My system also has this problem. When a zip archive is scanned, I will always get clamd error like:<br>-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
Jan 5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR :: ./BAD697FE65.AD0DB/zbeyond3g.jpg<br>Jan 5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR :: ./BAD697FE65.AD0DB/zchi_button-02.jpg<br>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br><br>all other attachent type, like rar, works fine.<br>
<br>the files in ms incoming queue get removed after it finished processing, and I use this command to monitor file permissions under the incoming queue:<br><br>while true; do ls -lR /var/spool/MailScanner/incoming/ >> file_list.txt; sleep 1;done<br>
<br>Send an email with rar attachment:<br>=======================================================<br>-rw-r----- 1 postfix www-data 4 2011-01-06 16:13 nmsg-24184-11.txt<br>-rw-r----- 1 postfix www-data 1536750 2011-01-06 16:13 nPI2.3.2.rar<br>
-rw-r----- 1 postfix www-data 150576 2011-01-06 16:13 rPI2.3.2.pdf<br>-rw-r----- 1 postfix www-data 2141878 2011-01-06 16:13 rPoisonIvy2.3.2.exe<br>=======================================================<br><br>Send an email with zip attachment<br>
=================================================<br>-rw-r----- 1 postfix www-data 4 2011-01-06 15:57 nmsg-24198-1.txt<br>-rw-r----- 1 postfix www-data 1665916 2011-01-06 15:57 ntest.zip<br>-rw------- 1 postfix www-data 238 2010-10-15 18:58 zall-wcprops<br>
-rw------- 1 postfix www-data 23100 2010-10-15 18:58 zbeyond3g.jpg<br>-rw------- 1 postfix www-data 26180 2010-10-15 18:58 zchi_button-02.jpg<br>-rw------- 1 postfix www-data 2472 2010-10-15 23:33 zchi_button-reset.jpg<br>
-rw------- 1 postfix www-data 2478 2010-10-15 23:33 zchi_button-submit.jpg<br>-rw------- 1 postfix www-data 6042 2010-10-18 15:34 zchi_edm.html<br>-rw------- 1 postfix www-data 4345 2010-10-18 15:35 zchi_web.html<br>
========================================================<br><br>And I have this settings in MailScanner.conf:<br><br>Incoming Work Permissions = 0640<br><br>We can see that the test.zip file has the correct permissions, but its extracted files have wrong permission.<br>
In fact, even if I change Incoming Work Permissions to 0777, the file permissions is still rw------, so weird.<br><br>Can anyone point out the problem?<br><br>I think there maybe something wrong with the perl Archive::Zip module or MS itself.<br>
<br><div class="gmail_quote">2011/1/5 Naz Snidanko <span dir="ltr"><<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
MailScanner --lint was generating "found 2 viruses" instead of a proper<br>
"found 1 virus". So I got fed up, scrapped clamd and went with clamav.<br>
Clamav works as it should: --lint generates "found 1 virus" and no more<br>
errors with .ZIP archives. This is a small site and speed should not be<br>
a factor.<br>
<br>
Tons of thanks,<br>
<div class="im"><br>
Naz Snidanko<br>
Desktop & Network Support<br>
Harper Power Products Inc.<br>
(p) 416 201- 7506<br>
<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a><br>
<br>
</div><div class="im">-----Original Message-----<br>
Date: Tue, 4 Jan 2011 14:45:51 -0500<br>
From: "Rick Cooper" <<a href="mailto:rcooper@dwford.com">rcooper@dwford.com</a>><br>
Subject: RE: weird mailscanner clamd error<br>
To: "'MailScanner discussion'" <<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><br>
</div><div><div></div><div class="h5">Message-ID: <3AD1272E15D14A43BD27F7E3F3C17BD1@SAHOMELT><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
Have you attempted to manually scan an example file with clamscan or<br>
clamdscan? (preferably as the same user as would mailscanner). Have you<br>
tried sending with MailScanner running in debug mode? The error you are<br>
seeing is coming from clamd,<br>
<br>
_____<br>
<br>
From: <a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a><br>
[mailto:<a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a>] On Behalf Of Naz<br>
Snidanko<br>
Sent: Tuesday, January 04, 2011 10:07 AM<br>
To: <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
Subject: Re: weird mailscanner clamd error<br>
<br>
<br>
<br>
Glenn,<br>
<br>
<br>
<br>
/tmp and incoming directories both have chmod 777. Also from my guess if<br>
it<br>
had something to do with permissions it would generate this error for<br>
all<br>
files, not just ZIP archives created by Winrar and Winzip programs. I<br>
also<br>
completely removed apparmor (even though it originally had rw<br>
