subject:"\[Mimedefang\] Fwd\: Re\: clamav vs clamd vs clamscan"

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-14 Thread Richard Laager

I think you should make sure mimedefang is actually being started with
the -G option. Like, look at output from `ps`. Also, stick a sleep(60)
in the filter or something to slow it down. That way, you can catch the
Work directories live and see what their permissions look like. If the
directory is 700 instead of 750 (or similiar) or the files are 600
instead of 640, then mimedefang's umask is the issue. Otherwise, as was
noted, maybe clamd isn't picking up the group membership somehow.

-- 
Richard


signature.asc
Description: This is a digitally signed message part
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-14 Thread Cliff Hayes


I did the following and it worked:

su -s /bin/bash clamav
cd /var/spool/MIMEDefang
cat mimedefang-multiplexor.pid

So clamav user is able to look at defang's directory but clamd still 
can't if mimedefang calls it to do a virus check.


On 10/13/2014 4:54 PM, Les Mikesell wrote:

On Mon, Oct 13, 2014 at 4:46 PM, Cliff Hayes  wrote:

Two problems:

a) the shell for clamav is set to /sbin/nologin so I can't su to it ...
should I change the shell?


You can do: "su -s /bin/bash clamav'.


b) the email files clamd is trying to look at never stay on the server for
more than a second or two.


At least see if you can access anything that needs the defang group.
If it doesn't work manually, then there group is set up wrong.  If it
does, something must be wrong with the clamd startup that it isn't
picking up the group membership.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Richard Laager

On Mon, 2014-10-13 at 17:00 -0500, Cliff Hayes wrote:
> Did what you said and I can't touch a new temp file in 
> /var/spool/MIMEDefang ... permission denied ... but clamd appears to be 
> running as clamav

Your tests below should be expected to fail. mimedefang.pid is not
group-readable. And the directory is not group-writable.

Try reading mimedefang-multiplexor.pid which is group-readable:
su -s /bin/bash clamav
cd /var/spool/MIMEDefang
cat mimedefang-multiplexor.pid

> su -s /bin/bash clamav
> bash-4.1$ cd /var/spool/MIMEDefang
> bash-4.1$ ls -l
> total 8
> -rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid
> srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock
> -rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid
> srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock
> bash-4.1$ vi mimedefang.pid
> bash-4.1$ touch temp
> touch: cannot touch `temp': Permission denied

-- 
Richard


signature.asc
Description: This is a digitally signed message part
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Paul Murphy

"touch" should never work in the spool directory - clamd is reading
files and deciding whether they are infected, so it should never try to
create a file.  You have set the permissions to make the directory group
readable, not group writable, and this is correct.

You need to ensure that the spool directories are also created group
readable, so turn on "-d" to keep the temporary directories for a short
time so you can see that the permissions are correct.  Once you have a
few to test with, su to your clamav user, cd to the spool directory, and
run clamdscan on the INPUTMSG to ensure that the daemon can read it.

The odds are that your MD_ALLOW_GROUP_ACCESS is not taking effect, so
the working directories are not accessible by clamdscan.

Paul.

-Original Message-
From: mimedefang-boun...@lists.roaringpenguin.com
[mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of Cliff
Hayes
Sent: 13 October 2014 23:01
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Did what you said and I can't touch a new temp file in
/var/spool/MIMEDefang ... permission denied ... but clamd appears to be
running as clamav

su -s /bin/bash clamav
bash-4.1$ cd /var/spool/MIMEDefang
bash-4.1$ ls -l
total 8
-rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock
-rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi
mimedefang.pid bash-4.1$ touch temp
touch: cannot touch `temp': Permission denied bash-4.1$ su root
Password:
[root@sendmail MIMEDefang]# ps aux | grep clamd
clamav1652  0.0  3.5 518068 288956 ?   Ssl  16:50   0:00 
/usr/local/sbin/clamd
root  1838  0.0  0.0 103256   848 pts/2S+   16:59   0:00 grep
clamd

