ISPConfig and Clamassassin

Discussion in 'Developers' Forum' started by till, Mar 4, 2007.

  1. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Hi,

    I encounter a strange problem with the ISPConfig 2.2.11 (Thats why I didnt release it yet).

    Sometimes I get a Clamav error 50 which indicates a problem with the antivirus database, in this case clamav creates a directory in /tmp/ with "clamav" plus a random string as name which contains a antivirus database. This directory is owned by the user that received the mail.

    Does anyone else encounter this with either the 2.2.11 beta or 2.2.10 and the clamasassin fix (--mbox removed in clamav option)? Any ideas what may cause this?
     
  2. edge

    edge Active Member Moderator HowtoForge Supporter

    Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix)
    Code:
    host:/tmp# ls
    clamav-1d03d1f461af0bde85a34f126a131995
    clamav-24465acfba690eb49a98090fe5bd3f70
    
    One of the dir's does have some stuff in it!
    Code:
    host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70
    host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls
    COPYING  main.db  main.hdb  main.ndb
    host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70#
    
    I have no clue what's causing this..!
     
    Last edited: Mar 4, 2007
  3. jnsc

    jnsc rotaredoM Moderator

    I also have this directories on a server not using clamasassin. And one is dated from december 2004, so this does not look as something new. But personally I nerver got an error 50.
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    How old are the directories? Have they been created on the day you updated ISPConfig to 2.2.10 / 2.2.11 or later?
     
  5. edge

    edge Active Member Moderator HowtoForge Supporter

    Both directories are from march the 3rd (yesterday) The last ISPconfig update was before that.

    I do not have the directories on my other servers as I do not have email users on it.
     
  6. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    On my server with ISPConfig 2.2.10 i have also some files provided by ClamAV like these:

    clamav-17e026743d5eb53079befc999f400211
    clamav-1965d9ee836e5305662cf4d6c94f196e
    clamav-267d1f325ab2cd5ab18bc762797d2b4d
    clamav-3e1568b86157e54192153f8d04dc088a
    clamav-4cbda0ff46b7ab0f1d5bfd11b813dbfd
    clamav-75ddddcd3ce7258833105095fdc6cc17
    clamav-a67137b8bf83fa7e7b4ae1d7953bb4ff
    clamav-b298b1dcb6014422176f79df11c66bf0
    clamav-c00c83d2c04dfe35efb468a669a53ffa
    clamav-cb6c4d62b5f2ad5297e3a71ac2554a2f
    clamav-ed89f07e5015ba43d1f29583772d3755
    clamav-f38b2659af676d7d633aa296f584a5c7

    I do not have that files on my testserver with ISPConfig 2.2.11 beta1, as i do not use that server as a mailserver.
     
  7. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    I searched a bit in the clamav mailing lists and this seems to be a common problem with the new release. It looks like almost all systems are broken that invoke clamav from different users. They created a patch release 0.90.1 that shall fix some of the issues and additionally a change in freshclam prevents that clamav can access the signature databases because they changed the chmod of the files from 0755 to 0700. I added some patches to ISPConfig and test it now. Lets hope that this fixes the problems :)
     
  8. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

  9. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    Till,

    I've downloaded 2.2.11 beta2 on my testing-server with Debian Sarge.
    Everything looks fine.

    After that (i think i trust you a lot) i installed it on one of my production servers.
    (Debian Sarge unofficial 64 bit)

    Everything looks ok, but i have to wait to see if the strange clamav-files within /tmp do not appear again.

    Thanks for your work, i think you did it!
     
  10. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Thats great to hear :)

    By the wy, I enabled logging in freshclam to the mail logfile, if you run a grep for clam or freshclam on the logfile, you should now be able to monitor if the update of the signatures is ok :)
     
  11. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    That's a nice option.

    I will give that a try as well!

    ((( :)))))
     
  12. Hans

    Hans Moderator Moderator HowtoForge Supporter ISPConfig Developer

    Till,

    After one night, i've checked my /tmp file and no clamav stuff anymore.
    So, that's good.

    Within the my email-header, i can see that the new clamav is functioning:

    X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90.1/2735/Mon Mar 5 16:23:59 2007

    No problems, so far! :)
     

Share This Page