[opensuse-security] Problem right after install. On two systems.
, relay=127.0.0.1[127.0.0.1]:10024, delay=0.91, delays=0.36/0.1/0.02/0.42, dsn= 4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in
Hello, I had this problem after and upgrade from 10.1 to 10.2. So I thought I had better wipe the disk and install from scratch. I dd /dev/null to the whole distk and created new partitions just to be sure. I have the exact same problem right after installation. I have it with many commands the two that bother me the most are rkhunter and I think clamav when amavisd is running. I have been unable to figure out why I keep seeing this message. For example with rkhunger I get... SCRIPT: suse.de-rkhunter exited with RETURNCODE = 1. SCRIPT: output (stdout && stderr) follows file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! Line: [ Warning! ] Some errors has been found while checking. Please perform a manual check on this machine ecom4 SCRIPT: suse.de-rkhunter ------- END OF OUTPUT I also get this error if I enable amavisd with YaST2. It appears to come from clamav. Jan 14 13:17:59 ecom4 postfix/cleanup[8370]: DEAEF17D79: message-id=<Pine.LNX.4. 64.0701141318280.2561@xenau.zenez.com> Jan 14 13:18:00 ecom4 postfix/smtpd[8367]: disconnect from xenau105.advancedittr aining.com[198.60.105.2] Jan 14 13:18:00 ecom4 postfix/qmgr[8257]: DEAEF17D79: from=<gerberb@zenez.com>, size=857, nrcpt=1 (queue active) Jan 14 13:18:00 ecom4 amavis[7208]: (07208-01) (!)NOTICE: Skipping bad output fr om file(1) at [0, p001], got: file: could not find any magic files! Jan 14 13:18:00 ecom4 amavis[7208]: (07208-01) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: parsing file(1) results - missing last 1 results at (eval 62) line 156, <GEN8> line 1. Jan 14 13:18:00 ecom4 amavis[7208]: (07208-01) (!)PRESERVING EVIDENCE in /var/spool/amavis/tmp/amavis-20070114T131800-07208 Jan 14 13:18:01 ecom4 postfix/smtp[8371]: DEAEF17D79: to=<debrag@ecom4.zenez.com processing, id=07208-01, parts_decode_ext FAILED: parsing file(1) results - missing l ast 1 results at (eval 62) line 156, <GEN8> line 1. (in reply to end of DATA command)) Jan 14 13:18:17 ecom4 postfix/postsuper[8378]: Requeued: 1 message -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, 16 Jan 2007, Boyd Lynn Gerber wrote:
I had this problem after and upgrade from 10.1 to 10.2. So I thought I had better wipe the disk and install from scratch. I dd /dev/null to the whole distk and created new partitions just to be sure. I have the exact same problem right after installation. I have it with many commands the two that bother me the most are rkhunter and I think clamav when amavisd is running. I have been unable to figure out why I keep seeing this message. For example with rkhunger I get...
SCRIPT: suse.de-rkhunter exited with RETURNCODE = 1. SCRIPT: output (stdout && stderr) follows
file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! file: could not find any magic files! Line: [ Warning! ] Some errors has been found while checking. Please perform a manual check on this machine ecom4 SCRIPT: suse.de-rkhunter ------- END OF OUTPUT
So I ran rkhunter -c --cronjob and this is what I see. Script replacements Checking /bin/psfile: could not find any magic files! [ Clean ] Checking /bin/lsfile: could not find any magic files! [ Clean ] Checking /usr/bin/wfile: could not find any magic files! [ Clean ] Checking /usr/bin/whofile: could not find any magic files! [ Clean ] Checking /bin/netstatfile: could not find any magic files! [ Clean ] Checking /bin/loginfile: could not find any magic files! [ Clean ] and * Filesystem checks Checking /dev for suspicious files... file: could not find any magic files! [ OK ] Scanning for hidden files...file: could not find any magic files! file: could not find any magic files! [ Warning! ] Thanks, -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-01-16 at 18:42 -0700, Boyd Lynn Gerber wrote:
Script replacements Checking /bin/psfile: could not find any magic files!
I'm not sure this is a security related problem but... anyway, do you have "/etc/magic"? It belongs to the "file...rpm" package. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFrZdHtTMYHG2NR9URAuu7AJ9bcy0iSprPl1PBo4i0ocRVVpgkZgCfRxa3 /FmaxAVhbtz6fysl9Ms6KF0= =CmO/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, 17 Jan 2007, Carlos E. R. wrote:
The Tuesday 2007-01-16 at 18:42 -0700, Boyd Lynn Gerber wrote:
Script replacements Checking /bin/psfile: could not find any magic files!
I'm not sure this is a security related problem but... anyway, do you have "/etc/magic"? It belongs to the "file...rpm" package.
Yes... -rw-r--r-- 1 root root 113 2006-11-25 05:18 /etc/magic The reason I ask is this shows up using security software. -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-01-17 at 09:53 -0700, Boyd Lynn Gerber wrote:
Checking /bin/psfile: could not find any magic files!
I'm not sure this is a security related problem but... anyway, do you have "/etc/magic"? It belongs to the "file...rpm" package.
Yes...
-rw-r--r-- 1 root root 113 2006-11-25 05:18 /etc/magic
The reason I ask is this shows up using security software.
Ok. That file is now smaller than it was in previous versions; it seems data are now stored under "/usr/share/misc/magic". This is what I have in my 10.1 system: cer@nimrodel:~> l /usr/share/misc/magic* - -rw-r--r-- 1 root root 432279 2006-06-13 14:58 /usr/share/misc/magic - -rw-r--r-- 1 root root 934656 2006-06-13 14:58 /usr/share/misc/magic.mgc - -rw-r--r-- 1 root root 30955 2006-06-13 14:58 /usr/share/misc/magic.mime - -rw-r--r-- 1 root root 43904 2006-06-13 14:58 /usr/share/misc/magic.mime.mgc all of them belong to the "file" package. Try "rpm --verify file". If silent, the package is correctly installed. You might then run "rpm --verify --all | less -S" for completeness. See "man rpm" for info regarding the interpretation of the output. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFrtPltTMYHG2NR9URAoedAJ9xR03vFVGiIUYIB3wjDGBjR1bppACcC+bt fGt8iPcBR2B2twQ3XMFDd40= =ejv1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, 17 Jan 2007, Cristian Rodriguez R. wrote:
Boyd Lynn Gerber escribió: : output (stdout && stderr) follows
file: could not find any magic files!
hrmm..seems the file package is b0rked, reinstall it.
Which package? I went into yast2 installation and selected update on all installed files waited 2 hours for all packages to be installed again and still same problem. I really do not know how to fix this. Google was no help. This probem exits on 2 systems. Both upgraded and then installed from scratch. Upgrade 1 10.1 to 10.2, 1 10.0 to 10.2. also wiped HD and installed from scratch. I really do not know what is causing this. I can install 10.1 on either of these systems and works not error, but 10.2 has this error. I really am at a loss of what else to do to fix this problem. Something must not be working. I also tried a network install. Same problem. Retail DVD, Download DVD, Network install all the same problem. Memory test for 48 hours no problem. What else can I try? -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Boyd Lynn Gerber -
Carlos E. R. -
Cristian Rodriguez R.