clamav and mailscanner

Zivago Lee z at ziff.net
Wed Feb 28 20:27:10 CET 2007


> On 28/02/07, Zivago Lee <z at ziff.net> wrote:
> (snip)
>> > Check /usr/local/share/clamav/daily.inc. We've found several servers
>> > having problems after upgrading clamav to 0.90 and using clamavmodule.
>> > Seems like the new daily.inc directory has been created with the wrong
>> > permissions - it was 700 but I think needs to be 755 so that the
>> > mailscanner user can read it.
>> >
>> Thanks Glenn and Sarah.  Using Glenn's suggestion I got this:
>>
>> -sh-3.00$ clamscan
>> LibClamAV Error: cli_loaddbdir(): Can't open directory
>> /var/clamav/daily.inc
>> ERROR: Unable to open file or directory
>>
>> So it looks like Sarah is correct.  I did notice that I tried changing
>> the
>> /var/clamav/daily.inc directory to 755 before to get the clamavmodule to
>> work but for some reason, it would change back to 700 after a day so I
>> went back to using the normal clamav as it would still process mail.
>> I'll
>> try it again but it looks that you guys found the culprit.
>>
> Hm, this sounds like you have some form of "permissions/security"
> system running... Reminds me of the troubles one can get if running
> Mandriva at an elevated security level... The msec service will
> check/amend all "system" files permissions, so if one needs change
> them, one has to tell the security system too.
> I used to do just that with msec (not the best documented feature of
> Mandriva:-), but now I instead secure a "Standard level" by hand
> instead... that way system updates have very little chance of messing
> that particular thing up.
>
> Not knowing what OS you run Zivago, I/we can't be more specific than
> "look for a system like that, and 'fix it'":-).
>
> Might t even be ClamAV itself doing this?

I'm running centos4.  I checked the cron.daily's freshclam, and it doesn't
seem to be doing it (at least from quick glance at the script).  I'm
currently not running any tripwire-type of thing so it's pretty odd.

I also ran freshclam manually and it didn't change the permissions, either.

When I have more time, i'll look around more deeply and if I find anything
useful, I will let you guys know... :)

-- 
Zivago Lee
z at ziff.net


More information about the MailScanner mailing list