On 10/13/2014 4:54 PM, Les Mikesell wrote:
> su -s /bin/bash clamav
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang




Scanned by MIMEDefang - s9DM4mDX006711

Report as SPAM:  http://www.ousekjarr.org/learn.php?msg=s9DM4mDX006711

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Cliff Hayes

Did what you said and I can't touch a new temp file in 
/var/spool/MIMEDefang ... permission denied ... but clamd appears to be 
running as clamav


su -s /bin/bash clamav
bash-4.1$ cd /var/spool/MIMEDefang
bash-4.1$ ls -l
total 8
-rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock
-rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock
bash-4.1$ vi mimedefang.pid
bash-4.1$ touch temp
touch: cannot touch `temp': Permission denied
bash-4.1$ su root
Password:
[root@sendmail MIMEDefang]# ps aux | grep clamd
clamav1652  0.0  3.5 518068 288956 ?   Ssl  16:50   0:00 
/usr/local/sbin/clamd

root  1838  0.0  0.0 103256   848 pts/2S+   16:59   0:00 grep clamd

On 10/13/2014 4:54 PM, Les Mikesell wrote:

su -s /bin/bash clamav

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Les Mikesell

On Mon, Oct 13, 2014 at 4:46 PM, Cliff Hayes  wrote:
> Two problems:
>
> a) the shell for clamav is set to /sbin/nologin so I can't su to it ...
> should I change the shell?

You can do: "su -s /bin/bash clamav'.

> b) the email files clamd is trying to look at never stay on the server for
> more than a second or two.

At least see if you can access anything that needs the defang group.
If it doesn't work manually, then there group is set up wrong.  If it
does, something must be wrong with the clamd startup that it isn't
picking up the group membership.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Cliff Hayes


Two problems:

a) the shell for clamav is set to /sbin/nologin so I can't su to it ... 
should I change the shell?


b) the email files clamd is trying to look at never stay on the server 
for more than a second or two.


On 10/13/2014 4:42 PM, Les Mikesell wrote:

On Mon, Oct 13, 2014 at 4:30 PM, Cliff Hayes  wrote:

restarted clamd; same error

permissions for each directory up to and including /var/spool/MIMEDefang:

drwxr-xr-x.  22 root   root4096 Oct  7 14:55 var
drwxr-xr-x. 14 root root 4096 Oct  7 12:49 spool
drwxr-x---   3 defang defang  4096 Oct 13 16:23 MIMEDefang

I tried 755 on MIMEDefang and still got same error:

drwxr-xr-x   3 defang defang  4096 Oct 13 16:23 MIMEDefang

selinux is not running at this time
and I have the following option set:

MD_ALLOW_GROUP_ACCESS=yes


If you su to the clamav user, can you read the file in question?


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Richard Laager

And clamd is running as clamav?

And the clamav user has been added to the defang group?

And you've tried rebooting?

-- 
Richard


signature.asc
Description: This is a digitally signed message part
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Les Mikesell

On Mon, Oct 13, 2014 at 4:30 PM, Cliff Hayes  wrote:
> restarted clamd; same error
>
> permissions for each directory up to and including /var/spool/MIMEDefang:
>
> drwxr-xr-x.  22 root   root4096 Oct  7 14:55 var
> drwxr-xr-x. 14 root root 4096 Oct  7 12:49 spool
> drwxr-x---   3 defang defang  4096 Oct 13 16:23 MIMEDefang
>
> I tried 755 on MIMEDefang and still got same error:
>
> drwxr-xr-x   3 defang defang  4096 Oct 13 16:23 MIMEDefang
>
> selinux is not running at this time
> and I have the following option set:
>
> MD_ALLOW_GROUP_ACCESS=yes

If you su to the clamav user, can you read the file in question?

