ClamAV Permissions - not quite right yet

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

ClamAV Permissions - not quite right yet

Postby ppettigrew » Sun Apr 02, 2006 11:02 am

Hi,

We have CE 10.0 running on FC4 and have Spamassassin running nicely. However, ClamAV is not scanning emails (ie, it is letting through the /test/clam.exe test attachment file available through the source download). We have used yum to install all packages and followed the technotes as best we can.

We noticed many other posts having grief with permissions, and we cannot solve ours...

Symptoms:

# cd /var/opt/scalix/data/0000001
# clamdscan *

/var/opt/scalix/data/0000001/000010g: Access denied. ERROR
/var/opt/scalix/data/0000001/000010i: Access denied. ERROR
/var/opt/scalix/data/0000001/000010j: Access denied. ERROR
/var/opt/scalix/data/0000001/000010k: Access denied. ERROR
/var/opt/scalix/data/0000001/000010l: Access denied. ERROR
/var/opt/scalix/data/0000001/000010m: Access denied. ERROR
...etc...

But if we do:
# clamsscan *

000010g: OK
000010i: OK
000010j: OK
...etc...
0000121: OK
0000122: OK
0000123: OK
0000125: OK
0000126: OK
0000127: OK

----------- SCAN SUMMARY -----------
Known viruses: 48262
Engine version: 0.88
Scanned directories: 0
Scanned files: 20
Infected files: 0
Data scanned: 0.03 MB
Time: 0.850 sec (0 m 0 s)

Our groups are set up per:
# cat /etc/group
....etc...
postgres:x:26:
scalix:x:101:clamav
sxadmin:x:500:
clamav:x:102:
sa-milt:x:103:


Help! Can anybody please help point us in the right direction to get "clamdscan" scanning into our scalix emails?

Many thanks for a great community forum and application.

Paul

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Sun Apr 02, 2006 1:01 pm

When you made the change to /etc/group , did you restart clamav ?

Cheers

Dave

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Mon Apr 03, 2006 6:42 am

ScalixSupport wrote:When you made the change to /etc/group , did you restart clamav ?

Cheers

Dave


Hi Dave - thanks very much for the prompt response and advice.

Yes, we have restarted the service as well as rebooting the whole server unfortunately without success.

Any other ideas warmly welcomed - we need to put this server into production in 4 days.

Cheers, Paul

Valerion
Scalix Star
Scalix Star
Posts: 2730
Joined: Thu Feb 26, 2004 7:40 am
Location: Johannesburg, South Africa
Contact:

Postby Valerion » Mon Apr 03, 2006 7:26 am

If you need to get this working urgently you can edit /var/opt/scalix/sys/omvscan.cfg and change CLAMAV_ENGINE to use clamscan instead of clamdscan until you can get clamdscan to work. However, it will use more memory and be slower that way.

What user does clamd run as?

Code: Select all

ps aux | grep clamd | grep -v grep

Mine shows

Code: Select all

clamav    4057  0.0  5.6 85300 29124 ?       Ssl  Apr01   2:35 clamd

indicating that it's being run by user clamav.

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Mon Apr 03, 2006 7:35 am

Valerion wrote:If you need to get this working urgently you can edit /var/opt/scalix/sys/omvscan.cfg and change CLAMAV_ENGINE to use clamscan instead of clamdscan until you can get clamdscan to work. However, it will use more memory and be slower that way.

What user does clamd run as?

Code: Select all

ps aux | grep clamd | grep -v grep

Mine shows

Code: Select all

clamav    4057  0.0  5.6 85300 29124 ?       Ssl  Apr01   2:35 clamd

indicating that it's being run by user clamav.


Hi, my output to this command is as follows:
clamav 2502 0.0 0.5 22328 10380 ? Ss 20:52 0:00 clamd.scalix -c /etc/clamd.d/scalix.conf

When installing ClamAV, where prompted for clamd.<SERVICE> I chose to use the term clamd.scalix - not sure if this is an issue, but my output is different to yours in this regard??

Thanks for the workaround tip, I hope this can be sorted out properly however. I have documented the setup process in detail and hope to post it back to this forum to help others (do a CE+ClamAV+Spamassassin on a FC4 box) but need to solve this last piece of the puzzle first :-)

Cheers and thanks again...Paul

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Wed Apr 05, 2006 9:06 am

Unfortunately, still an unresolved issue. Just completed a complete rebuild of the server; alas no luck there. :-(

Still not scanning emails with clamdscan. Hopefully this is a simple fix, as time is running out for our go live.

