad esmith::event[4339]: Migrating existing database
configuration
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
certificates
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
networks
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
accounts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
routes
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
hosts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
proxypass
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
fwrules
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
fwservices
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
portforward
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
tc
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
dhcp
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
contentfilter
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
vhosts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
domains
Aug 7 15:43:34 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S00initialize-default-databases
SUCCESS [1.334358]
Aug 7 15:43:34 dc-ad esmith::event[4339]: expanding
/etc/p3scan/p3scan.conf
Aug 7 15:43:35 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [0.385739]
Aug 7 15:43:35 dc-ad esmith::event[4342]: Event:
nethserver-firewall-base-save nethserver-p3scan-update
Aug 7 15:43:35 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S02providers-cleanup
SUCCESS [0.370819]
Aug 7 15:43:35 dc-ad esmith::event[4342]: expanding /etc/collectd.conf
Aug 7 15:43:35 dc-ad esmith::event[4342]: expanding /etc/hosts
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/lsm/lsm.conf
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/actions
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/hosts
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/interfaces
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/maclist
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/mangle
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/shorewall/masq
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/shorewall/nat
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/policy
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/providers
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/rtrules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/rules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/shorewall.conf
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/stoppedrules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tcinterfaces
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tcpri
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tunnels
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/zones
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/collectd.d/ping.conf
Aug 7 15:43:37 dc-ad esmith::event[4342]: expanding
/var/www/html/wpad.dat
Aug 7 15:43:37 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [1.507194]
Aug 7 15:43:37 dc-ad systemd: Reloading.
Aug 7 15:43:39 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:41 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:42 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:43 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:43 dc-ad logger: Shorewall reloaded
Aug 7 15:43:43 dc-ad esmith::event[4342]: [NOTICE] Shorewall restart
Aug 7 15:43:43 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S89nethserver-shorewall-restart
SUCCESS [6.659116]
Aug 7 15:43:44 dc-ad systemd: Reloading.
Aug 7 15:43:44 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO] lsm is disabled:
skipped
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO]
Aug 7 15:43:44 dc-ad systemd: Reloading.
Aug 7 15:43:44 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO] service collectd
restart
Aug 7 15:43:44 dc-ad systemd: Stopping Collectd statistics daemon…
Aug 7 15:43:44 dc-ad collectd[1043]: Exiting normally.
Aug 7 15:43:44 dc-ad collectd[1043]: collectd: Stopping 5 read threads.
Aug 7 15:43:45 dc-ad collectd[1043]: rrdtool plugin: Shutting down the
queue thread. This may take a while.
Aug 7 15:43:45 dc-ad collectd[1043]: ping plugin: Shutting down thread.
Aug 7 15:43:45 dc-ad collectd[1043]: collectd: Stopping 5 write
threads.
Aug 7 15:43:45 dc-ad esmith::event[4342]: [INFO] collectd restart
Aug 7 15:43:45 dc-ad systemd: Started Collectd statistics daemon.
Aug 7 15:43:45 dc-ad systemd: Starting Collectd statistics daemon…
Aug 7 15:43:45 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [1.689144]
Aug 7 15:43:45 dc-ad esmith::event[4342]: Event:
nethserver-firewall-base-save SUCCESS
Aug 7 15:43:45 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S20firewall-adjust SUCCESS
[10.365141]
Aug 7 15:43:45 dc-ad systemd: Reloading.
Aug 7 15:43:45 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:45 dc-ad collectd[4830]: Initialization complete, entering
read-loop.
Aug 7 15:43:45 dc-ad esmith::event[4339]: [INFO] service p3scan restart
Aug 7 15:43:45 dc-ad systemd: Stopping p3scan proxy…
Aug 7 15:43:45 dc-ad p3scan[1100]: signalled, doing cleanup
Aug 7 15:43:45 dc-ad p3scan[1100]: P3Scan terminates now
Aug 7 15:43:45 dc-ad systemd: Starting p3scan proxy…
Aug 7 15:43:46 dc-ad p3scan[4869]: P3Scan Version 2.3.2
Aug 7 15:43:46 dc-ad p3scan[4869]: Selected scannertype: basic (Basic
file invocation scanner)
Aug 7 15:43:46 dc-ad p3scan[4869]: Listen now on 0.0.0.0:8110
Aug 7 15:43:46 dc-ad systemd: PID file /var/run/p3scan/p3scan.pid not
readable (yet?) after start.
Aug 7 15:43:46 dc-ad esmith::event[4339]: [INFO] p3scan restart
Aug 7 15:43:46 dc-ad systemd: Started p3scan proxy.
Aug 7 15:43:46 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [0.651876]
Aug 7 15:43:46 dc-ad esmith::event[4339]: Event:
nethserver-p3scan-update SUCCESS
Aug 7 15:43:46 dc-ad p3scan[4870]: Changing uid (we are root)
Aug 7 15:43:46 dc-ad p3scan[4870]: Running as user: amavis
: amavis
Aug 7 15:44:48 dc-ad clamd: SelfCheck: Database status OK.
