Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
I think you should make sure mimedefang is actually being started with the -G option. Like, look at output from `ps`. Also, stick a sleep(60) in the filter or something to slow it down. That way, you can catch the Work directories live and see what their permissions look like. If the directory is 700 instead of 750 (or similiar) or the files are 600 instead of 640, then mimedefang's umask is the issue. Otherwise, as was noted, maybe clamd isn't picking up the group membership somehow. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
I did the following and it worked: su -s /bin/bash clamav cd /var/spool/MIMEDefang cat mimedefang-multiplexor.pid So clamav user is able to look at defang's directory but clamd still can't if mimedefang calls it to do a virus check. On 10/13/2014 4:54 PM, Les Mikesell wrote: On Mon, Oct 13, 2014 at 4:46 PM, Cliff Hayes wrote: Two problems: a) the shell for clamav is set to /sbin/nologin so I can't su to it ... should I change the shell? You can do: "su -s /bin/bash clamav'. b) the email files clamd is trying to look at never stay on the server for more than a second or two. At least see if you can access anything that needs the defang group. If it doesn't work manually, then there group is set up wrong. If it does, something must be wrong with the clamd startup that it isn't picking up the group membership. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Mon, 2014-10-13 at 17:00 -0500, Cliff Hayes wrote: > Did what you said and I can't touch a new temp file in > /var/spool/MIMEDefang ... permission denied ... but clamd appears to be > running as clamav Your tests below should be expected to fail. mimedefang.pid is not group-readable. And the directory is not group-writable. Try reading mimedefang-multiplexor.pid which is group-readable: su -s /bin/bash clamav cd /var/spool/MIMEDefang cat mimedefang-multiplexor.pid > su -s /bin/bash clamav > bash-4.1$ cd /var/spool/MIMEDefang > bash-4.1$ ls -l > total 8 > -rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid > srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock > -rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid > srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock > bash-4.1$ vi mimedefang.pid > bash-4.1$ touch temp > touch: cannot touch `temp': Permission denied -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
"touch" should never work in the spool directory - clamd is reading files and deciding whether they are infected, so it should never try to create a file. You have set the permissions to make the directory group readable, not group writable, and this is correct. You need to ensure that the spool directories are also created group readable, so turn on "-d" to keep the temporary directories for a short time so you can see that the permissions are correct. Once you have a few to test with, su to your clamav user, cd to the spool directory, and run clamdscan on the INPUTMSG to ensure that the daemon can read it. The odds are that your MD_ALLOW_GROUP_ACCESS is not taking effect, so the working directories are not accessible by clamdscan. Paul. -Original Message- From: mimedefang-boun...@lists.roaringpenguin.com [mailto:mimedefang-boun...@lists.roaringpenguin.com] On Behalf Of Cliff Hayes Sent: 13 October 2014 23:01 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan Did what you said and I can't touch a new temp file in /var/spool/MIMEDefang ... permission denied ... but clamd appears to be running as clamav su -s /bin/bash clamav bash-4.1$ cd /var/spool/MIMEDefang bash-4.1$ ls -l total 8 -rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock -rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi mimedefang.pid bash-4.1$ touch temp touch: cannot touch `temp': Permission denied bash-4.1$ su root Password: [root@sendmail MIMEDefang]# ps aux | grep clamd clamav1652 0.0 3.5 518068 288956 ? Ssl 16:50 0:00 /usr/local/sbin/clamd root 1838 0.0 0.0 103256 848 pts/2S+ 16:59 0:00 grep clamd On 10/13/2014 4:54 PM, Les Mikesell wrote: > su -s /bin/bash clamav ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang Scanned by MIMEDefang - s9DM4mDX006711 Report as SPAM: http://www.ousekjarr.org/learn.php?msg=s9DM4mDX006711 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