Relevant logs/output for the guru's to please have a look at.........

Code: Select all

[root@vs5 ~]# omstat -a
PC Monitor                    Started        NON-STOP       0
Directory Relay Server        Started        22:40:06       
Notification Server           Started        22:40:06       0
Shared memory daemon          Started        NON-STOP       
Notification Monitor          Started        NON-STOP       
Session Monitor               Started        NON-STOP       
Container Access Monitor      Started        NON-STOP       
Item Structure Server         Stopped                       
Database Monitor              Started        22:40:06       
Licence Monitor Daemon        Started        NON-STOP       
LDAP Daemon                   Started        22:40:06       
Queue Manager                 Started        NON-STOP       
Item Delete Daemon            Started        NON-STOP       
IMAP Server Daemon            Started        22:40:06       
SMTP Relay                    Started        22:40:06       
Mime Browser Controller       Started        22:40:06       

[root@vs5 ~]# omstat -s
Service Router                Aborted        22:40:06       0         
Local Delivery                Started        22:40:06       0         
Internet Mail Gateway         Started        22:40:06       0         
Local Client Interface        Enabled        22:40:06       0         
Remote Client Interface       Enabled        22:40:06       1         
Test Server                   Started        22:40:06       0         
Request Server                Started        22:40:06       0         
Print Server                  Started        22:40:06       0         
Bulletin Board Server         Started        22:40:06       0         
Background Search Service     Started        22:40:06       0         
CDA Server                    Aborted        22:40:06       0         
POP3 interface                Started        22:40:06       0         
Omscan Server                 Started        22:40:06       0         
Archiver                      Started        22:40:06       0         

[root@vs5 ~]# cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
rpm:x:37:
utmp:x:22:
haldaemon:x:68:
slocate:x:21:
pcap:x:77:
nscd:x:28:
named:x:25:
netdump:x:34:
sshd:x:74:
rpc:x:32:
mailnull:x:47:
smmsp:x:51:
rpcuser:x:29:
nfsnobody:x:65534:
apache:x:48:
squid:x:23:
webalizer:x:67:
tomcat:x:91:
xfs:x:43:
ntp:x:38:
gdm:x:42:
dovecot:x:97:
mysql:x:27:
screen:x:84:
scalix:x:101:clamav
sxadmin:x:500:
clamav:x:102:

[root@vs5 ~]# clamdscan /var/opt/scalix/data/0000001/*
/var/opt/scalix/data/0000001/000010g: Access denied. ERROR
/var/opt/scalix/data/0000001/000010i: Access denied. ERROR
/var/opt/scalix/data/0000001/000010j: Access denied. ERROR
/var/opt/scalix/data/0000001/000010k: Access denied. ERROR
/var/opt/scalix/data/0000001/000010l: Access denied. ERROR
/var/opt/scalix/data/0000001/000010m: Access denied. ERROR
/var/opt/scalix/data/0000001/000010n: Access denied. ERROR
/var/opt/scalix/data/0000001/000010o: Access denied. ERROR
/var/opt/scalix/data/0000001/000010p: Access denied. ERROR
/var/opt/scalix/data/0000001/000010q: Access denied. ERROR
/var/opt/scalix/data/0000001/000010s: Access denied. ERROR
/var/opt/scalix/data/0000001/000010t: Access denied. ERROR
/var/opt/scalix/data/0000001/000010u: Access denied. ERROR
/var/opt/scalix/data/0000001/0000120: Access denied. ERROR
/var/opt/scalix/data/0000001/0000121: Access denied. ERROR
/var/opt/scalix/data/0000001/0000122: Access denied. ERROR
/var/opt/scalix/data/0000001/0000123: Access denied. ERROR
/var/opt/scalix/data/0000001/0000125: Access denied. ERROR
/var/opt/scalix/data/0000001/0000126: Access denied. ERROR
/var/opt/scalix/data/0000001/0000127: Access denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.004 sec (0 m 0 s)

