Page 1 of 2
ClamAV Permissions - not quite right yet
Posted: Sun Apr 02, 2006 11:02 am
by ppettigrew
Hi,
We have CE 10.0 running on FC4 and have Spamassassin running nicely. However, ClamAV is not scanning emails (ie, it is letting through the /test/clam.exe test attachment file available through the source download). We have used yum to install all packages and followed the technotes as best we can.
We noticed many other posts having grief with permissions, and we cannot solve ours...
Symptoms:
# cd /var/opt/scalix/data/0000001
# clamdscan *
/var/opt/scalix/data/0000001/000010g: Access denied. ERROR
/var/opt/scalix/data/0000001/000010i: Access denied. ERROR
/var/opt/scalix/data/0000001/000010j: Access denied. ERROR
/var/opt/scalix/data/0000001/000010k: Access denied. ERROR
/var/opt/scalix/data/0000001/000010l: Access denied. ERROR
/var/opt/scalix/data/0000001/000010m: Access denied. ERROR
...etc...
But if we do:
# clamsscan *
000010g: OK
000010i: OK
000010j: OK
...etc...
0000121: OK
0000122: OK
0000123: OK
0000125: OK
0000126: OK
0000127: OK
----------- SCAN SUMMARY -----------
Known viruses: 48262
Engine version: 0.88
Scanned directories: 0
Scanned files: 20
Infected files: 0
Data scanned: 0.03 MB
Time: 0.850 sec (0 m 0 s)
Our groups are set up per:
# cat /etc/group
....etc...
postgres:x:26:
scalix:x:101:clamav
sxadmin:x:500:
clamav:x:102:
sa-milt:x:103:
Help! Can anybody please help point us in the right direction to get "clamdscan" scanning into our scalix emails?
Many thanks for a great community forum and application.
Paul
Posted: Sun Apr 02, 2006 1:01 pm
by ScalixSupport
When you made the change to /etc/group , did you restart clamav ?
Cheers
Dave
Posted: Mon Apr 03, 2006 6:42 am
by ppettigrew
ScalixSupport wrote:When you made the change to /etc/group , did you restart clamav ?
Cheers
Dave
Hi Dave - thanks very much for the prompt response and advice.
Yes, we have restarted the service as well as rebooting the whole server unfortunately without success.
Any other ideas warmly welcomed - we need to put this server into production in 4 days.
Cheers, Paul
Posted: Mon Apr 03, 2006 7:26 am
by Valerion
If you need to get this working urgently you can edit /var/opt/scalix/sys/omvscan.cfg and change CLAMAV_ENGINE to use clamscan instead of clamdscan until you can get clamdscan to work. However, it will use more memory and be slower that way.
What user does clamd run as?
Code: Select all
ps aux | grep clamd | grep -v grepMine shows
Code: Select all
clamav 4057 0.0 5.6 85300 29124 ? Ssl Apr01 2:35 clamdindicating that it's being run by user
clamav.
Posted: Mon Apr 03, 2006 7:35 am
by ppettigrew
Valerion wrote:If you need to get this working urgently you can edit /var/opt/scalix/sys/omvscan.cfg and change CLAMAV_ENGINE to use clamscan instead of clamdscan until you can get clamdscan to work. However, it will use more memory and be slower that way.
What user does clamd run as?
Code: Select all
ps aux | grep clamd | grep -v grepMine shows
Code: Select all
clamav 4057 0.0 5.6 85300 29124 ? Ssl Apr01 2:35 clamdindicating that it's being run by user
clamav.
Hi, my output to this command is as follows:
clamav 2502 0.0 0.5 22328 10380 ? Ss 20:52 0:00 clamd.scalix -c /etc/clamd.d/scalix.conf
When installing ClamAV, where prompted for clamd.<SERVICE> I chose to use the term clamd.scalix - not sure if this is an issue, but my output is different to yours in this regard??
Thanks for the workaround tip, I hope this can be sorted out properly however. I have documented the setup process in detail and hope to post it back to this forum to help others (do a CE+ClamAV+Spamassassin on a FC4 box) but need to solve this last piece of the puzzle first :-)
Cheers and thanks again...Paul
Posted: Wed Apr 05, 2006 9:06 am
by ppettigrew
Unfortunately, still an unresolved issue. Just completed a complete rebuild of the server; alas no luck there. :-(
Still not scanning emails with clamdscan. Hopefully this is a simple fix, as time is running out for our go live.
Relevant logs/output for the guru's to please have a look at.........
