Scalix 12.6 and ClamAV Problems

Discuss installation of Scalix software
pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Jan 21, 2017 5:56 pm

I have been running Scalix Community Edition for a family server for a decade now and am a great fan. My system is Centos5-based which is coming to end of life, so I am having to take the plunge and move to Centos 7.

I got a basic server running and loaded Scalix 12.6 on a test box and sent a couple of external mails and was amazed when I got things working. Next I uninstalled Scalix, rsync'd the mailstore across and re-installed Scalix and again was pleased that everything came to life after doing the normal omcheck etc.

So, now to ClamAv and Spamassassin and... problems. The service router keeps crashing.

I did a couple of "start from scratch" rebuilds of the server, finally figured out how to get clamd to run on Centos 7and then tracked the problem down to ClamAV linking to Scalix, namely omvscan.map bombing out at the "503"ClamAV" cannot scan Scalix-owned ..." test. I have commented a few lines out in omvscan and can see that the test file and log file are created and permissions are changed to scalix. Clamav is running and both clamscan and clamdscan can scan files from the command line. I also tried replacing clamdscan with clamscan for scalix and it works but slowly of course.

I find all this rather odd because in the past moving from one server to another using rsync etc is an easy process.

The only difference I can see is that clamav (loaded from the EPEL RPM) now creates a user "clamscan", not "clamav". I have tried running things with user clamscan but have also created a user clamav and tried with that - all without success. I have added these users to the scalix group of course - well I assume I have as I have done things the same as I have always done when rebuilding a server box and things like /etc/passwd and /etc/group look the same on the production box as they do on my test box.

I am not a linux expert, re-learning things each time I do a re-build, and have spent days pondering what could be wrong and searching this forum and the www without finding anything which provides an answer, so I am resorting to a new post here.

help!

ScalixSupport
Scalix
Scalix
Posts: 5494
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Mon Jan 23, 2017 9:18 am

Hello,

Please refer Scalix Setup and Configuration Guide http://www.scalix.com/scalix-setup-config-guide-12-6 for clamav installation and configuration.

Also please provide the steps you did for clamav configuration.

Regards,
Scalix Support Team.

pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Mon Jan 23, 2017 4:06 pm

HI,

Thanks for your reply. I was working from that guide once the set-up did not work.

Normally when I transfer from one server to another there is little to do as the rules folder and Scalix users come across with rsync. I then set-up the ClamAV user and add to the Scalix group - job done but this time I started from scratch.

1. Install Centos7 and perform yum update - make sure FQDN is the same as the old server
2. Follow the procedure here - https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/ to get CcamAV working
3. Check ClamAV running - success.
4. Install Scalix (currently from scratch, not rsyncing mailstore to try to get a stable install)
5. Add user clamscan (user set-up by clamav install) to group Scalix (I have also tried the commands to set-up user clamav as per 12.6 PDF to use that user for clamav as alternative to clamscan)
6. Edit /etc/clamd.d/scan.conf in as described in 2 above. I tried doing no more that that and also tried uncommenting TCPAddress 127.0.0.1 and tried putting my IP addy 192.168.xxx.xxx in and uncomment TCPSocket 3310 - all without success
7. Copy over omvscan.map and create ALL-ROUTES.VIR and set permissions to 555 etc as per 12.6 PDF
8. Reboot server (just for luck)
9. Start Scalix and omstat -s. After a few minutes service router aborts
10. Try the whole set-up using clamav as user in scan.conf but get same results.

I think that covers all steps taken.

I did wonder whether omvscan.map was being engaged so I changed some of the messages in it to see which line was being returned and then commented out the rm lines to check the files were being created. All looks fine.

Since doing the above I have rebuilt the server and done the installations again from scratch - no difference.

I haven't done a line-by-line comparison of the files on my running centos5/scalix 12.5 box with my test box but have looked at users on each in webmin and cannot see any differneces.

