Page 1 of 1

ClamD killing Service Router, omvscan.map error

Posted: Mon Mar 20, 2006 8:40 am
by Flish
Ok, last thing on the list, but it's killing me, getting ClamD to work, specifics;

Suse 10 OSS
Scalix 10 Community
Default Suse ClamD rpm upgraded to 0.88
Spamassassin in and working (if that's relevant).

ClamD works, freshclam doing updates, clamd runs as the user/group vscan on suse, but the user has been added to the scalix group. Also, from another theread, user vscan has default group pid set to that of the scalix group. Running a clamdscan on/var/opt/scalix/sys/smptd.cfg works, so am assuming all ok permissions wise.

Problem is that the service router just dies on startup, from the logs dir;

fatal:
ERROR Service Router(Service Router) Mon Mar 20 12:35:22 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 23587


daemon.stderr:
/var/opt/scalix/rules/omvscan.map: line 976: return: can only `return' from a fu nction or sourced script

So, any pointers, am lost on this one, install basically by the book, only exception was user/grouj naming under Suse, but think that's covered, so, erm, help!

TIA

Posted: Mon Mar 20, 2006 8:56 am
by burhankhalid
I ran into the same problem albiet on FC4. I couldn't figure out what was wrong with it, till I just upgraded clamav and it just magically started working. So see if there is an upgrade available for SuSE.

Also, what permissions are on the rule file?

Posted: Mon Mar 20, 2006 9:05 am
by Flish
burhankhalid wrote:I ran into the same problem albiet on FC4. I couldn't figure out what was wrong with it, till I just upgraded clamav and it just magically started working. So see if there is an upgrade available for SuSE.

Also, what permissions are on the rule file?


I'd already done an update, will check again.

The permissions are currently owned by user root, and group scalix for both the ALL.ROUTEs etc file, and omvscan.map. They have been root and root though which made no difference.

Posted: Mon Mar 20, 2006 9:11 am
by burhankhalid
I hope this helps, but this is how it looks on my system :

Code: Select all

[root@avalon ~]# ls -la /var/opt/scalix/rules
total 60
drwxrwx---   2 scalix scalix  4096 Mar 11 17:35 .
drwxrwxr-x  51 scalix scalix  4096 Mar 18 18:07 ..
-rw-r--r--   1 root   root     261 Mar 11 17:35 ALL-ROUTES.VIR
-rw-r--r--   1 root   root     185 Mar  9 11:00 ndninfo.txt
-r-xr-xr-x   1 root   root   35644 Mar  9 10:59 omvscan.map

Posted: Mon Mar 20, 2006 10:45 am
by Flish
Reset group ownerships to root, and all other perms the same, no joy. I don't have an ndninfo.txt but don't think I need one, my rules are;

VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW
VIRUS-FOUND=0 ACTION=ALLOW


Any more bright ideas?

NB: Clamd client is 0.88 which is uptodate, certainly Suse Update tool doesn't have anything newer

Posted: Mon Mar 20, 2006 10:53 am
by ScalixSupport
First thing to do is to enable debug logging on the mapper script.

Go to /var/opt/scalix/sys/omvscan.cfg and set OMAV_LOGLEVEL=3. You should then restart the service router. This will create a file /var/opt/scalix/logs/omvscan.log.

Cheers

Dave

Posted: Mon Mar 20, 2006 11:14 am
by Flish
Ok, that made it work, no, honestly. Thinking about what previosu poster said about doing an update and it magically started working, I assumed that meant a ClamD update, which I'd already done, so I went looking, and only update Suse UPdate Tool (Yast) had was a kernel update, so let it run, clutched at every straw available, rebooted, and works.!?!

Debug log shows below, not sure what first few lines are about, any help there would be appreciated, but rest seems to suggest it's working, and Service Router is still up, so thanks all directly and indirectly!

