You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dimitri Yioulos <dy...@firstbhph.com> on 2005/05/12 13:48:40 UTC
SA/RDJ/Bogus Virus Warnings Problem
Godd morning/evening to all.
I've had RDJ fetching rules updates successfully until just recently. It
seems that some part of my set-up now chokes on downloading and installing
Tim Jackson's Bogus Virus Warnings ruleset. Here's some output:
Subject: RulesDuJour/plymouth: Tim Jackson's (et al) bogus virus warnings
RuleSet has been updated
X-Synonym: Copied by Synonym (http://www.modulo.ro/synonym) to:
archive@firstbhph.com
X-First1-MailScanner-Information: Please contact the ISP for more information
X-First1-MailScanner: Found to be clean
X-MailScanner-From: root@mail1.firstbhph.com
Status: RO
Tim Jackson's (et al) bogus virus warnings has changed on plymouth.
Version line:
The following rules had errors:
Tim Jackson's (et al) bogus virus warnings had an unknown error:
curl exit code: 18
curl: (18) transfer closed with 80982 bytes remaining to read
200
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv
-f /etc/mail/spamassassin/blacklist.cf /etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.2;
mv
-f /etc/mail/spamassassin/RulesDuJour/blacklist.cf.20050512-0157 /etc/mail/spamassassin/blacklist.cf;
mv
-f /etc/mail/spamassassin/bogus-virus-warnings.cf /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.2;
mv
-f /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.20050512-0158 /etc/mail/spamassassin/bogus-virus-warnings.cf;
mv
-f /etc/mail/spamassassin/blacklist-uri.cf /etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2;
mv
-f /etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20050512-0158 /etc/mail/spamassassin/blacklist-uri.cf;
Lint output: config: SpamAssassin failed to parse line, skipping: <html>
config: SpamAssassin failed to parse line, skipping: <head>
config: SpamAssassin failed to parse line, skipping: <title>Error 500 Internal
Server Error [timj.co.uk]</title>
...
If I take Bogus Virus Warnings out of my RDJ config file (ie. I don't use RDJ
to download and install), I have no problems.
I recently sent a message to Tim, but haven't gotten a response.
Does anyone have any idea what's going on here?
Thanks.
Dimitri
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Tim Jackson <li...@timj.co.uk>.
On Thu, 12 May 2005 09:14:18 -0400
Dimitri Yioulos <dy...@firstbhph.com> wrote:
> I am, indeed, using the latest incarnation of RDJ.
Show the output from your latest RDJ run then. It should be using the
rulesemporium.com URL. It certainly won't have a timj.co.uk 500 error.
If you're still having problems either you're *not* really using the
latest RDJ, there is a general problem with rulesemporium.com, or
you're having some error unrelated to the one you showed the other day
with a 500 error being used as a ruleset.
> As I mentioned, I've used the SA/RDJ combination for some time, and
> it's worked fine, save for the period when I'd been blacklisted for
> inadvertently downloading Bogus Virus (I'm sure I was testing at the
> time; I'm happy you reinstated me).
As I have mentioned before, in general I neither explicitly blacklist
nor reinstate anyone from my own site; you are simply rate-limited to
one download per day per IP. A day after your last request you are
automatically "reinstated". (With the exception of a very small subset
of IPs which are permanently blacklisted and get a message to that
effect).
I'm not sure exactly how the rulesemporium.com limitations work; I
assume it's along similar lines.
> Oh yes, if I wget Bogus Virus, I seem to be OK.
Well, I think you need to look at RDJ then. Show the output from a
recent run. Make sure you're running the version that you think you're
running. Have you got multiple copies floating around? What files do
you end up with in your SpamAssassin rules folder and what are their
contents?
Tim
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Dimitri Yioulos <dy...@firstbhph.com>.
