On 2013-04-25 23:14, David Raynor wrote:
On Thu, Apr 25, 2013 at 4:41 PM, Kim Johansen <[email protected]> wrote:
Hey,
I am setting up a Maia mailguard system with ClamAV for virus scanning.
I'm getting these in my logfile:
clamav.log
Thu Apr 18 18:13:40 2013 -> WARNING: lstat() failed on:
/var/amavisd/tmp/amavis-**20130403T221718-26913
Thu Apr 18 18:13:52 2013 -> WARNING: lstat() failed on:
/var/amavisd/tmp/amavis-**20130418T181352-01899/parts
Thu Apr 18 18:13:53 2013 -> WARNING: lstat() failed on:
/var/amavisd/tmp/amavis-**20130403T221718-26913
Thu Apr 18 18:15:08 2013 -> WARNING: lstat() failed on:
/var/amavisd/tmp/amavis-**20130403T221718-26913
Thu Apr 18 18:15:52 2013 -> WARNING: lstat() failed on:
/var/amavisd/tmp/amavis-**20130403T221718-26913
I have configured ClamAV to run as amavis:
mail ~ $ ps uax |grep amavis
amavis 1292 0.0 4.7 393792 194180 ? Ssl 18:12 0:00
/usr/sbin/clamd
amavis 1405 0.4 0.0 39848 1904 ? Ss 18:12 0:01
/usr/bin/freshclam -d --quiet
amavis 1896 0.3 2.0 205400 83232 ? Ss 18:13 0:01 amavisd
(master)
amavis 1899 0.0 2.1 285688 85184 ? S 18:13 0:00 amavisd
(ch1-avail)
amavis 1900 0.0 2.0 206680 81848 ? S 18:13 0:00 amavisd
(virgin child)
And if I run the scan manual with clamdscan it shows the error:
amavis@mail:~$ clamdscan /var/amavisd/tmp/amavis-**20130403T221718-26913/
/var/amavisd/tmp/amavis-**20130403T221718-26913: lstat() failed:
Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
But it I run clamscan as the amavis user (The same user as clamd is
running with) manual it works fine:
amavis@mail:~$ clamscan /var/amavisd/tmp/amavis-**20130403T221718-26913/
/var/amavisd/tmp/amavis-**20130403T221718-26913/email.**txt: OK
----------- SCAN SUMMARY -----------
Known viruses: 2163386
Engine version: 0.97.7
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.011 sec (0 m 6 s)
amavis@mail:~$
Here is the configuration file for ClamAV
mail ~ $ cat /etc/clamav/clamd.conf
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/**README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
#LocalSocketGroup clamav
LocalSocketGroup amavis
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
#User clamav
User amavis
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 50M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true
Generally do the amavis user have RWX rights on all the folders except
from the /var folder
Anyone have any ideas?
--
Kim
______________________________**_________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
Kim,
1) Make sure that clamd has been restarted. (And amavisd, for that matter.)
2) Are you running SELinux or AppArmor or something like that?
Dave R.
Thanks Dave,
AppArmor is my problem, looks like it is time to sit down and read about it.
Kim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