…
Aug 7 15:48:14 dc-ad p3scan[5268]: POP3 Connection from
192.168.1.11:54451
Aug 7 15:48:14 dc-ad p3scan[5268]: Real-server address is
91.195.62.2:110
Aug 7 15:48:14 dc-ad p3scan[5268]: Ignoring servers TOP capability…
Aug 7 15:48:14 dc-ad p3scan[5268]: Ignoring servers PIPELINING
capability…
Aug 7 15:48:14 dc-ad p3scan[5268]: Session done (Clean Exit). Mails: 0
Bytes: 0
Aug 7 15:49:17 dc-ad p3scan[5354]: POP3 Connection from
192.168.1.11:54456
Aug 7 15:49:17 dc-ad p3scan[5354]: Real-server address is
91.195.62.2:110
Aug 7 15:49:17 dc-ad p3scan[5354]: Ignoring servers TOP capability…
Aug 7 15:49:17 dc-ad p3scan[5354]: Ignoring servers PIPELINING
capability…
Aug 7 15:49:17 dc-ad p3scan[5354]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: We can’t say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: Exiting now…
Aug 7 15:49:17 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 7 15:49:18 dc-ad kernel: p3scan[5354]: segfault at 241 ip
00007fa33099eab4 sp 00007ffc03356080 error 4 in
libc-2.17.so[7fa330956000+1b7000]
Aug 7 15:49:18 dc-ad p3scan[4870]: ERR: Attention: child with pid 5354
died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 7 15:50:03 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:50:03 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:50:03 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:50:03 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:50:03 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:50:03 dc-ad systemd: Started Time & Date Service.
Aug 7 15:52:21 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:52:21 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:52:21 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:52:21 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:52:21 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:52:21 dc-ad systemd: Started Time & Date Service.
Service.
Aug 7 15:53:14 dc-ad p3scan[4870]: P3Scan terminates now
Aug 7 15:53:24 dc-ad systemd: Removed slice user-0.slice.
Aug 7 15:53:24 dc-ad systemd: Stopping user-0.slice.
Aug 7 15:54:48 dc-ad clamd: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:54:49 dc-ad clamd: Reading databases from /var/lib/clamav
Aug 7 15:55:05 dc-ad clamd: Database correctly reloaded (4868738 signatures)
Aug 7 15:55:53 dc-ad clamd: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:55:53 dc-ad clamd[1351]: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:55:54 dc-ad clamd: Reading databases from /var/lib/squidclamav
Aug 7 15:55:54 dc-ad clamd[1351]: Reading databases from /var/lib/squidclamav
Aug 7 15:56:07 dc-ad clamd: Database correctly reloaded (4868738 signatures)
Aug 7 15:56:07 dc-ad clamd[1351]: Database correctly reloaded (4868738 signatures)
In this moment, Aug 7 15:56:07:
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Stopped
Starting the p3scan service, manually:
Aug 7 16:00:48 dc-ad control-service: p3scan start
Aug 7 16:00:48 dc-ad systemd: Starting p3scan proxy…
Aug 7 16:00:48 dc-ad p3scan[6202]: P3Scan Version 2.3.2
Aug 7 16:00:48 dc-ad p3scan[6202]: Selected scannertype: basic (Basic
file invocation scanner)
Aug 7 16:00:48 dc-ad p3scan[6202]: Listen now on 0.0.0.0:8110
Aug 7 16:00:48 dc-ad systemd: PID file /var/run/p3scan/p3scan.pid not
readable (yet?) after start.
Aug 7 16:00:48 dc-ad systemd: Started p3scan proxy.
Aug 7 16:00:48 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 16:00:48 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 16:00:48 dc-ad systemd: Starting Time & Date Service…
Aug 7 16:00:48 dc-ad p3scan[6203]: Changing uid (we are root)
Aug 7 16:00:48 dc-ad p3scan[6203]: Running as user: amavis
EDIT:
Thunderbird schedule send and receive:
Aug 7 16:03:14 dc-ad p3scan[6534]: POP3 Connection from
192.168.1.11:54567
Aug 7 16:03:14 dc-ad p3scan[6534]: Real-server address is
91.195.62.2:110
Aug 7 16:03:14 dc-ad p3scan[6534]: Ignoring servers TOP capability…
Aug 7 16:03:14 dc-ad p3scan[6534]: Ignoring servers PIPELINING
capability…
Aug 7 16:03:14 dc-ad p3scan[6534]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: We can’t say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: Exiting now…
Aug 7 16:03:14 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 7 16:03:14 dc-ad p3scan[6203]: ERR: Attention: child with pid 6534
died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 7 16:03:14 dc-ad kernel: p3scan[6534]: segfault at 241 ip
00007f871b872ab4 sp 00007fff7abb9ac0 error 4 in
libc-2.17.so[7f871b82a000+1b7000]
Aug 7 16:04:30 dc-ad p3scan[6203]: P3Scan terminates now
Aug 7 16:05:06 dc-ad clamd: SelfCheck: Database status OK.
In this moment, Aug 7 16:05:06:
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Stopped
EDIT 2:
After I have disabled Antivirus from POP3 proxy, everything it’s OK: I can receive emails, the p3scan service automatically Running.