Did what you said and I can't touch a new temp file in /var/spool/MIMEDefang ... permission denied ... but clamd appears to be running as clamav su -s /bin/bash clamav bash-4.1$ cd /var/spool/MIMEDefang bash-4.1$ ls -l total 8 -rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock -rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi mimedefang.pid bash-4.1$ touch temp touch: cannot touch `temp': Permission denied bash-4.1$ su root Password: [root@sendmail MIMEDefang]# ps aux | grep clamd clamav1652 0.0 3.5 518068 288956 ? Ssl 16:50 0:00 /usr/local/sbin/clamd root 1838 0.0 0.0 103256 848 pts/2S+ 16:59 0:00 grep clamd On 10/13/2014 4:54 PM, Les Mikesell wrote: su -s /bin/bash clamav ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Mon, Oct 13, 2014 at 4:46 PM, Cliff Hayes wrote: > Two problems: > > a) the shell for clamav is set to /sbin/nologin so I can't su to it ... > should I change the shell? You can do: "su -s /bin/bash clamav'. > b) the email files clamd is trying to look at never stay on the server for > more than a second or two. At least see if you can access anything that needs the defang group. If it doesn't work manually, then there group is set up wrong. If it does, something must be wrong with the clamd startup that it isn't picking up the group membership. -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
Two problems: a) the shell for clamav is set to /sbin/nologin so I can't su to it ... should I change the shell? b) the email files clamd is trying to look at never stay on the server for more than a second or two. On 10/13/2014 4:42 PM, Les Mikesell wrote: On Mon, Oct 13, 2014 at 4:30 PM, Cliff Hayes wrote: restarted clamd; same error permissions for each directory up to and including /var/spool/MIMEDefang: drwxr-xr-x. 22 root root4096 Oct 7 14:55 var drwxr-xr-x. 14 root root 4096 Oct 7 12:49 spool drwxr-x--- 3 defang defang 4096 Oct 13 16:23 MIMEDefang I tried 755 on MIMEDefang and still got same error: drwxr-xr-x 3 defang defang 4096 Oct 13 16:23 MIMEDefang selinux is not running at this time and I have the following option set: MD_ALLOW_GROUP_ACCESS=yes If you su to the clamav user, can you read the file in question? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
And clamd is running as clamav? And the clamav user has been added to the defang group? And you've tried rebooting? -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Mon, Oct 13, 2014 at 4:30 PM, Cliff Hayes wrote: > restarted clamd; same error > > permissions for each directory up to and including /var/spool/MIMEDefang: > > drwxr-xr-x. 22 root root4096 Oct 7 14:55 var > drwxr-xr-x. 14 root root 4096 Oct 7 12:49 spool > drwxr-x--- 3 defang defang 4096 Oct 13 16:23 MIMEDefang > > I tried 755 on MIMEDefang and still got same error: > > drwxr-xr-x 3 defang defang 4096 Oct 13 16:23 MIMEDefang > > selinux is not running at this time > and I have the following option set: > > MD_ALLOW_GROUP_ACCESS=yes If you su to the clamav user, can you read the file in question? -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
restarted clamd; same error permissions for each directory up to and including /var/spool/MIMEDefang: drwxr-xr-x. 22 root root4096 Oct 7 14:55 var drwxr-xr-x. 14 root root 4096 Oct 7 12:49 spool drwxr-x--- 3 defang defang 4096 Oct 13 16:23 MIMEDefang I tried 755 on MIMEDefang and still got same error: drwxr-xr-x 3 defang defang 4096 Oct 13 16:23 MIMEDefang selinux is not running at this time and I have the following option set: MD_ALLOW_GROUP_ACCESS=yes On 10/13/2014 4:17 PM, Les Mikesell wrote: On Mon, Oct 13, 2014 at 4:01 PM, Cliff Hayes wrote: Per other comments I removed all traces of previous clam installs and started over with binaries. Got clamd running as root and mimedefang running as defang - no problem. But I'd like to run clamd as clamav so I did your idea and added defang to clamav as such: usermod -G defang clamav So now clamd is a member of two groups: clamav and defang but I still get the following error: Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd returned error: lstat() failed: Permission denied. Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem running virus scanner: code=999, category=swerr, action=tempfail Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work Did you restart clamd after the change? Also , check that the directories above /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work have rx permissions for group or other and the new files mimedefang is creating have group access. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Mon, Oct 13, 2014 at 4:01 PM, Cliff Hayes wrote: > Per other comments I removed all traces of previous clam installs and > started over with binaries. > Got clamd running as root and mimedefang running as defang - no problem. > But I'd like to run clamd as clamav so I did your idea and added defang to > clamav as such: usermod -G defang clamav > So now clamd is a member of two groups: clamav and defang but I still get > the following error: > > Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd > returned error: lstat() failed: Permission denied. > > Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem > running virus scanner: code=999, category=swerr, action=tempfail > > Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on: > /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work Did you restart clamd after the change? Also , check that the directories above /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work have rx permissions for group or other and the new files mimedefang is creating have group access. -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
