clamav problems

[koxbox]

hi i used the clamav howto from your site:

i get tist error messege:

WARNING Service Router(Service Router) 01.11.06 00:10:27
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
<- sdl_MapStdCharInt
<- sdl_MapSysChar
-> sdl_MapSysChar
-> sdl_InitData
-> sdl_MapStdCharInt
-> sdl_InitData
<- sdl_MapStdCharInt
<- sdl_MapSysChar
<- cvc_CmpCS
-> cvc_GetOutString
<- cvc_GetOutString
<- cvc_ConvertString2
-> rsl_ParseNdnInfo
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
<- /build/9.4.2.4/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 01.11.06 00:10:27
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 01.11.06 00:10:27

any ideas whats wrong in ndinfo.txt...
i just wrote some alert text in it... thats all.. like in the howto

[ScalixSupport]

Hi,

Please post the contents of your

/var/opt/scalix/rules/ALL-ROUTES.VIR
and
/var/opt/scalix/rules/ndninfo.txt

also post the results of ls -al of

/var/opt/scalix/rules

and please post the scalix entry in your /etc/group file

Thanks,
Don

[koxbox]

ALL_ROUTES..VIR:

VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="Ein Virus wurde gefunden. Bitte kontaktieren sie Ihren Administrator"

-------------------------------------------------

ndinfi.txt:

Ein Virus wurde gefunden. Bitte kontaktieren sie Ihren Administrator

----------------------------------------------------

braintux:/var/opt/scalix/rules # ls -all
total 45
drwxrwx--- 2 scalix scalix 144 Jan 11 00:35 .
drwxrwxr-x 49 scalix scalix 1256 Jan 10 04:01 ..
-rw-r--r-- 1 root root 177 Jan 11 00:35 ALL-ROUTES.VIR
-rw-r--r-- 1 root root 69 Jan 11 00:07 ndinfo.txt
-r-xr-xr-x 1 root root 33112 Jan 11 00:07 omvscan.map

------------------------------------------------------------

/etc/group

root:x:0:
bin:x:1:daemon
daemon:x:2:
sys:x:3:
tty:x:5:
disk:x:6:
lp:x:7:
www:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:
news:x:13:
uucp:x:14:
shadow:x:15:
dialout:x:16:koxbox,sxadmin
audio:x:17:
floppy:x:19:
cdrom:x:20:
console:x:21:
utmp:x:22:
at:!:25:
public:x:32:
video:x:33:koxbox,sxadmin
games:x:40:
xok:x:41:
trusted:x:42:
modem:x:43:
named:!:44:
ftp:x:49:
postfix:!:51:
maildrop:!:59:
man:x:62:
sshd:!:65:
ntadmin:!:71:
messagebus:!:101:
haldaemon:!:102:
nobody:x:65533:
nogroup:x:65534:nobody
users:x:100:
scalix:!:103:
sxadmin:!:1000:
vscan:!:104:

i hope that helps you

[koxbox]

ah ok i fixed one problem.. i caled the file ndinfo.txt.. it has to be ndninfo.txt...

i send an virus to... and the mail is not like before into mailbox..

but i got ne messege taht an virus has been detectet ??

[ScalixSupport]

Hi,

Mate, you don't see the problem here? The ls shows the name of your file

ndinfo.txt

What do the instructions say that the name of the file should be? What does the error message say about a missing file?

Also it looks like you didn't follow the instructions on giving the clamav user proper permissions. I quote the tech note...

"Once the rpms have been installed, a new user and group called clamav will have been created. The clamav user must be added to the scalix group. This can be done through the User Manager or by editing the /etc/group file and appending clamav to scalix entry."

Best wishes,
Don

[koxbox]

hi..

theres no entry about adding user clamav... in knowledgebase howto clamav

and file cales ndinfo.txt in knowledgebase howto...

is there any new corect howto??

thanx

[koxbox]

hi.. i did it exactly like the knowlegebase howto clamav..

i thinks theres some litle bugs in that howto...

i modified the /etc/passwd file like the howto... in howto its /etc/passed ??

rest i did exactly like the howto...

now thats the new log...

ERROR Service Router(Service Router) 01.12.06 00:44:00
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: SCAN:/var/opt/scalix/data/0000007/0000281
Reply received: 504 anti-virus engine "ClamAV" exhibits unexpected behavior
ERROR Service Router(Service Router) 01.12.06 00:44:00
[OM 5183] A Mapper error has been detected.
-> rsl_CheckMapperReply
<- rsl_CheckMapperReply
<- rsl_ReadMapperReply
<- rsl_InvokeMapper
<- rsl_ReuseOrInvokeMapper
-> rsl_WriteMapperCommand
<- rsl_WriteMapperCommand
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/9.4.2.4/src/lib/rsl/rsl_match.c:243[100,5183]
<- /build/9.4.2.4/src/lib/rsl/rsl_match.c:1555[100,5183]
<- /build/9.4.2.4/src/bin/sr/sr_main.c:3944[100,5183

[ScalixSupport]

Hi,

Yes, there are bugs in that technote. Thanks for pointing out that our new one hasn't been posted yet. We'll get the new one posted soon.

So, I realize now you are using SuSE. Have a look at this...

Once the rpms have been installed, a new user and group called clamav on RedHat or vscan on SuSE will have been created. The clamav/vscan user must be added to the scalix group. This can be done through the User Manager or by editing the /etc/group file and appending clamav/vscan to the scalix entry. Please note that on some versions of SuSE simply adding the user to the group file doesn’t give the user group rights. If that’s the case on your system, you may need to change the group for the vscan user to be the scalix group.

Thanks,
Don

[ScalixSupport]

Hi,

The latest technote is now posted. Thanks again!

Regards,
Don

[koxbox]

hi

now the howto looks mutch better..

and now all works OK

i changed /etc/group to scalix:!:103:vscan

all perfect... now sxadmin gets the messege and an attachmend with the virus in...

great

[ScalixSupport]

Beautiful. Good job!

Don