subject:"\[Clamav\-users\] 0.85 0.81.1 tha same troubles with milter"

[Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello clamav-users,

   i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
   found an error massage on starting clamav-milter ("Permission
   denied"). is there any chance to solve this little problem?


   p.s. sorry about my english...
-- 
Best regards,
 Sergey  mailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Tomasz Kojm

On Tue, 17 May 2005 11:16:54 +0400
Sergey <[EMAIL PROTECTED]> wrote:

> Hello clamav-users,
> 
>i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
>found an error massage on starting clamav-milter ("Permission
>denied"). is there any chance to solve this little problem?

I don't believe you've installed 0.85.1 properly.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue May 17 12:25:49 CEST 2005


pgpB6WSHrPNFf.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Krištof Petr

Tomasz Kojm wrote:
On Tue, 17 May 2005 11:16:54 +0400
Sergey <[EMAIL PROTECTED]> wrote:
 

Hello clamav-users,
  i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
  found an error massage on starting clamav-milter ("Permission
  denied"). is there any chance to solve this little problem?
   

I don't believe you've installed 0.85.1 properly.
 


Sergey is right. This bug is not fixed.
May 17 12:36:41 server clamd: clamd startup succeeded
May 17 12:36:41 server clamd[27991]: HTML support enabled.
May 17 12:36:41 server clamd[27991]: Self checking every 1800 seconds.
May 17 12:36:54 server clamav-milter: /var/log/clamav/clamd.log: 
Permission denied

Petr
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Tomasz Kojm

On Tue, 17 May 2005 12:55:36 +0200
Kritof Petr <[EMAIL PROTECTED]> wrote:

> Sergey is right. This bug is not fixed.
> 
> 
> May 17 12:36:41 server clamd: clamd startup succeeded
> May 17 12:36:41 server clamd[27991]: HTML support enabled.
> May 17 12:36:41 server clamd[27991]: Self checking every 1800 seconds.
> May 17 12:36:54 server clamav-milter: /var/log/clamav/clamd.log: 
> Permission denied

The original bug was related to /dev/console. The above seems like
a standard permission problem.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue May 17 12:57:15 CEST 2005


pgpW4jse1DLY9.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Tomasz Kojm

On Tue, 17 May 2005 15:10:12 +0400
Sergey <[EMAIL PROTECTED]> wrote:

> Hello Tomasz,
> 
> Tuesday, May 17, 2005, 2:27:00 PM, you wrote:
> 
> TK> On Tue, 17 May 2005 11:16:54 +0400
> TK> Sergey <[EMAIL PROTECTED]> wrote:
> 
> >> Hello clamav-users,
> >> 
> >>i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
> >>found an error massage on starting clamav-milter ("Permission
> >>denied"). is there any chance to solve this little problem?
> 
> TK> I don't believe you've installed 0.85.1 properly.
> 
> 
> what do you mean by "properly"?
>  there were no errors while i was installing it.
>  i used just the same option that i used for installing 0.84 or there
>  is in 0.85 some "new extra installation stuff" that i missed?

The only 'essential' information you have provided is that
clamav-milter prints "Permission denied" on startup so don't expect
constructive help from me.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue May 17 13:12:51 CEST 2005


pgpiYZZeVVwQ8.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Krištof Petr

Tomasz Kojm wrote:
On Tue, 17 May 2005 12:55:36 +0200
Krištof Petr <[EMAIL PROTECTED]> wrote:
 

Sergey is right. This bug is not fixed.
May 17 12:36:41 server clamd: clamd startup succeeded
May 17 12:36:41 server clamd[27991]: HTML support enabled.
May 17 12:36:41 server clamd[27991]: Self checking every 1800 seconds.
May 17 12:36:54 server clamav-milter: /var/log/clamav/clamd.log: 
Permission denied
   

The original bug was related to /dev/console. The above seems like
a standard permission problem.
 

I reported this bug one week before. But once again:
# uname -mpio
i686 i686 i386 GNU/Linux
# clamd -V
ClamAV 0.85.1/882/Tue May 17 08:48:03 2005
# clamav-milter -V
ClamAV version 0.85.1, clamav-milter version 0.85
# ll /var/log
total 42860
drwxr-xr-x  14 rootroot   4096 May 17 12:36 .
drwxr-xr-x  23 rootroot   4096 Jan  7 14:52 ..
-rw---   1 rootroot  21573 Feb  1 04:02 boot.log.4
drwxr-xr-x   2 clamav  clamav 4096 May 17 13:05 clamav
-rw-r--r--   1 rootroot 183414 May 17 13:01 cron
# ll /var/log/clamav/
total 16
drwxr-xr-x   2 clamav clamav 4096 May 17 13:08 .
drwxr-xr-x  14 root   root   4096 May 17 12:36 ..
-rw-r-   1 clamav clamav  474 May 17 13:05 freshclam.log
# service clamd start
Starting Clam AV daemon:   [  OK  ]
# ll /var/log/clamav/
total 20
drwxr-xr-x   2 clamav clamav 4096 May 17 13:09 .
drwxr-xr-x  14 root   root   4096 May 17 12:36 ..
-rw-r-   1 root   root   1417 May 17 13:09 clamd.log
-rw-r-   1 clamav clamav  474 May 17 13:05 freshclam.log
# service clamav-milter start
Starting clamav-milter:[FAILED]
# tail -f /var/log/messages
May 17 13:13:42 server clamav-milter: /var/log/clamav/clamd.log: 
Permission denied

and clamav-milter is not running.
# grep User /etc/clamd.conf
User clamav
My observation is: clamav creates log file with root permission,
so user clamav cannt write to log.
Are there some developers who believes that non-priviledged user clamav
can write to logfile with bad permissions (0640 root.root clamd.log)?
This assumption is wrong on some unix like OSes, Im affraid.
Clamav should create log file with same owner as defined in clamd.conf
to work it properly.
Petr
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Andrzej Zawadzki

Sergey wrote:
[...]
> -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
  ^^
How clamd (in realy user clamav.clamav) can write to this file??

[...]

-- 
Andrzej Zawadzki
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Bill Maidment

Sergey wrote:
Hello Kriљtof,

KP> # grep User /etc/clamd.conf
KP> User clamav
Shouldn't the conf files be in /usr/local/etc/ ???
That's how it works for me and my log file is owned by clamav
Cheers
Bill
--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Bill Maidment said:
> Sergey wrote:
>> Hello Kritof,
>>
>
>
>> KP> # grep User /etc/clamd.conf
>> KP> User clamav
>>
>
> Shouldn't the conf files be in /usr/local/etc/ ???
> That's how it works for me and my log file is owned by clamav
>

That is dependant upon who built the binaries and the choices they made
when doing so. If this were standardized there would be fewer instances of
multiple versions of libs, executables, and config files installed on
systems. As a minimum, packagers should describe in their docs where
things go. My guess is most noobies would still not read it, but those who
try to debug the mess they have would have another tool to work with.

