Holger Isenberg
June 12th, 2006, 11:38 AM
When forwarding some harmless ascii text only message inside a MIME-type "text/rfc822-headers", nod32d in MTA mode crashes with "error occurred while reading archive" and rejects the message.
That means, without any external self built workaround in our MTA configuration which captures that error, harmless messages do not reach recipients in our company.
You can easily verify this with using the attached file as body of any message.
From nod32d.log:
Created session 3369835142
3369835142: Received command HELO
3369835142: Configuration ID `mda' requested
3369835142: Configuration ID `mda' found
3369835142: Accepted command HELO
3369835142: Received command SCEM
3369835142: Object scanned with status 5
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="email message", name="mail", virus="is OK", action="", info="", lines=3
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="file", name="mail -> MIME -> part000.txt", virus="is OK", action="", info=""
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="email message", name="mail -> MIME", virus="is OK", action="", info=""
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="", name="mail -> MIME -> ", virus="", action="", info="error occurred while reading archive"
3369835142: Accepted command SCEM
3369835142: Received command QUIT
3369835142: Accepted command QUIT
Finished session 3369835142
Addition:
action_on_notscanned = "reject" is set in /etc/nod32/nod32.cfg and it's no option for us to set it to "defer" or "accept" as that would neutralize the concept of a MTA Virus scanner. The attached message is a real life example and we had at least a dozen normal harmless messages with that problem during the last 2 weeks since nod32d was installed.
That means, without any external self built workaround in our MTA configuration which captures that error, harmless messages do not reach recipients in our company.
You can easily verify this with using the attached file as body of any message.
From nod32d.log:
Created session 3369835142
3369835142: Received command HELO
3369835142: Configuration ID `mda' requested
3369835142: Configuration ID `mda' found
3369835142: Accepted command HELO
3369835142: Received command SCEM
3369835142: Object scanned with status 5
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="email message", name="mail", virus="is OK", action="", info="", lines=3
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="file", name="mail -> MIME -> part000.txt", virus="is OK", action="", info=""
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="email message", name="mail -> MIME", virus="is OK", action="", info=""
3369835142: vdb=7396, agent=mda, msgid=<20060612152224.7548.qmail@somewhere>, object="", name="mail -> MIME -> ", virus="", action="", info="error occurred while reading archive"
3369835142: Accepted command SCEM
3369835142: Received command QUIT
3369835142: Accepted command QUIT
Finished session 3369835142
Addition:
action_on_notscanned = "reject" is set in /etc/nod32/nod32.cfg and it's no option for us to set it to "defer" or "accept" as that would neutralize the concept of a MTA Virus scanner. The attached message is a real life example and we had at least a dozen normal harmless messages with that problem during the last 2 weeks since nod32d was installed.