Yet another person who can't get CalmAV to work

blackbear · Postby **blackbear** » Thu Nov 17, 2005 2:27 pm

I've got everything up and running on FC4. I can run my mail through SpamAssassin just fine. What I can't do is get ClamAV to run. I've checked all the obvious things, and followed the tech note to the letter. But there's no sign ClamAV is filtering, even when I run known virus signatures throw it. Nothing on the audit log. Nada for other log files. It's the one thing holding me up from cutting over to my new server. Help?

Postby **ScalixSupport** » Thu Nov 17, 2005 2:55 pm

Hi James,

Could you do an ls -l of your /var/opt/scalix/rules subdirectory and cat ALL-ROUTES.VIR, then post that output here? Could you also type:

clamdscan /var/opt/scalix/data/0000001/*

and post that output as well?

Thanks,
Rachel

blackbear · Postby **blackbear** » Thu Nov 17, 2005 3:32 pm

[root@mail ~]# ls -l /var/opt/scalix/rules/
-rw-r--r-- 1 root root 323 Nov 15 19:19 ALL-ROUTES.VIR
-rw-r--r-- 1 root root 234 Nov 15 19:20 ndinfo.txt
-r-xr-xr-x 1 root root 33112 Nov 15 19:21 omvscan.map

[root@mail ~]# cat /var/opt/scalix/rules/ALL-ROUTES.VIR
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was fuond in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."

[root@mail ~]# clamdscan /var/opt/scalix/data/0000001/* | more
/var/opt/scalix/data/0000001/0000c4p: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4q: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4r: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4s: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4t: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4u: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4v: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chg: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chh: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chi: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chj: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chk: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chl: Access denied. ERROR

Postby **ScalixSupport** » Thu Nov 17, 2005 4:02 pm

Hi James,

I see a couple of things. First, rename /var/opt/scalix/rules/ndinfo.txt to ndninfo.txt. However, the bigger problem is that the clamav user doesn't have the proper permissions to access the the Scalix data subdirectory. Could you check your /etc/group file and make sure clamav is part of the scalix group? If it is set, make sure you've restarted clamd so it picks up the permissions. When you run:

clamdscan /var/opt/scalix/data/0000001/*

you should see:

/var/opt/scalix/data/0000001/0000c4p: OK
/var/opt/scalix/data/0000001/0000c4q: OK
and so on.

We also need to check your error queue because if clamdscan reports errors to Scalix during an inbound scan (not when you're running clamdscan manually), we will place the message in the error queue. To check the error queue type:

omstat -q error

if messages show up there, you can resub them by typing:

omresub -i -q error

or

omresub -q error

where -i stands for interactive which means you'll be prompted whether you want to resubmit the message or delete it.

Thanks,
Rachel

blackbear · Postby **blackbear** » Thu Nov 17, 2005 4:16 pm

Ok, I fixed the naming error. Here's the group info and other data.

[root@mail rules]# grep clam /etc/group
clamav:x:101:scalix
scalix:x:102:clamav

[root@mail rules]# ps -aef | grep clam
clamav 31810 1 0 14:29 ? 00:00:00 clamd.blackbear -c /etc/clamd.d/blackbear.conf
root 32220 32219 0 15:00 ? 00:00:00 /bin/bash /usr/share/clamav/freshclam-sleep

[root@mail rules]# sudo /etc/init.d/clamd.blackbear stop
Stopping clamd.blackbear: [ OK ]
[root@mail rules]# sudo /etc/init.d/clamd.blackbear start
Starting clamd.blackbear: [ OK ]
[root@mail rules]# ps -aef | grep clam
root 32220 32219 0 15:00 ? 00:00:00 /bin/bash /usr/share/clamav/freshclam-sleep
clamav 32534 1 0 15:14 ? 00:00:00 clamd.blackbear -c /etc/clamd.d/blackbear.conf

[[root@mail rules]# clamdscan /var/opt/scalix/data/0000001/* | more
/var/opt/scalix/data/0000001/0000c4p: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4q: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4r: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4s: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4t: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4u: Access denied. ERROR
/var/opt/scalix/data/0000001/0000c4v: Access denied. ERROR
/var/opt/scalix/data/0000001/0000chg: Access denied. ERROR

[root@mail rules]# omstat -q error
omstat : There are no messages on the queue

Postby **ScalixSupport** » Thu Nov 17, 2005 5:32 pm

Hi James,

All of that looks good. Can you post your /etc/clamd.d/blackbear.conf file? Could you also post the results from "id clamav"? There's clearly something wrong here. A quick fix would be to change:

User clamav

to

User scalix

in your blackbear.conf file. However, let's try to figure out why the clamav user isn't part of the scalix group. Oh, one last thing, could you also post the results from "ls -l /var/opt/scalix/data/0000001/*"?