The lesson to learn is: know your system and don't trust packagers.

dp

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Mr Mailing List

Hello,
On 17 May 2005, at 13:17, Tomasz Kojm wrote:
On Tue, 17 May 2005 15:10:12 +0400
Sergey <[EMAIL PROTECTED]> wrote:

Hello Tomasz,
Tuesday, May 17, 2005, 2:27:00 PM, you wrote:
TK> On Tue, 17 May 2005 11:16:54 +0400
TK> Sergey <[EMAIL PROTECTED]> wrote:

Hello clamav-users,
   i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
   found an error massage on starting clamav-milter ("Permission
   denied"). is there any chance to solve this little problem?
TK> I don't believe you've installed 0.85.1 properly.
what do you mean by "properly"?
 there were no errors while i was installing it.
 i used just the same option that i used for installing 0.84 or there
 is in 0.85 some "new extra installation stuff" that i missed?
The only 'essential' information you have provided is that
clamav-milter prints "Permission denied" on startup so don't expect
constructive help from me.
There appears to be something not quite good happening.
More information, for version v0.85 the following scenario seems  
consistent on my server:

clamd.conf contains:
User clamav
.
LogFile /var/log/clam/clamd.log
Now delete
stop clamd
delete /var/log/clam/clamd.log
start clamd again
Upon restart clamd.log is created, but owned by root.
ls -l /var/log/clam/clamd.log
-rw-r-1 root root 2675 May 17 14:42 /var/log/clam/ 
clamd.log

(Additional information:
ls -ld /var/log/clam/
drwxr-xr-x2 clamav   clamav   4096 May 17 14:42 /var/log/clam/
)

--
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue May 17 13:12:51 CEST 2005
___
http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Bill Maidment

Dennis Peterson wrote:
Bill Maidment said:
Sergey wrote:
Hello Krištof,

KP> # grep User /etc/clamd.conf
KP> User clamav
Shouldn't the conf files be in /usr/local/etc/ ???
That's how it works for me and my log file is owned by clamav

That is dependant upon who built the binaries and the choices they made
when doing so. If this were standardized there would be fewer instances of
multiple versions of libs, executables, and config files installed on
systems. As a minimum, packagers should describe in their docs where
things go. My guess is most noobies would still not read it, but those who
try to debug the mess they have would have another tool to work with.
Agreed. Interestingly, it made me look at my setup again and, because I 
run Mimedefang, I have "User defang" in my clamd.conf clamav belongs to 
group defang and the log file permissions are 0660 clamav.clamav yet it 
still works on every clamav version including 0.85 and 0.85.1
My brain hurts.

The lesson to learn is: know your system and don't trust packagers.
I build clamav from source using default configure (even though I'm 
running Fedora 3.)

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Sergey wrote:
Hello Dennis,
Tuesday, May 17, 2005, 5:11:43 PM, you wrote:
DP> Sergey said:
Hello Andrzej,
Tuesday, May 17, 2005, 3:52:31 PM, you wrote:
AZ> Sergey wrote:
AZ> [...]
-rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
AZ>   ^^
AZ> How clamd (in realy user clamav.clamav) can write to this file??
AZ> [...]
i've no idea, but 0.84 does.
i've just found a solution. if clamd makes clamd.log it's useless to
change the permissions. so before running clamd and so on i made
touch clamd.log and than set all the permissions that is needed.
now it works.

DP> We have a winner! Now if you put that in your startup script and log
DP> rotation tool you'll have the job finished.
why is that? if i'll restart clamd it won't going to change the
permissions of clamd.log. and by the way i don't need any log rotation
because my clamd.log doesn't eveê become big or something like that.
Maybe thats because clamav couldnt write to it ;)  Regardless, this is a 
workaround not a solution.  The logfile should not be created with root 
owner to begin with.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Stephen Gran

On Tue, May 17, 2005 at 01:17:34PM +0200, Tomasz Kojm said:
> The only 'essential' information you have provided is that
> clamav-milter prints "Permission denied" on startup so don't expect
> constructive help from me.

The problem here is that clamav opens/creates the log at
clamd/clamd.c:144, but only drops priviledges to the user specified by
the User directive at clamd/clamd.c:235

It would perhaps be better if this priviledge drop happened earlier,
before opening the logfile.  I have never noticed this behavior, as the
set up scripts and log rotate scripts I use always touch the logfile and
give it appropriate permissions.

Since the milter never complained about log file permissions until
recently, I guess no one else noticed it either.
-- 
 --
|  Stephen Gran  | Patience is a minor form of despair,|
|  [EMAIL PROTECTED] | disguised as virtue.   -- Ambrose   |
|  http://www.lobefin.net/~steve | Bierce, on qualifiers   |
 --


pgpWPW8SoJhof.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:

>>
>>
>>
>> DP> We have a winner! Now if you put that in your startup script and log
>> DP> rotation tool you'll have the job finished.
>>
>> why is that? if i'll restart clamd it won't going to change the
>> permissions of clamd.log. and by the way i don't need any log rotation
>> because my clamd.log doesn't eveê become big or something like that.
>>
>
> Maybe thats because clamav couldnt write to it ;)  Regardless, this is a
> workaround not a solution.  The logfile should not be created with root
> owner to begin with.
>
> -Jim

That would be a good trick if the directory it is found in is owned ro by
root. I suppose it could be created by root then chowned to clam_user, but
that too presumes much. To make it entirely turnkey the process should see
if the user-selected log directory is readable by clam_user first, then it
should see if the file already exists (or if a directory of the same name
exists), and if it is writable by clam_user. If everything isn't perfect
it could fail with a warning to the console. Now what to do about your log
rotator? How should clam predict a misconfigured rotator? That seems like
a lot of hand holding.

Call me old fashioned, but this is something I like to deal with myself.
There's still a roll for the thinking admin.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Stephen Gran said:
> On Tue, May 17, 2005 at 01:17:34PM +0200, Tomasz Kojm said:
>> The only 'essential' information you have provided is that
>> clamav-milter prints "Permission denied" on startup so don't expect
>> constructive help from me.
>
> The problem here is that clamav opens/creates the log at
> clamd/clamd.c:144, but only drops priviledges to the user specified by
> the User directive at clamd/clamd.c:235
>
> It would perhaps be better if this priviledge drop happened earlier,
> before opening the logfile.  I have never noticed this behavior, as the
> set up scripts and log rotate scripts I use always touch the logfile and
> give it appropriate permissions.
>
> Since the milter never complained about log file permissions until
> recently, I guess no one else noticed it either.

I think it would be better if clamd, like syslogd, didn't create the file
at all. End of problem.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:


DP> We have a winner! Now if you put that in your startup script and log
DP> rotation tool you'll have the job finished.
why is that? if i'll restart clamd it won't going to change the
permissions of clamd.log. and by the way i don't need any log rotation
because my clamd.log doesn't eveê become big or something like that.
Maybe thats because clamav couldnt write to it ;)  Regardless, this is a
workaround not a solution.  The logfile should not be created with root
owner to begin with.
-Jim

That would be a good trick if the directory it is found in is owned ro by
root. I suppose it could be created by root then chowned to clam_user, but
that too presumes much. To make it entirely turnkey the process should see
if the user-selected log directory is readable by clam_user first, then it
should see if the file already exists (or if a directory of the same name
exists), and if it is writable by clam_user. If everything isn't perfect
it could fail with a warning to the console. Now what to do about your log
rotator? How should clam predict a misconfigured rotator? That seems like
a lot of hand holding.
Call me old fashioned, but this is something I like to deal with myself.
There's still a roll for the thinking admin.

No, dont get me wrong here, im not saying clamav should "predict" 
anything.  Nor should it have to deal with misconfigured software.  This 
is of course left up to the admin.  However, it seems that it *creates* 
the logfile owned by root.  And that..well..just isnt right.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:
> Dennis Peterson wrote:

>>
>> That would be a good trick if the directory it is found in is owned ro
>> by
>> root. I suppose it could be created by root then chowned to clam_user,
>> but
>> that too presumes much. To make it entirely turnkey the process should
>> see
>> if the user-selected log directory is readable by clam_user first, then
>> it
>> should see if the file already exists (or if a directory of the same
>> name
>> exists), and if it is writable by clam_user. If everything isn't perfect
>> it could fail with a warning to the console. Now what to do about your
>> log
>> rotator? How should clam predict a misconfigured rotator? That seems
>> like
>> a lot of hand holding.
>>
>> Call me old fashioned, but this is something I like to deal with myself.
>> There's still a roll for the thinking admin.
>>
>>
>
> No, dont get me wrong here, im not saying clamav should "predict"
> anything.  Nor should it have to deal with misconfigured software.  This
> is of course left up to the admin.  However, it seems that it *creates*
> the logfile owned by root.  And that..well..just isnt right.

