date:20171124

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Dianne Skoll

On Fri, 24 Nov 2017 15:53:44 +0200
"Info @ brainwash"  wrote:

> Hence, without the -d parameter, the issue is that the work folders
> are removed before clamd has a chance to scan them.

No, that is absolutely NOT the case.  Something else has changed on your
system in the interim.

Take out the -d option and restart.  It should still work.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Info @ brainwash

@Paul: With clamd scanning disabled, mimedefang scans for spam using 
spamassassin and adds the relevant headers into the e-mail messages.

With the -d option, MIMEDefang does create work folders, e.g. :

drwxr-x--- 4 defang defang 4096 Nov 24 14:12 mdefang-UBMc800
drwxr-x--- 2 defang defang 4096 Nov 24 14:38 mdefang-UBMCI0l
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcl01
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcm02
drwxr-x--- 2 defang defang 4096 Nov 24 14:38 mdefang-UBMCQ0m
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcu03
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcv04
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcV05
drwxr-x--- 4 defang defang 4096 Nov 24 14:14 mdefang-UBMeh06
drwxr-x--- 2 defang defang 4096 Nov 24 14:40 mdefang-UBMEL0n
drwxr-x--- 2 defang defang 4096 Nov 24 14:40 mdefang-UBMEN0o
drwxr-x--- 4 defang defang 4096 Nov 24 14:40 mdefang-UBMEO0p
drwxr-x--- 4 defang defang 4096 Nov 24 14:14 mdefang-UBMez07
drwxr-x--- 2 defang defang 4096 Nov 24 14:41 mdefang-UBMF20q
drwxr-x--- 2 defang defang 4096 Nov 24 14:42 mdefang-UBMG20r
drwxr-x--- 2 defang defang 4096 Nov 24 14:42 mdefang-UBMGS0s
drwxr-x--- 2 defang defang 4096 Nov 24 14:44 mdefang-UBMIE0t
drwxr-x--- 2 defang defang 4096 Nov 24 14:44 mdefang-UBMIJ0u
drwxr-x--- 2 defang defang 4096 Nov 24 14:45 mdefang-UBMJ20v
drwxr-x--- 2 defang defang 4096 Nov 24 14:45 mdefang-UBMJT0w
drwxr-x--- 2 defang defang 4096 Nov 24 14:20 mdefang-UBMk108
drwxr-x--- 4 defang defang 4096 Nov 24 14:20 mdefang-UBMke09
drwxr-x--- 2 defang defang 4096 Nov 24 14:21 mdefang-UBMl90a
drwxr-x--- 4 defang defang 4096 Nov 24 14:48 mdefang-UBMLB0x
drwxr-x--- 2 defang defang 4096 Nov 24 14:47 mdefang-UBMLF0y
drwxr-x--- 2 defang defang 4096 Nov 24 14:22 mdefang-UBMmG0b
drwxr-x--- 2 defang defang 4096 Nov 24 14:22 mdefang-UBMmK0c
drwxr-x--- 4 defang defang 4096 Nov 24 14:50 mdefang-UBMOf0z
drwxr-x--- 4 defang defang 4096 Nov 24 14:24 mdefang-UBMop0d
drwxr-x--- 2 defang defang 4096 Nov 24 14:50 mdefang-UBMOu0A
drwxr-x--- 2 defang defang 4096 Nov 24 14:25 mdefang-UBMpt0e
drwxr-x--- 2 defang defang 4096 Nov 24 14:52 mdefang-UBMQE0B
drwxr-x--- 2 defang defang 4096 Nov 24 14:53 mdefang-UBMRE0C
drwxr-x--- 4 defang defang 4096 Nov 24 14:27 mdefang-UBMrj0f
drwxr-x--- 2 defang defang 4096 Nov 24 14:54 mdefang-UBMSy0D
drwxr-x--- 4 defang defang 4096 Nov 24 14:29 mdefang-UBMtt0g
drwxr-x--- 2 defang defang 4096 Nov 24 14:55 mdefang-UBMTw0E
drwxr-x--- 4 defang defang 4096 Nov 24 14:30 mdefang-UBMub0h
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUM0F
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUQ0G
drwxr-x--- 4 defang defang 4096 Nov 24 14:30 mdefang-UBMur0i
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUU0H
drwxr-x--- 2 defang defang 4096 Nov 24 14:59 mdefang-UBMXW0I
drwxr-x--- 2 defang defang 4096 Nov 24 14:34 mdefang-UBMyS0j
drwxr-x--- 4 defang defang 4096 Nov 24 14:35 mdefang-UBMzN0k
drwxr-x--- 4 defang defang 4096 Nov 24 15:02 mdefang-UBN2e0J
drwxr-x--- 4 defang defang 4096 Nov 24 15:05 mdefang-UBN4X0K
drwxr-x--- 4 defang defang 4096 Nov 24 15:05 mdefang-UBN5a0L
drwxr-x--- 4 defang defang 4096 Nov 24 15:07 mdefang-UBN7K0M
drwxr-x--- 2 defang defang 4096 Nov 24 15:08 mdefang-UBN8r0N
drwxr-x--- 4 defang defang 4096 Nov 24 15:10 mdefang-UBNaS0O
drwxr-x--- 2 defang defang 4096 Nov 24 15:11 mdefang-UBNbr0P
drwxr-x--- 4 defang defang 4096 Nov 24 15:12 mdefang-UBNcB0R
drwxr-x--- 2 defang defang 4096 Nov 24 15:12 mdefang-UBNcS0S
drwxr-x--- 2 defang defang 4096 Nov 24 15:12 mdefang-UBNct0Q
drwxr-x--- 2 defang defang 4096 Nov 24 15:39 mdefang-UBNDD1c
drwxr-x--- 4 defang defang 4096 Nov 24 15:14 mdefang-UBNdX0T
drwxr-x--- 2 defang defang 4096 Nov 24 15:14 mdefang-UBNeu0U
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF81d
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF91e
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF91f
drwxr-x--- 2 defang defang 4096 Nov 24 15:16 mdefang-UBNgD0W
drwxr-x--- 4 defang defang 4096 Nov 24 15:16 mdefang-UBNgp0V
drwxr-x--- 4 defang defang 4096 Nov 24 15:17 mdefang-UBNh00X
drwxr-x--- 2 defang defang 4096 Nov 24 15:17 mdefang-UBNh710
drwxr-x--- 4 defang defang 4096 Nov 24 15:17 mdefang-UBNhA11
drwxr-x--- 2 defang defang 4096 Nov 24 15:44 mdefang-UBNI81g
drwxr-x--- 2 defang defang 4096 Nov 24 15:44 mdefang-UBNIa1h
drwxr-x--- 2 defang defang 4096 Nov 24 15:45 mdefang-UBNJT1i
drwxr-x--- 4 defang defang 4096 Nov 24 15:20 mdefang-UBNkp12
drwxr-x--- 4 defang defang 4096 Nov 24 15:21 mdefang-UBNlf13
drwxr-x--- 4 defang defang 4096 Nov 24 15:47 mdefang-UBNLs1j
drwxr-x--- 2 defang defang 4096 Nov 24 15:23 mdefang-UBNnq14
drwxr-x--- 2 defang defang 4096 Nov 24 15:25 mdefang-UBNp615
drwxr-x--- 2 defang defang 4096 Nov 24 15:25 mdefang-UBNpr16
drwxr-x--- 2 defang defang 4096 Nov 24 15:26 mdefang-UBNqE17
drwxr-x--- 2 defang defang 4096 Nov 24 15:33 mdefang-UBNxj18
drwxr-x--- 2 defang defang 4096 Nov 24 15:33 mdefang-UBNxr19
drwxr-x--- 2 defang defang 4096 Nov

