Service Router aborts due to ClamAv with error code 503

[mschrijn]

Hi All,

Tried to add to an open topic, but no response (yet), so I thought to bring in a new topic.
Please understand that I am reasonably new to scalix. The installation was very easy, and it was up and running nicely, until I started have a problem with integrating ClamAv which causes the Service Router to stop working.
Platform: CentOS 5.2 with Scalix 11.4.0.4501

I've followed lot's of posts, and I've tried quite some things, but it just keeps on crashing my service router.

Here is what I did:

Clamav anti-virus software installation

1.Download the latest Clamav anti-virus software tar-ball from www.clamav.org
2.Optionally: Binary ftp the tar-ball to the mailserver.
3.Store the Clamav anti-virus tar-ball in the /tmp filesystem
4.Login to the mailserver as user root.
5.Change directory to /tmp with: cd /tmp
6.Extract the tar-ball with (e.g.): tar -zxvf clamav-0.93.3.tar.gz
7.Change directory to the extraction directory: cd clamav-0.93.3
8.Create a unix-group with: groupadd clamav
9.Create a unix-user with: useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
10.Configure the Clamav software with: ./configure --sysconfdir=/etc
11.Compile the Clamav software with: make
12.Install the Clamav software with: su -c "make install"
13.Edit the file: /etc/clamd.conf
Remark: c=comment line, s=set value.
c: Example
s: LogFile /var/log/clamd.log
s: LogTime yes
s: LogSyslog yes
s: LogFacility LOG_MAIL
s: LogVerbose yes
s: PidFile /var/run/clamd/clamd.pid
s: DatabaseDirectory /var/lib/clamav
s: LocalSocket /var/run/clamd/clamd.sock
s: FixStaleSocket yes
s: User clamav
s: AllowSupplementaryGroups yes
s: ScanOLE2 yes
s: ScanMail yes
s: PhishingSignatures yes
s: PhishingScanURLs yes
s: ScanHTML yes
s: ScanArchive yes
14.Create the database directory /var/lib/clamav with: mkdir /var/lib/clamav
15.Change ownership of the directory with: chown clamav:clamav /var/lib/clamav
16.Change permission on the directory with: chmod 755 /var/lib/clamav
17.Create the socket directory /var/run/clamd with: mkdir /var/run/clamd
18.Change ownership of the directory with: chown clamav:clamav /var/run/clamd
19.Change permission on the directory with: chmod 700 /var/run/clamd
20.Edit the file: /etc/freshclam.conf
Remark: c=comment line, s=set value, v=verify value.
c: Example
s: DatabaseDirectory /var/lib/clamav
s: UpdateLogFile /var/log/freshclam.log
s: LogTime yes
s: LogVerbose yes
s: LogSyslog yes
s: LogFacility LOG_MAIL
s: DatabaseOwner clamav
s (first entry): DatabaseMirror db.NL.clamav.net
v (second entry): DatabaseMirror database.clamav.net
s: ScriptedUpdates yes
21.Create the freshclam logfile with: touch /var/log/clamd.log
22.Change ownership of the freshclam logfile with: chown clamav /var/log/clamd.log
23.Change permissions on the freshclam logfile: chmod 600 /var/log/clamd.log
24.Create the freshclam logfile with: touch /var/log/freshclam.log
25.Change ownership of the freshclam logfile with: chown clamav /var/log/freshclam.log
26.Change permissions on the freshclam logfile: chmod 600 /var/log/freshclam.log
27.Test the Clamav anti-virus software with: clamscan -r -l scan.txt /tmp/clamav-0.93.3
It should find some files in /tmp/clamav-0.93.3/test
28.Edit the crontab with: crontab -e
29.Add the following line to the crontab: 17 * * * * /usr/local/bin/freshclam –quiet
30.Create the file /etc/rc.d/init.d/clamd:
<init-script content>
31.chmod 755 clamd
32.chkconfig --add clamd
33.chkconfig --levels 345 clamd on
34.Modify the file /etc/group bij adding the clamav user to the scalix group using:
usermod -G scalix clamav
35.service clamd start

Scalix – Clamav anti-virus integration configuration
1.Create an anti-virus rule-file in /var/opt/scalix/ml/s/rules (where ml is the instance-name) with with name ALL-ROUTES.VIR and content:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. We recommend that you install or update your virus protection software and scan your computer for viruses."
2.Create a non-delivery-notification file in /var/opt/scalix/ml/s/rules (where ml is the instance-name) with with name ndninfo.txt and content:
Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update your virus protection software.
3.Create a scan-file which provides the necessary information for the anti-virus software to scan all messages sent to Scalix users with (where ml is the instance-name), and make sure the file-permissons are set properly:
cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/ml/s/rules
cd /var/opt/scalix/ml/s/rules
chown root omvscan.map
chmod 555 omvscan.map
4.Modify the file /var/opt/scalix/ml/s/sys/omvscan.cfg (where ml is the instance-name):
CLAMAV_ENGINE=/usr/local/bin/clamdscan

ClamAv itself is working very nice as clamd, clamdscan, clamscan and freshclam. It finds all the virus test-files in the clamav unpack directory.
Scalix itself worked until I started the ClamAv integration.
I increased the loggin with the omvscan.cfg to level 3:

