HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=18)
-   -   ISPConfig and Clamassassin (http://www.howtoforge.com/forums/showthread.php?t=11100)

till 4th March 2007 18:21

ISPConfig and Clamassassin
 
Hi,

I encounter a strange problem with the ISPConfig 2.2.11 (Thats why I didnt release it yet).

Sometimes I get a Clamav error 50 which indicates a problem with the antivirus database, in this case clamav creates a directory in /tmp/ with "clamav" plus a random string as name which contains a antivirus database. This directory is owned by the user that received the mail.

Does anyone else encounter this with either the 2.2.11 beta or 2.2.10 and the clamasassin fix (--mbox removed in clamav option)? Any ideas what may cause this?

edge 4th March 2007 18:46

Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix)
Code:

host:/tmp# ls
clamav-1d03d1f461af0bde85a34f126a131995
clamav-24465acfba690eb49a98090fe5bd3f70

One of the dir's does have some stuff in it!
Code:

host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70
host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls
COPYING  main.db  main.hdb  main.ndb
host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70#

I have no clue what's causing this..!

jnsc 4th March 2007 19:29

I also have this directories on a server not using clamasassin. And one is dated from december 2004, so this does not look as something new. But personally I nerver got an error 50.

till 4th March 2007 19:37

Quote:

Originally Posted by edge
Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix)
Code:

host:/tmp# ls
clamav-1d03d1f461af0bde85a34f126a131995
clamav-24465acfba690eb49a98090fe5bd3f70

One of the dir's does have some stuff in it!
Code:

host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70
host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls
COPYING  main.db  main.hdb  main.ndb
host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70#

I have no clue what's causing this..!

How old are the directories? Have they been created on the day you updated ISPConfig to 2.2.10 / 2.2.11 or later?

edge 4th March 2007 19:50

Both directories are from march the 3rd (yesterday) The last ISPconfig update was before that.

I do not have the directories on my other servers as I do not have email users on it.

Hans 4th March 2007 21:28

On my server with ISPConfig 2.2.10 i have also some files provided by ClamAV like these:

clamav-17e026743d5eb53079befc999f400211
clamav-1965d9ee836e5305662cf4d6c94f196e
clamav-267d1f325ab2cd5ab18bc762797d2b4d
clamav-3e1568b86157e54192153f8d04dc088a
clamav-4cbda0ff46b7ab0f1d5bfd11b813dbfd
clamav-75ddddcd3ce7258833105095fdc6cc17
clamav-a67137b8bf83fa7e7b4ae1d7953bb4ff
clamav-b298b1dcb6014422176f79df11c66bf0
clamav-c00c83d2c04dfe35efb468a669a53ffa
clamav-cb6c4d62b5f2ad5297e3a71ac2554a2f
clamav-ed89f07e5015ba43d1f29583772d3755
clamav-f38b2659af676d7d633aa296f584a5c7

I do not have that files on my testserver with ISPConfig 2.2.11 beta1, as i do not use that server as a mailserver.

till 5th March 2007 12:36

I searched a bit in the clamav mailing lists and this seems to be a common problem with the new release. It looks like almost all systems are broken that invoke clamav from different users. They created a patch release 0.90.1 that shall fix some of the issues and additionally a change in freshclam prevents that clamav can access the signature databases because they changed the chmod of the files from 0755 to 0700. I added some patches to ISPConfig and test it now. Lets hope that this fixes the problems :)

till 5th March 2007 15:59

I think I fixed it now :)

ISPConfig 2.2.11 Beta 2 download:
http://www.howtoforge.com/forums/showthread.php?t=10969

Hans 5th March 2007 20:07

Till,

I've downloaded 2.2.11 beta2 on my testing-server with Debian Sarge.
Everything looks fine.

After that (i think i trust you a lot) i installed it on one of my production servers.
(Debian Sarge unofficial 64 bit)

Everything looks ok, but i have to wait to see if the strange clamav-files within /tmp do not appear again.

Thanks for your work, i think you did it!

till 5th March 2007 20:10

Thats great to hear :)

By the wy, I enabled logging in freshclam to the mail logfile, if you run a grep for clam or freshclam on the logfile, you should now be able to monitor if the update of the signatures is ok :)


All times are GMT +2. The time now is 05:48.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.