[root@vs5 ~]# clamscan /var/opt/scalix/data/0000001/*
/var/opt/scalix/data/0000001/000010g: OK
/var/opt/scalix/data/0000001/000010i: OK
/var/opt/scalix/data/0000001/000010j: OK
/var/opt/scalix/data/0000001/000010k: OK
/var/opt/scalix/data/0000001/000010l: OK
/var/opt/scalix/data/0000001/000010m: OK
/var/opt/scalix/data/0000001/000010n: OK
/var/opt/scalix/data/0000001/000010o: OK
/var/opt/scalix/data/0000001/000010p: OK
/var/opt/scalix/data/0000001/000010q: OK
/var/opt/scalix/data/0000001/000010s: OK
/var/opt/scalix/data/0000001/000010t: OK
/var/opt/scalix/data/0000001/000010u: OK
/var/opt/scalix/data/0000001/0000120: OK
/var/opt/scalix/data/0000001/0000121: OK
/var/opt/scalix/data/0000001/0000122: OK
/var/opt/scalix/data/0000001/0000123: OK
/var/opt/scalix/data/0000001/0000125: OK
/var/opt/scalix/data/0000001/0000126: OK
/var/opt/scalix/data/0000001/0000127: OK

----------- SCAN SUMMARY -----------
Known viruses: 48899
Engine version: 0.88
Scanned directories: 0
Scanned files: 20
Infected files: 0
Data scanned: 0.02 MB
Time: 0.815 sec (0 m 0 s)

[root@vs5 ~]# cat /var/opt/scalix/logs/fatal
SERIOUS ERROR           CDA Server    (CDA Server    ) Wed Apr  5 22:40:06 2006
[OM 28664] There is already a CDA server process running
Pid of logging process: 2790


ERROR                   Service Router(Service Router) Wed Apr  5 22:40:07 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Access denied. ERROR
Pid of logging process: 2783


ERROR                   Service Router(Service Router) Wed Apr  5 22:40:07 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 2783


ERROR                   Service Router(Service Router) Wed Apr  5 22:40:07 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 2783


SERIOUS ERROR           Service Router(Service Router) Wed Apr  5 22:40:07 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 2783


ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 05, 2006 9:47 am

Please can you run the command:

Code: Select all

id clamav
and post the results.

Cheers

Dave

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Wed Apr 05, 2006 9:52 am

ScalixSupport wrote:Please can you run the command:

Code: Select all

id clamav
and post the results.

Cheers

Dave


Thanks Dave for the help and fast response. As requested:

Code: Select all

[root@vs5 ~]# id clamav
uid=101(clamav) gid=102(clamav) groups=102(clamav),101(scalix)

Cheers, Paul

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 05, 2006 10:12 am

Can you show me the permissions on one of the files that clam is having a problem with.

Cheers

Dave

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Wed Apr 05, 2006 10:17 am

ScalixSupport wrote:Can you show me the permissions on one of the files that clam is having a problem with.

Cheers

Dave


Code: Select all

[root@vs5 ~]# ls -l /var/opt/scalix/data/0000001/000010g
-rw-rw----  1 scalix scalix 3072 Apr  5 21:22 /var/opt/scalix/data/0000001/000010g

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 05, 2006 10:45 am

Where did you get your clamav RPMs from ?

Normally, we'd recommend Dag Wieer's site at apt.sw.be and I don't think I've ever been prompted for a service name when installing.

Cheers

Dave

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Wed Apr 05, 2006 10:51 am

Hi Dave, we got the RPM's simply via a:

Code: Select all

# yum install clamav clamav-server clamav-update

Perhaps they are missing a special tweak or other piece of Dag Wieer's majic?

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 05, 2006 11:04 am

Are you able to clamdscan a file in the /tmp directory ?

Cheers

Dave

ppettigrew
Posts: 11
Joined: Sun Apr 02, 2006 10:49 am

Postby ppettigrew » Thu Apr 06, 2006 11:09 am

ScalixSupport wrote:Are you able to clamdscan a file in the /tmp directory ?

Cheers

Dave


Hi Dave, thanks again for your help. It is very much appreciated. Looks like we get a mixed bag from this command...

Code: Select all

[root@vs5 /]# clamdscan /tmp/*
/tmp/myserver.net: OK
/tmp/debug.log: OK
/tmp/gconfd-root: Access denied. ERROR
/tmp/hsperfdata_root/2944: Unable to open file or directory ERROR
/tmp/lst6914: OK
ERROR: Not supported file type (/tmp/mapping-root)
/tmp/ominstall.log: OK
/tmp/ominstall.Olog: OK
/tmp/texconfig.Qn5963: Access denied. ERROR
/tmp/texconfig.X22857: Access denied. ERROR
/tmp/tmp.NMyzW29650: Access denied. ERROR
/tmp/tmp.XNGIEE3720: Access denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.004 sec (0 m 0 s)


PS: "myserver" has been used above in place of the domain the server is actually configured as.

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Thu Apr 06, 2006 11:21 am

Please can you post your clam.d/scalix.conf file ?

Cheers

Dave


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 15 guests