<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The only workaround I’ve found is to run clamd as root.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve seen the same issue with MailScanner / sendmail on CentOS.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Phil<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">--</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Phil Randal | Infrastructure Engineer</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#400040">NHS Herefordshire & Herefordshire Council |</span><span style="color:#1F497D">
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Deputy Chief Executive's Office | I.C.T. Services Division</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Thorn Office Centre, Rotherwas, Hereford, HR2 6JT</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Tel: 01432 260160</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]
<b>On Behalf Of </b>Curu Wong<br>
<b>Sent:</b> 06 January 2011 08:40<br>
<b>To:</b> MailScanner discussion<br>
<b>Subject:</b> Re: weird mailscanner clamd error<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">My system also has this problem. When a zip archive is scanned, I will always get clamd error like:<br>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
Jan 5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR :: ./BAD697FE65.AD0DB/zbeyond3g.jpg<br>
Jan 5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR :: ./BAD697FE65.AD0DB/zchi_button-02.jpg<br>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
<br>
all other attachent type, like rar, works fine.<br>
<br>
the files in ms incoming queue get removed after it finished processing, and I use this command to monitor file permissions under the incoming queue:<br>
<br>
while true; do ls -lR /var/spool/MailScanner/incoming/ >> file_list.txt; sleep 1;done<br>
<br>
Send an email with rar attachment:<br>
=======================================================<br>
-rw-r----- 1 postfix www-data 4 2011-01-06 16:13 nmsg-24184-11.txt<br>
-rw-r----- 1 postfix www-data 1536750 2011-01-06 16:13 nPI2.3.2.rar<br>
-rw-r----- 1 postfix www-data 150576 2011-01-06 16:13 rPI2.3.2.pdf<br>
-rw-r----- 1 postfix www-data 2141878 2011-01-06 16:13 rPoisonIvy2.3.2.exe<br>
=======================================================<br>
<br>
Send an email with zip attachment<br>
=================================================<br>
-rw-r----- 1 postfix www-data 4 2011-01-06 15:57 nmsg-24198-1.txt<br>
-rw-r----- 1 postfix www-data 1665916 2011-01-06 15:57 ntest.zip<br>
-rw------- 1 postfix www-data 238 2010-10-15 18:58 zall-wcprops<br>
-rw------- 1 postfix www-data 23100 2010-10-15 18:58 zbeyond3g.jpg<br>
-rw------- 1 postfix www-data 26180 2010-10-15 18:58 zchi_button-02.jpg<br>
-rw------- 1 postfix www-data 2472 2010-10-15 23:33 zchi_button-reset.jpg<br>
-rw------- 1 postfix www-data 2478 2010-10-15 23:33 zchi_button-submit.jpg<br>
-rw------- 1 postfix www-data 6042 2010-10-18 15:34 zchi_edm.html<br>
-rw------- 1 postfix www-data 4345 2010-10-18 15:35 zchi_web.html<br>
========================================================<br>
<br>
And I have this settings in MailScanner.conf:<br>
<br>
Incoming Work Permissions = 0640<br>
<br>
We can see that the test.zip file has the correct permissions, but its extracted files have wrong permission.<br>
In fact, even if I change Incoming Work Permissions to 0777, the file permissions is still rw------, so weird.<br>
<br>
Can anyone point out the problem?<br>
<br>
I think there maybe something wrong with the perl Archive::Zip module or MS itself.<o:p></o:p></p>
<div>
<p class="MsoNormal">2011/1/5 Naz Snidanko <<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>><o:p></o:p></p>
<p class="MsoNormal">MailScanner --lint was generating "found 2 viruses" instead of a proper<br>
"found 1 virus". So I got fed up, scrapped clamd and went with clamav.<br>
Clamav works as it should: --lint generates "found 1 virus" and no more<br>
errors with .ZIP archives. This is a small site and speed should not be<br>
a factor.<br>
<br>
Tons of thanks,<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
Naz Snidanko<br>
Desktop & Network Support<br>
Harper Power Products Inc.<br>
(p) 416 201- 7506<br>
<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">-----Original Message-----<br>
Date: Tue, 4 Jan 2011 14:45:51 -0500<br>
From: "Rick Cooper" <<a href="mailto:rcooper@dwford.com">rcooper@dwford.com</a>><br>
Subject: RE: weird mailscanner clamd error<br>
To: "'MailScanner discussion'" <<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Message-ID: <3AD1272E15D14A43BD27F7E3F3C17BD1@SAHOMELT><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
Have you attempted to manually scan an example file with clamscan or<br>
clamdscan? (preferably as the same user as would mailscanner). Have you<br>
tried sending with MailScanner running in debug mode? The error you are<br>
seeing is coming from clamd,<br>
<br>
_____<br>
<br>
From: <a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a><br>
[mailto:<a href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a>] On Behalf Of Naz<br>
Snidanko<br>
Sent: Tuesday, January 04, 2011 10:07 AM<br>