Per other comments I removed all traces of previous clam installs and started over with binaries. Got clamd running as root and mimedefang running as defang - no problem. But I'd like to run clamd as clamav so I did your idea and added defang to clamav as such: usermod -G defang clamav So now clamd is a member of two groups: clamav and defang but I still get the following error: Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Clamd returned error: lstat() failed: Permission denied. Oct 13 15:53:47 sendmail mimedefang.pl[27449]: s9DKrlSJ027472: Problem running virus scanner: code=999, category=swerr, action=tempfail Mon Oct 13 15:53:47 2014 -> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-s9DKrlSJ027472/Work On 10/9/2014 1:36 PM, Kees Theunissen wrote: On Thu, 9 Oct 2014, Kevin A. McGrail wrote: On 10/9/2014 10:28 AM, Cliff Hayes wrote: Thanks to this list I am making progress :) Now clamd is failing due to this... Wed Oct 8 16:32:20 2014 -> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work ...I'm assuming this is because the mimedefang working directory is owned by defang and clamd runs as clamav. I fixed by running clamd as root ... is this the preferred solution or is there a better way? In general, you don't want daemons running as privileged users. I run clamd as the same user as I run MD and that would be my recommendation as well. On my systems (debian) I run mimedefang as user "defang" and group "defang" while clamd is runing as user "clamav" and group "clamav". I made the "clamav" user a menber of the "defang" group so clamd can read the contents of subdirs below /var/spool/MIMEDefang with group rights. ~# id defang uid=108(defang) gid=110(defang) groups=110(defang) ~# id clamav uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav) Regards, Kees Theunissen. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Sun, Oct 12, 2014 at 4:54 PM, Richard Laager wrote: > On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote: >> I tried your idea. >> I updated the following in clamd.conf: >> LocalSocket /var/run/clamav/clamd.socket >> PidFile /var/run/clamav/clamd.pid >> User clamav >> >> Now I get this error when starting clamd: >> ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf >> I am starting as root as instructed in clamd.conf >> I have gotten that error before ... it usually means there is a user >> issue. When I go back to running as root it knows to look in /etc/ for >> clamd.conf > > I have no idea why your clamd is looking in /usr/local/etc instead > of /etc. There are probably 2 or more different version of clamd on this system, built with different default options. If packages have been installed from different 3rd party repositories or installed from source plus a packaged install, that is a likely scenario. -- Les Mikesell lesmikes...@gmail.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote: > I tried your idea. > I updated the following in clamd.conf: > LocalSocket /var/run/clamav/clamd.socket > PidFile /var/run/clamav/clamd.pid > User clamav > > Now I get this error when starting clamd: > ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf > I am starting as root as instructed in clamd.conf > I have gotten that error before ... it usually means there is a user > issue. When I go back to running as root it knows to look in /etc/ for > clamd.conf I have no idea why your clamd is looking in /usr/local/etc instead of /etc. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
I tried your idea. I updated the following in clamd.conf: LocalSocket /var/run/clamav/clamd.socket PidFile /var/run/clamav/clamd.pid User clamav Now I get this error when starting clamd: ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf I am starting as root as instructed in clamd.conf I have gotten that error before ... it usually means there is a user issue. When I go back to running as root it knows to look in /etc/ for clamd.conf On 10/10/2014 11:27 PM, Richard Laager wrote: If you still have problems, make sure you run MIMEDefang with the -G option. If your MIMEDefang is packaged like mine, set MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang. This causes MIMEDefang to use a umask that allows group readability. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