Thanks,
Rachel

blackbear · Postby **blackbear** » Thu Nov 17, 2005 5:39 pm

[root@mail logs]# cat /etc/clamd.d/blackbear.conf
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

# Comment or remove the line below.
# Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamd.blackbear

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock

# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: disabled
#LogTime

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamd.blackbear/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamd.blackbear/clamd.sock

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximal attachment size.
# Default: 10M
#StreamMaxLength 20M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximal number of threads running at the same time.
# Default: 10
#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximal depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as a selected user (clamd must be started by root).
# Default: disabled
User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
#AllowSupplementaryGroups

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles

# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: enabled
#ScanPE

# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
#DetectBrokenExecutables

##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
# Default: enabled
#ScanOLE2

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: enabled
#ScanMail

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: disabled
#MailFollowURLs

##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
#ScanHTML

##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: enabled
#ScanArchive

# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
#ScanRAR

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 9

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
#ArchiveLimitMemoryUsage

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
#ArchiveBlockEncrypted

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: disabled
#ArchiveBlockMax

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: disabled
#ClamukoScanOnAccess

# Set access mask for Clamuko.
# Default: disabled
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

[root@mail logs]# id clamav
uid=100(clamav) gid=101(clamav) groups=101(clamav),102(scalix)

[root@mail logs]# ls -l /var/opt/scalix/data/0000001/
total 5924
-rw-rw---- 1 scalix scalix 19072 Nov 17 10:43 0000c4p
-rw-rw---- 1 scalix scalix 67200 Nov 15 20:38 0000c4q
-rw-rw---- 1 scalix scalix 9600 Nov 15 20:38 0000c4r
-rw-rw---- 1 scalix scalix 8704 Nov 15 20:38 0000c4s
-rw-rw---- 1 scalix scalix 9728 Nov 15 20:38 0000c4t
-rw-rw---- 1 scalix scalix 10240 Nov 15 20:38 0000c4u
-rw-rw---- 1 scalix scalix 10880 Nov 15 20:38 0000c4v
-rw-rw---- 1 scalix scalix 10368 Nov 15 20:38 0000chg
-rw-rw---- 1 scalix scalix 9600 Nov 15 20:38 0000chh
-rw-rw---- 1 scalix scalix 9472 Nov 15 20:38 0000chi
-rw-rw---- 1 scalix scalix 10752 Nov 15 20:38 0000chj
-rw-rw---- 1 scalix scalix 9984 Nov 15 20:38 0000chk