-- 
   Les Mikesell
  lesmikes...@gmail.com
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Cliff Hayes


restarted clamd; same error

permissions for each directory up to and including /var/spool/MIMEDefang:

drwxr-xr-x.  22 root   root4096 Oct  7 14:55 var
drwxr-xr-x. 14 root root 4096 Oct  7 12:49 spool
drwxr-x---   3 defang defang  4096 Oct 13 16:23 MIMEDefang

I tried 755 on MIMEDefang and still got same error:

drwxr-xr-x   3 defang defang  4096 Oct 13 16:23 MIMEDefang

selinux is not running at this time
and I have the following option set:

MD_ALLOW_GROUP_ACCESS=yes


On 10/13/2014 4:17 PM, Les Mikesell wrote:

On Mon, Oct 13, 2014 at 4:01 PM, Cliff Hayes  wrote:

Per other comments I removed all traces of previous clam installs and
started over with binaries.
Got clamd running as root and mimedefang running as defang - no problem.
But I'd like to run clamd as clamav so I did your idea and added defang to
clamav as such:  usermod -G defang clamav
So now clamd is a member of two groups:  clamav and defang but I still get
the following error:

Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd
returned error: lstat() failed: Permission denied.

Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem
running virus scanner: code=999, category=swerr, action=tempfail

Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on:
/var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work


Did you restart clamd after the change?  Also , check that the
directories above /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work
have rx permissions for group or other and the new files mimedefang is
creating have group access.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Les Mikesell

On Mon, Oct 13, 2014 at 4:01 PM, Cliff Hayes  wrote:
> Per other comments I removed all traces of previous clam installs and
> started over with binaries.
> Got clamd running as root and mimedefang running as defang - no problem.
> But I'd like to run clamd as clamav so I did your idea and added defang to
> clamav as such:  usermod -G defang clamav
> So now clamd is a member of two groups:  clamav and defang but I still get
> the following error:
>
> Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd
> returned error: lstat() failed: Permission denied.
>
> Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem
> running virus scanner: code=999, category=swerr, action=tempfail
>
> Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on:
> /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work

Did you restart clamd after the change?  Also , check that the
directories above /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work
have rx permissions for group or other and the new files mimedefang is
creating have group access.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Cliff Hayes

Per other comments I removed all traces of previous clam installs and 
started over with binaries.

Got clamd running as root and mimedefang running as defang - no problem.
But I'd like to run clamd as clamav so I did your idea and added defang 
to clamav as such:  usermod -G defang clamav
So now clamd is a member of two groups:  clamav and defang but I still 
get the following error:


Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd 
returned error: lstat() failed: Permission denied.


Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem 
running virus scanner: code=999, category=swerr, action=tempfail


Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on: 
/var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work



On 10/9/2014 1:36 PM, Kees Theunissen wrote:

On Thu, 9 Oct 2014, Kevin A. McGrail wrote:


On 10/9/2014 10:28 AM, Cliff Hayes wrote:

Thanks to this list I am making progress :)
Now clamd is failing due to this...
Wed Oct  8 16:32:20 2014 -> WARNING: lstat() failed on:
/var/spool/MIMEDefang/mdefang-s98LWK78002037/Work
...I'm assuming this is because the mimedefang working directory is owned by
defang and clamd runs as clamav.
I fixed by running clamd as root ... is this the preferred solution or is
there a better way?

In general, you don't want daemons running as privileged users.

I run clamd as the same user as I run MD and that would be my recommendation as
well.


On my systems (debian) I run mimedefang as user "defang" and
group "defang" while clamd is runing as user "clamav" and
group "clamav". I made the "clamav" user a menber of the
"defang" group so clamd can read the contents of subdirs
below /var/spool/MIMEDefang with group rights.