Maybe I should have said "doughnut" :-) I meant role. I use syslog for the
log files here because I want them available to a common remote logger
server for processing. Ownership is not a problem, and it's one less issue
the deal with. My underlying point is that a take-charge admin would have
no problem dealing with this "bug".

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Stephen Gran

On Tue, May 17, 2005 at 07:03:10AM -0700, Dennis Peterson said:
> That would be a good trick if the directory it is found in is owned ro by
> root. I suppose it could be created by root then chowned to clam_user, but
> that too presumes much. To make it entirely turnkey the process should see
> if the user-selected log directory is readable by clam_user first, then it
> should see if the file already exists (or if a directory of the same name
> exists), and if it is writable by clam_user. If everything isn't perfect
> it could fail with a warning to the console. Now what to do about your log
> rotator? How should clam predict a misconfigured rotator? That seems like
> a lot of hand holding.

On Tue, May 17, 2005 at 07:04:56AM -0700, Dennis Peterson said:
> I think it would be better if clamd, like syslogd, didn't create the file
> at all. End of problem.

So you want either all possible checks, or no seperable logging?  That
does seem like a rather drastic set of solutions to a trivial to fix
bug.  Moving about 10 lines of code will fix the bug under discussion,
and the rest is the job of the packager/local admin.  I have to say I
have never noticed this bug up until now, because the install scripts
and logrotate scripts I use handle permissions in a way that allows it
to work (pats self on back, and wrenches arm doing so).

5 minutes looking at the code could have avoided several hundred lines
of email, methinks.
-- 
 --
|  Stephen Gran  | A holding company is a thing where you  |
|  [EMAIL PROTECTED] | hand an accomplice the goods while the  |
|  http://www.lobefin.net/~steve | policeman searches you. |
 --


pgpkqGmT5G7ze.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:
Dennis Peterson wrote:

That would be a good trick if the directory it is found in is owned ro
by
root. I suppose it could be created by root then chowned to clam_user,
but
that too presumes much. To make it entirely turnkey the process should
see
if the user-selected log directory is readable by clam_user first, then
it
should see if the file already exists (or if a directory of the same
name
exists), and if it is writable by clam_user. If everything isn't perfect
it could fail with a warning to the console. Now what to do about your
log
rotator? How should clam predict a misconfigured rotator? That seems
like
a lot of hand holding.
Call me old fashioned, but this is something I like to deal with myself.
There's still a roll for the thinking admin.

No, dont get me wrong here, im not saying clamav should "predict"
anything.  Nor should it have to deal with misconfigured software.  This
is of course left up to the admin.  However, it seems that it *creates*
the logfile owned by root.  And that..well..just isnt right.

Maybe I should have said "doughnut" :-) I meant role. I use syslog for the
log files here because I want them available to a common remote logger
server for processing. Ownership is not a problem, and it's one less issue
the deal with. My underlying point is that a take-charge admin would have
no problem dealing with this "bug".

Indeed.  I was merely trying to clarify the exact issue that other 
admins were having.  I am not experiencing this "problem" myself. 
Mainly because im still using 0.84 but thats another story ;)

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Stephen Gran said:
> On Tue, May 17, 2005 at 07:03:10AM -0700, Dennis Peterson said:
>> That would be a good trick if the directory it is found in is owned ro
>> by
>> root. I suppose it could be created by root then chowned to clam_user,
>> but
>> that too presumes much. To make it entirely turnkey the process should
>> see
>> if the user-selected log directory is readable by clam_user first, then
>> it
>> should see if the file already exists (or if a directory of the same
>> name
>> exists), and if it is writable by clam_user. If everything isn't perfect
>> it could fail with a warning to the console. Now what to do about your
>> log
>> rotator? How should clam predict a misconfigured rotator? That seems
>> like
>> a lot of hand holding.
>
> On Tue, May 17, 2005 at 07:04:56AM -0700, Dennis Peterson said:
>> I think it would be better if clamd, like syslogd, didn't create the
>> file
>> at all. End of problem.
>
> So you want either all possible checks, or no seperable logging?

Where did I say that? With syslog you touch a file and it starts logging.
Simple, effective. It can be the same with clam. No local logging until
you, the admin, create the file and set the needed permissions. We do it
all the time.

>  That
> does seem like a rather drastic set of solutions to a trivial to fix
> bug.  Moving about 10 lines of code will fix the bug under discussion,
> and the rest is the job of the packager/local admin.  I have to say I
> have never noticed this bug up until now, because the install scripts
> and logrotate scripts I use handle permissions in a way that allows it
> to work (pats self on back, and wrenches arm doing so).

That level of competence should be the norm - it's not rocket science.

>
> 5 minutes looking at the code could have avoided several hundred lines
> of email, methinks.
> --

I think the coders are trying too hard to support the lower level admins.
That is a thankless job. As thankless as educating them. Threads like this
one do get some of them thinking, though.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Erich Titl

Stephen Gran wrote:
...
So you want either all possible checks, or no seperable logging?  That
does seem like a rather drastic set of solutions to a trivial to fix
bug.  Moving about 10 lines of code will fix the bug under discussion,
 

might lead to problems with logging _before_ dropping privileges
and the rest is the job of the packager/local admin.  I have to say I
have never noticed this bug up until now, because the install scripts
and logrotate scripts I use handle permissions in a way that allows it
to work (pats self on back, and wrenches arm doing so).
5 minutes looking at the code could have avoided several hundred lines
of email, methinks.
 

cheers
Erich
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Stephen Gran

On Tue, May 17, 2005 at 02:56:14PM +, Erich Titl said:
> Stephen Gran wrote:
> 
> >...
> >
> >So you want either all possible checks, or no seperable logging?  That
> >does seem like a rather drastic set of solutions to a trivial to fix
> >bug.  Moving about 10 lines of code will fix the bug under discussion,
> > 
> >
> might lead to problems with logging _before_ dropping privileges

What, in particular, are you thinking of?  If the first thing clamd does
is drop priviledges, there is no logging before dropping priviledges.
If the milter tries to log before dropping priviledges (say), it will be
running as root and can write to the logfile.  Or am I missing
something?
-- 
 --
|  Stephen Gran  | Time sharing: The use of many people by |
|  [EMAIL PROTECTED] | the computer.   |
|  http://www.lobefin.net/~steve | |
 --


pgpT2KN9owzOn.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Stephen Gran

On Tue, May 17, 2005 at 07:54:03AM -0700, Dennis Peterson said:
> Stephen Gran said:
> > So you want either all possible checks, or no seperable logging?
> 
> Where did I say that? With syslog you touch a file and it starts
> logging.  Simple, effective. It can be the same with clam. No local
> logging until you, the admin, create the file and set the needed
> permissions. We do it all the time.

Of course it's trivial.  As every good admin knows, though, rote tasks
deserve to be automated.  Since this one is basically already automated
(the logg() function will create the file if it does not exist), the
simplest approach would be to change the order of a few events.

> >  That does seem like a rather drastic set of solutions to a trivial
> >  to fix bug.  Moving about 10 lines of code will fix the bug under
> >  discussion, and the rest is the job of the packager/local admin.  I
> >  have to say I have never noticed this bug up until now, because the
> >  install scripts and logrotate scripts I use handle permissions in a
> >  way that allows it to work (pats self on back, and wrenches arm
> >  doing so).
> 
> That level of competence should be the norm - it's not rocket science.

