Scalix 12.6 and ClamAV Problems

Discuss installation of Scalix software
pinnks
Posts: 67
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Jan 21, 2017 5:56 pm

I have been running Scalix Community Edition for a family server for a decade now and am a great fan. My system is Centos5-based which is coming to end of life, so I am having to take the plunge and move to Centos 7.

I got a basic server running and loaded Scalix 12.6 on a test box and sent a couple of external mails and was amazed when I got things working. Next I uninstalled Scalix, rsync'd the mailstore across and re-installed Scalix and again was pleased that everything came to life after doing the normal omcheck etc.

So, now to ClamAv and Spamassassin and... problems. The service router keeps crashing.

I did a couple of "start from scratch" rebuilds of the server, finally figured out how to get clamd to run on Centos 7and then tracked the problem down to ClamAV linking to Scalix, namely omvscan.map bombing out at the "503"ClamAV" cannot scan Scalix-owned ..." test. I have commented a few lines out in omvscan and can see that the test file and log file are created and permissions are changed to scalix. Clamav is running and both clamscan and clamdscan can scan files from the command line. I also tried replacing clamdscan with clamscan for scalix and it works but slowly of course.

I find all this rather odd because in the past moving from one server to another using rsync etc is an easy process.

The only difference I can see is that clamav (loaded from the EPEL RPM) now creates a user "clamscan", not "clamav". I have tried running things with user clamscan but have also created a user clamav and tried with that - all without success. I have added these users to the scalix group of course - well I assume I have as I have done things the same as I have always done when rebuilding a server box and things like /etc/passwd and /etc/group look the same on the production box as they do on my test box.

I am not a linux expert, re-learning things each time I do a re-build, and have spent days pondering what could be wrong and searching this forum and the www without finding anything which provides an answer, so I am resorting to a new post here.

help!

ScalixSupport
Scalix
Scalix
Posts: 5489
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Mon Jan 23, 2017 9:18 am

Hello,

Please refer Scalix Setup and Configuration Guide http://www.scalix.com/scalix-setup-config-guide-12-6 for clamav installation and configuration.

Also please provide the steps you did for clamav configuration.

Regards,
Scalix Support Team.

pinnks
Posts: 67
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Mon Jan 23, 2017 4:06 pm

HI,

Thanks for your reply. I was working from that guide once the set-up did not work.

Normally when I transfer from one server to another there is little to do as the rules folder and Scalix users come across with rsync. I then set-up the ClamAV user and add to the Scalix group - job done but this time I started from scratch.

1. Install Centos7 and perform yum update - make sure FQDN is the same as the old server
2. Follow the procedure here - https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/ to get CcamAV working
3. Check ClamAV running - success.
4. Install Scalix (currently from scratch, not rsyncing mailstore to try to get a stable install)
5. Add user clamscan (user set-up by clamav install) to group Scalix (I have also tried the commands to set-up user clamav as per 12.6 PDF to use that user for clamav as alternative to clamscan)
6. Edit /etc/clamd.d/scan.conf in as described in 2 above. I tried doing no more that that and also tried uncommenting TCPAddress 127.0.0.1 and tried putting my IP addy 192.168.xxx.xxx in and uncomment TCPSocket 3310 - all without success
7. Copy over omvscan.map and create ALL-ROUTES.VIR and set permissions to 555 etc as per 12.6 PDF
8. Reboot server (just for luck)
9. Start Scalix and omstat -s. After a few minutes service router aborts
10. Try the whole set-up using clamav as user in scan.conf but get same results.

I think that covers all steps taken.

I did wonder whether omvscan.map was being engaged so I changed some of the messages in it to see which line was being returned and then commented out the rm lines to check the files were being created. All looks fine.

Since doing the above I have rebuilt the server and done the installations again from scratch - no difference.

I haven't done a line-by-line comparison of the files on my running centos5/scalix 12.5 box with my test box but have looked at users on each in webmin and cannot see any differneces.

Hopefully this will help move things forward, though I am sure you will need a bit more detail here and there to help find a solution

Cheers

Gary

This must be a permission issue but for the life of me I cannot find it.

ScalixSupport
Scalix
Scalix
Posts: 5489
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Tue Jan 24, 2017 5:48 am

Hello ,

I didn't understand, you have issue with scalix Router or only ClamAV ? What is the exact error message ?
please provide us
1) clamav logs
2) omshowlog output for service router
for dubugging increasse log level to 15 for service router
# omconflvl router 15
# omoff -d0 router; omon router

we recommend to install Mailscanner which is more powerful and includes spamassasin and clamav already, instead of installing clamav and spamassasin separately.