On Thursday May 12 2005 8:20 am, Tim Jackson wrote:
> On Thu, 12 May 2005 07:48:40 -0400
>
> Dimitri Yioulos <dy...@firstbhph.com> wrote:
> > I've had RDJ fetching rules updates successfully until just
> > recently. It seems that some part of my set-up now chokes on
> > downloading and installing Tim Jackson's Bogus Virus Warnings
> > ruleset.
>
> Please feel free to contact me directly off-list if you think there's
> something up with my ruleset.
>
> > I recently sent a message to Tim, but haven't gotten a response.
>
> I may be missing it in my ocean of e-mails in which case I apologise,
> but I don't appear to have a recent mail from you in my inbox.
>
> > The following rules had errors:
> > Tim Jackson's (et al) bogus virus warnings had an unknown error:
> > curl exit code: 18
> > curl: (18) transfer closed with 80982 bytes remaining to read
> > 200
>
> Did this by any chance happen on Sunday morning, when my host
> apparently had a "weird crash"? Someone else the other day had the
> same thing.
>
> > Lint output: config: SpamAssassin failed to parse line, skipping:
> > <html> config: SpamAssassin failed to parse line, skipping: <head>
> > config: SpamAssassin failed to parse line, skipping: <title>Error 500
> > Internal Server Error [timj.co.uk]</title>
> > ...
>
> This bothers me a lot (and it looks like a generalised problem) and I am
> cc'ing Chris the RDJ maintainer. Chris, how is it that a download which
> has had a 500 error is managing to get saved to disk as a ruleset which
> SA then tries to use? Surely any 5xx error should mean that the
> downloaded page is discarded? Or did I screw something up? (a page with
> the title of "Error 500" certainly *should* have been sent with a HTTP
> 500 code)
>
>
> Anyway, Dimitri, as someone else has observed, thanks to the SARE
> hosts there is now a new URL for bogus-virus-warnings on
> rulesemporium.com, which you are welcome to use and which means it's
> not my fault if it doesn't work ;)
>
> http://www.rulesemporium.com/rules/bogus-virus-warnings.cf
>
> A recent RDJ update did include an update to this URL.
>
> Tim
Hi, Tim.
Thanks for your response (and that of Nick). I'm taking the liberty of
posting this on the SA list just in case I'm the one futzing up the send to
you.
I am, indeed, using the latest incarnation of RDJ.
As I mentioned, I've used the SA/RDJ combination for some time, and it's
worked fine, save for the period when I'd been blacklisted for inadvertently
downloading Bogus Virus (I'm sure I was testing at the time; I'm happy you
reinstated me). SInce reinstatement, I've had this problem. I did update SA
recently, but it seems to me I was having the problem prior to that. My logs
also seem to suggest that it's not an SA problem, though I'm by no means an
SA expert.
Other than that, I'm not sure what I can add.
Oh yes, if I wget Bogus Virus, I seem to be OK. But, of course, that defeats
the purpose of RDJ.
Regards,
Dimitri
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Dimitri Yioulos <dy...@firstbhph.com>.
On Monday June 13 2005 7:46 am, Dimitri Yioulos wrote:
> On Sunday June 12 2005 7:07 pm, Chris Thielen wrote:
> > Hi Tim, Dimitri,
> >
> > Sorry to resurrect such an old thread! I'm a bit concerned with the 500
> > error code being downloaded into the SA_DIR.
> >
> > Tim Jackson wrote:
> > >>Lint output: config: SpamAssassin failed to parse line, skipping:
> > >><html> config: SpamAssassin failed to parse line, skipping: <head>
> > >>config: SpamAssassin failed to parse line, skipping: <title>Error 500
> > >>Internal Server Error [timj.co.uk]</title>
> > >>...
