Hi there, On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote:
I managed to install clamav-0.103.5 but I can't get it to work with mimedefang. In the maillog I always get: mimedefang.pl[3520]: 245Fuojh003739: Could not connect to clamd daemon at /var/spool/MIMEDefang/clamd.sock
When you use clamd to scan mail, something (obviously) has to send the mail to clamd. The data passes between the process which sends it and the clamd process through something called a socket. If the processes are on different machines (as I explained is the way I do it here) the socket will be a network-style socket. It can also be that kind of socket if the processes are on the same machine, but usually it's what we call a Unix socket. The socket appears in the filesystem as a file and it has characteristics usually associated with files, e.g. a name, ownerships and a set of permissions. Whatever sends the mail to clamd and clamd itself need both to be configured with those things in mind. To communicate with each other, the processes share a single socket. It's clamd which creates it. MIMEDefang looks for it. Obviously the socket needs to be created before MIMEDefang looks for it so clamd has to be started before MIMEDefang so the socket is there to be found.
when I ran ./configure to install mimedefang it detected clamd and it said: 'Make sure clamd runs as the defang user!' how does one do this?
It's not strictly necessary. The daemons need to be able to confer, and having them all run as the same user/group IDs is one way that can be used to give them the needed permissions on the shared socket. If the process sending the data to clamd doesn't have write permission for the socket then clamd won't get the data. If it doesn't have read permission, it won't get clamd's replies. The clamd configuration in clamd.conf (or whatever danged silly name this configuration file has in a Fedora/RedHat/CentOS system) tells clamd the owner/group that it's to run as. The ownership/group of the socket created by clamd will be that of the user and group given there too. MIMEDefang has configuration information stored in a similar way in its configuration file. The socket pathname needs to be the same in both configurations so that the two daemons can talk to each other via that socket. If the daemons happen to be running as two different users you can get around the socket ownership/permissions by putting those users in the same group. You can create a group for the purpose or use an existing one like clamav or mimedefang. Give the socket the same group ID and group read/write permission. You could instead give to the socket read and write permission for *everyone*, but that's bad advice so only do it for testing.
I tried: # runuser -l defang -c/usr/local/sbin/clamd & but md still throws the same error. it's not creating the clamd.sock file.
If clamd is in /usr/local/sbin/clamd then to start it from the command line you could just type /usr/local/sbin/clamd but you need to configure it by editing the configuration file(s) first. I say "file(s)" because some distributions mess about with configuration file names and locations, and Red Hat in particular is one of them. You can send commands to clamd from the command line for testing. Read the man page using man clamd which explains the syntax. For example after I edit my Yara rules, I might send the 'reload' command to the clamd daemon using # echo "RELOAD" | telnet 192.168.33.19 3310 Notice that's root sending the command, so it has the permissions. If I tried to do taht using my own account $ echo "RELOAD" | telnet 192.168.33.19 3310 it would fail. My own account doesn't have the needed permissions. You can set verbose logging in the configuration, and look in the logs to get more information than you ever thought you wanted about what's happening at startup... -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
