@Paul Thank you for your time taken to compile the list of steps regarding this issue.
Results.. (1): /var/spool/MIMEDefang has the following permissions after Dianne's recommendations: drwxr-s--- 4 defang defang 4096 MIMEDefang I started mimedefang with the -D option, as indicated. However, no working directories within /var/spool/MIMEDefang/ were created and, as a result, I get in maillog (again): clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work (2)/(3): drwxr-s--- 4 defang defang 4096 . drwxr-xr-x. 14 root root 4096 .. -rw------- 1 defang defang 0 mimedefang.lock -rw------- 1 defang defang 0 mimedefang-multiplexor.lock srwxrwx--- 1 defang defang 0 mimedefang-multiplexor.sock drwx------ 2 defang defang 4096 .pyzor drwxr-x--- 2 defang defang 4096 .razor (4) clamd socket file is present, albeit present in another directory as clamd runs as another user (clamscan) and not as defang. It is also defined within the mimedefang.pl as $ClamdSock = '/var/run/clamd /clamd.sock'; The /var/run/clamd/ directory has the following privileges: drwx--x--- 2 clamscan clamscan clamd .. and the contents of this directory: -rw-rw-r-- 1 clamscan clamscan 5 clamd.pid srw-rw-rw- 1 clamscan clamscan 0 clamd.sock User defang is already a member of the clamscan group. Clamd.sock is also group readable/writeable. It seems from the logs that the request to clamd is sent by MIMEDefang, however there is no file present at the location indicated (work folders could not get created by mimedefang) thus clamd crashes as it tries to scan something that does not exist. (5) As (1) could not be completed (no work directories created) I cannot check clamscan by scanning individual messages. -----Original Message----- From: MIMEDefang [mailto:[email protected]] On Behalf Of Paul Murphy Sent: Friday, November 24, 2017 12:21 PM To: [email protected] Subject: Re: [Mimedefang] Error with mimedefang + clamd If your policy permits it, the next steps I would take would be: 1. Enable the "-D" option in MIMEDefang to leave the spool directories in place after scanning, so that you have an example to work with. Restart MIMEDefang to make this active. You only need to have this enabled until you have processed 3-4 messages, rather than storing everything. 2. "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang" 3. Inspect the permissions on the spool folders to ensure that the group access is present: total 104 drwxr-x---. 23 defang defang 4096 Nov 24 09:40 . drwxr-xr-x. 17 root root 4096 Nov 5 2016 .. srw-rw----. 1 defang defang 0 Oct 31 12:03 clamd.sock drwxr-x---. 4 defang defang 4096 Nov 24 07:55 mdefang-vAO7tER3031965 drwxr-x---. 4 defang defang 4096 Nov 24 07:57 mdefang-vAO7vcqG032097 drwxr-x---. 4 defang defang 4096 Nov 24 08:01 mdefang-vAO802P1032251 4. Also verify here that the clamd.sock socket file is present, and is writable by MIMEDefang, otherwise the request to scan the file cannot be sent. If it does not exist in this folder, how does MIMEDefang find it? Hint - line 174 of /usr/bin/mimedefang.pl: $ClamdSock = '/var/spool/MIMEDefang/clamd.sock'; 5. Try to "cd" into one of the folders as clamscan, and see what happens. If it works, the group memberships and spool folder permissions are correct. Run clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be scanned. If all of this works, and yet it still doesn't want to play from MIMEDefang, I'm stumped. Paul. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