> > >
> > >This bothers me a lot (and it looks like a generalised problem) and I am
> > >cc'ing Chris the RDJ maintainer. Chris, how is it that a download which
> > >has had a 500 error is managing to get saved to disk as a ruleset which
> > >SA then tries to use? Surely any 5xx error should mean that the
> > >downloaded page is discarded? Or did I screw something up? (a page with
> > >the title of "Error 500" certainly *should* have been sent with a HTTP
> > >500 code)
> >
> > RDJ does include code for both curl and wget to only copy rulesets that
> > have been "downloaded". The test for downloaded is if the server
> > returned a 200 code or not. Error messages are sent back to the
> > administrator if the codes are 4xx or 5xx.
> >
> > Dimitri or any other RDJ users, have you continued to see this behavior
> > with a relatively recent version of RDJ?
> >
> >
> > Chris Thielen
>
> Chris,
>
> I haven't had RDJ pull down Bogus Virus Warnings for a while now, since I
> was unable to correct the 500 error code problem, and it would cause SA to
> role back all of the updating that had just been done. Now, I run wget to
> download Bogus. I should probably script that, but it sure would be nice
> if RDJ could handle the chore, since that's what it's for. I'm casting no
> aspersions upon anyone for the problem, but if you're experiencing it, then
> either we both have a misconfiguration, or there is an issue somewhere.
>
> Sorry I can't help with it.
>
> Dimitri
Ooops. Sorry for contigous posts. I just read Tim's reply (thanks, Tim).
I'll try again to have RDJ pull down Bogus now. Am hopeful.
Dimitri
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Tim Jackson <li...@timj.co.uk>.
On Sun, 12 Jun 2005 18:07:39 -0500
Chris Thielen <cm...@someone.dhs.org> wrote:
> Sorry to resurrect such an old thread! I'm a bit concerned with the
> 500 error code being downloaded into the SA_DIR.
I think you may be able to let this one die peacefully. I checked my
configuration and it looks like there was an screwup my end and the 500
error page was being returned with a 200 code. Sorry folks, entirely my
fault.
Tim
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Dimitri Yioulos <dy...@firstbhph.com>.
On Sunday June 12 2005 7:07 pm, Chris Thielen wrote:
> Hi Tim, Dimitri,
>
> Sorry to resurrect such an old thread! I'm a bit concerned with the 500
> error code being downloaded into the SA_DIR.
>
> Tim Jackson wrote:
> >>Lint output: config: SpamAssassin failed to parse line, skipping:
> >><html> config: SpamAssassin failed to parse line, skipping: <head>
> >>config: SpamAssassin failed to parse line, skipping: <title>Error 500
> >>Internal Server Error [timj.co.uk]</title>
> >>...
> >
> >This bothers me a lot (and it looks like a generalised problem) and I am
> >cc'ing Chris the RDJ maintainer. Chris, how is it that a download which
> >has had a 500 error is managing to get saved to disk as a ruleset which
> >SA then tries to use? Surely any 5xx error should mean that the
> >downloaded page is discarded? Or did I screw something up? (a page with
> >the title of "Error 500" certainly *should* have been sent with a HTTP
> >500 code)
>
> RDJ does include code for both curl and wget to only copy rulesets that
> have been "downloaded". The test for downloaded is if the server
> returned a 200 code or not. Error messages are sent back to the
> administrator if the codes are 4xx or 5xx.
>
> Dimitri or any other RDJ users, have you continued to see this behavior
> with a relatively recent version of RDJ?
>
>
> Chris Thielen
Chris,
I haven't had RDJ pull down Bogus Virus Warnings for a while now, since I was
unable to correct the 500 error code problem, and it would cause SA to role
back all of the updating that had just been done. Now, I run wget to
download Bogus. I should probably script that, but it sure would be nice if
RDJ could handle the chore, since that's what it's for. I'm casting no
aspersions upon anyone for the problem, but if you're experiencing it, then
either we both have a misconfiguration, or there is an issue somewhere.
Sorry I can't help with it.
Dimitri
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Chris Thielen <cm...@someone.dhs.org>.
Hi Tim, Dimitri,
Sorry to resurrect such an old thread! I'm a bit concerned with the 500
error code being downloaded into the SA_DIR.
