Discussion:
amavisd-release
R. Sterenborg (Lists)
2018-08-28 09:23:11 UTC
Permalink
I'm struggling with getting amavisd-release to work.

Amavisd 2.11.0 on CentOS 7.


In amavisd.conf:
=====================
$inet_socket_port                 = [ 9998, 10024, 10026 ];

$do_syslog                        = 0;
$logfile                          = '/path/to/amavisd.log';

$QUARANTINEDIR                    = '/path/to/amavisd/quarantine';
$virus_quarantine_method          = 'local:virus/virus-%i-%n';
$spam_quarantine_method           = 'local:spam/spam-%b-%i-%n';
$banned_files_quarantine_method   = 'local:banned/banned-%i-%n';
$bad_header_quarantine_method     = 'local:badh/badh-%i-%n';

$interface_policy{'9998'}         = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'}       = {
  protocol                        => 'AM.PDP',
  inet_acl                        => [qw( 127.0.0.1 )],
  auth_required_release           => 0,
};
=====================


In amavisd-release:
=====================
  $socketname = '127.0.0.1:9998';
=====================


From
https://www.ijs.si/software/amavisd/amavisd-new-docs.html#quar-release:

"The secret_id is stored in SQL table msgs when logging to SQL is
enabled, otherwise this information is not accessible."

We're not using SQL with amavisd, so I set auth_required_release to 0.


Whenever I try to release an email, it fails:

# amavisd-release virus/virus-20180827T110127-45477-09
250 2.5.0 No recipients, nothing to do

# amavisd-release virus/virus-20180827T110127-45477-09 ''
250 2.5.0 No recipients, nothing to do

# amavisd-release virus/virus-20180827T110127-45477-09 '' ***@domain.tld
450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match
requested ID 'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line
11904.


Changing from inet_socket_port to unix_socketname doesn't change the result.


Can someone please help me find the error I'm making?


Thanks,
Rob
R. Sterenborg (Lists)
2018-08-28 15:22:59 UTC
Permalink
I know, that's where I found it. We're just not gzipping the quarantined
files.

Unless I'm mistaken the path I'm using should be correct according to
the configuration I posted (or else I hope someone can enlighten me
where I'm mistaken).
When I specify any other path+filename, then amavisd-release will
respond with "Invalid quarantine ID: /path/to/quarantine_file", which to
me looks like it doesn't even try to read the file.


--
Thanks,
Rob
The log will tell you where it stored the message and it's filename.
amavisd-release <filename>
In my case (Ubuntu Server with ispconfig) they can be found in /var/lib/amavis/virusmails. The log tells me something like W/spam-W3Uej3sqIbDm.gz.
So I type
amavisd-release W/spam-W3Uej3sqIbDm.gz
Hope that helps.
--Curtis
Post by R. Sterenborg (Lists)
I'm struggling with getting amavisd-release to work.
Amavisd 2.11.0 on CentOS 7.
=====================
$inet_socket_port = [ 9998, 10024, 10026 ];
$do_syslog = 0;
$logfile = '/path/to/amavisd.log';
$QUARANTINEDIR = '/path/to/amavisd/quarantine';
$virus_quarantine_method = 'local:virus/virus-%i-%n';
$spam_quarantine_method = 'local:spam/spam-%b-%i-%n';
$banned_files_quarantine_method = 'local:banned/banned-%i-%n';
$bad_header_quarantine_method = 'local:badh/badh-%i-%n';
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 )],
auth_required_release => 0,
};
=====================
=====================
$socketname = '127.0.0.1:9998';
=====================
"The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this
information is not accessible."
We're not using SQL with amavisd, so I set auth_required_release to 0.
# amavisd-release virus/virus-20180827T110127-45477-09
250 2.5.0 No recipients, nothing to do
# amavisd-release virus/virus-20180827T110127-45477-09 ''
250 2.5.0 No recipients, nothing to do
450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match requested ID
'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line 11904.
Changing from inet_socket_port to unix_socketname doesn't change the result.
Can someone please help me find the error I'm making?
Thanks,
Rob
Deeztek Support
2018-08-28 15:15:46 UTC
Permalink
What command are you using to release message?

-----Original Message-----
From: amavis-users [mailto:amavis-users-bounces+support=***@amavis.org] On Behalf Of R. Sterenborg (Lists)
Sent: Tuesday, August 28, 2018 5:23 AM
To: amavis-***@amavis.org
Subject: amavisd-release

I'm struggling with getting amavisd-release to work.

Amavisd 2.11.0 on CentOS 7.