Code: Select all
[root@vs5 ~]# omstat -a
PC Monitor Started NON-STOP 0
Directory Relay Server Started 22:40:06
Notification Server Started 22:40:06 0
Shared memory daemon Started NON-STOP
Notification Monitor Started NON-STOP
Session Monitor Started NON-STOP
Container Access Monitor Started NON-STOP
Item Structure Server Stopped
Database Monitor Started 22:40:06
Licence Monitor Daemon Started NON-STOP
LDAP Daemon Started 22:40:06
Queue Manager Started NON-STOP
Item Delete Daemon Started NON-STOP
IMAP Server Daemon Started 22:40:06
SMTP Relay Started 22:40:06
Mime Browser Controller Started 22:40:06
[root@vs5 ~]# omstat -s
Service Router Aborted 22:40:06 0
Local Delivery Started 22:40:06 0
Internet Mail Gateway Started 22:40:06 0
Local Client Interface Enabled 22:40:06 0
Remote Client Interface Enabled 22:40:06 1
Test Server Started 22:40:06 0
Request Server Started 22:40:06 0
Print Server Started 22:40:06 0
Bulletin Board Server Started 22:40:06 0
Background Search Service Started 22:40:06 0
CDA Server Aborted 22:40:06 0
POP3 interface Started 22:40:06 0
Omscan Server Started 22:40:06 0
Archiver Started 22:40:06 0
[root@vs5 ~]# cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
rpm:x:37:
utmp:x:22:
haldaemon:x:68:
slocate:x:21:
pcap:x:77:
nscd:x:28:
named:x:25:
netdump:x:34:
sshd:x:74:
rpc:x:32:
mailnull:x:47:
smmsp:x:51:
rpcuser:x:29:
nfsnobody:x:65534:
apache:x:48:
squid:x:23:
webalizer:x:67:
tomcat:x:91:
xfs:x:43:
ntp:x:38:
gdm:x:42:
dovecot:x:97:
mysql:x:27:
screen:x:84:
scalix:x:101:clamav
sxadmin:x:500:
clamav:x:102:
[root@vs5 ~]# clamdscan /var/opt/scalix/data/0000001/*
/var/opt/scalix/data/0000001/000010g: Access denied. ERROR
/var/opt/scalix/data/0000001/000010i: Access denied. ERROR
/var/opt/scalix/data/0000001/000010j: Access denied. ERROR
/var/opt/scalix/data/0000001/000010k: Access denied. ERROR
/var/opt/scalix/data/0000001/000010l: Access denied. ERROR
/var/opt/scalix/data/0000001/000010m: Access denied. ERROR
/var/opt/scalix/data/0000001/000010n: Access denied. ERROR
/var/opt/scalix/data/0000001/000010o: Access denied. ERROR
/var/opt/scalix/data/0000001/000010p: Access denied. ERROR
/var/opt/scalix/data/0000001/000010q: Access denied. ERROR
/var/opt/scalix/data/0000001/000010s: Access denied. ERROR
/var/opt/scalix/data/0000001/000010t: Access denied. ERROR
/var/opt/scalix/data/0000001/000010u: Access denied. ERROR
/var/opt/scalix/data/0000001/0000120: Access denied. ERROR
/var/opt/scalix/data/0000001/0000121: Access denied. ERROR
/var/opt/scalix/data/0000001/0000122: Access denied. ERROR
/var/opt/scalix/data/0000001/0000123: Access denied. ERROR
/var/opt/scalix/data/0000001/0000125: Access denied. ERROR
/var/opt/scalix/data/0000001/0000126: Access denied. ERROR
/var/opt/scalix/data/0000001/0000127: Access denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.004 sec (0 m 0 s)
[root@vs5 ~]# clamscan /var/opt/scalix/data/0000001/*
/var/opt/scalix/data/0000001/000010g: OK
/var/opt/scalix/data/0000001/000010i: OK
/var/opt/scalix/data/0000001/000010j: OK
/var/opt/scalix/data/0000001/000010k: OK
/var/opt/scalix/data/0000001/000010l: OK
/var/opt/scalix/data/0000001/000010m: OK
/var/opt/scalix/data/0000001/000010n: OK
/var/opt/scalix/data/0000001/000010o: OK
/var/opt/scalix/data/0000001/000010p: OK
/var/opt/scalix/data/0000001/000010q: OK
/var/opt/scalix/data/0000001/000010s: OK
/var/opt/scalix/data/0000001/000010t: OK
/var/opt/scalix/data/0000001/000010u: OK
/var/opt/scalix/data/0000001/0000120: OK
/var/opt/scalix/data/0000001/0000121: OK
/var/opt/scalix/data/0000001/0000122: OK
/var/opt/scalix/data/0000001/0000123: OK