-rw-rw---- 1 scalix scalix 9472 Nov 15 20:38 0000chl
-rw-rw---- 1 scalix scalix 9600 Nov 15 20:38 0000chm
-rw-rw---- 1 scalix scalix 11264 Nov 15 20:38 0000chn
-rw-rw---- 1 scalix scalix 9728 Nov 15 20:38 0000cho
-rw-rw---- 1 scalix scalix 8704 Nov 15 20:38 0000chp
-rw-rw---- 1 scalix scalix 8960 Nov 15 20:38 0000chq
-rw-rw---- 1 scalix scalix 9216 Nov 15 20:38 0000chr
-rw-rw---- 1 scalix scalix 12544 Nov 15 20:38 0000chs
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g0s
-rw-rw---- 1 scalix scalix 15433 Nov 16 18:24 0000g0t
-rw-rw---- 1 scalix scalix 5568 Nov 15 21:24 0000g0u
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g10
-rw-rw---- 1 scalix scalix 12165 Nov 16 18:24 0000g11
-rw-rw---- 1 scalix scalix 1024 Nov 15 21:24 0000g12
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g14
-rw-rw---- 1 scalix scalix 12037 Nov 16 18:24 0000g15
-rw-rw---- 1 scalix scalix 1338 Nov 15 21:24 0000g16
-rw-rw---- 1 scalix scalix 222 Nov 15 21:24 0000g18
-rw-rw---- 1 scalix scalix 12577 Nov 16 18:24 0000g19
-rw-rw---- 1 scalix scalix 227 Nov 15 21:24 0000g1a
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g1c
-rw-rw---- 1 scalix scalix 12089 Nov 16 18:24 0000g1d
-rw-rw---- 1 scalix scalix 484 Nov 15 21:24 0000g1e
-rw-rw---- 1 scalix scalix 330 Nov 15 21:24 0000g1g
-rw-rw---- 1 scalix scalix 14121 Nov 16 18:24 0000g1h
-rw-rw---- 1 scalix scalix 2592 Nov 15 21:24 0000g1i
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g1k
-rw-rw---- 1 scalix scalix 12037 Nov 16 18:24 0000g1l
-rw-rw---- 1 scalix scalix 1498 Nov 15 21:24 0000g1m
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g1o
-rw-rw---- 1 scalix scalix 50818 Nov 16 18:24 0000g1p
-rw-rw---- 1 scalix scalix 10013 Nov 15 21:24 0000g1q
-rw-rw---- 1 scalix scalix 27205 Nov 15 21:24 0000g1r
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g1t
-rw-rw---- 1 scalix scalix 12427 Nov 16 18:24 0000g1u
-rw-rw---- 1 scalix scalix 1154 Nov 15 21:24 0000g1v
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g21
-rw-rw---- 1 scalix scalix 11525 Nov 16 18:24 0000g22
-rw-rw---- 1 scalix scalix 1452 Nov 15 21:24 0000g23
-rw-rw---- 1 scalix scalix 216 Nov 15 21:24 0000g25
-rw-rw---- 1 scalix scalix 66817 Nov 16 18:24 0000g26
-rw-rw---- 1 scalix scalix 349 Nov 15 21:58 0000k0l
-rw-rw---- 1 scalix scalix 4966 Nov 15 21:58 0000k0m
-rw-rw---- 1 scalix scalix 26145 Nov 15 21:58 0000k0n
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k0p
-rw-rw---- 1 scalix scalix 183857 Nov 16 18:41 0000k0q
-rw-rw---- 1 scalix scalix 921 Nov 15 21:58 0000k0r
-rw-rw---- 1 scalix scalix 124930 Nov 15 21:58 0000k0s
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k0u
-rw-rw---- 1 scalix scalix 12193 Nov 16 18:41 0000k0v
-rw-rw---- 1 scalix scalix 567 Nov 15 21:58 0000k10
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k12
-rw-rw---- 1 scalix scalix 13873 Nov 16 18:41 0000k13
-rw-rw---- 1 scalix scalix 2505 Nov 15 21:58 0000k14
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k16
-rw-rw---- 1 scalix scalix 14593 Nov 16 18:41 0000k17