Tim Jackson wrote:
>>Lint output: config: SpamAssassin failed to parse line, skipping:
>><html> config: SpamAssassin failed to parse line, skipping: <head>
>>config: SpamAssassin failed to parse line, skipping: <title>Error 500
>>Internal Server Error [timj.co.uk]</title>
>>...
>>
>>
>
>This bothers me a lot (and it looks like a generalised problem) and I am
>cc'ing Chris the RDJ maintainer. Chris, how is it that a download which
>has had a 500 error is managing to get saved to disk as a ruleset which
>SA then tries to use? Surely any 5xx error should mean that the
>downloaded page is discarded? Or did I screw something up? (a page with
>the title of "Error 500" certainly *should* have been sent with a HTTP
>500 code)
>
RDJ does include code for both curl and wget to only copy rulesets that
have been "downloaded". The test for downloaded is if the server
returned a 200 code or not. Error messages are sent back to the
administrator if the codes are 4xx or 5xx.
Dimitri or any other RDJ users, have you continued to see this behavior
with a relatively recent version of RDJ?
Chris Thielen
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Tim Jackson <li...@timj.co.uk>.
On Thu, 12 May 2005 07:48:40 -0400
Dimitri Yioulos <dy...@firstbhph.com> wrote:
> I've had RDJ fetching rules updates successfully until just
> recently. It seems that some part of my set-up now chokes on
> downloading and installing Tim Jackson's Bogus Virus Warnings
> ruleset.
Please feel free to contact me directly off-list if you think there's
something up with my ruleset.
> I recently sent a message to Tim, but haven't gotten a response.
I may be missing it in my ocean of e-mails in which case I apologise,
but I don't appear to have a recent mail from you in my inbox.
> The following rules had errors:
> Tim Jackson's (et al) bogus virus warnings had an unknown error:
> curl exit code: 18
> curl: (18) transfer closed with 80982 bytes remaining to read
> 200
Did this by any chance happen on Sunday morning, when my host
apparently had a "weird crash"? Someone else the other day had the
same thing.
> Lint output: config: SpamAssassin failed to parse line, skipping:
> <html> config: SpamAssassin failed to parse line, skipping: <head>
> config: SpamAssassin failed to parse line, skipping: <title>Error 500
> Internal Server Error [timj.co.uk]</title>
> ...
This bothers me a lot (and it looks like a generalised problem) and I am
cc'ing Chris the RDJ maintainer. Chris, how is it that a download which
has had a 500 error is managing to get saved to disk as a ruleset which
SA then tries to use? Surely any 5xx error should mean that the
downloaded page is discarded? Or did I screw something up? (a page with
the title of "Error 500" certainly *should* have been sent with a HTTP
500 code)
Anyway, Dimitri, as someone else has observed, thanks to the SARE
hosts there is now a new URL for bogus-virus-warnings on
rulesemporium.com, which you are welcome to use and which means it's
not my fault if it doesn't work ;)
http://www.rulesemporium.com/rules/bogus-virus-warnings.cf
A recent RDJ update did include an update to this URL.
Tim
Re: SA/RDJ/Bogus Virus Warnings Problem
Posted by Nick Leverton <nj...@leverton.org>.
On Thu, May 12, 2005 at 07:48:40AM -0400, Dimitri Yioulos wrote:
> If I take Bogus Virus Warnings out of my RDJ config file (ie. I don't use RDJ
> to download and install), I have no problems.
>
> I recently sent a message to Tim, but haven't gotten a response.
>
> Does anyone have any idea what's going on here?
Which rules_du_jour version are you using ? I use wget not curl, so I
can't interpret your errors, other to say that whatever server you are
getting bogusvirus from has some internal error resulting in the 500
result code. But bogusvirus is now mirrored on the rules emporium,
and rules_du_jour version 20 will get it from there (and did so this
morning for me).
Nick