~# id defang
uid=108(defang) gid=110(defang) groups=110(defang)
~# id clamav
uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav)




Regards,

Kees Theunissen.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-13 Thread Les Mikesell

On Sun, Oct 12, 2014 at 4:54 PM, Richard Laager  wrote:
> On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote:
>> I tried your idea.
>> I updated the following in clamd.conf:
>> LocalSocket /var/run/clamav/clamd.socket
>> PidFile /var/run/clamav/clamd.pid
>> User clamav
>>
>> Now I get this error when starting clamd:
>> ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
>> I am starting as root as instructed in clamd.conf
>> I have gotten that error before ... it usually means there is a user
>> issue.  When I go back to running as root it knows to look in /etc/ for
>> clamd.conf
>
> I have no idea why your clamd is looking in /usr/local/etc instead
> of /etc.

There are probably 2 or more different version of clamd on this
system, built with different default options.  If packages have been
installed from different 3rd party repositories or installed from
source plus a packaged install, that is a likely scenario.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-12 Thread Richard Laager

On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote:
> I tried your idea.
> I updated the following in clamd.conf:
> LocalSocket /var/run/clamav/clamd.socket
> PidFile /var/run/clamav/clamd.pid
> User clamav
> 
> Now I get this error when starting clamd:
> ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
> I am starting as root as instructed in clamd.conf
> I have gotten that error before ... it usually means there is a user 
> issue.  When I go back to running as root it knows to look in /etc/ for 
> clamd.conf

I have no idea why your clamd is looking in /usr/local/etc instead
of /etc.

-- 
Richard


signature.asc
Description: This is a digitally signed message part
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-12 Thread Cliff Hayes


I tried your idea.
I updated the following in clamd.conf:
LocalSocket /var/run/clamav/clamd.socket
PidFile /var/run/clamav/clamd.pid
User clamav

Now I get this error when starting clamd:
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
I am starting as root as instructed in clamd.conf
I have gotten that error before ... it usually means there is a user 
issue.  When I go back to running as root it knows to look in /etc/ for 
clamd.conf


On 10/10/2014 11:27 PM, Richard Laager wrote:

If you still have problems, make sure you run MIMEDefang with the -G
option. If your MIMEDefang is packaged like mine, set
MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang.

This causes MIMEDefang to use a umask that allows group readability.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-10 Thread Richard Laager

If you still have problems, make sure you run MIMEDefang with the -G
option. If your MIMEDefang is packaged like mine, set
MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang.

This causes MIMEDefang to use a umask that allows group readability.

-- 
Richard


signature.asc
Description: This is a digitally signed message part
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-10 Thread Cliff Hayes


Thanks.
That seems like the best way.

On 10/9/2014 1:36 PM, Kees Theunissen wrote:

On my systems (debian) I run mimedefang as user "defang" and
group "defang" while clamd is runing as user "clamav" and
group "clamav". I made the "clamav" user a menber of the
"defang" group so clamd can read the contents of subdirs
below /var/spool/MIMEDefang with group rights.

~# id defang
uid=108(defang) gid=110(defang) groups=110(defang)
~# id clamav
uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav)

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-09 Thread Kees Theunissen

On Thu, 9 Oct 2014, Kevin A. McGrail wrote:

> On 10/9/2014 10:28 AM, Cliff Hayes wrote:
>> Thanks to this list I am making progress :)
>> Now clamd is failing due to this...
>> Wed Oct  8 16:32:20 2014 -> WARNING: lstat() failed on:
>> /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work
>> ...I'm assuming this is because the mimedefang working directory is owned by
>> defang and clamd runs as clamav.
>> I fixed by running clamd as root ... is this the preferred solution or is
>> there a better way?
> In general, you don't want daemons running as privileged users.
>
> I run clamd as the same user as I run MD and that would be my recommendation 
> as
> well.

On my systems (debian) I run mimedefang as user "defang" and
group "defang" while clamd is runing as user "clamav" and
group "clamav". I made the "clamav" user a menber of the
"defang" group so clamd can read the contents of subdirs
below /var/spool/MIMEDefang with group rights.