-rw-rw---- 1 scalix scalix 429 Nov 15 21:58 0000k18
-rw-rw---- 1 scalix scalix 900 Nov 15 21:58 0000k19
-rw-rw---- 1 scalix scalix 179 Nov 15 21:58 0000k1b
-rw-rw---- 1 scalix scalix 140337 Nov 16 18:41 0000k1c
-rw-rw---- 1 scalix scalix 357 Nov 15 21:58 0000k1d
-rw-rw---- 1 scalix scalix 1200 Nov 15 21:58 0000k1e
-rw-rw---- 1 scalix scalix 90112 Nov 15 21:58 0000k1f
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k1h
-rw-rw---- 1 scalix scalix 12185 Nov 16 18:41 0000k1i
-rw-rw---- 1 scalix scalix 563 Nov 15 21:58 0000k1j
-rw-rw---- 1 scalix scalix 216 Nov 15 21:58 0000k1l
-rw-rw---- 1 scalix scalix 64081 Nov 16 18:41 0000k1m
-rw-rw---- 1 scalix scalix 128 Nov 15 21:58 0000k1n
-rw-rw---- 1 scalix scalix 37956 Nov 15 21:58 0000k1o
-rw-rw---- 1 scalix scalix 216 Nov 15 21:59 0000k1q
-rw-rw---- 1 scalix scalix 266537 Nov 16 18:41 0000k1r
-rw-rw---- 1 scalix scalix 1395 Nov 15 21:59 0000k1s
-rw-rw---- 1 scalix scalix 183062 Nov 15 21:59 0000k1t
-rw-rw---- 1 scalix scalix 3199 Nov 16 11:27 0000sgb
-rw-rw---- 1 scalix scalix 1660 Nov 16 11:27 0000sgd
-rw-rw---- 1 scalix scalix 1897 Nov 16 11:27 0000sgf
-rw-rw---- 1 scalix scalix 2513 Nov 16 11:27 0000sgh
-rw-rw---- 1 scalix scalix 1280 Nov 16 11:27 0000sgj
-rw-rw---- 1 scalix scalix 2644 Nov 16 11:27 0000sgl
-rw-rw---- 1 scalix scalix 2637 Nov 16 11:27 0000sgn
-rw-rw---- 1 scalix scalix 1882 Nov 16 11:27 0000sgp
-rw-rw---- 1 scalix scalix 1160 Nov 16 11:27 0000sgr
-rw-rw---- 1 scalix scalix 1283 Nov 16 11:27 0000sgt
-rw-rw---- 1 scalix scalix 1690 Nov 16 11:27 0000sgv
-rw-rw---- 1 scalix scalix 1766 Nov 16 11:27 0000sh1
-rw-rw---- 1 scalix scalix 1707 Nov 16 11:27 0000sh3
-rw-rw---- 1 scalix scalix 1278 Nov 16 11:27 0000sh5
-rw-rw---- 1 scalix scalix 1223 Nov 16 11:27 0000sh7
-rw-rw---- 1 scalix scalix 1725 Nov 16 11:27 0000sh9
-rw-rw---- 1 scalix scalix 2910 Nov 16 11:27 0000shb
-rw-rw---- 1 scalix scalix 1257 Nov 16 11:27 0000shd
-rw-rw---- 1 scalix scalix 1784 Nov 16 11:27 0000shf
-rw-rw---- 1 scalix scalix 2161 Nov 16 11:27 0000shh
-rw-rw---- 1 scalix scalix 1803 Nov 16 11:27 0000shj
-rw-rw---- 1 scalix scalix 1809 Nov 16 11:27 0000shl
-rw-rw---- 1 scalix scalix 2899 Nov 16 11:27 0000shn
-rw-rw---- 1 scalix scalix 1741 Nov 16 11:27 0000shp
-rw-rw---- 1 scalix scalix 1570 Nov 16 11:27 0000shr
-rw-rw---- 1 scalix scalix 1795 Nov 16 11:27 0000sht
-rw-rw---- 1 scalix scalix 1805 Nov 16 11:27 0000shv
-rw-rw---- 1 scalix scalix 1224 Nov 16 11:27 0000si1
-rw-rw---- 1 scalix scalix 1224 Nov 16 11:27 0000si3
-rw-rw---- 1 scalix scalix 2255 Nov 16 11:27 0000si5
-rw-rw---- 1 scalix scalix 1240 Nov 16 11:27 0000si7
-rw-rw---- 1 scalix scalix 1821 Nov 16 11:27 0000si9
-rw-rw---- 1 scalix scalix 1851 Nov 16 11:27 0000sib
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 000138c
-rw-rw---- 1 scalix scalix 77573 Nov 16 23:21 000138d
-rw-rw---- 1 scalix scalix 33946 Nov 16 14:22 000138e
-rw-rw---- 1 scalix scalix 33821 Nov 16 14:22 000138f
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 000138h
-rw-rw---- 1 scalix scalix 17419 Nov 16 23:21 000138i
