ClamAv 0.96 is out
Iulian L Dragomir
iulianld at gmail.com
Fri Apr 2 22:03:10 IST 2010
On Fri, Apr 2, 2010 at 6:40 PM, Mark Sapiro <mark at msapiro.net> wrote:
> On 11:59 AM, Iulian L Dragomir wrote:
>>>> Other Checks: Found 1 problems
>>>> Virus and Content Scanning: Starting
>>>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintdwYGUC/lstat() failed:
>>>> Permission denied. ERROR :: /var/spool/MailScanner/incoming/17633
>>>
>>>
>>> Does clamd drop privileges? If so does the clamd User have sufficient
>>> permissions on /var/spool/MailScanner/incoming? Did you previously
>>> comment out "User clamav" in clamd.conf and forget that change?
>>>
>>
>> Same permission problem. Running on Centos 5.4; MailScanner version
>> 4.79.11; Perl version 5.008008 (5.8.8); calmav/clamd 0.96-1.el5.rf
>> I have tried with
>>
>> "Incoming Work Group = clamav"
>> "Incoming Work Permissions = 0640"
>>
>> in MailScaneer.conf but the error is still there.
>
>
> You've set the group to 'clamav' but you haven't given the group write
> permission. Try
>
> Incoming Work Permissions = 0660
>
>> I obtained better results modifying clamd.conf
>>
>> "User root"
>
>
> This is the same as just removing or commenting "User clamav".
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
>
An repeatable experiment is always a relevant experiment.
For relevant results i reinstalled MailScanner.
This are the steps i followed:
1. uninstall
apt-get remove mailscanner # yes .. i use apt-get as a
substitute for yum from time to time
2. clean up files left behind
rm -rf /etc/MailScanner
rm -rf /usr/lib/MailScanner
rm -rf /var/spool/MailScanner
3. reinstall MS following the steps from
http://lists.mailscanner.info/pipermail/mailscanner/2009-April/090861.html
4. fix broken packages
yum remove perl-Storable # at least on Centos 5.4 it seams that
perl obsoletes perl-Storable
5. fix distribution specific paths for clam update changing in
/usr/lib/MailScanner/clamav-autoupdate the line
$PackageDir = shift || "/usr/local";
to
$PackageDir = shift || "/usr";
and in /etc/virus.scanners.conf the coresponding lines
clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
clamd /bin/false /usr/local
to
clamav /usr/lib/MailScanner/clamav-wrapper /usr
clamd /bin/false /usr
6. matching the clamd socket from MailScanner.conf with the clamd
socket from clamd.conf. In my case i have
"Clamd Socket = /tmp/clamd.socket" in MailScanner.conf
and
"LocalSocket /tmp/clamd.socket" in clamd.conf
Test 1.
without any other modification i start the demons and did a
MailScanner --lint. Relevant result:
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission
denied. ERROR :: /var/spool/MailScanner/incoming/18084
Virus Scanning: Clamd found 1 infections
Virus Scanning: Found 1 viruses
===========================================================================
Test 2. ( suggested solution by MailScanner.conf )
- stop the demons
- edit the MailScanner.conf
Incoming Work Group = clamav
Incoming Work Permissions = 0640
- start the demons
- MailScanner --lint with the result:
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintJxQvbT/lstat() failed:
Permission denied. ERROR :: /var/spool/MailScanner/incoming/20855
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Test 3 (suggested solution)
- stop the demons
- edit the MailScanner.conf
Incoming Work Group = clamav
Incoming Work Permissions = 0660
- start the demons
- MailScanner --lint with the result:
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintmrDiJo/lstat() failed:
Permission denied. ERROR :: /var/spool/MailScanner/incoming/23144
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
as you can see the error was not fixed :(
any other suggestions / hints ?
Iulian L.D.
More information about the MailScanner
mailing list