Page 1 of 1
clamav problems
Posted: Wed Jan 11, 2006 7:08 pm
by koxbox
hi i used the clamav howto from your site:
i get tist error messege:
WARNING Service Router(Service Router) 01.11.06 00:10:27
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
<- sdl_MapStdCharInt
<- sdl_MapSysChar
-> sdl_MapSysChar
-> sdl_InitData
-> sdl_MapStdCharInt
-> sdl_InitData
<- sdl_MapStdCharInt
<- sdl_MapSysChar
<- cvc_CmpCS
-> cvc_GetOutString
<- cvc_GetOutString
<- cvc_ConvertString2
-> rsl_ParseNdnInfo
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
<- /build/9.4.2.4/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 01.11.06 00:10:27
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 01.11.06 00:10:27
any ideas whats wrong in ndinfo.txt...
i just wrote some alert text in it... thats all.. like in the howto
Posted: Wed Jan 11, 2006 7:20 pm
by ScalixSupport
Hi,
Please post the contents of your
/var/opt/scalix/rules/ALL-ROUTES.VIR
and
/var/opt/scalix/rules/ndninfo.txt
also post the results of ls -al of
/var/opt/scalix/rules
and please post the scalix entry in your /etc/group file
Thanks,
Don
Posted: Wed Jan 11, 2006 7:36 pm
by koxbox
ALL_ROUTES..VIR:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="Ein Virus wurde gefunden. Bitte kontaktieren sie Ihren Administrator"
-------------------------------------------------
ndinfi.txt:
Ein Virus wurde gefunden. Bitte kontaktieren sie Ihren Administrator
----------------------------------------------------
braintux:/var/opt/scalix/rules # ls -all
total 45
drwxrwx--- 2 scalix scalix 144 Jan 11 00:35 .
drwxrwxr-x 49 scalix scalix 1256 Jan 10 04:01 ..
-rw-r--r-- 1 root root 177 Jan 11 00:35 ALL-ROUTES.VIR
-rw-r--r-- 1 root root 69 Jan 11 00:07 ndinfo.txt
-r-xr-xr-x 1 root root 33112 Jan 11 00:07 omvscan.map
------------------------------------------------------------
/etc/group
root:x:0:
bin:x:1:daemon
daemon:x:2:
sys:x:3:
tty:x:5:
disk:x:6:
lp:x:7:
www:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:
news:x:13:
uucp:x:14:
shadow:x:15:
dialout:x:16:koxbox,sxadmin
audio:x:17:
floppy:x:19:
cdrom:x:20:
console:x:21:
utmp:x:22:
at:!:25:
public:x:32:
video:x:33:koxbox,sxadmin
games:x:40:
xok:x:41:
trusted:x:42:
modem:x:43:
named:!:44:
ftp:x:49:
postfix:!:51:
maildrop:!:59:
man:x:62:
sshd:!:65:
ntadmin:!:71:
messagebus:!:101:
haldaemon:!:102:
nobody:x:65533:
nogroup:x:65534:nobody
users:x:100:
scalix:!:103:
sxadmin:!:1000:
vscan:!:104:
i hope that helps you
Posted: Wed Jan 11, 2006 7:45 pm
by koxbox
ah ok i fixed one problem.. i caled the file ndinfo.txt.. it has to be ndninfo.txt...
i send an virus to... and the mail is not like before into mailbox..
but i got ne messege taht an virus has been detectet ??
Posted: Wed Jan 11, 2006 7:46 pm
by ScalixSupport
Hi,
Mate, you don't see the problem here? The ls shows the name of your file
ndinfo.txt
What do the instructions say that the name of the file should be? What does the error message say about a missing file?
Also it looks like you didn't follow the instructions on giving the clamav user proper permissions. I quote the tech note...
"Once the rpms have been installed, a new user and group called clamav will have been created. The clamav user must be added to the scalix group. This can be done through the User Manager or by editing the /etc/group file and appending clamav to scalix entry."
Best wishes,
Don
Posted: Wed Jan 11, 2006 7:56 pm
by koxbox
hi..
theres no entry about adding user clamav... in knowledgebase howto clamav
and file cales ndinfo.txt in knowledgebase howto...
is there any new corect howto??
thanx
Posted: Wed Jan 11, 2006 8:06 pm
by koxbox
hi.. i did it exactly like the knowlegebase howto clamav..
i thinks theres some litle bugs in that howto...
i modified the /etc/passwd file like the howto... in howto its /etc/passed ??
rest i did exactly like the howto...
now thats the new log...
ERROR Service Router(Service Router) 01.12.06 00:44:00
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: SCAN:/var/opt/scalix/data/0000007/0000281
Reply received: 504 anti-virus engine "ClamAV" exhibits unexpected behavior
ERROR Service Router(Service Router) 01.12.06 00:44:00
[OM 5183] A Mapper error has been detected.
-> rsl_CheckMapperReply
<- rsl_CheckMapperReply
<- rsl_ReadMapperReply
<- rsl_InvokeMapper
<- rsl_ReuseOrInvokeMapper
-> rsl_WriteMapperCommand
<- rsl_WriteMapperCommand
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/9.4.2.4/src/lib/rsl/rsl_match.c:243[100,5183]
<- /build/9.4.2.4/src/lib/rsl/rsl_match.c:1555[100,5183]
<- /build/9.4.2.4/src/bin/sr/sr_main.c:3944[100,5183
Posted: Wed Jan 11, 2006 8:13 pm
by ScalixSupport
Hi,
Yes, there are bugs in that technote. Thanks for pointing out that our new one hasn't been posted yet. We'll get the new one posted soon.
So, I realize now you are using SuSE. Have a look at this...
Once the rpms have been installed, a new user and group called clamav on RedHat or vscan on SuSE will have been created. The clamav/vscan user must be added to the scalix group. This can be done through the User Manager or by editing the /etc/group file and appending clamav/vscan to the scalix entry. Please note that on some versions of SuSE simply adding the user to the group file doesn’t give the user group rights. If that’s the case on your system, you may need to change the group for the vscan user to be the scalix group.
Thanks,
Don
Posted: Wed Jan 11, 2006 8:22 pm
by ScalixSupport
Hi,
The latest technote is now posted. Thanks again!
Regards,
Don
Posted: Wed Jan 11, 2006 8:59 pm
by koxbox
hi
now the howto looks mutch better..
and now all works OK
i changed /etc/group to scalix:!:103:vscan
all perfect... now sxadmin gets the messege and an attachmend with the virus in...
great
Posted: Wed Jan 11, 2006 9:28 pm
by ScalixSupport
Beautiful. Good job!
Don