This could all be a complete co-incidence and maybe some other tweak I'd done kicked in after the reboot, but just in case the update I last did was kernel-default-2.6.13-15.i586.rpm


2006-03-17 19:04:30:PID=7588:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-17 19:04:31:PID=7588:[Reply]: Access denied. ERROR
2006-03-18 20:45:12:PID=19422:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-18 20:45:12:PID=19422:[Reply]: Access denied. ERROR
2006-03-20 12:33:43:PID=23122:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 12:33:44:PID=23122:[Reply]: Access denied. ERROR
2006-03-20 12:35:22:PID=23590:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 12:35:22:PID=23590:[Reply]: Access denied. ERROR
2006-03-20 12:37:01:PID=26113:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 12:37:01:PID=26113:[Reply]: Access denied. ERROR
2006-03-20 12:38:01:PID=27579:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 12:38:01:PID=27579:[Reply]: Access denied. ERROR
2006-03-20 13:09:43:PID=3851:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 13:09:43:PID=3851:[Reply]: Access denied. ERROR
2006-03-20 14:35:55:PID=5875:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2006-03-20 14:35:55:PID=5875:[Reply]: Access denied. ERROR
2006-03-20 15:06:09:PID=5143:############## /var/opt/scalix/tmp/omvscan_cfg.5143
2006-03-20 15:06:09:PID=5143:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2006-03-20 15:06:09:PID=5143:OMAV_LOGLEVEL=3
2006-03-20 15:06:09:PID=5143:CLAMAV_ENGINE=/usr/bin/clamdscan
2006-03-20 15:06:09:PID=5143:CLAMAV_SCAN_OPTIONS='--stdout'
2006-03-20 15:06:09:PID=5143:CLAMAV_CLEAN_OPTIONS='--stdout'
2006-03-20 15:06:09:PID=5143:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2006-03-20 15:06:09:PID=5143:CLAMAV_USE_LOCKING=no
2006-03-20 15:06:09:PID=5143:CLAMAV_LOCK_FILE=clamav.lock
2006-03-20 15:06:09:PID=5143:############## /var/opt/scalix/tmp/omvscan_cfg.5143
2006-03-20 15:06:09:PID=5143:/usr/bin/clamdscan --stdout /tmp/clamav_test.5143 > /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:10:PID=5143:[Reply]:220 Virus Scanning Client Ready
2006-03-20 15:06:10:PID=5143:[Command Received]:HELO From Scalix Service Router, Version 1.0
2006-03-20 15:06:10:PID=5143:[Reply]:250 Ok
2006-03-20 15:06:10:PID=5143:[Command Received]:HELO From Scalix Service Router, Version 1.0
2006-03-20 15:06:10:PID=5143:[Reply]:250 Ok
2006-03-20 15:06:47:PID=5143:[Command Received]:SCAN:/var/opt/scalix/data/0000028/0007tb1
2006-03-20 15:06:47:PID=5143:/usr/bin/clamdscan --stdout /var/opt/scalix/data/0000028/0007tb1 > /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:exit_code 0
2006-03-20 15:06:47:PID=5143:############## start /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:/var/opt/scalix/data/0000028/0007tb1: OK
2006-03-20 15:06:47:PID=5143:
2006-03-20 15:06:47:PID=5143:----------- SCAN SUMMARY -----------
2006-03-20 15:06:47:PID=5143:Infected files: 0
2006-03-20 15:06:47:PID=5143:Time: 0.004 sec (0 m 0 s)
2006-03-20 15:06:47:PID=5143:############## end /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:[Reply]:271 No viruses found
2006-03-20 15:06:47:PID=5143:[Command Received]:SCAN:/var/opt/scalix/data/0000028/0007tb4
2006-03-20 15:06:47:PID=5143:/usr/bin/clamdscan --stdout /var/opt/scalix/data/0000028/0007tb4 > /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:exit_code 0
2006-03-20 15:06:47:PID=5143:############## start /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:/var/opt/scalix/data/0000028/0007tb4: OK
2006-03-20 15:06:47:PID=5143:
2006-03-20 15:06:47:PID=5143:----------- SCAN SUMMARY -----------
2006-03-20 15:06:47:PID=5143:Infected files: 0
2006-03-20 15:06:47:PID=5143:Time: 0.004 sec (0 m 0 s)
2006-03-20 15:06:47:PID=5143:############## end /var/opt/scalix/tmp/clamav.log.5143
2006-03-20 15:06:47:PID=5143:[Reply]:271 No viruses found

Posted: Mon Mar 20, 2006 11:20 am
by ScalixSupport

Code: Select all

2006-03-20 14:35:55:PID=5875:[Reply]:503 "ClamAV" cannot scan Scalix-owned file
2006-03-20 14:35:55:PID=5875:[Reply]: Access denied. ERROR


That's the reason why the Service Router was not starting. ClamAV had not been configured correctly. These are previous errors so everything is now looking OK.

Chances are that you had changed the group membership for the clamav/vscan user but needed a restart to pick up those changes.

Cheers

Dave