Hopefully this will help move things forward, though I am sure you will need a bit more detail here and there to help find a solution

Cheers

Gary

This must be a permission issue but for the life of me I cannot find it.

ScalixSupport
Scalix
Scalix
Posts: 5494
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Tue Jan 24, 2017 5:48 am

Hello ,

I didn't understand, you have issue with scalix Router or only ClamAV ? What is the exact error message ?
please provide us
1) clamav logs
2) omshowlog output for service router
for dubugging increasse log level to 15 for service router
# omconflvl router 15
# omoff -d0 router; omon router

we recommend to install Mailscanner which is more powerful and includes spamassasin and clamav already, instead of installing clamav and spamassasin separately.

Regards,
Scalix Support Team

pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Tue Jan 24, 2017 5:38 pm

OK, so Clam log shows

Tue Jan 24 21:10:46 2017 -> +++ Started at Tue Jan 24 21:10:46 2017
Tue Jan 24 21:10:46 2017 -> Received 0 file descriptor(s) from systemd.
Tue Jan 24 21:10:46 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Jan 24 21:10:46 2017 -> Running as user clamscan (UID 987, GID 982)
Tue Jan 24 21:10:46 2017 -> Log file size limited to 2097152 bytes.
Tue Jan 24 21:10:46 2017 -> Reading databases from /var/lib/clamav
Tue Jan 24 21:10:46 2017 -> Not loading PUA signatures.
Tue Jan 24 21:10:46 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Jan 24 21:10:56 2017 -> Loaded 5628283 signatures.
Tue Jan 24 21:10:57 2017 -> TCP: Bound to [127.0.0.1]:3310
Tue Jan 24 21:10:57 2017 -> TCP: Setting connection queue length to 30
Tue Jan 24 21:10:57 2017 -> LOCAL: Unix socket file /var/run/clamd.scan/clamd.sock
Tue Jan 24 21:10:57 2017 -> LOCAL: Setting connection queue length to 30
Tue Jan 24 21:10:57 2017 -> Limits: Global size limit set to 104857600 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: File size limit set to 26214400 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: Recursion level limit set to 16.
Tue Jan 24 21:10:57 2017 -> Limits: Files limit set to 10000.
Tue Jan 24 21:10:57 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue Jan 24 21:10:57 2017 -> Limits: MaxPartitions limit set to 50.
Tue Jan 24 21:10:57 2017 -> Limits: MaxIconsPE limit set to 100.
Tue Jan 24 21:10:57 2017 -> Limits: MaxRecHWP3 limit set to 16.
Tue Jan 24 21:10:57 2017 -> Limits: PCREMatchLimit limit set to 10000.
Tue Jan 24 21:10:57 2017 -> Limits: PCRERecMatchLimit limit set to 5000.
Tue Jan 24 21:10:57 2017 -> Limits: PCREMaxFileSize limit set to 26214400.
Tue Jan 24 21:10:57 2017 -> Archive support enabled.
Tue Jan 24 21:10:57 2017 -> Algorithmic detection enabled.
Tue Jan 24 21:10:57 2017 -> Portable Executable support enabled.
Tue Jan 24 21:10:57 2017 -> ELF support enabled.
Tue Jan 24 21:10:57 2017 -> Detection of broken executables enabled.
Tue Jan 24 21:10:57 2017 -> Mail files support enabled.
Tue Jan 24 21:10:57 2017 -> OLE2 support enabled.
Tue Jan 24 21:10:57 2017 -> PDF support enabled.
Tue Jan 24 21:10:57 2017 -> SWF support enabled.
Tue Jan 24 21:10:57 2017 -> HTML support enabled.
Tue Jan 24 21:10:57 2017 -> XMLDOCS support enabled.
Tue Jan 24 21:10:57 2017 -> HWP3 support enabled.
Tue Jan 24 21:10:57 2017 -> Self checking every 600 seconds.
Tue Jan 24 21:11:32 2017 -> WARNING: lstat() failed on: /tmp/clamav_test.5650


performed omshut and omrc at 21:29 and omshowlog then shows
ERROR Service Router(Service Router) 24.01.17 21:29:19
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file lstat() failed: No such file or directory. ERROR


ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received:


ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5183] A Mapper error has been detected.
Current errno value: 4
-> rsl_GetMapperTimeOut
-> cust_GetCustomiseInfo
<- cust_GetCustomiseInfo
<- rsl_GetMapperTimeOut
-> os_fcntl
<- os_fcntl
-> os_fcntl
<- os_fcntl
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/12.6.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:398[100,5183]


SERIOUS ERROR Service Router(Service Router) 24.01.17 21:29:49
[OM 5183] A Mapper error has been detected.
-> cust_GetCustomiseInfo
<- cust_GetCustomiseInfo
<- rsl_GetMapperTimeOut
-> os_fcntl
<- os_fcntl
-> os_fcntl
<- os_fcntl
-> rsl_ReadMapperReply
-> rsl_GetMapperTimeOut
<- rsl_GetMapperTimeOut
-> os_StringToInt
<- os_StringToInt
-> rsl_CheckMapperReply
<- /build/12.6.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:756[100,5183]
<- /build/12.6.0/src/lib/rsl/rsl_match.c:1454[100,5183]


systemctl status clamd@scan shows the service is running but shows a warning on the clam test file produced by omvscan.map
● clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-01-24 21:26:58 GMT; 6min ago
Main PID: 7276 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─7276 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: Mail files support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: OLE2 support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: PDF support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: SWF support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: HTML support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: XMLDOCS support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: HWP3 support enabled.
Jan 24 21:27:10 mail.garycoombs.co.uk clamd[7276]: Self checking every 600 seconds.
Jan 24 21:29:19 mail.garycoombs.co.uk clamd[7276]: WARNING: lstat() failed on: /tmp/clamav_test.8098
Jan 24 21:29:19 mail.garycoombs.co.uk clamd[7276]: lstat() failed on: /tmp/clamav_test.8098


omvscan.log shows
017-01-24 21:11:32:PID=5650:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.5650
2017-01-24 21:11:32:PID=5650:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2017-01-24 21:11:32:PID=5650:OMAV_LOGLEVEL=3
2017-01-24 21:11:32:PID=5650:CLAMAV_ENGINE=/usr/bin/clamdscan
2017-01-24 21:11:32:PID=5650:CLAMAV_SCAN_OPTIONS='--stdout'
2017-01-24 21:11:32:PID=5650:CLAMAV_CLEAN_OPTIONS='--stdout'
2017-01-24 21:11:32:PID=5650:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2017-01-24 21:11:32:PID=5650:CLAMAV_USE_LOCKING=no
2017-01-24 21:11:32:PID=5650:CLAMAV_LOCK_FILE=clamav.lock
2017-01-24 21:11:32:PID=5650:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.5650
2017-01-24 21:11:32:PID=5650:/usr/bin/clamdscan --stdout /tmp/clamav_test.5650 > /var/opt/scalix/ml/s/tmp/clamav.log.5650
2017-01-24 21:11:32:PID=5650:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2017-01-24 21:11:32:PID=5650:[Reply]: lstat() failed: No such file or directory. ERROR
2017-01-24 21:29:19:PID=8098:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.8098
2017-01-24 21:29:19:PID=8098:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2017-01-24 21:29:19:PID=8098:OMAV_LOGLEVEL=3
2017-01-24 21:29:19:PID=8098:CLAMAV_ENGINE=/usr/bin/clamdscan
2017-01-24 21:29:19:PID=8098:CLAMAV_SCAN_OPTIONS='--stdout'
2017-01-24 21:29:19:PID=8098:CLAMAV_CLEAN_OPTIONS='--stdout'
2017-01-24 21:29:19:PID=8098:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2017-01-24 21:29:19:PID=8098:CLAMAV_USE_LOCKING=no
2017-01-24 21:29:19:PID=8098:CLAMAV_LOCK_FILE=clamav.lock
2017-01-24 21:29:19:PID=8098:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.8098
2017-01-24 21:29:19:PID=8098:/usr/bin/clamdscan --stdout /tmp/clamav_test.8098 > /var/opt/scalix/ml/s/tmp/clamav.log.8098
2017-01-24 21:29:19:PID=8098:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2017-01-24 21:29:19:PID=8098:[Reply]: lstat() failed: No such file or directory. ERROR

