ClamAv 0.96 is out
Alex Broens
ms-list at alexb.ch
Fri Apr 2 22:17:45 IST 2010
On 2010-04-02 23:11, Clayton Keller wrote:
> On 4/2/2010 4:03 PM, Iulian L Dragomir wrote:
>> On Fri, Apr 2, 2010 at 6:40 PM, Mark Sapiro<mark at msapiro.net> wrote:
>>> On 11:59 AM, Iulian L Dragomir wrote:
>>>>>> Other Checks: Found 1 problems
>>>>>> Virus and Content Scanning: Starting
>>>>>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintdwYGUC/lstat() failed:
>>>>>> Permission denied. ERROR :: /var/spool/MailScanner/incoming/17633
>>>>>
>>>>>
>>>>> Does clamd drop privileges? If so does the clamd User have sufficient
>>>>> permissions on /var/spool/MailScanner/incoming? Did you previously
>>>>> comment out "User clamav" in clamd.conf and forget that change?
>>>>>
>>>>
>>>> Same permission problem. Running on Centos 5.4; MailScanner version
>>>> 4.79.11; Perl version 5.008008 (5.8.8); calmav/clamd 0.96-1.el5.rf
>>>> I have tried with
>>>>
>>>> "Incoming Work Group = clamav"
>>>> "Incoming Work Permissions = 0640"
>>>>
>>>> in MailScaneer.conf but the error is still there.
>>>
>>>
>>> You've set the group to 'clamav' but you haven't given the group write
>>> permission. Try
>>>
>>> Incoming Work Permissions = 0660
>>>
>>>> I obtained better results modifying clamd.conf
>>>>
>>>> "User root"
>>>
>>>
>>> This is the same as just removing or commenting "User clamav".
>>>
>>> --
>>> Mark Sapiro<mark at msapiro.net> The highway is for gamblers,
>>> San Francisco Bay Area, California better use your sense - B. Dylan
>>>
>>>
>>
>> An repeatable experiment is always a relevant experiment.
>> For relevant results i reinstalled MailScanner.
>>
>> This are the steps i followed:
>>
>> 1. uninstall
>>
>> apt-get remove mailscanner # yes .. i use apt-get as a
>> substitute for yum from time to time
>>
>> 2. clean up files left behind
>>
>> rm -rf /etc/MailScanner
>> rm -rf /usr/lib/MailScanner
>> rm -rf /var/spool/MailScanner
>>
>> 3. reinstall MS following the steps from
>> http://lists.mailscanner.info/pipermail/mailscanner/2009-April/090861.html
>>
>>
>> 4. fix broken packages
>>
>> yum remove perl-Storable # at least on Centos 5.4 it seams that
>> perl obsoletes perl-Storable
>>
>> 5. fix distribution specific paths for clam update changing in
>>
>>
>> /usr/lib/MailScanner/clamav-autoupdate the line
>> $PackageDir = shift || "/usr/local";
>>
>> to
>> $PackageDir = shift || "/usr";
>>
>>
>> and in /etc/virus.scanners.conf the coresponding lines
>> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
>> clamd /bin/false /usr/local
>>
>> to
>> clamav /usr/lib/MailScanner/clamav-wrapper /usr
>> clamd /bin/false /usr
>>
>> 6. matching the clamd socket from MailScanner.conf with the clamd
>> socket from clamd.conf. In my case i have
>> "Clamd Socket = /tmp/clamd.socket" in MailScanner.conf
>> and
>> "LocalSocket /tmp/clamd.socket" in clamd.conf
>>
>>
>> Test 1.
>>
>> without any other modification i start the demons and did a
>> MailScanner --lint. Relevant result:
>>
>> MailScanner.conf says "Virus Scanners = auto"
>> Found these virus scanners installed: clamd
>> ===========================================================================
>>
>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>> Other Checks: Found 1 problems
>> Virus and Content Scanning: Starting
>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission
>> denied. ERROR :: /var/spool/MailScanner/incoming/18084
>> Virus Scanning: Clamd found 1 infections
>> Virus Scanning: Found 1 viruses
>> ===========================================================================
>>
>>
>> Test 2. ( suggested solution by MailScanner.conf )
>>
>> - stop the demons
>> - edit the MailScanner.conf
>> Incoming Work Group = clamav
>> Incoming Work Permissions = 0640
>> - start the demons
>> - MailScanner --lint with the result:
>>
>> MailScanner.conf says "Virus Scanners = auto"
>> Found these virus scanners installed: clamd
>> ===========================================================================
>>
>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>> Other Checks: Found 1 problems
>> Virus and Content Scanning: Starting
>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintJxQvbT/lstat() failed:
>> Permission denied. ERROR :: /var/spool/MailScanner/incoming/20855
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>> Virus Scanning: Clamd found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>> ===========================================================================
>>
>>
>>
>> Test 3 (suggested solution)
>>
>> - stop the demons
>> - edit the MailScanner.conf
>> Incoming Work Group = clamav
>> Incoming Work Permissions = 0660
>> - start the demons
>> - MailScanner --lint with the result:
>> MailScanner.conf says "Virus Scanners = auto"
>> Found these virus scanners installed: clamd
>>
>> ===========================================================================
>>
>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>> Other Checks: Found 1 problems
>> Virus and Content Scanning: Starting
>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintmrDiJo/lstat() failed:
>> Permission denied. ERROR :: /var/spool/MailScanner/incoming/23144
>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>> Virus Scanning: Clamd found 2 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses
>> ===========================================================================
>>
>>
>> as you can see the error was not fixed :(
>>
>> any other suggestions / hints ?
>>
>> Iulian L.D.
>
> I have similar issues in the past. Who's the owner/group of the
> directory the user clamav is trying to access and scan from?
>
> In your instance: var/spool/MailScanner/incoming/23144
>
> I've had similar issues, not MailScanner related, but had to include the
> clamav group as a part of that group as well.
>
> For instance you had a mailscanner group that had access to that
> directory that group would include the clamav group as such:
>
> /etc/group:
> ....
> mailscanner:x:101:clamav
>
> Just a thought...
>
often a good option:
clamd.confg
#AllowSupplementaryGroups no
AllowSupplementaryGroups yes
Alex
More information about the MailScanner
mailing list