-rw-rw---- 1 scalix scalix 2036 Nov 16 14:22 000138j
-rw-rw---- 1 scalix scalix 6154 Nov 16 14:22 000138k
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 000138m
-rw-rw---- 1 scalix scalix 17419 Nov 16 23:21 000138n
-rw-rw---- 1 scalix scalix 2036 Nov 16 14:22 000138o
-rw-rw---- 1 scalix scalix 6154 Nov 16 14:22 000138p
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 000138r
-rw-rw---- 1 scalix scalix 26368 Nov 16 14:22 000138s
-rw-rw---- 1 scalix scalix 18374 Nov 16 14:22 000138t
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 000138v
-rw-rw---- 1 scalix scalix 26368 Nov 16 14:22 0001390
-rw-rw---- 1 scalix scalix 18374 Nov 16 14:22 0001391
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 0001393
-rw-rw---- 1 scalix scalix 12555 Nov 16 23:21 0001394
-rw-rw---- 1 scalix scalix 653 Nov 16 14:22 0001395
-rw-rw---- 1 scalix scalix 1255 Nov 16 14:22 0001396
-rw-rw---- 1 scalix scalix 139 Nov 16 14:22 0001397
-rw-rw---- 1 scalix scalix 210 Nov 16 14:22 0001399
-rw-rw---- 1 scalix scalix 12555 Nov 16 23:21 000139a
-rw-rw---- 1 scalix scalix 653 Nov 16 14:22 000139b
-rw-rw---- 1 scalix scalix 1255 Nov 16 14:22 000139c
-rw-rw---- 1 scalix scalix 139 Nov 16 14:22 000139d
-rw-rw---- 1 scalix scalix 324 Nov 16 14:22 000139f
-rw-rw---- 1 scalix scalix 12160 Nov 16 14:22 000139g
-rw-rw---- 1 scalix scalix 4799 Nov 16 14:22 000139h
-rw-rw---- 1 scalix scalix 324 Nov 16 14:22 000139j
-rw-rw---- 1 scalix scalix 12160 Nov 16 14:22 000139k
-rw-rw---- 1 scalix scalix 7877 Nov 16 14:36 000140n
-rw-rw---- 1 scalix scalix 9818 Nov 16 14:36 000140o
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000140q
-rw-rw---- 1 scalix scalix 17163 Nov 17 14:17 000140r
-rw-rw---- 1 scalix scalix 2983 Nov 16 14:36 000140s
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000140u
-rw-rw---- 1 scalix scalix 60930 Nov 17 14:17 000140v
-rw-rw---- 1 scalix scalix 10726 Nov 16 14:36 0001410
-rw-rw---- 1 scalix scalix 29422 Nov 16 14:36 0001411
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 0001413
-rw-rw---- 1 scalix scalix 31753 Nov 17 14:17 0001414
-rw-rw---- 1 scalix scalix 1602 Nov 16 14:36 0001415
-rw-rw---- 1 scalix scalix 9826 Nov 16 14:36 0001416
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 0001418
-rw-rw---- 1 scalix scalix 31849 Nov 17 14:17 0001419
-rw-rw---- 1 scalix scalix 5625 Nov 16 14:36 000141a
-rw-rw---- 1 scalix scalix 6078 Nov 16 14:36 000141b
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000141d
-rw-rw---- 1 scalix scalix 45689 Nov 16 15:48 000141e
-rw-rw---- 1 scalix scalix 25049 Nov 16 14:36 000141f
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000141h
-rw-rw---- 1 scalix scalix 41057 Nov 17 14:17 000141i
-rw-rw---- 1 scalix scalix 9601 Nov 16 14:36 000141j
-rw-rw---- 1 scalix scalix 14037 Nov 16 14:36 000141k
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000141m
-rw-rw---- 1 scalix scalix 13265 Nov 17 14:17 000141n
-rw-rw---- 1 scalix scalix 126 Nov 16 14:36 000141o
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000141q