Er, yes, I think you missed the sarcasm there.  It is fairly stragiht
forward.

> > 5 minutes looking at the code could have avoided several hundred
> > lines of email, methinks.
> 
> I think the coders are trying too hard to support the lower level
> admins.  That is a thankless job. As thankless as educating them.
> Threads like this one do get some of them thinking, though.

The fact that many people masquerade as admins when they shouldn't is no
reason to shout down a minor bug.  My point is that there are two
options - fix it in the place where it happens, so everyone gets the
benefits, or have everyone do the trivial workarounds.  Which one sounds
more reasonable to you?  If you answer option b, then it sounds like you
spend too much time admin'ing the simple things on your machines.

Take care,
-- 
 --
|  Stephen Gran  | Been Transferred Lately?|
|  [EMAIL PROTECTED] | |
|  http://www.lobefin.net/~steve | |
 --


pgpyQ6keIgSiZ.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Erich Titl

Stephen Gran wrote:
On Tue, May 17, 2005 at 02:56:14PM +, Erich Titl said:
 

Stephen Gran wrote:
   

...
So you want either all possible checks, or no seperable logging?  That
does seem like a rather drastic set of solutions to a trivial to fix
bug.  Moving about 10 lines of code will fix the bug under discussion,
 

might lead to problems with logging _before_ dropping privileges
   

What, in particular, are you thinking of?  If the first thing clamd does
is drop priviledges, there is no logging before dropping priviledges.
If the milter tries to log before dropping priviledges (say), it will be
running as root and can write to the logfile.  Or am I missing
something?
 

You could not log problems while dropping privileges, well basically it 
might go to the (unwatched) console

   /* drop privileges */
#ifndef C_OS2
   if(geteuid() == 0 && (cpt = cfgopt(copt, "User"))) {
   if((user = getpwnam(cpt->strarg)) == NULL) {
   fprintf(stderr, "ERROR: Can't get information about user 
%s.\n", cpt->strarg);
   logg("!Can't get information about user %s.\n", cpt->strarg);
   exit(1);
   }

cheers
Erich
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Stephen Gran said:
> On Tue, May 17, 2005 at 07:54:03AM -0700, Dennis Peterson said:
>> Stephen Gran said:
>> > So you want either all possible checks, or no seperable logging?
>>
>> Where did I say that? With syslog you touch a file and it starts
>> logging.  Simple, effective. It can be the same with clam. No local
>> logging until you, the admin, create the file and set the needed
>> permissions. We do it all the time.
>
> Of course it's trivial.  As every good admin knows, though, rote tasks
> deserve to be automated.  Since this one is basically already automated
> (the logg() function will create the file if it does not exist), the
> simplest approach would be to change the order of a few events.

That's why I'd manage it in the startup scripts. That way reliability of
the process is owned by me and not subject to the vagaries of the next
version release. It can't hurt.

>
>> >  That does seem like a rather drastic set of solutions to a trivial
>> >  to fix bug.  Moving about 10 lines of code will fix the bug under
>> >  discussion, and the rest is the job of the packager/local admin.  I
>> >  have to say I have never noticed this bug up until now, because the
>> >  install scripts and logrotate scripts I use handle permissions in a
>> >  way that allows it to work (pats self on back, and wrenches arm
>> >  doing so).
>>
>> That level of competence should be the norm - it's not rocket science.
>
> Er, yes, I think you missed the sarcasm there.  It is fairly stragiht
> forward.

Just stating the obvious.

>
>> > 5 minutes looking at the code could have avoided several hundred
>> > lines of email, methinks.
>>
>> I think the coders are trying too hard to support the lower level
>> admins.  That is a thankless job. As thankless as educating them.
>> Threads like this one do get some of them thinking, though.
>
> The fact that many people masquerade as admins when they shouldn't is no
> reason to shout down a minor bug.  My point is that there are two
> options - fix it in the place where it happens, so everyone gets the
> benefits, or have everyone do the trivial workarounds.  Which one sounds
> more reasonable to you?  If you answer option b, then it sounds like you
> spend too much time admin'ing the simple things on your machines.
>

I'm not shouting down the "bug" - just saying that being a victim of it is
unnecessary. I think it would be fine if they correct it, but... Putting
this process in the startup script is a matter of reliability and
repeatability, not a work-around. I'd do it even if this "bug" didn't
exist. I'd prefer to think it's being anal, and being anal can be a good
thing.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Stephen Gran

On Tue, May 17, 2005 at 03:50:38PM +, Erich Titl said:
> Stephen Gran wrote:
> >On Tue, May 17, 2005 at 02:56:14PM +, Erich Titl said:
> >>might lead to problems with logging _before_ dropping privileges
> >
> >What, in particular, are you thinking of?  If the first thing clamd does
> >is drop priviledges, there is no logging before dropping priviledges.
> >If the milter tries to log before dropping priviledges (say), it will be
> >running as root and can write to the logfile.  Or am I missing
> >something?
> >
> You could not log problems while dropping privileges, well basically it 
> might go to the (unwatched) console
> 
>/* drop privileges */
> #ifndef C_OS2
>if(geteuid() == 0 && (cpt = cfgopt(copt, "User"))) {
>if((user = getpwnam(cpt->strarg)) == NULL) {
>fprintf(stderr, "ERROR: Can't get information about user 
> %s.\n", cpt->strarg);
>logg("!Can't get information about user %s.\n", cpt->strarg);
>exit(1);
>}

No, the logg() function creates the file if it does not exist.  So, if
the getpwnam fails, the logg() call will still work.  This one logg()
call (well, and the one following this, if it fails) will still create
a root owned log file, but that is basically OK in this scenario, as
the local admin has clearly already goofed the install.
-- 
 --
|  Stephen Gran  | If you do not think about the future,   |
|  [EMAIL PROTECTED] | you cannot have one.   -- John  |
|  http://www.lobefin.net/~steve | Galsworthy  |
 --


pgpMmJROn9SVX.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Erich Titl said:

>>
> You could not log problems while dropping privileges, well basically it
> might go to the (unwatched) console
>

Because I'm self-described "anal", I capture my console to a file with
syslog and it is watched with automation and so is syslog. Here's to anal
admins and self-healing systems everywhere!

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matt Fretwell

Sergey wrote:

> KP> Clamav should create log file with same owner as defined in
> KP> clamd.conf to work it properly.
> 
> i've just noticed the same thing. clamd.log is made by root. but 0.84
> doesn't care about that it works properly.

 The response someone posted a few days ago regarding 'software
covering up sloppy administration' springs to mind regarding this.

Matt
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matt Fretwell

Sergey wrote:

> DP> We have a winner! Now if you put that in your startup script and log
> DP> rotation tool you'll have the job finished.
> 
> why is that? if i'll restart clamd it won't going to change the
> permissions of clamd.log. and by the way i don't need any log rotation
> because my clamd.log doesn't eveê become big or something like that.


 And the reply above is a perfect example of sloppy administration.


Matt 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matt Fretwell

Jim Maul wrote:

> > Call me old fashioned, but this is something I like to deal with
> > myself. There's still a roll for the thinking admin.
 
> No, dont get me wrong here, im not saying clamav should "predict" 
> anything.  Nor should it have to deal with misconfigured software.  This
> is of course left up to the admin.  However, it seems that it *creates* 
> the logfile owned by root.  And that..well..just isnt right.


 Just to test, as an ordinary user, run:

touch /var/log/test.log

 Now why does it create the logfile as root?



