Paranoid kinda stops

Spam-detecting plug-in
Junior Member
Posts: 20
Joined: Sun Apr 27, 2008 3:18 am

Paranoid kinda stops

Postby ackster » Mon Oct 05, 2009 1:01 pm

Using Paranoid with Ewall. It seems to just stop scanning. I get the following in the logs.

[font="Courier New"][SIZE="2"]10/5/2009 8:38:08 AM 14454 - - > SET: Threshold=90.0
10/5/2009 8:38:08 AM 14454 - - > SET: ClientIP=123.109.186.225
10/5/2009 8:38:08 AM 14454 - - > SET: SenderEmail=xxx@yyy.com
10/5/2009 8:38:08 AM 14454 - - > FILE: C:\PROGRA~1\SERVER~1\EWALL3~1.0\Temp\099461~1.EML
10/5/2009 8:38:08 AM 14455 - - > SET: Threshold=90.0
10/5/2009 8:38:08 AM 14455 - - > SET: ClientIP=92.55.107.104
10/5/2009 8:38:08 AM 14455 - - > SET: SenderEmail=alainSilberstein@excite.fr
10/5/2009 8:38:08 AM 14455 - - > FILE: C:\PROGRA~1\SERVER~1\EWALL3~1.0\Temp\0970EE~1.EML
10/5/2009 8:38:10 AM 14456 - - > SET: Threshold=90.0
10/5/2009 8:38:10 AM 14456 - - > SET: ClientIP=125.146.149.73
10/5/2009 8:38:10 AM 14456 - - > SET: SenderEmail=yellowstone33@rouxs.com
10/5/2009 8:38:10 AM 14456 - - > FILE: C:\PROGRA~1\SERVER~1\EWALL3~1.0\Temp\091005~4.EML[/SIZE][/SIZE][/font]

If I stop and start the service it starts to run then I'll get the following.

[font="Courier New"][SIZE="2"]10/5/2009 8:40:13 AM - - - Service stopped
10/5/2009 8:45:03 AM - - - Starting...
10/5/2009 8:45:03 AM - - - Service started at 33000 port
10/5/2009 8:45:03 AM 1 - - > ACCT: xxx@yyy.com
10/5/2009 8:45:03 AM 1 - - > SET: Threshold=75.0
10/5/2009 8:45:03 AM 1 - - > SET: ClientIP=67.19.73.3
10/5/2009 8:45:03 AM 1 - - > SET: SenderEmail=LowerBills@threeringbakery.com
10/5/2009 8:45:03 AM 1 - - > FILE: C:\PROGRA~1\SERVER~1\EWALL3~1.0\Temp\096FC8~1.EML
10/5/2009 8:45:03 AM 1 1 1 ---> Account: xxx@yyy.com (SCAN MODE)
10/5/2009 8:45:03 AM 1 1 1 Message size: 8.37 KB
10/5/2009 8:45:03 AM 1 1 16 Message-ID: <6358491.1254746698.JavaMail.root@threeringbakery.com>
10/5/2009 8:45:03 AM 1 1 16 Subject: Financial advice providers
10/5/2009 8:45:03 AM 1 1 16 From: lowerbills@threeringbakery.com
10/5/2009 8:45:03 AM 1 1 16 To: xxx@yyy.com
10/5/2009 8:45:03 AM 1 1 20 Dictionary: 'Main'
10/5/2009 8:45:03 AM 1 1 20 Threshold: 75.0%
10/5/2009 8:45:03 AM 1 1 372 Tokens Known/Total: 20/28 (71.4%)
10/5/2009 8:45:03 AM 1 1 373 Origin IP/Country - [67.19.73.3/United States]
10/5/2009 8:45:03 AM 1 1 373 Base prob: 98.5%
10/5/2009 8:45:03 AM 1 1 373 ClickableImgs: +5.0%
10/5/2009 8:45:03 AM 1 1 373 LowContrast: +5.0%
10/5/2009 8:45:03 AM 1 1 373 SmallText: +3.0%
10/5/2009 8:45:03 AM 1 1 373 Overall prob: 100.0%
10/5/2009 8:45:05 AM 2 - - > ACCT: xxx@yyy.com
10/5/2009 8:45:05 AM 2 - - > SET: Threshold=90.010/5/2009 8:45:05 AM 2 - - > SET: ClientIP=208.82.236.170
10/5/2009 8:45:05 AM 2 - - > SET: SenderEmail=bounce-richardw=mailmt.com@craigslist.org
10/5/2009 8:45:05 AM 2 - - > FILE: C:\PROGRA~1\SERVER~1\EWALL3~1.0\Temp\09EC81~1.EML[/SIZE][/font]

Then I start getting
[font="Courier New"][SIZE="2"]10/5/2009 8:45:15 AM 2 - - !Error: Lock request time out period exceeded[/SIZE][/font]

I can then try another start and stop, but sometimes it works sometimes it doesn't. Once it gets working it will run for a few days and I'll have to start this all over.

I noticed in another message something about auto-learning. I do auto-learning within e-wall on some honey pots I have setup.

Also, in the past with simliar odd problems in e-wall, it was a lagre temp file or data file that was messing me up. Are there any temp files or other manual maintenance that can be done with paranoid.

Thanks

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Wed Oct 07, 2009 5:46 am

Normally, Paranoid is self-maintaining and no extra maintenance is required. What is the size/volume of your dictionary? Also, Paranoid may start crashing if you have the software blocking access to suspecious or infected files (e.g. antivirus). In this case the "Queue" sub-folder should be excluded from On-Access scanning.

Junior Member
Posts: 20
Joined: Sun Apr 27, 2008 3:18 am

Postby ackster » Wed Oct 07, 2009 1:04 pm

Size is 105mb Spam:5714 Ham:7274 Volume:95624

On a side note I disabled my honeypot rule in ewall that was autolearning SPAM when I wrote the original message a few days back. So far it has not fail.

Return to Paranoid - General

Who is online

Users browsing this forum: No registered users and 2 guests