/var/opt/scalix/data/0000001/0000125: OK
/var/opt/scalix/data/0000001/0000126: OK
/var/opt/scalix/data/0000001/0000127: OK
----------- SCAN SUMMARY -----------
Known viruses: 48899
Engine version: 0.88
Scanned directories: 0
Scanned files: 20
Infected files: 0
Data scanned: 0.02 MB
Time: 0.815 sec (0 m 0 s)
[root@vs5 ~]# cat /var/opt/scalix/logs/fatal
SERIOUS ERROR CDA Server (CDA Server ) Wed Apr 5 22:40:06 2006
[OM 28664] There is already a CDA server process running
Pid of logging process: 2790
ERROR Service Router(Service Router) Wed Apr 5 22:40:07 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Access denied. ERROR
Pid of logging process: 2783
ERROR Service Router(Service Router) Wed Apr 5 22:40:07 2006
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received: 220 Virus Scanning Client Ready
Pid of logging process: 2783
ERROR Service Router(Service Router) Wed Apr 5 22:40:07 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 2783
SERIOUS ERROR Service Router(Service Router) Wed Apr 5 22:40:07 2006
[OM 5183] A Mapper error has been detected.
Pid of logging process: 2783
Posted: Wed Apr 05, 2006 9:47 am
by ScalixSupport
Please can you run the command:
and post the results.
Cheers
Dave
Posted: Wed Apr 05, 2006 9:52 am
by ppettigrew
ScalixSupport wrote:Please can you run the command:
and post the results.
Cheers
Dave
Thanks Dave for the help and fast response. As requested:
Code: Select all
[root@vs5 ~]# id clamav
uid=101(clamav) gid=102(clamav) groups=102(clamav),101(scalix)
Cheers, Paul
Posted: Wed Apr 05, 2006 10:12 am
by ScalixSupport
Can you show me the permissions on one of the files that clam is having a problem with.
Cheers
Dave
Posted: Wed Apr 05, 2006 10:17 am
by ppettigrew
ScalixSupport wrote:Can you show me the permissions on one of the files that clam is having a problem with.
Cheers
Dave
Code: Select all
[root@vs5 ~]# ls -l /var/opt/scalix/data/0000001/000010g
-rw-rw---- 1 scalix scalix 3072 Apr 5 21:22 /var/opt/scalix/data/0000001/000010g
Posted: Wed Apr 05, 2006 10:45 am
by ScalixSupport
Where did you get your clamav RPMs from ?
Normally, we'd recommend Dag Wieer's site at apt.sw.be and I don't think I've ever been prompted for a service name when installing.
Cheers
Dave
Posted: Wed Apr 05, 2006 10:51 am
by ppettigrew
Hi Dave, we got the RPM's simply via a:
Code: Select all
# yum install clamav clamav-server clamav-updatePerhaps they are missing a special tweak or other piece of Dag Wieer's majic?
Posted: Wed Apr 05, 2006 11:04 am
by ScalixSupport
Are you able to clamdscan a file in the /tmp directory ?
Cheers
Dave
Posted: Thu Apr 06, 2006 11:09 am
by ppettigrew
ScalixSupport wrote:Are you able to clamdscan a file in the /tmp directory ?
Cheers
Dave
Hi Dave, thanks again for your help. It is very much appreciated. Looks like we get a mixed bag from this command...
Code: Select all
[root@vs5 /]# clamdscan /tmp/*
/tmp/myserver.net: OK
/tmp/debug.log: OK
/tmp/gconfd-root: Access denied. ERROR
/tmp/hsperfdata_root/2944: Unable to open file or directory ERROR
/tmp/lst6914: OK
ERROR: Not supported file type (/tmp/mapping-root)
/tmp/ominstall.log: OK
/tmp/ominstall.Olog: OK
/tmp/texconfig.Qn5963: Access denied. ERROR
/tmp/texconfig.X22857: Access denied. ERROR
/tmp/tmp.NMyzW29650: Access denied. ERROR
/tmp/tmp.XNGIEE3720: Access denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.004 sec (0 m 0 s)PS: "myserver" has been used above in place of the domain the server is actually configured as.
Posted: Thu Apr 06, 2006 11:21 am
by ScalixSupport
Please can you post your clam.d/scalix.conf file ?
Cheers
Dave