ClamAv 0.96 is out

Clayton Keller inetadmin at ruraltel.net
Fri Apr 2 22:11:19 IST 2010


On 4/2/2010 4:03 PM, Iulian L Dragomir wrote:
> On Fri, Apr 2, 2010 at 6:40 PM, Mark Sapiro<mark at msapiro.net>  wrote:
>> On 11:59 AM, Iulian L Dragomir wrote:
>>>>> Other Checks: Found 1 problems
>>>>> Virus and Content Scanning: Starting
>>>>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintdwYGUC/lstat() failed:
>>>>> Permission denied. ERROR :: /var/spool/MailScanner/incoming/17633
>>>>
>>>>
>>>> Does clamd drop privileges? If so does the clamd User have sufficient
>>>> permissions on /var/spool/MailScanner/incoming? Did you previously
>>>> comment out "User clamav" in clamd.conf and forget that change?
>>>>
>>>
>>> Same permission problem. Running on Centos 5.4; MailScanner version
>>> 4.79.11; Perl version 5.008008 (5.8.8); calmav/clamd 0.96-1.el5.rf
>>> I have tried with
>>>
>>> "Incoming Work Group = clamav"
>>> "Incoming Work Permissions = 0640"
>>>
>>> in MailScaneer.conf but the error is still there.
>>
>>
>> You've set the group to 'clamav' but you haven't given the group write
>> permission. Try
>>
>> Incoming Work Permissions = 0660
>>
>>> I obtained better results modifying clamd.conf
>>>
>>> "User root"
>>
>>
>> This is the same as just removing or commenting "User clamav".
>>
>> --
>> Mark Sapiro<mark at msapiro.net>          The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>
> An repeatable experiment is always a relevant experiment.
> For relevant results i reinstalled MailScanner.
>
> This are the steps i followed:
>
> 1. uninstall
>
> apt-get remove mailscanner       # yes .. i use apt-get as a
> substitute for yum from time to time
>
> 2. clean up files left behind
>
> rm -rf /etc/MailScanner
> rm -rf /usr/lib/MailScanner
> rm -rf /var/spool/MailScanner
>
> 3. reinstall MS following the steps from
> http://lists.mailscanner.info/pipermail/mailscanner/2009-April/090861.html
>
> 4. fix broken packages
>
> yum remove perl-Storable        # at least on Centos 5.4 it seams that
> perl obsoletes perl-Storable
>
> 5. fix distribution specific paths for clam update changing in
>
>
> /usr/lib/MailScanner/clamav-autoupdate the line
> $PackageDir = shift || "/usr/local";
>
> to
> $PackageDir = shift || "/usr";
>
>
> and in /etc/virus.scanners.conf the coresponding lines
> clamav		/usr/lib/MailScanner/clamav-wrapper	/usr/local
> clamd		/bin/false				/usr/local
>
> to
> clamav		/usr/lib/MailScanner/clamav-wrapper	/usr
> clamd		/bin/false				/usr
>
> 6. matching the clamd socket from MailScanner.conf with the clamd
> socket from clamd.conf.  In my case i have
> "Clamd Socket = /tmp/clamd.socket" in MailScanner.conf
> and
> "LocalSocket /tmp/clamd.socket" in clamd.conf
>
>
> Test 1.
>
> without any other modification i start the demons and did a
> MailScanner --lint. Relevant result:
>
> MailScanner.conf says "Virus Scanners = auto"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission
> denied. ERROR :: /var/spool/MailScanner/incoming/18084
> Virus Scanning: Clamd found 1 infections
> Virus Scanning: Found 1 viruses
> ===========================================================================
>
> Test 2. ( suggested solution by MailScanner.conf )
>
>   - stop the demons
>   - edit the MailScanner.conf
>    Incoming Work Group = clamav
>    Incoming Work Permissions = 0640
>   - start the demons
>   - MailScanner --lint with the result:
>
> MailScanner.conf says "Virus Scanners = auto"
> Found these virus scanners installed: clamd
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintJxQvbT/lstat() failed:
> Permission denied. ERROR :: /var/spool/MailScanner/incoming/20855
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
>
>
> Test 3 (suggested solution)
>
> - stop the demons
>   - edit the MailScanner.conf
>    Incoming Work Group = clamav
>    Incoming Work Permissions = 0660
>   - start the demons
>   - MailScanner --lint with the result:
> MailScanner.conf says "Virus Scanners = auto"
> Found these virus scanners installed: clamd
>
> ===========================================================================
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintmrDiJo/lstat() failed:
> Permission denied. ERROR :: /var/spool/MailScanner/incoming/23144
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> ===========================================================================
>
> as you can see the error was not fixed :(
>
> any other suggestions / hints ?
>
> Iulian L.D.

I have similar issues in the past. Who's the owner/group of the 
directory the user clamav is trying to access and scan from?

In your instance: var/spool/MailScanner/incoming/23144

I've had similar issues, not MailScanner related, but had to include the 
clamav group as a part of that group as well.

For instance you had a mailscanner group that had access to that 
directory that group would include the clamav group as such:

/etc/group:
...
mailscanner:x:101:clamav

Just a thought...



More information about the MailScanner mailing list