Matt
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Matt Fretwell wrote:
Jim Maul wrote:

Call me old fashioned, but this is something I like to deal with
myself. There's still a roll for the thinking admin.
 

No, dont get me wrong here, im not saying clamav should "predict" 
anything.  Nor should it have to deal with misconfigured software.  This
is of course left up to the admin.  However, it seems that it *creates* 
the logfile owned by root.  And that..well..just isnt right.

 Just to test, as an ordinary user, run:
touch /var/log/test.log
 Now why does it create the logfile as root?
While i get your point, it is irrelevant because it should not log in 
/var/log/ directly.  It should log in /var/log/clamav/

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matt Fretwell

Jim Maul wrote:

> > touch /var/log/test.log
> > 
> >  Now why does it create the logfile as root?

> While i get your point, it is irrelevant because it should not log in 
> /var/log/ directly.  It should log in /var/log/clamav/

 The main point of my point, (I know that sounds weird), is that an admin
who relies upon any piece of software to correctly create and set
permissions on the logfile is asking for trouble. Clam is not alone in
this. This is not a bug in Clam, it is poor admin technique on the part of
the admin. Your logs are vital for a smoothly running system. The admin
should take full control of their logs.

Matt
___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matthew.van.Eerde

Jim Maul wrote:
> Matt Fretwell wrote:
>>  Just to test, as an ordinary user, run:
>> 
>> touch /var/log/test.log
>> 
>>  Now why does it create the logfile as root?
>> 
> 
> While i get your point, it is irrelevant because it should not log in
> /var/log/ directly.  It should log in /var/log/clamav/
> 
> -Jim

Hopefully this will help someone.  I got it off the list earlier (sorry, don't 
remember who sent it to me originally:)

$ cat /etc/logrotate.d/clamav
/var/log/clamav/clamd.log {
missingok
nocompress
create 640 clamav defang
postrotate
/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2> 
/dev/null || true
endscript
}

/var/log/clamav/freshclam.log {
missingok
nocompress
create 640 clamav defang
postrotate
/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 
2> /dev/null || true
endscript
}

I use defang as a generic "mail administration" group, which is why that group 
gets read access.

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Matt Fretwell wrote:
Jim Maul wrote:

touch /var/log/test.log
Now why does it create the logfile as root?

While i get your point, it is irrelevant because it should not log in 
/var/log/ directly.  It should log in /var/log/clamav/

 The main point of my point, (I know that sounds weird), is that an admin
who relies upon any piece of software to correctly create and set
permissions on the logfile is asking for trouble. Clam is not alone in
this. This is not a bug in Clam, it is poor admin technique on the part of
the admin. Your logs are vital for a smoothly running system. The admin
should take full control of their logs.

And the main point of my point (again with the weirdness) is that yes 
this should be handled by the admin, however it is indeed a (small) bug. 
 While the situation SHOULD never come up, clamav should not attempt to 
create a log file which it can never write to.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Matt Fretwell

Jim Maul wrote:

> >  The main point of my point, (I know that sounds weird), is that an
> >  admin who relies upon any piece of software to correctly create and
> >  set permissions on the logfile is asking for trouble. Clam is not
> >  alone in this. This is not a bug in Clam, it is poor admin technique
> >  on the part of the admin. Your logs are vital for a smoothly running
> >  system. The admin should take full control of their logs.

> And the main point of my point (again with the weirdness) is that yes 
> this should be handled by the admin, however it is indeed a (small) bug.
> 
>   While the situation SHOULD never come up, clamav should not attempt to
> create a log file which it can never write to.


 I think we have reached stalemate on this one :)


Matt
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Matt Fretwell wrote:
Jim Maul wrote:

The main point of my point, (I know that sounds weird), is that an
admin who relies upon any piece of software to correctly create and
set permissions on the logfile is asking for trouble. Clam is not
alone in this. This is not a bug in Clam, it is poor admin technique
on the part of the admin. Your logs are vital for a smoothly running
system. The admin should take full control of their logs.

And the main point of my point (again with the weirdness) is that yes 
this should be handled by the admin, however it is indeed a (small) bug.

 While the situation SHOULD never come up, clamav should not attempt to
create a log file which it can never write to.

 I think we have reached stalemate on this one :)

Agreed. ;)
-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:
> Matt Fretwell wrote:
>> Jim Maul wrote:
>>
>>
Call me old fashioned, but this is something I like to deal with
myself. There's still a roll for the thinking admin.
>>
>>
>>
>>>No, dont get me wrong here, im not saying clamav should "predict"
>>>anything.  Nor should it have to deal with misconfigured software.  This
>>>is of course left up to the admin.  However, it seems that it *creates*
>>>the logfile owned by root.  And that..well..just isnt right.
>>
>>
>>
>>  Just to test, as an ordinary user, run:
>>
>> touch /var/log/test.log
>>
>>  Now why does it create the logfile as root?
>>
>
> While i get your point, it is irrelevant because it should not log in
> /var/log/ directly.  It should log in /var/log/clamav/

It will log where ever the clamd.conf file says it will log - permissions
permitting. There is no concept of "should".

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:
Matt Fretwell wrote:
Jim Maul wrote:

Call me old fashioned, but this is something I like to deal with
myself. There's still a roll for the thinking admin.


No, dont get me wrong here, im not saying clamav should "predict"
anything.  Nor should it have to deal with misconfigured software.  This
is of course left up to the admin.  However, it seems that it *creates*
the logfile owned by root.  And that..well..just isnt right.

Just to test, as an ordinary user, run:
touch /var/log/test.log
Now why does it create the logfile as root?
While i get your point, it is irrelevant because it should not log in
/var/log/ directly.  It should log in /var/log/clamav/

It will log where ever the clamd.conf file says it will log - permissions
permitting. There is no concept of "should".

To the program itself, no.  If you tell it to log to / it will, however, 
it SHOULDNT.  See what im saying?  To say that clamav *has* to create 
the log file as root because only root can write to /var/log/ is 
irrelevant to the issue.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:
> Dennis Peterson wrote:
>> Jim Maul said:
>>
>>>Matt Fretwell wrote:
>>>
Jim Maul wrote:



>>Call me old fashioned, but this is something I like to deal with
>>myself. There's still a roll for the thinking admin.



>No, dont get me wrong here, im not saying clamav should "predict"
>anything.  Nor should it have to deal with misconfigured software.
> This
>is of course left up to the admin.  However, it seems that it
> *creates*
>the logfile owned by root.  And that..well..just isnt right.



 Just to test, as an ordinary user, run:

touch /var/log/test.log

 Now why does it create the logfile as root?

>>>
>>>While i get your point, it is irrelevant because it should not log in
>>>/var/log/ directly.  It should log in /var/log/clamav/
>>
>>
>> It will log where ever the clamd.conf file says it will log -
>> permissions
>> permitting. There is no concept of "should".
>>
>>
>
> To the program itself, no.  If you tell it to log to / it will, however,
> it SHOULDNT.  See what im saying?  To say that clamav *has* to create
> the log file as root because only root can write to /var/log/ is
> irrelevant to the issue.

While you're out there making up rules can you think of any reason clamd
needs to be started as user root if all you do is scan incoming email? I
can't.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:
Dennis Peterson wrote:
Jim Maul said:

Matt Fretwell wrote:

Jim Maul wrote:


Call me old fashioned, but this is something I like to deal with
myself. There's still a roll for the thinking admin.


No, dont get me wrong here, im not saying clamav should "predict"
anything.  Nor should it have to deal with misconfigured software.
This
is of course left up to the admin.  However, it seems that it
*creates*
the logfile owned by root.  And that..well..just isnt right.