Regards,
Scalix Support Team

pinnks
Posts: 67
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Tue Jan 24, 2017 5:38 pm

OK, so Clam log shows

Tue Jan 24 21:10:46 2017 -> +++ Started at Tue Jan 24 21:10:46 2017
Tue Jan 24 21:10:46 2017 -> Received 0 file descriptor(s) from systemd.
Tue Jan 24 21:10:46 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Jan 24 21:10:46 2017 -> Running as user clamscan (UID 987, GID 982)
Tue Jan 24 21:10:46 2017 -> Log file size limited to 2097152 bytes.
Tue Jan 24 21:10:46 2017 -> Reading databases from /var/lib/clamav
Tue Jan 24 21:10:46 2017 -> Not loading PUA signatures.
Tue Jan 24 21:10:46 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Jan 24 21:10:56 2017 -> Loaded 5628283 signatures.
Tue Jan 24 21:10:57 2017 -> TCP: Bound to [127.0.0.1]:3310
Tue Jan 24 21:10:57 2017 -> TCP: Setting connection queue length to 30
Tue Jan 24 21:10:57 2017 -> LOCAL: Unix socket file /var/run/clamd.scan/clamd.sock
Tue Jan 24 21:10:57 2017 -> LOCAL: Setting connection queue length to 30
Tue Jan 24 21:10:57 2017 -> Limits: Global size limit set to 104857600 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: File size limit set to 26214400 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: Recursion level limit set to 16.
Tue Jan 24 21:10:57 2017 -> Limits: Files limit set to 10000.
Tue Jan 24 21:10:57 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxPartitions limit set to 50.
Tue Jan 24 21:10:57 2017 -> Limits: MaxIconsPE limit set to 100.
Tue Jan 24 21:10:57 2017 -> Limits: MaxRecHWP3 limit set to 16.
Tue Jan 24 21:10:57 2017 -> Limits: PCREMatchLimit limit set to 10000.
Tue Jan 24 21:10:57 2017 -> Limits: PCRERecMatchLimit limit set to 5000.
Tue Jan 24 21:10:57 2017 -> Limits: PCREMaxFileSize limit set to 26214400.
Tue Jan 24 21:10:57 2017 -> Archive support enabled.
Tue Jan 24 21:10:57 2017 -> Algorithmic detection enabled.
Tue Jan 24 21:10:57 2017 -> Portable Executable support enabled.
Tue Jan 24 21:10:57 2017 -> ELF support enabled.
Tue Jan 24 21:10:57 2017 -> Detection of broken executables enabled.
Tue Jan 24 21:10:57 2017 -> Mail files support enabled.
Tue Jan 24 21:10:57 2017 -> OLE2 support enabled.
Tue Jan 24 21:10:57 2017 -> PDF support enabled.
Tue Jan 24 21:10:57 2017 -> SWF support enabled.
Tue Jan 24 21:10:57 2017 -> HTML support enabled.
Tue Jan 24 21:10:57 2017 -> XMLDOCS support enabled.
Tue Jan 24 21:10:57 2017 -> HWP3 support enabled.
Tue Jan 24 21:10:57 2017 -> Self checking every 600 seconds.
Tue Jan 24 21:11:32 2017 -> WARNING: lstat() failed on: /tmp/clamav_test.5650


performed omshut and omrc at 21:29 and omshowlog then shows
ERROR Service Router(Service Router) 24.01.17 21:29:19
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file lstat() failed: No such file or directory. ERROR


ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received:


ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5183] A Mapper error has been detected.
Current errno value: 4
-> rsl_GetMapperTimeOut
-> cust_GetCustomiseInfo
<- cust_GetCustomiseInfo
<- rsl_GetMapperTimeOut
-> os_fcntl
<- os_fcntl
-> os_fcntl
<- os_fcntl
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/12.6.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:398[100,5183]