To: <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
Subject: Re: weird mailscanner clamd error<br>
<br>
<br>
<br>
Glenn,<br>
<br>
<br>
<br>
/tmp and incoming directories both have chmod 777. Also from my guess if<br>
it<br>
had something to do with permissions it would generate this error for<br>
all<br>
files, not just ZIP archives created by Winrar and Winzip programs. I<br>
also<br>
completely removed apparmor (even though it originally had rw<br>
permissions<br>
for clamd on incoming directory).<br>
<br>
<br>
<br>
Is there a module within MailScanner that does .zip file extracting<br>
before<br>
it goes for a clamd scan?<br>
<br>
Any help is much appreciated.<br>
<br>
Thank you,<br>
<br>
Naz Snidanko<br>
<br>
Desktop & Network Support<br>
<br>
Harper Power Products Inc.<br>
<br>
(p) 416 201- 7506<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <mailto:<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a><br>
<br>
------------------------------<br>
<br>
<br>
<br>
Message: 4<br>
<br>
Date: Tue, 4 Jan 2011 11:40:03 +0100<br>
<br>
From: Glenn Steen <<a href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</a>><br>
<br>
Subject: Re: weird mailscanner clamd error<br>
<br>
To: MailScanner discussion <<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>><br>
<br>
Message-ID:<br>
<br>
<<a href="mailto:AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE%2B503D-uSTMug@mail.gmail.com">AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE+503D-uSTMug@mail.gmail.com</a>><br>
<br>
Content-Type: text/plain; charset=windows-1252<br>
<br>
<br>
<br>
On 3 January 2011 21:34, Naz Snidanko<br>
<<a href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</a>><br>
wrote:<br>
<br>
> I have weird stuff happening. When we put any file into ZIP archive<br>
created<br>
<br>
> from Winzip or Winrar I get the following log in mail.log:<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus and Content Scanning:<br>
Starting<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Clamd::ERROR:: Access denied.<br>
ERROR<br>
<br>
> :: ./66522203B7.AD6EB/zRicohdeviceUsersetup.doc<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus Scanning: Clamd found 1<br>
<br>
> infections<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Virus Scanning: Found 1<br>
viruses<br>
<br>
><br>
<br>
> Jan 3 15:14:43 ares MailScanner[5103]: Spam Checks: Starting<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> File delivered after passing mailscanner to final destination.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> When I put the same file into ZIP archive using built-in Windows XP<br>
engine<br>
<br>
> it works flawlessly and no error log is generated. No error is<br>
generated<br>
<br>
> when same file is put within .rar archive either.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> I've tried different files anything from jpeg to pdf and end up with<br>
error<br>
<br>
> described above.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Can someone point me in the right direct how to troubleshoot this<br>
within<br>
<br>
> mailscanner.<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> System:<br>
<br>
><br>
<br>
><br>
<br>
><br>
<br>
> Clamd 0.96.5<br>
<br>
><br>
<br>
> Ubuntu Server 10.04<br>
<br>
><br>
<br>
> MailScanner 4.82.3<br>
<br>
><br>
<br>
> Perl 5.10.1<br>
<br>
><br>
<br>
><br>
<br>
Check that both postfix and clamav (or whatever the users/groups are<br>
<br>
called) have relevant perms... Run As User/Group and 0660 perms in<br>
<br>
MailScanner.conf, correct perms on your incoming directory (perhaps<br>
<br>
/var/spool/MailScanner/incoming), Also check your clamd settings, of<br>
<br>
course.<br>
<br>
Perhaps the most crucial bit though... is to make sure that you have<br>
<br>
sane permissions on /tmp, and that they can create files/directories<br>
<br>
there as needed.<br>
<br>
<br>
<br>
Cheers<br>
<br>
--<br>
<br>
-- Glenn<br>
<br>
email: glenn < dot > steen < at > gmail < dot > com<br>
<br>
work: glenn < dot > steen < at > ap1 < dot > se<br>
<br>
<br>
<br>
<br>
--<br>
This message has been scanned for viruses and<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">dangerous content by <<a href="http://www.mailscanner.info/" target="_blank">http://www.mailscanner.info/</a>> MailScanner, and is<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
believed to be clean.<br>
<br>
--<br>
This message has been scanned for viruses and<br>
dangerous content by MailScanner, and is<br>
believed to be clean.<br>
<br>
<o:p></o:p></p>
</div>
<p class="MsoNormal">-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL:<br>
<a href="http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104%0A/c3d769b6/attachment-0001.html" target="_blank">http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104<br>
/c3d769b6/attachment-0001.html</a><br>
<br>
------------------------------<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">
http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<DIV> </DIV>Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council.<br>You should be aware that Herefordshire Council monitors its email service.<br>This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.</body>
</html>