Re: [Clamav-users] Log file doesn't rotate and problem with user settings when using with qmailscanner

Sun, 27 Jun 2004 17:10:05 -0700 

Quoting Ace Suares <[EMAIL PROTECTED]>:

Hi,

I installed clamav on Debian Woody with Qmail-Scanner. I used the debian
package from  deb http://people.debian.org/~sgran/debian

So far so good, but since qmail-scanner runs as user qscand and clamd runs as
clamd, clam can not write files in the working dir (something like /var/
spool/qmailscan.)

I found a link that suggested changing the 'user' in clamav.conf to qscand.


This is exactly what you should do in this case.



Here's that link:
http://www.tnpi.biz/support/phpBB/viewtopic.php?t=136

And I just found another link:
http://www.mail-archive.com/[EMAIL PROTECTED]/
msg04707.html

When I followed the advice in the first link, it started to be able to write
to /var/spool/qmailscan, but I had to change the pid file too:

in clamav.conf:

LocalSocket /var/run/clamav/qscand/clamd.ctl
FixStaleSocket
User qscand

and in /var/run:

drwxr-xr-x    3 clamav   clamav       4096 Jun 14 04:41 clamav/

and in /var/run/clamav:

-rw-rw----    1 clamav   clamav          4 Jun 14 04:41 freshclam.pid
drwxr-xr-x    2 qscand   root         4096 Jun 14 15:24 qscand

(of course the subdirectoryname 'qscand' is arbitrary).

However, after a couple of days running, I am getting this in /var/log/clamav:

-rw-r-----    1 qscand   adm             0 Jun 20 20:25 clamav.log
-rw-r-----    1 qscand   adm       2619368 Jun 25 14:43 clamav.log.1
-rw-r-----    1 clamav   adm        128026 Jun 14 04:36 clamav.log.2.gz

Now, the last one (2.gz) might still be owned by clamav becuase of the
original setup; however, the .0 ad .1 are properly owned by qscand. But as
the roation happens, youc an clearly see that the newly created file is not
being used, instead everything is appended to .1


You have to change the user clamav to qscand in the clamav logrotate
script..most likely /etc/logrotate.d/clamd

The new log is being created with the incorrect owner every time it rotates.

Jim


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to