Just to test, as an ordinary user, run:
touch /var/log/test.log
Now why does it create the logfile as root?
While i get your point, it is irrelevant because it should not log in
/var/log/ directly.  It should log in /var/log/clamav/

It will log where ever the clamd.conf file says it will log -
permissions
permitting. There is no concept of "should".

To the program itself, no.  If you tell it to log to / it will, however,
it SHOULDNT.  See what im saying?  To say that clamav *has* to create
the log file as root because only root can write to /var/log/ is
irrelevant to the issue.

While you're out there making up rules can you think of any reason clamd
needs to be started as user root if all you do is scan incoming email? I
can't.

Um, where am i making up rules?  Thanks for the accusation though.
And no, i cant think of why you would want to or have to run clamd as 
root.  I run clamd as user qscand, not root so im not sure what your 
implying here.

Thanks again,
-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:
> Dennis Peterson wrote:

>>>
>>>To the program itself, no.  If you tell it to log to / it will, however,
>>>it SHOULDNT.  See what im saying?  To say that clamav *has* to create
>>>the log file as root because only root can write to /var/log/ is
>>>irrelevant to the issue.
>>
>>
>> While you're out there making up rules can you think of any reason clamd
>> needs to be started as user root if all you do is scan incoming email? I
>> can't.
>>
>>
>
> Um, where am i making up rules?  Thanks for the accusation though.
> And no, i cant think of why you would want to or have to run clamd as
> root.  I run clamd as user qscand, not root so im not sure what your
> implying here.
>
> Thanks again,
>
> -Jim

You said it shouldn't log to / and there's no reason it shouldn't if that
is where one wishes it to log. There's lots of reasons why that would be a
bad idea, but it's an admin decision, not an application issue.

Do you start clamd as root or as qscand? My point is there is, or at least
can be no requirement that one start it as root and was trying to
demonstrate additional administrative latitude for the reading public that
isn't already put to sleep by this thread :-) If you su to qscand (in your
case) it should still start and run just fine. It was just an injected
factoid for thought. Many people just light things off as root and go on
their way. It is frequently safer and managerially more convenient to
write root scripts that su to the run-as user first, then fire off the
proc (/usr/bin/su - qscand -c /usr/local/bin/blah_blah_blah). Imagine how
it simplifies file ownerhips.

dp ... did I mention I'm anal?

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:
Dennis Peterson wrote:

To the program itself, no.  If you tell it to log to / it will, however,
it SHOULDNT.  See what im saying?  To say that clamav *has* to create
the log file as root because only root can write to /var/log/ is
irrelevant to the issue.

While you're out there making up rules can you think of any reason clamd
needs to be started as user root if all you do is scan incoming email? I
can't.

Um, where am i making up rules?  Thanks for the accusation though.
And no, i cant think of why you would want to or have to run clamd as
root.  I run clamd as user qscand, not root so im not sure what your
implying here.
Thanks again,
-Jim

You said it shouldn't log to / and there's no reason it shouldn't if that
is where one wishes it to log. There's lots of reasons why that would be a
bad idea, but it's an admin decision, not an application issue.
Do you start clamd as root or as qscand? My point is there is, or at least
can be no requirement that one start it as root and was trying to
demonstrate additional administrative latitude for the reading public that
isn't already put to sleep by this thread :-) If you su to qscand (in your
case) it should still start and run just fine. It was just an injected
factoid for thought. Many people just light things off as root and go on
their way. It is frequently safer and managerially more convenient to
write root scripts that su to the run-as user first, then fire off the
proc (/usr/bin/su - qscand -c /usr/local/bin/blah_blah_blah). Imagine how
it simplifies file ownerhips.
dp ... did I mention I'm anal?

Let me attempt to clear up any confusion (and hopefully put this thread 
to rest) by saying that I personally am not having any problems with 
clamav and i am not experiencing the logging issue that actually started 
this thread.  I do and always have run clamav as qscand.  My clamav logs 
are owned by qscand and everything works great.  I simply joined the 
conversation somewhere in the middle because something caught my 
attention.  The fact that clamav creates its log file as root if it 
doesnt already exist.  Why create it at all if you cant write to it? 
Its just silly.

Im anal as well which is why i stated that one should not tell anything 
to log to / or /var/log directly for that matter.  I like to have all 
programs logging in their own directories under /var/log/.  clamav is 
/var/log/clamav/ apache is /var/log/apache/ and so on.  That was the 
basis for my SHOULDNT statement above.

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jason Frisvold

On 5/17/05, Dennis Peterson <[EMAIL PROTECTED]> wrote:
> You said it shouldn't log to / and there's no reason it shouldn't if that
> is where one wishes it to log. There's lots of reasons why that would be a
> bad idea, but it's an admin decision, not an application issue.

It sounds like clam is creating the log files *before* the root
startup process hands over control to the user defined in the config
files.  In 0.84 and prior, it sounds like there was something that
handed off an open filehandle to the defined user, but that filehandle
was opened by root...  I'm not sure if that's possible or not, so
please correct me if I'm wrong..  :)

It seems that the current behaviour is more correct, but still not
completely correct..  I would expect that when clamav starts, all
control should be handed to the defined user immediately and then
files should be created, opened, etc...

It's possible that the current problems are mostly due to pre-existing
logfiles that are already owned by root, as opposed to new
installations.  To be honest, I haven't tried a new install to see if
the files are still created with "improper" permissions.

> dp ... did I mention I'm anal?

Isn't anal a required attribute for those who are security conscious?  ;)

-- 
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Brian Morrison

On Tue, 17 May 2005 16:09:01 +0400 in [EMAIL PROTECTED]
Sergey <[EMAIL PROTECTED]> wrote:

>  i've just noticed the same thing. clamd.log is made by root. but 0.84
>  doesn't care about that it works properly.

I have the same setup as you, but my log files are owned clamav:clamav,
using an rpm install based on Petr's rpms with the 0.85.1 tarball
specified in the spec file.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:

> Let me attempt to clear up any confusion (and hopefully put this thread
> to rest) by saying that I personally am not having any problems with
> clamav and i am not experiencing the logging issue that actually started
> this thread.  I do and always have run clamav as qscand.  My clamav logs
> are owned by qscand and everything works great.  I simply joined the
> conversation somewhere in the middle because something caught my
> attention.  The fact that clamav creates its log file as root if it
> doesnt already exist.  Why create it at all if you cant write to it?
> Its just silly.

That doesn't happen if you start it as the run-as user. It happens if you
start it as root. That is why I say this "bug" is not necessarily a bug,
but an administrative issue.

>
> Im anal as well which is why i stated that one should not tell anything
> to log to / or /var/log directly for that matter.  I like to have all
> programs logging in their own directories under /var/log/.  clamav is
> /var/log/clamav/ apache is /var/log/apache/ and so on.  That was the
> basis for my SHOULDNT statement above.