Hope this helps,

Gary

pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Jan 28, 2017 8:47 am

Anyone?

ScalixSupport
Scalix
Scalix
Posts: 5494
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Wed Feb 01, 2017 3:42 am

Hello,

Issue is under testing, we get backup to you with details.

Regards,
Scalix Support Team

ScalixSupport
Scalix
Scalix
Posts: 5494
Joined: Thu Mar 25, 2004 8:15 pm

Re: Scalix 12.6 and ClamAV Problems

Postby ScalixSupport » Thu Feb 02, 2017 6:12 am

Hello,

Please see the document uploaded in http://share.scalix.com/index.php/s/802QFSE44sCfGkx, it should work

Thanks !

Regards,
Scalix Support Team

pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Sat Feb 04, 2017 11:08 am

Brilliant, this worked straight out of the box - thank you so much.

The key difference seems to be that I had used the rpm install from the EPEL repo which takes quite a different approach to file naming and service file descriptions. I do not understand enough to decipher the differences but might this be something you experts might want to take a closer look at with those who administer/programme the EPEL repo?

Anyway, now that I seem to have a stable CentOS 7/Scalix 12.6/ClamAV box working I can focus on seeing whether i can screw up the install of spamassassin and have to come crawling back for more help but in the mean time I'm jumping for joy!!!!!

Thanks again

Gary

pinnks
Posts: 71
Joined: Tue Mar 06, 2007 10:56 am
Location: Swindon, UK

Re: Scalix 12.6 and ClamAV Problems

Postby pinnks » Fri Jan 24, 2020 10:01 am

OK, so I stumbled across my own thread when trying to resolve the following issue, so thought I might as well resurrect this discussion, rather than starting a new one.

Since I got the system working in 2017 all has been fine until today when I woke up to no email. I have not looged onto the server for a few days and have changed nothing. I cannot recall when the last updates were added but I did a yum update today and while there were a few updates none of them appeared particularly relevant to email, clam or kernal etc.

Anyway omstat -s showed the Service Router aborted. Tried omshut/omrc, checked clamd service (running as normal) and rebooted the server for good measure all to no avail. Service Router ran for a couple of minutes and aborted.

Omshowlog showed
ERROR Service Router (Service Router)
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file Could not lookup : servname not supported for ai_socktype


While not quite the same message as I was receiving back in 2017 it is presumably in the same ball park. Unfortunately the link http://share.scalix.com/index.php/s/802QFSE44sCfGkx no longer works, so I cannot see what it was that helped me in 2017, albeit nothing has changed since then anyway!

I have fiddled around for the best part of a day without success, either in terms of googling solutions or resolving the issue. I tried resetting permissions to 555 to no effect and checked that scalix was in the clamav group etc (It would have been worrying if something had change "by magic").

In the end I removed the files from the Scalix Rules folder to disable virus scanning and restarted the server. This got email working again, albeit without clamav.

[Edit] The machine was running hideously slowly all day but having disabled the virus checker for Scalix I decided to stop the Clamd service and socket. Suddenly performance back to normal. Hmm... Has something got "screwed" in clamav?

Anyone have any suggestions as to what might have happened and how to fix it because I am at a complete loss?

Thanks

Gary


Return to “Installation”



Who is online

Users browsing this forum: No registered users and 1 guest

cron