~# id defang
uid=108(defang) gid=110(defang) groups=110(defang)
~# id clamav
uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav)




Regards,

Kees Theunissen.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)30 6096724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address:   c.j.theunis...@differ.nl
postal address:   PO Box 1207, 3430 BE Nieuwegein, NL
visitors address: Edisonbaan 14, 3439 MN Nieuwegein, NL

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-09 Thread Nels Lindquist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/9/2014 8:37 AM, Kevin A. McGrail wrote:
> On 10/9/2014 10:28 AM, Cliff Hayes wrote:
>> Thanks to this list I am making progress :) Now clamd is failing
>> due to this... Wed Oct  8 16:32:20 2014 -> WARNING: lstat()
>> failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work 
>> ...I'm assuming this is because the mimedefang working directory
>> is owned by defang and clamd runs as clamav. I fixed by running
>> clamd as root ... is this the preferred solution or is there a
>> better way?
> In general, you don't want daemons running as privileged users.
> 
> I run clamd as the same user as I run MD and that would be my 
> recommendation as well.

If you're building clamav from source that's pretty easily maintained,
but if you're using clamav from one of the third-party repositories I
like to mess with it as little as possible (so that it doesn't get
broken on version updates) and instead do a little more upfront
configuration with MD.

The RPMForge clamav packages use clamav.clamav, so I do the following:

1.  Add the clamav user to the defang group;
2.  Make sure that "AllowSupplementaryGroups yes" line exists in
clamd.conf;
3.  Change mode for MD spool directory (on tmpfs of course) to 750;
4.  Configure MD to create group readable working files (-G option to
multiplexor);
5.  Tweak other MD settings as necessary (location of clamd.sock, etc.)

- -- 
Nels Lindquist

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAlQ2uTMACgkQh6z5POoOLgTQ7gCfcTy7STyd7DnCN69QLV0bF5kw
lZEAniMntSg+spQ3yoJpXJ3M2oQj+g5/
=tZ5N
-END PGP SIGNATURE-
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-09 Thread Kevin A. McGrail


On 10/9/2014 10:28 AM, Cliff Hayes wrote:

Thanks to this list I am making progress :)
Now clamd is failing due to this...
Wed Oct  8 16:32:20 2014 -> WARNING: lstat() failed on: 
/var/spool/MIMEDefang/mdefang-s98LWK78002037/Work
...I'm assuming this is because the mimedefang working directory is 
owned by defang and clamd runs as clamav.
I fixed by running clamd as root ... is this the preferred solution or 
is there a better way?

In general, you don't want daemons running as privileged users.

I run clamd as the same user as I run MD and that would be my 
recommendation as well.


Regards,
KAM
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

2014-10-09 Thread Cliff Hayes


Thanks to this list I am making progress :)
Now clamd is failing due to this...
Wed Oct  8 16:32:20 2014 -> WARNING: lstat() failed on: 
/var/spool/MIMEDefang/mdefang-s98LWK78002037/Work
...I'm assuming this is because the mimedefang working directory is 
owned by defang and clamd runs as clamav.
I fixed by running clamd as root ... is this the preferred solution or 
is there a better way?



 Original Message 
From: - Wed Oct 08 14:36:48 2014
X-Account-Key: account6
X-UIDL: 0004705d47d56bfd
X-Mozilla-Status: 0011
X-Mozilla-Status2: 
X-Mozilla-Keys:
Return-Path: 
Received: from nitronium05.afomx.net (wsip-66-210-221-15.pn.at.cox.net 
[66.210.221.15]) by sendmail.afo.net (8.14.7/8.14.7) with ESMTP id 
s98JZNUc019081 for ; Wed, 8 Oct 2014 14:35:23 -0500
Received: from colo3.roaringpenguin.com (roaringpenguin.com 
[70.38.112.54]) by nitronium05.afomx.net (8.14.4/8.14.4) with ESMTP id 
s98JZK7f005795 for ; Wed, 8 Oct 2014 14:35:20 -0500
Received: from colo3.roaringpenguin.com (localhost [127.0.0.1]) by 
colo3.roaringpenguin.com (8.14.3/8.14.3/Debian-9.4) with ESMTP id 
s98JZCbl013124; Wed, 8 Oct 2014 15:35:14 -0400
Received: from mail-ig0-f180.google.com (mail-ig0-f180.google.com 
[209.85.213.180]) by colo3.roaringpenguin.com (8.14.3/8.14.3/Debian-9.4) 
with ESMTP id s98JZ9xd013097 for ; 
Wed, 8 Oct 2014 15:35:10 -0400
Received: by mail-ig0-f180.google.com with SMTP id uq10so50255igb.7 for 
; Wed, 08 Oct 2014 12:35:09 -0700 (PDT)