In amavisd.conf:
=====================
$inet_socket_port                 = [ 9998, 10024, 10026 ];

$do_syslog                        = 0;
$logfile                          = '/path/to/amavisd.log';

$QUARANTINEDIR                    = '/path/to/amavisd/quarantine'; $virus_quarantine_method          = 'local:virus/virus-%i-%n'; $spam_quarantine_method           = 'local:spam/spam-%b-%i-%n'; $banned_files_quarantine_method   = 'local:banned/banned-%i-%n'; $bad_header_quarantine_method     = 'local:badh/badh-%i-%n';

$interface_policy{'9998'}         = 'AM.PDP-INET'; $policy_bank{'AM.PDP-INET'}       = {
  protocol                        => 'AM.PDP',
  inet_acl                        => [qw( 127.0.0.1 )],
  auth_required_release           => 0, }; =====================


In amavisd-release:
=====================
  $socketname = '127.0.0.1:9998';
=====================


From
https://www.ijs.si/software/amavisd/amavisd-new-docs.html#quar-release:

"The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this information is not accessible."

We're not using SQL with amavisd, so I set auth_required_release to 0.


Whenever I try to release an email, it fails:

# amavisd-release virus/virus-20180827T110127-45477-09
250 2.5.0 No recipients, nothing to do

# amavisd-release virus/virus-20180827T110127-45477-09 ''
250 2.5.0 No recipients, nothing to do

# amavisd-release virus/virus-20180827T110127-45477-09 '' ***@domain.tld
450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match requested ID 'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line 11904.


Changing from inet_socket_port to unix_socketname doesn't change the result.


Can someone please help me f
Dominic Raferd
2018-08-28 17:05:30 UTC
Permalink
Post by Deeztek Support
What command are you using to release message?
-----Original Message-----
Sent: Tuesday, August 28, 2018 5:23 AM
Subject: amavisd-release
I'm struggling with getting amavisd-release to work.
Amavisd 2.11.0 on CentOS 7.
=====================
$inet_socket_port = [ 9998, 10024, 10026 ];
$do_syslog = 0;
$logfile = '/path/to/amavisd.log';
$QUARANTINEDIR = '/path/to/amavisd/quarantine'; $virus_quarantine_method = 'local:virus/virus-%i-%n'; $spam_quarantine_method = 'local:spam/spam-%b-%i-%n'; $banned_files_quarantine_method = 'local:banned/banned-%i-%n'; $bad_header_quarantine_method = 'local:badh/badh-%i-%n';
$interface_policy{'9998'} = 'AM.PDP-INET'; $policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 )],
auth_required_release => 0, }; =====================
=====================
$socketname = '127.0.0.1:9998';
=====================
From
"The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this information is not accessible."
We're not using SQL with amavisd, so I set auth_required_release to 0.
# amavisd-release virus/virus-20180827T110127-45477-09
250 2.5.0 No recipients, nothing to do
# amavisd-release virus/virus-20180827T110127-45477-09 ''
250 2.5.0 No recipients, nothing to do
450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match requested ID 'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line 11904.
Changing from inet_socket_port to unix_socketname doesn't change the result.
Can someone please help me find the error I'm making?
Are you sure that the file you are trying to release is a valid email
which specifies a recipient?

Did you try:
# amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
***@domain.tld

If this works it reveals a vulnerability in the 'secret-id' system
used by amavisd-release, but it would enable you to move forward.
Rob Sterenborg (Lists)
2018-08-28 21:10:43 UTC
Permalink
Post by Dominic Raferd
Are you sure that the file you are trying to release is a valid email
which specifies a recipient?
Well.. Amavisd put it there, so I sure hope so.
That said, I checked the email headers in the file and to me it looks
like a valid email. I see the following fields that I guess are important:

Return-Path: <>
X-Envelope-From: <***@remotedomain.tld>
X-Envelope-To: <***@ourdomain.tld>
X-Envelope-To-Blocked: <***@ourdomain.tld>
X-Quarantine-ID: <ziXFTUeDuvT7>
Received: (a numebr of them)
Message-ID: <some_gmail_id>
From: <***@remotedomain.tld>
To: <***@ourdomain.tld>
Date: Mon, 27 Aug 2018 11:06:14 +0200

There are others but I don't think they matter much for
releasing/sending the email. This all is followed by the actual mail
content, mime, etc.
Post by Dominic Raferd
# amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
I did. But I tried again, just to be sure:

# amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
***@ddomain.tld
450 4.5.0 Failure: Secret_id ziXFTUeDuvT7 does not match mail_id
virus-20180827T110127-45477-09 at (eval 128) line 308, <GEN55> line 7.
Post by Dominic Raferd
If this works it reveals a vulnerability in the 'secret-id' system
used by amavisd-release, but it would enable you to move forward.
Yeah, it would. But (un)fortunately it doesn't work.


--
Thanks,
Rob

Rob Sterenborg (Lists)
2018-08-28 20:56:13 UTC
Permalink
Post by Deeztek Support
What command are you using to release message?
Post by R. Sterenborg (Lists)
# amavisd-release virus/virus-20180827T110127-45477-09
250 2.5.0 No recipients, nothing to do
# amavisd-release virus/virus-20180827T110127-45477-09 ''
250 2.5.0 No recipients, nothing to do
450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match requested ID 'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line 11904.
Loading...