SERIOUS ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5183] A Mapper error has been detected.
-> cust_GetCustomiseInfo
<- cust_GetCustomiseInfo
<- rsl_GetMapperTimeOut
-> os_fcntl
<- os_fcntl
-> os_fcntl
<- os_fcntl
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/12.6.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:756[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:1454[100,5183]


systemctl status clamd@scan shows the service is running but shows a warning on the clam test file produced by omvscan.map
● clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-01-24 21:26:58 GMT; 6min ago
Main PID: 7276 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─7276 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: Mail files support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: OLE2 support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: PDF support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: SWF support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: HTML support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: XMLDOCS support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: HWP3 support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: Self checking every 600 seconds.
Jan 24 21:29:19 mail.garycoombs.co.uk clamd[7276]: WARNING: lstat() failed on: /tmp/clamav_test.8098
Jan 24 21:29:19 mail.garycoombs.co.uk clamd[7276]: lstat() failed on: /tmp/clamav_test.8098


omvscan.log shows
017-01-24 21:11:32:PID=5650:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.5650
2017-01-24 21:11:32:PID=5650:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2017-01-24 21:11:32:PID=5650:OMAV_LOGLEVEL=3
2017-01-24 21:11:32:PID=5650:CLAMAV_ENGINE=/usr/bin/clamdscan
2017-01-24 21:11:32:PID=5650:CLAMAV_SCAN_OPTIONS='--stdout'
2017-01-24 21:11:32:PID=5650:CLAMAV_CLEAN_OPTIONS='--stdout'
2017-01-24 21:11:32:PID=5650:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2017-01-24 21:11:32:PID=5650:CLAMAV_USE_LOCKING=no
2017-01-24 21:11:32:PID=5650:CLAMAV_LOCK_FILE=clamav.lock
2017-01-24 21:11:32:PID=5650:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.5650
2017-01-24 21:11:32:PID=5650:/usr/bin/clamdscan --stdout /tmp/clamav_test.5650 > /var/opt/scalix/ml/s/tmp/clamav.log.5650
2017-01-24 21:11:32:PID=5650:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2017-01-24 21:11:32:PID=5650:[Reply]: lstat() failed: No such file or directory. ERROR
2017-01-24 21:29:19:PID=8098:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.8098
2017-01-24 21:29:19:PID=8098:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2017-01-24 21:29:19:PID=8098:OMAV_LOGLEVEL=3
2017-01-24 21:29:19:PID=8098:CLAMAV_ENGINE=/usr/bin/clamdscan
2017-01-24 21:29:19:PID=8098:CLAMAV_SCAN_OPTIONS='--stdout'
2017-01-24 21:29:19:PID=8098:CLAMAV_CLEAN_OPTIONS='--stdout'
2017-01-24 21:29:19:PID=8098:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2017-01-24 21:29:19:PID=8098:CLAMAV_USE_LOCKING=no
2017-01-24 21:29:19:PID=8098:CLAMAV_LOCK_FILE=clamav.lock
2017-01-24 21:29:19:PID=8098:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.8098
2017-01-24 21:29:19:PID=8098:/usr/bin/clamdscan --stdout /tmp/clamav_test.8098 > /var/opt/scalix/ml/s/tmp/clamav.log.8098
2017-01-24 21:29:19:PID=8098:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2017-01-24 21:29:19:PID=8098:[Reply]: lstat() failed: No such file or directory. ERROR

Hope this helps,

Gary

pinnks
Posts: 67
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Jan 28, 2017 8:47 am

Anyone?

ScalixSupport
Scalix
Scalix
Posts: 5489
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Wed Feb 01, 2017 3:42 am

Hello,

Issue is under testing, we get backup to you with details.

Regards,
Scalix Support Team

ScalixSupport
Scalix
Scalix
Posts: 5489
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Thu Feb 02, 2017 6:12 am

Hello,

Please see the document uploaded in http://share.scalix.com/index.php/s/802QFSE44sCfGkx, it should work

Thanks !

Regards,
Scalix Support Team

pinnks
Posts: 67
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Feb 04, 2017 11:08 am

Brilliant, this worked straight out of the box - thank you so much.

The key difference seems to be that I had used the rpm install from the EPEL repo which takes quite a different approach to file naming and service file descriptions. I do not understand enough to decipher the differences but might this be something you experts might want to take a closer look at with those who administer/programme the EPEL repo?

Anyway, now that I seem to have a stable CentOS 7/Scalix 12.6/ClamAV box working I can focus on seeing whether i can screw up the install of spamassassin and have to come crawling back for more help but in the mean time I'm jumping for joy!!!!!

Thanks again

Gary


Return to “Installation”



Who is online

Users browsing this forum: No registered users and 1 guest

cron