MIME-Version: 1.0
X-Received: by 10.51.17.66 with SMTP id 
gc2mr19990383igd.40.1412796908717; Wed, 08 Oct 2014 12:35:08 -0700 (PDT)

Received: by 10.107.131.1 with HTTP; Wed, 8 Oct 2014 12:35:08 -0700 (PDT)
In-Reply-To: <54358afe.8090...@afo.net>
References: <54356bde.30...@afo.net> 
 
<54358afe.8090...@afo.net>

Date: Wed, 8 Oct 2014 14:35:08 -0500
Message-ID: 


From: Les Mikesell 
To: mimedefang@lists.roaringpenguin.com
X-Spam-Score: undef - lesmikes...@gmail.com is whitelisted.  For help, 
please call +1 613 231-6599.
X-RP-Info: score=0.0, reason=sender-whitelisted, tests=, 
remote=209.85.213.180, cc=US, city=Mountain View, trained=none, os=Linux 
2.2.x-3.x, link=Google, s=
X-CanIt-Geo: ip=209.85.213.180; country=US; region=California; 
city=Mountain View; latitude=37.4192; longitude=-122.0574; 
http://maps.google.com/maps?q=37.4192,-122.0574&z=6

X-CanItPRO-Stream: nolinks (inherits from default)
X-Canit-Stats-ID: 01N0HzaBq - d9e2254476c8 - 20141008
X-CanIt-Archive-Cluster: SQVyZJxqklY5buiWXYCN4T/BjiM
X-CanIt-Archived-As: base/20141008 / 01N0HzaBq
X-Auto-Response-Suppress: OOF, DR, RN, NRN
X-Scanned-By: MIMEDefang 2.73
X-Scanned-By: MIMEDefang 2.75
X-Scanned-By: CanIt (www . roaringpenguin . com) on 70.38.112.54
Subject: Re: [Mimedefang] clamav vs clamd vs clamscan
X-BeenThere: mimedefang@lists.roaringpenguin.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: mimedefang@lists.roaringpenguin.com
List-Id: For users of the MIMEDefang mail scanner 

List-Unsubscribe: 
, 


List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: 
, 


Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mimedefang-boun...@lists.roaringpenguin.com
Errors-To: mimedefang-boun...@lists.roaringpenguin.com

On Wed, Oct 8, 2014 at 2:05 PM, Cliff Hayes  wrote:

I will have to go with clamd because clamav is taking 12 seconds to scan an
email with five words in it.

I tried disabling all repositories except epel like this...
yum --disablerepo=atrpms-bleeding --disablerepo=atrpms
--disablerepo=atrpms-testing --disablerepo=elrepo --disablerepo=epel-testing
--disablerepo=rpmforge --disablerepo=sl6x --disablerepo=sl install clamd
... but then I got a long list of dependencies, then a bunch of errors and
requires, then ended with this...
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
... so I guess I should go back to binaries?


Mixing 3rd party repos generally leads to conflicts.  On a Centos
system with EPEL as the only extra repo it 'just works'.  Either you
already have some conflicting package from a different repo or you
needed something from the base SL.Also, if you get mimedefang and
clamd from different repos you may end up with a mismatch in
user/group settings that will cause permission problems on the socket
they use to communicate.

--
   Les Mikesell
 lesmikes...@gmail.com
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

21 matches

Site Navigation

Mail list logo

Footer information