-rw-rw---- 1 scalix scalix 24837 Nov 17 14:17 000141r
-rw-rw---- 1 scalix scalix 772 Nov 16 14:36 000141s
-rw-rw---- 1 scalix scalix 4277 Nov 16 14:36 000141t
-rw-rw---- 1 scalix scalix 188 Nov 16 14:36 000141v
-rw-rw---- 1 scalix scalix 26609 Nov 17 14:17 0001420
-rw-rw---- 1 scalix scalix 38917 Nov 17 14:17 00014cc
-rw-rw---- 1 scalix scalix 1514 Nov 16 14:38 00014cd
-rw-rw---- 1 scalix scalix 7513 Nov 16 14:38 00014ce
-rw-rw---- 1 scalix scalix 7785 Nov 16 14:38 00014cf
-rw-rw---- 1 scalix scalix 6489 Nov 16 14:38 00014cg
-rw-rw---- 1 scalix scalix 522 Nov 16 14:38 00014ci
-rw-rw---- 1 scalix scalix 10629 Nov 17 14:17 00014cj
-rw-rw---- 1 scalix scalix 279 Nov 16 14:38 00014ck
-rw-rw---- 1 scalix scalix 309 Nov 16 14:38 00014cm
-rw-rw---- 1 scalix scalix 12153 Nov 17 14:17 00014cn
-rw-rw---- 1 scalix scalix 275 Nov 16 14:38 00014co
-rw-rw---- 1 scalix scalix 188 Nov 16 14:38 00014cq
-rw-rw---- 1 scalix scalix 27787 Nov 17 14:17 00014cr
-rw-rw---- 1 scalix scalix 1773 Nov 16 14:38 00014cs
-rw-rw---- 1 scalix scalix 3197 Nov 16 14:38 00014ct
-rw-rw---- 1 scalix scalix 188 Nov 16 14:38 00014cv
-rw-rw---- 1 scalix scalix 18053 Nov 17 14:17 00014d0
-rw-rw---- 1 scalix scalix 4451 Nov 16 14:38 00014d1
-rw-rw---- 1 scalix scalix 67721 Nov 16 14:38 00014d2
-rw-rw---- 1 scalix scalix 320512 Nov 16 14:38 00014d3
-rw-rw---- 1 scalix scalix 37376 Nov 16 14:38 00014d4
-rw-rw---- 1 scalix scalix 592492 Nov 16 14:38 00014d5
-rw-rw---- 1 scalix scalix 188 Nov 16 14:38 00014d7
-rw-rw---- 1 scalix scalix 19217 Nov 17 14:17 00014d8
-rw-rw---- 1 scalix scalix 662 Nov 16 14:38 00014d9
-rw-rw---- 1 scalix scalix 191 Nov 16 14:38 00014db
-rw-rw---- 1 scalix scalix 34315 Nov 17 14:17 00014dc
-rw-rw---- 1 scalix scalix 5794 Nov 16 14:38 00014dd
-rw-rw---- 1 scalix scalix 6829 Nov 16 14:38 00014de
-rw-rw---- 1 scalix scalix 309 Nov 16 14:38 00014dg
-rw-rw---- 1 scalix scalix 15627 Nov 17 14:17 00014dh
-rw-rw---- 1 scalix scalix 4098 Nov 16 14:38 00014di
-rw-rw---- 1 scalix scalix 305 Nov 16 14:38 00014dk
-rw-rw---- 1 scalix scalix 1173 Nov 16 14:45 0001547
-rw-rw---- 1 scalix scalix 139 Nov 16 14:45 0001548
-rw-rw---- 1 scalix scalix 302 Nov 16 14:45 000154a
-rw-rw---- 1 scalix scalix 10379 Nov 16 19:27 000154b
-rw-rw---- 1 scalix scalix 870 Nov 16 14:45 000154c
-rw-rw---- 1 scalix scalix 343 Nov 16 14:45 000154e
-rw-rw---- 1 scalix scalix 10245 Nov 16 19:27 000154f
-rw-rw---- 1 scalix scalix 1168 Nov 16 14:45 000154g
-rw-rw---- 1 scalix scalix 313 Nov 16 14:45 000154i
-rw-rw---- 1 scalix scalix 11397 Nov 16 19:27 000154j
-rw-rw---- 1 scalix scalix 2524 Nov 16 14:45 000154k
-rw-rw---- 1 scalix scalix 308 Nov 16 14:45 000154m
-rw-rw---- 1 scalix scalix 10123 Nov 16 19:27 000154n
-rw-rw---- 1 scalix scalix 859 Nov 16 14:45 000154o
-rw-rw---- 1 scalix scalix 308 Nov 16 14:45 000154q
-rw-rw---- 1 scalix scalix 10251 Nov 16 19:27 000154r
-rw-rw---- 1 scalix scalix 925 Nov 16 14:45 000154s
-rw-rw---- 1 scalix scalix 308 Nov 16 14:45 000154u
-rw-rw---- 1 scalix scalix 9739 Nov 16 19:27 000154v
-rw-rw---- 1 scalix scalix 542 Nov 16 14:45 0001550