permissions<br>
for clamd on incoming directory).<br>
<br>
<br>
<br>
Is there a module within MailScanner that does .zip file extracting<br>
before<br>
it goes for a clamd scan?<br>
<br>
Any help is much appreciated.<br>
<br>
Thank you,<br>
<br>
Naz Snidanko<br>
<br>
Desktop & Network Support<br>
<br>
Harper Power Products Inc.<br>
<br>
(p) 416 201- 7506<br>
<br>
</div></div> <mailto:<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>><br>
<div><div></div><div class="h5"><a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a><br>
<br>
------------------------------<br>
<br>
<br>
<br>
Message: 4<br>
<br>
Date: Tue, 4 Jan 2011 11:40:03 +0100<br>
<br>
From: Glenn Steen <<a href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</a>><br>
<br>
Subject: Re: weird mailscanner clamd error<br>
<br>
To: MailScanner discussion <<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><br>
<br>
Message-ID:<br>
<br>
<<a href="mailto:AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE%2B503D-uSTMug@mail.gmail.com">AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE+503D-uSTMug@mail.gmail.com</a>><br>
<br>
Content-Type: text/plain; charset=windows-1252<br>
<br>
<br>
<br>
On 3 January 2011 21:34, Naz Snidanko<br>
<<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>><br>
wrote:<br>
<br>
> I have weird stuff happening. When we put any file into ZIP archive<br>
created<br>
<br>
> from Winzip or Winrar I get the following log in mail.log:<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus and Content Scanning:<br>
Starting<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Clamd::ERROR:: Access denied.<br>
ERROR<br>
<br>
> :: ./66522203B7.AD6EB/zRicohdeviceUsersetup.doc<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus Scanning: Clamd found 1<br>
<br>
> infections<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus Scanning: Found 1<br>
viruses<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Spam Checks: Starting<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> File delivered after passing mailscanner to final destination.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> When I put the same file into ZIP archive using built-in Windows XP<br>
engine<br>
<br>
> it works flawlessly and no error log is generated. No error is<br>
generated<br>
<br>
> when same file is put within .rar archive either.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> I've tried different files anything from jpeg to pdf and end up with<br>
error<br>
<br>
> described above.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Can someone point me in the right direct how to troubleshoot this<br>
within<br>
<br>
> mailscanner.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> System:<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Clamd 0.96.5<br>
<br>
><br>
<br>
> Ubuntu Server 10.04<br>
<br>
><br>
<br>
> MailScanner 4.82.3<br>
<br>
><br>
<br>
> Perl 5.10.1<br>
<br>
><br>
<br>
><br>
<br>
Check that both postfix and clamav (or whatever the users/groups are<br>
<br>
called) have relevant perms... Run As User/Group and 0660 perms in<br>
<br>
MailScanner.conf, correct perms on your incoming directory (perhaps<br>
<br>
/var/spool/MailScanner/incoming), Also check your clamd settings, of<br>
<br>
course.<br>
<br>
Perhaps the most crucial bit though... is to make sure that you have<br>
<br>
sane permissions on /tmp, and that they can create files/directories<br>
<br>
there as needed.<br>
<br>
<br>
<br>
Cheers<br>
<br>
--<br>
<br>
-- Glenn<br>
<br>
email: glenn < dot > steen < at > gmail < dot > com<br>
<br>
work: glenn < dot > steen < at > ap1 < dot > se<br>
<br>
<br>
<br>
<br>
--<br>
This message has been scanned for viruses and<br>
</div></div>dangerous content by <<a href="http://www.mailscanner.info/" target="_blank">http://www.mailscanner.info/</a>> MailScanner, and is<br>
<div class="im"><br>
believed to be clean.<br>
<br>
--<br>
This message has been scanned for viruses and<br>
dangerous content by MailScanner, and is<br>
believed to be clean.<br>
<br>
<br>
</div>-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL:<br>
<a href="http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104%0A/c3d769b6/attachment-0001.html" target="_blank">http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104<br>
/c3d769b6/attachment-0001.html</a><br>
<br>
------------------------------<br>
<div><div></div><div class="h5"><br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</div></div></blockquote></div><br>