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Paul Murphy


> I started mimedefang with the -D option, as indicated. However, no working 
> directories within /var/spool/MIMEDefang/ 
> were created and, as a result, I get in maillog (again):
>
>clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work

Did you check that MIMEDefang was correctly handling mail before you enabled 
Clamav?  This would suggest that the issue is within MIMEDefang, and that the 
spool directories are never created, so there is no message to process.

Also, my apologies - the option to keep working directories is "-d", not "-D" 
...  

Paul.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Info @ brainwash

@Paul

Thank you for your time taken to compile the list of steps regarding this issue.

Results..
(1):

/var/spool/MIMEDefang has the following permissions after Dianne's 
recommendations:

drwxr-s---   4 defang   defang   4096 MIMEDefang

I started mimedefang with the -D option, as indicated. However, no working 
directories within /var/spool/MIMEDefang/ were created and, as a result, I get 
in maillog (again):

clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work

(2)/(3):

drwxr-s---   4 defang defang 4096 .
drwxr-xr-x. 14 root   root   4096 ..
-rw---   1 defang defang0 mimedefang.lock
-rw---   1 defang defang0 mimedefang-multiplexor.lock
srwxrwx---   1 defang defang0 mimedefang-multiplexor.sock
drwx--   2 defang defang 4096 .pyzor
drwxr-x---   2 defang defang 4096 .razor

(4) clamd socket file is present, albeit present in another directory as clamd 
runs as another user (clamscan) and not as defang. It is also defined within 
the mimedefang.pl as

$ClamdSock = '/var/run/clamd /clamd.sock';

The /var/run/clamd/ directory has the following privileges:

drwx--x---  2 clamscan clamscan   clamd

.. and the contents of this directory: 

-rw-rw-r-- 1 clamscan clamscan 5 clamd.pid
srw-rw-rw- 1 clamscan clamscan 0 clamd.sock

User defang is already a member of the clamscan group. Clamd.sock is also group 
readable/writeable.

