Re: [Clamav-users] Warning: Can't connect to clamd

Fri, 28 Dec 2007 10:01:02 -0800 


Török Edwin wrote:
> And you've called 'mail', and let postfix call procmail?

Yes that is correct.

> I'm not sure where procmail is executed, but if inside the chroot you've
> got a prob.

I can use ~/.procmailrc to create a file in /tmp when postfix calls procmail.
Since procmail can read the real /tmp directory, I would think it can
read /tmp/clamd.socket and /etc/clamd.conf as well.  Does that make sense?

Also I grabbed latest clamd source (0.92) and compiled.  I get a new
error message now called "connect() permission denied".  I think this
might be selinux* so going to remove it and try again.

   ...
   procmail: Executing "/usr/local/clamav-0.92/bin/clamdscan --no-summary 
--stdout --log=/tmp/clamd.log  - | cut -d' ' -f2 -"
   connect(): Permission denied
   procmail: Error while writing to "/usr/local/clamav-0.92/bin/clamdscan 
--no-summary --stdout --log=/tmp/clamd.log  - | cut -d' ' -f2-"
   procmail: Assigning "CLAMDOUT="
   procmail: Match on ! "^OK"
   ...



$ cat /tmp/clamd.log
--------------------------------------
WARNING: Can't connect to clamd.
--------------------------------------
WARNING: Can't connect to clamd.



$ dir /tmp/clamd.socket
srwxrwxrwx 1 clamav clamav 0 Dec 28 11:55 /tmp/clamd.socket



$ ps -ef | grep clam
clamav    1138     1 99 11:55 ?        00:00:02 
/usr/local/clamav-0.92/sbin/clamd
clamav    1145     1  0 11:55 ?        00:00:00 
/usr/local/clamav-0.92/bin/freshclam -d -c 24 --quiet -p 
/var/run/clamav/freshclam.pid 
--daemon-notify=/usr/local/clamav-0.92/etc/clamd.conf



[*]
$ cat /var/log/audit/audit.log | grep clam
...
type=AVC msg=audit(1198864517.592:558): avc:  denied  { write } for  pid=1183 
comm="clamdscan" name="clamd.socket" dev=dm-1 
ino=6145scontext=user_u:system_r:procmail_t:s0 
tcontext=user_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1198864517.592:558): arch=40000003 syscall=102 
success=no exit=-13 a0=3 a1=bf8ab3f0 a2=4 a3=864c490 items=0 ppid=1182 pid=1183 
auid=500 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502
fsgid=502 tty=(none) comm="clamdscan" 
exe="/usr/local/clamav-0.92/bin/clamdscan" subj=user_u:system_r:procmail_t:s0 
key=(null)
...


-- 

Flambeau Inc. Technology Center - Baraboo, WI
Email    : [EMAIL PROTECTED]
Keyserver: http://pgp.mit.edu KeyID: 0x00E9EC2C
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to