CkamAV Configuration Testing Problem

[jgao]

I'm testing my ClamAV configuration following the technical note. When I ran

omon rtr

I got this message:

/var/named/chroot/proc: Permission denied
Enabling 1 subsystem(s).

When I looked at the fatal file, I have:

ERROR Service Router(Service Router) Wed Apr 19 17:31:02 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Access denied. ERROR
Pid of logging process: 5657


ERROR Service Router(Service Router) Wed Apr 19 17:31:02 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 5657


ERROR Service Router(Service Router) Wed Apr 19 17:31:02 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 5657


SERIOUS ERROR Service Router(Service Router) Wed Apr 19 17:31:02 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 5657

Please help. Thanks.

[ScalixSupport]

Reply received: 503 "ClamAV" cannot scan Scalix-owned file Access denied. ERROR

This means that you haven't configured clamd to be part of the Scalix group. Please go back through the steps and confirm each one. Importantly, restarting clamd after changing /etc/group.

Cheers

Dave

[jgao]

Sure the clamav user is in the scalix group. I'm using the scanlix 10.0.1 on FC4 with all updates.

As a test, I sent an email with clamav virus testing file clam.zip. There's nothing in audit log.

I folowed the ClamAV manual by

telnet localhost 3310
SCAN /var/opt/scalix/data

The result is very clear: /var/opt/scalix/data/0000002/0000119: ClamAV-Test-File FOUND

This tells me the ClamAV user has the right to access scalix data files. Something is wrong on scalix side.

When I ran testing on scalix using "omon rtr" I got:

/var/named/chroot/proc: Permission denied
Enabling 1 subsystem(s).

Is this relevant? Any clue on this weird message.

Thanks.

[Flish]

Had cause to reboot the box alst night and now found a previously working clam / scalix install has died, bas ically same eymptoms as above, any joy in this?

Specificially the fatal log shows;

Code: Select all


ERROR                   Service Router(Service Router) Sat Apr 22 13:54:13 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Access denied. ERROR
Pid of logging process: 21645


ERROR                   Service Router(Service Router) Sat Apr 22 13:54:13 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 21645


ERROR                   Service Router(Service Router) Sat Apr 22 13:54:13 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 21645


SERIOUS ERROR           Service Router(Service Router) Sat Apr 22 13:54:13 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 21645


pre empting other questions, this is a Suse box so clam runs under the user name vscan, which is a member of the scalix group, specifically;

Code: Select all


caladan:/var/opt/scalix/logs # cat /etc/passwd

<SNIP BITS>

vscan:x:65:103:Vscan account:/var/spool/amavis:/bin/false
scalix:x:102:104:Scalix User:/var/opt/scalix:/bin/true
sxadmin:x:1001:1000:Scalix Server user:/home/sxadmin:/bin/bash
named:x:44:44:Name server daemon:/var/lib/named:/bin/false


caladan:/var/opt/scalix/logs # cat /etc/group

<SNIP BITS>

vscan:!:103:
scalix:!:104:vscan
sxadmin:!:1000:
named:!:44:
caladan:/var/opt/scalix/logs #


Other ouputs are;

Code: Select all

caladan:/var/opt/scalix/logs # clamscan /var/opt/scalix/data/0000001/* | more
/var/opt/scalix/data/0000001/000010g: OK
/var/opt/scalix/data/0000001/000010i: OK
/var/opt/scalix/data/0000001/000010j: OK
/var/opt/scalix/data/0000001/000010k: OK
/var/opt/scalix/data/0000001/000010l: OK
/var/opt/scalix/data/0000001/000010m: OK
/var/opt/scalix/data/0000001/000010n: OK
/var/opt/scalix/data/0000001/000010o: OK
/var/opt/scalix/data/0000001/000010p: OK
/var/opt/scalix/data/0000001/000010q: OK
/var/opt/scalix/data/0000001/000010s: OK
/var/opt/scalix/data/0000001/000010t: OK
/var/opt/scalix/data/0000001/000010u: OK


But

Code: Select all

caladan:/var/opt/scalix/logs # clamdscan /var/opt/scalix/data/0000001/* | more
/var/opt/scalix/data/0000001/000010g: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010i: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010j: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010k: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010l: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010m: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010n: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010o: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010p: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010q: lstat() failed. ERROR
/var/opt/scalix/data/0000001/000010s: lstat() failed. ERROR



Answers on a postcard please!

[ScalixSupport]

On SuSE systems putting the entry in the /etc/group file doesn't seen to always work. Try changing the group ID for vscan in /etc/passwd from 103 to 104, then restart clamd. Once done, try running clamdscan again.

Thanks,
Rachel

[Flish]

On SuSE systems putting the entry in the /etc/group file doesn't seen to always work. Try changing the group ID for vscan in /etc/passwd from 103 to 104, then restart clamd. Once done, try running clamdscan again.

Thanks, that worked a treat,. clamdscan reported back with a full set of ok's and service router has started up fine.

Any idea why this has magically stopped working, not a fan of unknown fall overs.

TIA

[Flish]

For any other Suse users that find this at some random point in the future (Suse OSS 10 in my case), it would appear that when Yast does a system update and updates it's version of Clam it's resetting the group for the user vscan.

In example quoted earlier vscan has the gid of 103 and scalix has a gid of 104, I was advised to edit /etc/passwd and change the user vscan to having a gid of 104 (from 103) which solved all. It would seem that I have to do this again, so pay attention when you do a Yast update to clam as you might need to do this too.

HTH someone

[FJE_84]

Hello Everybody

i have the same Probleme here on my server.

cat /etc/group |grep vsc
vscan:!:103:scalix

cat /etc/passwd |grep vsc
vscan:x:65:103:Vscan account:/var/spool/amavis:/bin/false

Nov 6 09:11:48 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000001q/002kdpq
Nov 6 09:29:38 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke2s
Nov 6 09:29:38 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke2t
Nov 6 09:29:38 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke2u
Nov 6 09:37:22 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000026/002ke51
Nov 6 09:37:22 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000026/002ke57
Nov 6 09:37:22 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000026/002ke59
Nov 6 09:37:22 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000026/002ke5b
Nov 6 09:46:28 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000027/002ke61
Nov 6 09:46:28 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000027/002ke67
Nov 6 09:46:28 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000027/002ke69
Nov 6 09:46:28 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000027/002ke6b
Nov 6 09:52:25 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke75
Nov 6 09:52:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke76
Nov 6 09:59:13 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke36
Nov 6 09:59:13 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke37
Nov 6 10:02:25 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke7h
Nov 6 10:02:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke7o
Nov 6 10:02:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke7q
Nov 6 10:02:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke7s
Nov 6 10:02:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke7u
Nov 6 10:02:26 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000028/002ke80
Nov 6 10:02:54 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000029/002ke8h
Nov 6 10:02:54 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000029/002ke8n
Nov 6 10:02:54 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000029/002ke8p
Nov 6 10:02:54 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000029/002ke8r
Nov 6 10:02:54 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000029/002ke8t
Nov 6 10:10:55 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000001m/002ke94
Nov 6 10:10:55 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000001m/002ke95
Nov 6 10:22:05 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000002a/002ke9h
Nov 6 10:22:05 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000002a/002ke9k
Nov 6 10:23:00 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002ke3f
Nov 6 10:23:00 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/0000023/002kea0
Nov 6 10:44:31 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000001o/002keah
Nov 6 10:44:31 server clamd[4157]: lstat() failed on: /var/opt/scalix/nv/s/data/000001o/002keai

what is the Problem of the ClamAV Dämon?

FG

Franz