And it's a good idea. Especially if you don't start clamd as root.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Jim Maul

Dennis Peterson wrote:
Jim Maul said:


That doesn't happen if you start it as the run-as user. It happens if you
start it as root. That is why I say this "bug" is not necessarily a bug,
but an administrative issue.
This was the key piece to the puzzle that i was missing.  From the posts 
 of the people who are actually having this problem, it was not 
immediately obvious that this ONLY happens when you run clamd as root. 
I was under the impression that the log file was created as root 
regardless of the user statement in clamd.conf.  My apologies.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Jim Maul said:
> Dennis Peterson wrote:
>> Jim Maul said:
>>
>>
>
> 
>
>> That doesn't happen if you start it as the run-as user. It happens if
>> you
>> start it as root. That is why I say this "bug" is not necessarily a bug,
>> but an administrative issue.
>>
>
> This was the key piece to the puzzle that i was missing.  From the posts
>   of the people who are actually having this problem, it was not
> immediately obvious that this ONLY happens when you run clamd as root.
> I was under the impression that the log file was created as root
> regardless of the user statement in clamd.conf.  My apologies.
>
> -Jim

No problem - I was dropping hints slowly to see if anyone would leap ahead
and offer the anwer but I expect the thread did in fact put them to sleep
:-)

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Tomasz,

Tuesday, May 17, 2005, 2:58:41 PM, you wrote:

TK> On Tue, 17 May 2005 12:55:36 +0200
TK> Kritof Petr <[EMAIL PROTECTED]> wrote:

>> Sergey is right. This bug is not fixed.
>> 
>> 
>> May 17 12:36:41 server clamd: clamd startup succeeded
>> May 17 12:36:41 server clamd[27991]: HTML support enabled.
>> May 17 12:36:41 server clamd[27991]: Self checking every 1800 seconds.
>> May 17 12:36:54 server clamav-milter: /var/log/clamav/clamd.log: 
>> Permission denied

TK> The original bug was related to /dev/console. The above seems like
TK> a standard permission problem.

 no it's not. beleve me because i'm not the only one who has such
 problem.

-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Tomasz,

Tuesday, May 17, 2005, 2:27:00 PM, you wrote:

TK> On Tue, 17 May 2005 11:16:54 +0400
TK> Sergey <[EMAIL PROTECTED]> wrote:

>> Hello clamav-users,
>> 
>>i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
>>found an error massage on starting clamav-milter ("Permission
>>denied"). is there any chance to solve this little problem?

TK> I don't believe you've installed 0.85.1 properly.

what do you mean by "properly"?
 there were no errors while i was installing it.
 i used just the same option that i used for installing 0.84 or there
 is in 0.85 some "new extra installation stuff" that i missed?

-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Tomasz,

Tuesday, May 17, 2005, 3:17:34 PM, you wrote:

TK> On Tue, 17 May 2005 15:10:12 +0400
TK> Sergey <[EMAIL PROTECTED]> wrote:

>> Hello Tomasz,
>> 
>> Tuesday, May 17, 2005, 2:27:00 PM, you wrote:
>> 
>> TK> On Tue, 17 May 2005 11:16:54 +0400
>> TK> Sergey <[EMAIL PROTECTED]> wrote:
>> 
>> >> Hello clamav-users,
>> >> 
>> >>i've just tried to use 0.85 and 0.85.1 instead of my 0.84 but i
>> >>found an error massage on starting clamav-milter ("Permission
>> >>denied"). is there any chance to solve this little problem?
>> 
>> TK> I don't believe you've installed 0.85.1 properly.
>> 
>> 
>> what do you mean by "properly"?
>>  there were no errors while i was installing it.
>>  i used just the same option that i used for installing 0.84 or there
>>  is in 0.85 some "new extra installation stuff" that i missed?

TK> The only 'essential' information you have provided is that
TK> clamav-milter prints "Permission denied" on startup so don't expect
TK> constructive help from me.


1) i use freebsd 4,7
2) clamav is configured with such options as --prefix=/usr/local/clamav
--enable-milter
3) clamd, freshclam and clamav-milter starts by user clamav
4) /usr/local/clamav # ls -l
total 14
drwxr-xr-x  2 rootclamav  512 May 17 15:39 bin
drwxr-xr-x  2 rootclamav  512 May 17 15:31 etc
drwxr-xr-x  2 rootclamav  512 May 17 15:38 include
drwxr-xr-x  3 rootclamav  512 May 17 15:39 lib
drwxr-xr-x  2 rootclamav  512 May 17 15:39 sbin
drwxr-xr-x  3 rootclamav  512 May 17 15:39 share
drwxr-x---  4 clamav  clamav  512 May 17 15:39 var

5) /usr/local/clamav/var # ls -l
total 12
-rw-r-  1 clamav  clamav   583 May 17 15:40 clamd-update.log
-rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
-rw-rw  1 clamav  clamav 5 May 17 15:39 clamd.pid
srwxrwxrwx  1 clamav  clamav 0 May 17 15:39 clamd.sock
-rw-rw  1 clamav  clamav 5 May 17 15:39 freshclam.pid
drwx--  4 clamav  clamav   512 May 17 00:45 quarantine
drwxr-xr-x  4 clamav  clamav   512 May 17 15:44 tmp

6)  cat /usr/local/etc/rc.d/clamav.sh
#!/bin/sh
/usr/local/clamav/sbin/clamd
/usr/local/clamav/sbin/clamav-milter -lofU
/usr/local/clamav/var/quarantine /usr/local/clamav/var/clmilter.sock
-p [EMAIL PROTECTED] --max-children=3
/usr/local/clamav/bin/freshclam -d -c 6 -l 
/usr/local/clamav/var/clamd-update.log


what do i do wrong?

-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[4]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Trog,

Tuesday, May 17, 2005, 3:13:49 PM, you wrote:

T> On Tue, 2005-05-17 at 15:10 +0400, Sergey wrote:
>> 
>> what do you mean by "properly"?
>>  there were no errors while i was installing it.
>>  i used just the same option that i used for installing 0.84 or there
>>  is in 0.85 some "new extra installation stuff" that i missed?
>>  

T> Check the permissions on your log file. They must be accessible by the
T> user the milter runs as.

T> -trog


they are accesseble

-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Kriљtof,

Tuesday, May 17, 2005, 3:22:21 PM, you wrote:

KP> Tomasz Kojm wrote:

>>On Tue, 17 May 2005 12:55:36 +0200
>>Kriљtof Petr <[EMAIL PROTECTED]> wrote:
>>
>>  
>>
>>>Sergey is right. This bug is not fixed.
>>>
>>>
>>>May 17 12:36:41 server clamd: clamd startup succeeded
>>>May 17 12:36:41 server clamd[27991]: HTML support enabled.
>>>May 17 12:36:41 server clamd[27991]: Self checking every 1800 seconds.
>>>May 17 12:36:54 server clamav-milter: /var/log/clamav/clamd.log: 
>>>Permission denied
>>>
>>>
>>
>>The original bug was related to /dev/console. The above seems like
>>a standard permission problem.
>>  
>>

KP> I reported this bug one week before. But once again:

KP> # uname -mpio
KP> i686 i686 i386 GNU/Linux

KP> # clamd -V
KP> ClamAV 0.85.1/882/Tue May 17 08:48:03 2005

KP> # clamav-milter -V
KP> ClamAV version 0.85.1, clamav-milter version 0.85

KP> # ll /var/log
KP> total 42860
KP> drwxr-xr-x  14 rootroot   4096 May 17 12:36 .
KP> drwxr-xr-x  23 rootroot   4096 Jan  7 14:52 ..
KP> -rw---   1 rootroot  21573 Feb  1 04:02 boot.log.4
KP> drwxr-xr-x   2 clamav  clamav 4096 May 17 13:05 clamav
KP> -rw-r--r--   1 rootroot 183414 May 17 13:01 cron

KP> # ll /var/log/clamav/
KP> total 16
KP> drwxr-xr-x   2 clamav clamav 4096 May 17 13:08 .
KP> drwxr-xr-x  14 root   root   4096 May 17 12:36 ..
KP> -rw-r-   1 clamav clamav  474 May 17 13:05 freshclam.log

KP> # service clamd start
KP> Starting Clam AV daemon:   [  OK  ]

KP> # ll /var/log/clamav/
KP> total 20
KP> drwxr-xr-x   2 clamav clamav 4096 May 17 13:09 .
KP> drwxr-xr-x  14 root   root   4096 May 17 12:36 ..
KP> -rw-r-   1 root   root   1417 May 17 13:09 clamd.log
KP> -rw-r-   1 clamav clamav  474 May 17 13:05 freshclam.log

KP> # service clamav-milter start
KP> Starting clamav-milter:[FAILED]

KP> # tail -f /var/log/messages
KP> May 17 13:13:42 server clamav-milter: /var/log/clamav/clamd.log: 
KP> Permission denied

KP> and clamav-milter is not running.