It seems from the logs that the request to clamd is sent by MIMEDefang, however 
there is no file present at the location indicated (work folders could not get 
created by mimedefang) thus clamd crashes as it tries to scan something that 
does not exist.

(5) As (1) could not be completed (no work directories created) I cannot check 
clamscan by scanning individual messages.


-Original Message-
From: MIMEDefang [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf 
Of Paul Murphy
Sent: Friday, November 24, 2017 12:21 PM
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

If your policy permits it, the next steps I would take would be:

1.  Enable the "-D" option in MIMEDefang to leave the spool directories in 
place after scanning, so that you have an example to work with.  Restart 
MIMEDefang to make this active.  You only need to have this enabled until you 
have processed 3-4 messages, rather than storing everything. 

2.  "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3.  Inspect the permissions on the spool folders to ensure that the group 
access is present:

total 104
drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
drwxr-xr-x. 17 root   root   4096 Nov  5  2016 ..
srw-rw.  1 defang defang0 Oct 31 12:03 clamd.sock
drwxr-x---.  4 defang defang 4096 Nov 24 07:55 
mdefang-vAO7tER3031965
drwxr-x---.  4 defang defang 4096 Nov 24 07:57 
mdefang-vAO7vcqG032097
drwxr-x---.  4 defang defang 4096 Nov 24 08:01 
mdefang-vAO802P1032251

4.  Also verify here that the clamd.sock socket file is present, and is 
writable by MIMEDefang, otherwise the request to scan the file cannot be sent.  
If it does not exist in this folder, how does MIMEDefang find it?  Hint - line 
174 of /usr/bin/mimedefang.pl:
$ClamdSock  = '/var/spool/MIMEDefang/clamd.sock';

5.  Try to "cd" into one of the folders as clamscan, and see what happens.  If 
it works, the group memberships and spool folder permissions are correct.  Run 
clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be 
scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, 
I'm stumped.

Paul.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above message, 
it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang 
mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Paul Murphy

If your policy permits it, the next steps I would take would be:

1.  Enable the "-D" option in MIMEDefang to leave the spool directories in 
place after scanning, so that you have an example to work with.  Restart 
MIMEDefang to make this active.  You only need to have this enabled until you 
have processed 3-4 messages, rather than storing everything. 

2.  "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3.  Inspect the permissions on the spool folders to ensure that the group 
access is present:

total 104
drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
drwxr-xr-x. 17 root   root   4096 Nov  5  2016 ..
srw-rw.  1 defang defang0 Oct 31 12:03 clamd.sock
drwxr-x---.  4 defang defang 4096 Nov 24 07:55 
mdefang-vAO7tER3031965
drwxr-x---.  4 defang defang 4096 Nov 24 07:57 
mdefang-vAO7vcqG032097
drwxr-x---.  4 defang defang 4096 Nov 24 08:01 
mdefang-vAO802P1032251

4.  Also verify here that the clamd.sock socket file is present, and is 
writable by MIMEDefang, otherwise the request to scan the file cannot be sent.  
If it does not exist in this folder, how does MIMEDefang find it?  Hint - line 
174 of /usr/bin/mimedefang.pl:
$ClamdSock  = '/var/spool/MIMEDefang/clamd.sock';

5.  Try to "cd" into one of the folders as clamscan, and see what happens.  If 
it works, the group memberships and spool folder permissions are correct.  Run 
clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be 
scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, 
I'm stumped.

Paul.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Info @ brainwash

@Richard: Apparmor is not installed.. SELinux has been disabled..

-Original Message-
From: Richard Laager [mailto:rlaa...@wiktel.com] 
Sent: Friday, November 24, 2017 12:00 PM
To: Info @ brainwash 
Cc: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

Does your system have apparmor or SELinux that could be blocking access 
separately from filesystem permissions?

--
Richard

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Richard Laager

Does your system have apparmor or SELinux that could be blocking access
separately from filesystem permissions?

-- 
Richard
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

2017-11-24 Thread Info @ brainwash

@Paul/Dianne

Output of the command you asked for:

8510 clamscan clamscan /usr/bin/freshclam -d -c 4
9697 clamscan clamscan /usr/sbin/clamd -c /etc/clamd.d/scan.conf
15710 root root /bin/bash /usr/share/clamav/freshclam-sleep

Regarding clamav config, yes.. AllowSupplementaryGroups in clamd.conf is set to 
"yes"!!!

So far I believe I have followed every step/direction mentioned in the 
documentation regarding the mimedefang service configuration.. that's why I am 
baffled!

-Original Message-
From: MIMEDefang [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf 
Of Paul Murphy
Sent: Thursday, November 23, 2017 8:59 PM
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

Also, please post the output from:  ps -eo pid,group,user,args 
|grep clam

Paul.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above message, 
it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang 
mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

Re: [Mimedefang] Error with mimedefang + clamd

8 matches

Site Navigation

Mail list logo

Footer information