HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Clamav issue with The Perfect SpamSnake - Ubuntu Jeos 9.10 (http://www.howtoforge.com/forums/showthread.php?t=45475)

Maxum 28th April 2010 22:06

Clamav issue with The Perfect SpamSnake - Ubuntu Jeos 9.10
 
I have been following the The Perfect SpamSnake - Ubuntu Jeos 9.10 how to and have got to the point of where MailScanner and Postfix are configured and running. I get the following error every time the server handles a piece of mail:

Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2208
Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Clamd found 1 infections
Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Found 1 viruses

Here are the permissions on /var/spool/MailScanner/
root@ubuntufirewall:/var/spool/MailScanner# ll
total 12
drwxr-xr-x 9 postfix www-data 4096 2010-04-28 12:44 incoming
drwxr-xr-x 3 postfix www-data 4096 2010-04-28 12:05 quarantine
drwxr-xr-x 2 postfix www-data 4096 2010-04-28 12:05 spamassassin

Here are the permissions on /var/spool/MailScanner/incomming
root@ubuntufirewall:/var/spool/MailScanner/incoming# ll
total 44
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 2193
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2199
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2202
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2205
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2208
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 Locks
-rw------- 1 postfix www-data 4096 2010-04-28 12:44 Processing.db
-rw------- 1 postfix www-data 10240 2010-04-28 12:44 SpamAssassin.cache.db
drwx------ 2 postfix www-data 4096 2010-04-28 12:44 SpamAssassin-Temp

I also get a warning message in /var/log/clamav/clamav.log
Wed Apr 28 12:44:24 2010 -> WARNING: lstat() failed on: /var/spool/MailScanner/incoming/2208

/opt/MailScanner/etc/MailScanner.conf is set as per the how to. Where
Incoming Work Group = clamav
Incoming Work Permissions = 0640

/etc/clamav/clamd.conf is configured with

User clamav
AllowSupplementaryGroups true



To try and fix the problem I have

Added clamav to the postfix group: postfix:x:115:clamav

Added the following line to /etc/apparmor.d/usr.sbin.clamd:
/var/spool/MailScanner/incomming/* rw,

Rocky 29th April 2010 04:18

Hey,

Try the following:
usermod -a -G postfix clamav

Verify 'AllowSupplementaryGroups yes' is set in clamd.conf

Let me know if that worked and i'll update the guide.

Thanks

Maxum 29th April 2010 17:44

I ran usermod -a -G postfix clamav and Verified 'AllowSupplementaryGroups tRue' in the clamav.conf. I still received the error.


I should have mentioned in the original post i am using Ubuntu Server 9.10 AMD64. I am not sure if that would make a difference but thought I should mention it.

Thanks

Maxum 30th April 2010 19:31

OK it looks like I have got it fixed.

First I removed Apparmor - I am sure there is a way to modify the profile to get it to go but i couldn't figure it out. I could leave apparmor installed and put the clamav profile in complain mode and it worked as well.

Second I added clamav to the www-data group. Which now that I am looking back at the permissions I posted for the /var/spool/MailScanner/incoming directory makes perfect sense.

Thanks for your help..i am off to finish the how to.

Drex56 5th May 2010 16:53

Just to Add to Maxum's post I did the following which ridded me of the dreaded Clam error:

Assumptions:

1. clamd is located in
Code:

/usr/sbin
2. AppAromor profiles are held in
Code:

/etc/apparmor.d
3. MailScanner incoming queue is
Code:

/var/spool/MailScanner/incoming
Obviously you will need to do the following to add clamd to the www-data group so that it can access the directory:

Code:

sudo usermod -a -G www-data clamav
Now edit the profile for clamd:
Code:

sudo nano /etc/apparmor.d/usr.sbin.clamd
Add the Incoming folder to the list of folders
Code:

  /var/spool/MailScanner/** rw,

  /var/spool/MailScanner/incoming/** rw,

Now to be honest, I dont really need the second line as the ** means files AND directories underneath the current directory but will leave it in there as "it's what worked for me".

After that I reload ALL the Apparmor profiles (it was easier at the time to find that than find how to reload just one).

Code:

sudo /etc/init.d/apparmor reload
After this send yourself a test mail and look at mail.log using:
Code:

tail -f /var/log/mail.log
And watch as clamd does not error.

Hope this helps.

Regards

Drex

Rocky 9th May 2010 16:34

Good addition. I take it that you didn't remove apparmor? This is good for those who prefer to use it.

Thanks,

Rocky

Drex56 13th May 2010 10:42

Hi Rocky,

No, I didn't, I didn't see any point in removing it plus it just means my system that that bit more secure! Though I could be wrong as I am no Genius when it comes to Linux.

Regards

Drex

macross 21st March 2011 16:21

Thank you
 
Thanks! That was bugging me, I chose the keep apparmor route as well.


All times are GMT +2. The time now is 17:39.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.