KP> # grep User /etc/clamd.conf
KP> User clamav

KP> My observation is: clamav creates log file with root permission,
KP> so user clamav cannt write to log.

KP> Are there some developers who believes that non-priviledged user clamav
KP> can write to logfile with bad permissions (0640 root.root clamd.log)?
KP> This assumption is wrong on some unix like OSes, Im affraid.

KP> Clamav should create log file with same owner as defined in clamd.conf
KP> to work it properly.

i've just noticed the same thing. clamd.log is made by root. but 0.84
doesn't care about that it works properly.


-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Christopher X. Candreva

On Tue, 17 May 2005, Sergey wrote:

> i've just noticed the same thing. clamd.log is made by root. but 0.84
> doesn't care about that it works properly.

Yes -- this is what I posted about Sat morning.

Previous to 0.85, clamav-milter didn't care if it couldn't write to it's log 
file.

Starting with 0.85, it won't run if it can't write to it's log file.

Personally I don't think that's a good enough reason to not run, but 
evidently people disagree, and I'm not inclined to argue about it further.

I solved the problem here by making clamd.log owned by group clamav and 
move 660

==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Andrzej,

Tuesday, May 17, 2005, 3:52:31 PM, you wrote:

AZ> Sergey wrote:
AZ> [...]
>> -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
AZ>   ^^
AZ> How clamd (in realy user clamav.clamav) can write to this file??

AZ> [...]


 i've no idea, but 0.84 does.

i've just found a solution. if clamd makes clamd.log it's useless to
change the permissions. so before running clamd and so on i made
touch clamd.log and than set all the permissions that is needed.
now it works.

p.s. please excuse me if my e-mails looked extremely stupid for somebody.



-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Christopher X. Candreva

On Tue, 17 May 2005, Sergey wrote:

> >> -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
> AZ>   ^^

>  i've no idea, but 0.84 does.

To be more helpfull -- 0.84 can't write to it either, it just ran anyway.

Make sure whatever script you use the cycles log files also sets the correct 
ownership and permissions.

==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lurker.clamav.net/list/clamav-users.html

Re[4]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Sergey

Hello Dennis,

Tuesday, May 17, 2005, 5:11:43 PM, you wrote:

DP> Sergey said:
>> Hello Andrzej,
>>
>> Tuesday, May 17, 2005, 3:52:31 PM, you wrote:
>>
>> AZ> Sergey wrote:
>> AZ> [...]
 -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
>> AZ>   ^^
>> AZ> How clamd (in realy user clamav.clamav) can write to this file??
>>
>> AZ> [...]
>>
>>
>>  i've no idea, but 0.84 does.
>>
>> i've just found a solution. if clamd makes clamd.log it's useless to
>> change the permissions. so before running clamd and so on i made
>> touch clamd.log and than set all the permissions that is needed.
>> now it works.

DP> We have a winner! Now if you put that in your startup script and log
DP> rotation tool you'll have the job finished.

why is that? if i'll restart clamd it won't going to change the
permissions of clamd.log. and by the way i don't need any log rotation
because my clamd.log doesn't eveê become big or something like that.

-- 
Best regards,
 Sergeymailto:[EMAIL PROTECTED]

___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Trog

On Tue, 2005-05-17 at 15:10 +0400, Sergey wrote:
> 
> what do you mean by "properly"?
>  there were no errors while i was installing it.
>  i used just the same option that i used for installing 0.84 or there
>  is in 0.85 some "new extra installation stuff" that i missed?
>  

Check the permissions on your log file. They must be accessible by the
user the milter runs as.

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[4]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Trog

On Tue, 2005-05-17 at 15:44 +0400, Sergey wrote:

> T> Check the permissions on your log file. They must be accessible by the
> T> user the milter runs as.
> 
> T> -trog
> 
> 
> they are accesseble
> 

No they aren't. Actually look at the file permissions this time.

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Christopher X. Candreva said:
> On Tue, 17 May 2005, Sergey wrote:
>
>> i've just noticed the same thing. clamd.log is made by root. but 0.84
>> doesn't care about that it works properly.
>
> Yes -- this is what I posted about Sat morning.
>
> Previous to 0.85, clamav-milter didn't care if it couldn't write to it's
> log
> file.
>
> Starting with 0.85, it won't run if it can't write to it's log file.
>
> Personally I don't think that's a good enough reason to not run, but
> evidently people disagree, and I'm not inclined to argue about it further.
>
> I solved the problem here by making clamd.log owned by group clamav and
> move 660
>

You will have solved the problem only if you put this procedure in your
startup scripts and any tools that rotate your logs.

dp


___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Sergey said:
> Hello Andrzej,
>
> Tuesday, May 17, 2005, 3:52:31 PM, you wrote:
>
> AZ> Sergey wrote:
> AZ> [...]
>>> -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
> AZ>   ^^
> AZ> How clamd (in realy user clamav.clamav) can write to this file??
>
> AZ> [...]
>
>
>  i've no idea, but 0.84 does.
>
> i've just found a solution. if clamd makes clamd.log it's useless to
> change the permissions. so before running clamd and so on i made
> touch clamd.log and than set all the permissions that is needed.
> now it works.


We have a winner! Now if you put that in your startup script and log
rotation tool you'll have the job finished.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Christopher X. Candreva

On Tue, 17 May 2005, Dennis Peterson wrote:

> You will have solved the problem only if you put this procedure in your
> startup scripts and any tools that rotate your logs.

Gee, I wish I had already posted that -- oh wait, I did.



==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[2]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Christopher X. Candreva said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
>
>> You will have solved the problem only if you put this procedure in your
>> startup scripts and any tools that rotate your logs.
>
> Gee, I wish I had already posted that -- oh wait, I did.
>

Not completely, and not at the point at which I was responding. But good
for you anyway.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: Re[4]: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter

2005-05-17 Thread Dennis Peterson

Sergey said:
> Hello Dennis,
>
> Tuesday, May 17, 2005, 5:11:43 PM, you wrote:
>
> DP> Sergey said:
>>> Hello Andrzej,
>>>
>>> Tuesday, May 17, 2005, 3:52:31 PM, you wrote:
>>>
>>> AZ> Sergey wrote:
>>> AZ> [...]
> -rw-r-  1 rootclamav  1265 May 17 15:40 clamd.log
>>> AZ>   ^^
>>> AZ> How clamd (in realy user clamav.clamav) can write to this file??
>>>
>>> AZ> [...]
>>>
>>>
>>>  i've no idea, but 0.84 does.
>>>
>>> i've just found a solution. if clamd makes clamd.log it's useless to
>>> change the permissions. so before running clamd and so on i made
>>> touch clamd.log and than set all the permissions that is needed.
>>> now it works.
>
>
> DP> We have a winner! Now if you put that in your startup script and log
> DP> rotation tool you'll have the job finished.
>
> why is that? if i'll restart clamd it won't going to change the
> permissions of clamd.log. and by the way i don't need any log rotation
> because my clamd.log doesn't eveê become big or something like that.
>
> --
> Best regards,
>  Sergeymailto:[EMAIL PROTECTED]

Many suggestions are applicable in the general sense and are good
practice. Not all apply specifically to any single environment. You're
lucky to have a low-demand system, Sergey.

dp
___
http://lurker.clamav.net/list/clamav-users.html

63 matches

Mail list logo