2008-07-19 12:06:50:PID=6657:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.6657
2008-07-19 12:06:50:PID=6657:OMAV_LOGFILE=$(omrealpath '~/logs/omvscan.log')
2008-07-19 12:06:50:PID=6657:OMAV_LOGLEVEL=3
2008-07-19 12:06:50:PID=6657:CLAMAV_ENGINE=/usr/local/bin/clamdscan
2008-07-19 12:06:50:PID=6657:CLAMAV_SCAN_OPTIONS='--stdout'
2008-07-19 12:06:50:PID=6657:CLAMAV_CLEAN_OPTIONS='--stdout'
2008-07-19 12:06:50:PID=6657:CLAMAV_LOGPGX=$(omrealpath '~/tmp/clamav.log')
2008-07-19 12:06:50:PID=6657:CLAMAV_USE_LOCKING=no
2008-07-19 12:06:50:PID=6657:CLAMAV_LOCK_FILE=clamav.lock
2008-07-19 12:06:50:PID=6657:############## /var/opt/scalix/ml/s/tmp/omvscan_cfg.6657
2008-07-19 12:06:50:PID=6657:/usr/local/bin/clamdscan --stdout /tmp/clamav_test.6657 > /var/opt/scalix/ml/s/tmp/clamav.log.6657
2008-07-19 12:06:50:PID=6657:[Reply]:503 "ClamAV" cannot scan Scalix-owned file2008-07-19 12:06:50:PID=6657:[Reply]:

I am a little stuck here.
I tried the hint to add clamav user to the scalix group.
I tried the hint to add in the calmd to allow supplamentary groups.
What am I forgetting/not doing?

Regards,
Michael

[mschrijn]

When running clamdscan on /var/opt/scalix I get the following messages:

/var/opt/scalix/ml/caa/scalix.res/config/psdata: Unable to open file or directory ERROR
/var/opt/scalix/ml/platform/platform.properties: Unable to open file or directory ERROR
/var/opt/scalix/ml/platform/platform.properties.bak: Unable to open file or directory ERROR
/var/opt/scalix/ml/platform/log4j.properties: Unable to open file or directory ERROR
/var/opt/scalix/ml/postgres/pgstartup.log: Unable to open file or directory ERROR

Looking at the permissions:

-rw------- 1 root root 9 Jul 12 15:44 /var/opt/scalix/ml/caa/scalix.res/config/psdata
-rw------- 1 root root 1539 Jul 12 15:44 /var/opt/scalix/ml/platform/platform.properties
-rw------- 1 root root 1520 May 8 17:15 /var/opt/scalix/ml/platform/platform.properties.bak
-rw-r----- 1 root root 3819 May 8 17:15 /var/opt/scalix/ml/platform/log4j.properties
-rw------- 1 postgres postgres 135 Jul 19 03:26 /var/opt/scalix/ml/postgres/pgstartup.log

This is by default install.
And ownership is not scalix but root, and the message refers to a scalix owner file not being able to be scanned by clamav.

Regards,
Michael

[mschrijn]

The lines from omshowlog:

ERROR Service Router(Service Router) 07.19.08 13:22:03
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: <none - expect greeting reply>
Reply received: 503 "ClamAV" cannot scan Scalix-owned file


ERROR Service Router(Service Router) 07.19.08 13:22:48
[OM 5181] Reply timed out or invalid - Mapper protocol problem.
Command sent: QUIT Please Close This Session
Reply received:


ERROR Service Router(Service Router) 07.19.08 13:22:48
[OM 5183] A Mapper error has been detected.
Current errno value: 4
<- rsl_GetRuleValue
-> rsl_GetRuleValue
<- rsl_GetRuleValue
-> rsl_GetRuleValue
<- rsl_GetRuleValue
-> rsl_GetRuleValue
<- rsl_GetRuleValue
<- rsl_GetRuleSet
<- sr_CheckForVirusRule
-> vs_ScanInit
-> vs_ScanActive
<- vs_ScanActive
-> vs_omScanInit
-> vs_GenericScanInit
<- /build/11.4.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/11.4.0/src/lib/rsl/rsl_match.c:398[100,5183]


SERIOUS ERROR Service Router(Service Router) 07.19.08 13:22:48
[OM 5183] A Mapper error has been detected.
-> rsl_GetRuleValue
<- rsl_GetRuleValue
-> rsl_GetRuleValue
<- rsl_GetRuleValue
-> rsl_GetRuleValue
<- rsl_GetRuleValue
<- rsl_GetRuleSet
<- sr_CheckForVirusRule
-> vs_ScanInit
-> vs_ScanActive
<- vs_ScanActive
-> vs_omScanInit
-> vs_GenericScanInit
<- /build/11.4.0/src/lib/rsl/rsl_match.c:244[100,5183]
<- /build/11.4.0/src/lib/rsl/rsl_match.c:756[100,5183]
<- /build/11.4.0/src/lib/rsl/rsl_match.c:1454[100,5183]

Also tried to give clamav some spare time to load the virus-database before starting the scalix services => problem still persists.


Regards,
Michael

[mschrijn]

Hi All,

The problem is solved, thanks to the forum posts. Somewhere in one of the posts I've found a remark about permissions and clamav and scalix sharing the /var/run/clamd directory.
This made me test acouple of things.

The problem is solved by modifying the permissions from:

drwx------ 2 clamav clamav 4096 Jul 19 13:19 clamd

to

drwxrwx--- 2 clamav scalix 4096 Jul 19 13:19 clamd

Where of course it is required to have clamav member of the scalix group as desribed in many posts.

So the instructions on the installation is now:

1.Create the database directory /var/lib/clamav with: mkdir /var/lib/clamav
2.Change ownership of the directory with: chown clamav:clamav /var/lib/clamav
3.Change permission on the directory with: chmod 755 /var/lib/clamav
4.Modify the file /etc/group bij adding the clamav user to the scalix group using:
usermod -G scalix clamav
5.Create the socket directory /var/run/clamd with: mkdir /var/run/clamd
6.Change ownership of the directory with: chown clamav:scalix /var/run/clamd
7.Change permission on the directory with: chmod 770 /var/run/clamd

Thanks for a good forum.
Michael