If you still have problems, make sure you run MIMEDefang with the -G option. If your MIMEDefang is packaged like mine, set MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang. This causes MIMEDefang to use a umask that allows group readability. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
Thanks. That seems like the best way. On 10/9/2014 1:36 PM, Kees Theunissen wrote: On my systems (debian) I run mimedefang as user "defang" and group "defang" while clamd is runing as user "clamav" and group "clamav". I made the "clamav" user a menber of the "defang" group so clamd can read the contents of subdirs below /var/spool/MIMEDefang with group rights. ~# id defang uid=108(defang) gid=110(defang) groups=110(defang) ~# id clamav uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav) ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Thu, 9 Oct 2014, Kevin A. McGrail wrote: > On 10/9/2014 10:28 AM, Cliff Hayes wrote: >> Thanks to this list I am making progress :) >> Now clamd is failing due to this... >> Wed Oct 8 16:32:20 2014 -> WARNING: lstat() failed on: >> /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work >> ...I'm assuming this is because the mimedefang working directory is owned by >> defang and clamd runs as clamav. >> I fixed by running clamd as root ... is this the preferred solution or is >> there a better way? > In general, you don't want daemons running as privileged users. > > I run clamd as the same user as I run MD and that would be my recommendation > as > well. On my systems (debian) I run mimedefang as user "defang" and group "defang" while clamd is runing as user "clamav" and group "clamav". I made the "clamav" user a menber of the "defang" group so clamd can read the contents of subdirs below /var/spool/MIMEDefang with group rights. ~# id defang uid=108(defang) gid=110(defang) groups=110(defang) ~# id clamav uid=107(clamav) gid=109(clamav) groups=110(defang),109(clamav) Regards, Kees Theunissen. -- Kees Theunissen, System and network manager, Tel: +31 (0)30 6096724 Dutch Institute For Fundamental Energy Research (DIFFER) e-mail address: c.j.theunis...@differ.nl postal address: PO Box 1207, 3430 BE Nieuwegein, NL visitors address: Edisonbaan 14, 3439 MN Nieuwegein, NL ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/2014 8:37 AM, Kevin A. McGrail wrote: > On 10/9/2014 10:28 AM, Cliff Hayes wrote: >> Thanks to this list I am making progress :) Now clamd is failing >> due to this... Wed Oct 8 16:32:20 2014 -> WARNING: lstat() >> failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work >> ...I'm assuming this is because the mimedefang working directory >> is owned by defang and clamd runs as clamav. I fixed by running >> clamd as root ... is this the preferred solution or is there a >> better way? > In general, you don't want daemons running as privileged users. > > I run clamd as the same user as I run MD and that would be my > recommendation as well. If you're building clamav from source that's pretty easily maintained, but if you're using clamav from one of the third-party repositories I like to mess with it as little as possible (so that it doesn't get broken on version updates) and instead do a little more upfront configuration with MD. The RPMForge clamav packages use clamav.clamav, so I do the following: 1. Add the clamav user to the defang group; 2. Make sure that "AllowSupplementaryGroups yes" line exists in clamd.conf; 3. Change mode for MD spool directory (on tmpfs of course) to 750; 4. Configure MD to create group readable working files (-G option to multiplexor); 5. Tweak other MD settings as necessary (location of clamd.sock, etc.) - -- Nels Lindquist -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlQ2uTMACgkQh6z5POoOLgTQ7gCfcTy7STyd7DnCN69QLV0bF5kw lZEAniMntSg+spQ3yoJpXJ3M2oQj+g5/ =tZ5N -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On 10/9/2014 10:28 AM, Cliff Hayes wrote: Thanks to this list I am making progress :) Now clamd is failing due to this... Wed Oct 8 16:32:20 2014 -> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work ...I'm assuming this is because the mimedefang working directory is owned by defang and clamd runs as clamav. I fixed by running clamd as root ... is this the preferred solution or is there a better way? In general, you don't want daemons running as privileged users. I run clamd as the same user as I run MD and that would be my recommendation as well. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang