General Thankyou (still diagnosing fault)

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jan 12 19:18:22 GMT 2009



On 12/1/09 16:41, Dave Filchak wrote:
> Julian Field wrote:
>> <snip>
>>>>>>>>>> It will be being clobbered by the update_virus_scanners cron 
>>>>>>>>>> job which is run once per hour. Please can you mail me an 
>>>>>>>>>> exact copy (preferably gzipped) of your MailScanner.conf 
>>>>>>>>>> file. Have you moved that file from its default location or 
>>>>>>>>>> anything like that? It should pull out the "Run As User" and 
>>>>>>>>>> "Run As Group" from MailScanner.conf and use those values to 
>>>>>>>>>> set the ownership of the lock files. Clearly something is 
>>>>>>>>>> going wrong there.
>>>>>>>>>>
>>>>>>>>>> Copy and paste the following commands into a shell running as 
>>>>>>>>>> root. Beware of extra line-breaks that my mail program or 
>>>>>>>>>> your mail program may add into the following, hopefully 
>>>>>>>>>> they'll be okay.
>>>>>>>>>>
>>>>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && 
>>>>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' 
>>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && 
>>>>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' 
>>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && 
>>>>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' 
>>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>>> echo $LOCKDIR
>>>>>>>>>> echo $RUNASU
>>>>>>>>>> echo $RUNASG
>>>>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" 
>>>>>>>>>> "$RUNASG"
>>>>>>>>>>
>>>>>>>>>> Then show me what you get from
>>>>>>>>>>     ls -al $LOCKDIR
>>>>>>>>>> assuming that the "echo $LOCKDIR" command printed out the 
>>>>>>>>>> directory where your lock files are stored (i.e. normally 
>>>>>>>>>> /var/spool/MailScanner/incoming/Locks).
>>>>>>>>>
>>>>>>>>> I have emailed you my conf file. 
>>>>>> That looks fine.
>>>>>>>>> Here is the output from your scripts:
>>>>>>>>>
>>>>>>>>> [root at rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" 
>>>>>>>>> if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' 
>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>> [root at rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if 
>>>>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' 
>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>> [root at rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if 
>>>>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' 
>>>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>>>> [root at rosewood MailScanner]# echo $LOCKDIR
>>>>>>>>> /var/spool/MailScanner/incoming/Locks
>>>>>>>>> [root at rosewood MailScanner]# echo $RUNASU
>>>>>>>>> postfix
>>>>>>>>> [root at rosewood MailScanner]# echo $RUNASG
>>>>>>>>> postfix
>>>>>>>> That all looks good. As root,
>>>>>>>>     rm -rf /var/spool/MailScanner/incoming/Locks
>>>>>>>> and then
>>>>>>>>     /usr/sbin/update_virus_scanners
>>>>>>>> and then show me an
>>>>>>>>     ls -al /var/spool/MailScanner/incoming/Locks
>>>>>>>>
>>>>>>>> The files in there should be owned by postfix. Let's see if 
>>>>>>>> that's true.
>>>>>>>>
>>>>>>> OK .. deleted the Locks directory, ran update_virus_scanners and 
>>>>>>> got:
>>>>>>>
>>>>>>> ls -al /var/spool/MailScanner/incoming/Locks/
>>>>>>> total 8
>>>>>>> drwxr-x---  2 root    root   4096 Jan 11 16:13 .
>>>>>>> drwxrwx---  7 postfix clamav 4096 Jan 11 16:14 ..
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 antivirBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 avastBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 avgBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 bitdefenderBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 clamavBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 cssBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 esetsBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 etrustBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-prot-6Busy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-protBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-secureBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 genericBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 inoculanBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 kasperskyBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 mcafeeBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 
>>>>>>> MS.bayes.rebuild.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 
>>>>>>> MS.bayes.starting.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 nod32Busy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 normanBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 pandaBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 ravBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 sophosBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 
>>>>>>> symscanengineBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 trendBusy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 vba32Busy.lock
>>>>>>> -rw-------  1 root    root      0 Jan 11 16:13 vexiraBusy.lock
>>>>>>>
>>>>>>>
>>>>>>> Still root.
>>>>>> Hmmm...
>>>>>>
>>>>>> 1
>>>>>> I want to be sure there are no weird options for the mount that 
>>>>>> supplies this directory. Do this:
>>>>>>     cd /var/spool/MailScanner/incoming
>>>>>>     df -h .
>>>>>>     mount
>>>>>>     ls -ld Locks
>>>>>> (all as root).
>>>>>> Also, paste the contents of your /etc/fstab file into your reply 
>>>>>> to this mail.
>>>>>>
>>>>>> 2
>>>>>> Also, please can you make a little edit to your 
>>>>>> /usr/sbin/mailscanner_create_locks script.
>>>>>> Near the top you will see a line that says this:
>>>>>> my $ldgid = getgrnam($ldgname);
>>>>>> That's about line 17. Immediately after that line, add this line:
>>>>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n";
>>>>>> and let's just check that it is getting the UID and GID 
>>>>>> correctly, as failure to do that would cause your symptoms.
>>>>>> Run
>>>>>> /usr/sbin/mailscanner_create_locks 
>>>>>> /var/spool/MailScanner/incoming/Locks postfix postfix
>>>>>> (all of that on 1 line) and include the output in your reply,
>>>>>> and do another
>>>>>>     ls -al /var/spool/MailScanner/incoming/Locks
>>>>>> to see if anything has improved.
>>>>>>
>>>>>> 3
>>>>>> If that still isn't working, right at the end of the script there 