-rw-rw---- 1 scalix scalix 331 Nov 16 14:45 0001552
-rw-rw---- 1 scalix scalix 9861 Nov 16 19:27 0001553
-rw-rw---- 1 scalix scalix 1078 Nov 16 14:45 0001554
-rw-rw---- 1 scalix scalix 308 Nov 16 14:45 0001556
-rw-rw---- 1 scalix scalix 10507 Nov 16 19:27 0001557
-rw-rw---- 1 scalix scalix 1279 Nov 16 14:45 0001558
-rw-rw---- 1 scalix scalix 331 Nov 16 14:45 000155a
-rw-rw---- 1 scalix scalix 11781 Nov 16 19:27 000155b
-rw-rw---- 1 scalix scalix 2902 Nov 16 14:45 000155c
-rw-rw---- 1 scalix scalix 302 Nov 16 14:45 000155e
-rw-rw---- 1 scalix scalix 11275 Nov 16 19:27 000155f
-rw-rw---- 1 scalix scalix 1790 Nov 16 14:45 000155g
-rw-rw---- 1 scalix scalix 403 Nov 16 14:45 000155i
-rw-rw---- 1 scalix scalix 3409 Nov 16 14:46 00015gc
-rw-rw---- 1 scalix scalix 133 Nov 16 14:46 00015gd
-rw-rw---- 1 scalix scalix 324 Nov 16 14:46 00015gf
-rw-rw---- 1 scalix scalix 8843 Nov 16 19:27 00015gg
-rw-rw---- 1 scalix scalix 268 Nov 16 14:46 00015gh
-rw-rw---- 1 scalix scalix 304 Nov 16 14:46 00015gj
-rw-rw---- 1 scalix scalix 11019 Nov 16 19:27 00015gk
-rw-rw---- 1 scalix scalix 2107 Nov 16 14:46 00015gl
-rw-rw---- 1 scalix scalix 291 Nov 16 14:46 00015gn
-rw-rw---- 1 scalix scalix 9605 Nov 16 19:27 00015go
-rw-rw---- 1 scalix scalix 844 Nov 16 14:46 00015gp
-rw-rw---- 1 scalix scalix 324 Nov 16 14:46 00015gr
-rw-rw---- 1 scalix scalix 8843 Nov 16 19:27 00015gs
-rw-rw---- 1 scalix scalix 302 Nov 16 14:46 00015gt
-rw-rw---- 1 scalix scalix 307 Nov 16 14:46 00015gv
-rw-rw---- 1 scalix scalix 9477 Nov 16 19:27 00015h0
-rw-rw---- 1 scalix scalix 784 Nov 16 14:46 00015h1
-rw-rw---- 1 scalix scalix 325 Nov 16 14:46 00015h3
-rw-rw---- 1 scalix scalix 9733 Nov 16 19:27 00015h4
-rw-rw---- 1 scalix scalix 915 Nov 16 14:46 00015h5
-rw-rw---- 1 scalix scalix 307 Nov 16 14:46 00015h7
-rw-rw---- 1 scalix scalix 8837 Nov 16 19:27 00015h8
-rw-rw---- 1 scalix scalix 477 Nov 16 14:46 00015h9
-rw-rw---- 1 scalix scalix 324 Nov 16 14:46 00015hb
-rw-rw---- 1 scalix scalix 8971 Nov 16 19:27 00015hc
-rw-rw---- 1 scalix scalix 404 Nov 16 14:46 00015hd
-rw-rw---- 1 scalix scalix 302 Nov 16 14:46 00015hf
-rw-rw---- 1 scalix scalix 9605 Nov 16 19:27 00015hg
-rw-rw---- 1 scalix scalix 295 Nov 16 14:46 00015hh
-rw-rw---- 1 scalix scalix 293 Nov 16 14:46 00015hj
-rw-rw---- 1 scalix scalix 10373 Nov 16 19:27 00015hk
-rw-rw---- 1 scalix scalix 1921 Nov 16 14:46 00015hl
-rw-rw---- 1 scalix scalix 308 Nov 16 14:46 00015hn

blackbear · Postby **blackbear** » Thu Nov 17, 2005 5:49 pm

I ran clamd.blackbear as user scalix, and it works great now...

Postby **ScalixSupport** » Thu Nov 17, 2005 6:05 pm

Hi James,

This sounds like a similar problem that we found in SLES 9 where the /etc/group file wasn't being read properly. The other way to work around this is to edit your /etc/passwd file and change the groupID for clamav to be the same as that of scalix.

Thanks,
Rachel

Scalix Forums

Yet another person who can't get CalmAV to work

Yet another person who can't get CalmAV to work

Changing the user works

Who is online