>>>>>> are a couple of "chown" lines. Change the first one to read
>>>>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!";
>>>>>> and the second one to read
>>>>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!";
>>>>>> and then run the mailscanner_create_locks command I gave above. 
>>>>>> Let me know if it prints anything, and what it says if it does.
>>>>>>
>>>>>> 4
>>>>>> That lot should give me a better idea of what's going on.
>>>>>
>>>>> cd /var/spool/MailScanner/incoming/
>>>>> [root at rosewood incoming]#  df -h .
>>>>> Filesystem            Size  Used Avail Use% Mounted on
>>>>> /dev/hdb1             111G   15G   91G  14% /var
>>>>> [root at rosewood incoming]# mount
>>>>> /dev/sda5 on / type ext3 (rw)
>>>>> none on /proc type proc (rw)
>>>>> none on /sys type sysfs (rw)
>>>>> none on /dev/pts type devpts (rw,gid=5,mode=620)
>>>>> usbfs on /proc/bus/usb type usbfs (rw)
>>>>> /dev/sda1 on /boot type ext3 (rw)
>>>>> none on /dev/shm type tmpfs (rw)
>>>>> /dev/sda2 on /home type ext3 (rw)
>>>>> /dev/sdb1 on /usr type ext3 (rw)
>>>>> /dev/hdb1 on /var type ext3 (rw)
>>>>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
>>>>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
>>>>> [root at rosewood incoming]# ls -ld Locks
>>>>> drwxr-x---  2 root root 4096 Jan 11 16:13 Locks
>>>>>
>>>>> FSTAB:
>>>>>
>>>>> LABEL=/                 /                       ext3    
>>>>> defaults        1 1
>>>>> LABEL=/boot             /boot                   ext3    
>>>>> defaults        1 2
>>>>> none                    /dev/pts                devpts  
>>>>> gid=5,mode=620  0 0
>>>>> none                    /dev/shm                tmpfs   
>>>>> defaults        0 0
>>>>> LABEL=/home             /home                   ext3    
>>>>> defaults        1 2
>>>>> none                    /proc                   proc    
>>>>> defaults        0 0
>>>>> none                    /sys                    sysfs   
>>>>> defaults        0 0
>>>>> LABEL=/usr              /usr                    ext3    
>>>>> defaults        1 2
>>>>> LABEL=/var              /var                    ext3    
>>>>> defaults        1 2
>>>>> LABEL=SWAP-sda3         swap                    swap    
>>>>> defaults        0 0
>>>>> /dev/hda                /media/cdrecorder       auto    
>>>>> pamconsole,exec,noauto,managed 0 0
>>>>>
>>>>> /usr/sbin/mailscanner_create_locks 
>>>>> /var/spool/MailScanner/incoming/Locks postfix postfix
>>>>> lduid = 80, ldgid = 80
>>>>> [root at rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks
>>>>> total 8
>>>>> drwxr-x---  2 root    postfix 4096 Jan 11 16:13 .
>>>>> drwxrwx---  7 postfix clamav  4096 Jan 11 22:18 ..
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 antivirBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 avastBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 avgBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 bitdefenderBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 clamavBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 cssBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 esetsBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 etrustBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-prot-6Busy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-protBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-secureBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 genericBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 inoculanBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 kasperskyBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 mcafeeBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 MS.bayes.rebuild.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 
>>>>> MS.bayes.starting.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 nod32Busy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 normanBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 pandaBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 ravBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 sophosBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 
>>>>> symscanengineBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 trendBusy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 vba32Busy.lock
>>>>> -rw-------  1 postfix postfix    0 Jan 11 16:13 vexiraBusy.lock
>>>>>
>>>>> I did not do your last request as this shows the proper ownership. 
>>>>> The questions is: will it hold?
>>>>>
>>>>> Let me know if you still want me to do that last bit.
>>>>>
>>>>> Sorry it took a while to get back to you. I had to run out for a bit.
>>>>>
>>>>> Dave
>>>>>
>>>> Just so you know ... it all went back to being owned by root when 
>>>> update_virus_scanner ran from cron again. This is the email I 
>>>> received:
>>>>
>>>> /etc/cron.hourly/update_virus_scanners:
>>>>
>>>> lduid = , ldgid =
>>> Given the above, I made the last little change you suggested and ran 
>>> it again, like so:
>>>
>>> /usr/sbin/mailscanner_create_locks 
>>> /var/spool/MailScanner/incoming/Locks postfix postfix
>>> lduid = 80, ldgid = 80
>>>
>>> The second line is what it output. After that, all the permissions 
>>> in the Locks directory went back to postfix. Again, will it hold?
>> The cron job will probably put it back. Okay, next let's find if it 
>> is the script run by cron that is causing the problem, or the 
>> environment in which it is run.
>>
>> /usr/sbin/update_virus_scanners
>> ls -al /var/spool/MailScanner/incoming/Locks
>>
>> and show me the output of those two. I want to see if the 
>> update_virus_scanners script successfully finds the uid and gid or not.
> /usr/sbin/update_virus_scanners
> lduid = , ldgid =
>
> Does not appear to.
Aha, we're getting somewhere.
Now edit /usr/sbin/update_virus_scanners.
At the very top there are 3 lines which set LOCKDIR, RUNASU and RUNASG.
Immediately after them add these 3 lines
echo LOCKDIR = \'$LOCKDIR\'
echo RUNASU = \'$RUNASU\'
echo RUNASG = \'$RUNASG\'

Then run /usr/sbin/update_virus_scanners as root.

I am hoping it will print something like this:
LOCKDIR = '/var/spool/MailScanner/incoming/Locks'
RUNASU = 'postfix'
RUNASG = 'postfix'
lduid = 89, ldgid = 89
Let us see what your version prints.

We should be able to sort this pretty soon, we're getting very close to 
the source of the problem.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list