ISPConfig and Clamassassin

Discussion in 'Developers' Forum' started by till, Mar 4, 2007.

  1. till

    till Super Moderator

    Hi,

    I encounter a strange problem with the ISPConfig 2.2.11 (Thats why I didnt release it yet).

    Sometimes I get a Clamav error 50 which indicates a problem with the antivirus database, in this case clamav creates a directory in /tmp/ with "clamav" plus a random string as name which contains a antivirus database. This directory is owned by the user that received the mail.

    Does anyone else encounter this with either the 2.2.11 beta or 2.2.10 and the clamasassin fix (--mbox removed in clamav option)? Any ideas what may cause this?
     
  2. edge

    edge HowtoForge Supporter

    Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix)
    Code:
    host:/tmp# ls
    clamav-1d03d1f461af0bde85a34f126a131995
    clamav-24465acfba690eb49a98090fe5bd3f70
    
    One of the dir's does have some stuff in it!
    Code:
    host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70
    host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls
    COPYING  main.db  main.hdb  main.ndb
    host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70#
    
    I have no clue what's causing this..!
     
    Last edited: Mar 4, 2007
  3. jnsc

    jnsc rotaredoM

    I also have this directories on a server not using clamasassin. And one is dated from december 2004, so this does not look as something new. But personally I nerver got an error 50.
     
  4. till

    till Super Moderator

    How old are the directories? Have they been created on the day you updated ISPConfig to 2.2.10 / 2.2.11 or later?
     
  5. edge

    edge HowtoForge Supporter

    Both directories are from march the 3rd (yesterday) The last ISPconfig update was before that.

    I do not have the directories on my other servers as I do not have email users on it.
     
  6. Hans

    Hans Moderator

    On my server with ISPConfig 2.2.10 i have also some files provided by ClamAV like these:

    clamav-17e026743d5eb53079befc999f400211
    clamav-1965d9ee836e5305662cf4d6c94f196e
    clamav-267d1f325ab2cd5ab18bc762797d2b4d
    clamav-3e1568b86157e54192153f8d04dc088a
    clamav-4cbda0ff46b7ab0f1d5bfd11b813dbfd
    clamav-75ddddcd3ce7258833105095fdc6cc17
    clamav-a67137b8bf83fa7e7b4ae1d7953bb4ff
    clamav-b298b1dcb6014422176f79df11c66bf0
    clamav-c00c83d2c04dfe35efb468a669a53ffa
    clamav-cb6c4d62b5f2ad5297e3a71ac2554a2f
    clamav-ed89f07e5015ba43d1f29583772d3755
    clamav-f38b2659af676d7d633aa296f584a5c7

    I do not have that files on my testserver with ISPConfig 2.2.11 beta1, as i do not use that server as a mailserver.
     
  7. till

    till Super Moderator

    I searched a bit in the clamav mailing lists and this seems to be a common problem with the new release. It looks like almost all systems are broken that invoke clamav from different users. They created a patch release 0.90.1 that shall fix some of the issues and additionally a change in freshclam prevents that clamav can access the signature databases because they changed the chmod of the files from 0755 to 0700. I added some patches to ISPConfig and test it now. Lets hope that this fixes the problems :)
     
  8. till

    till Super Moderator

  9. Hans

    Hans Moderator

    Till,

    I've downloaded 2.2.11 beta2 on my testing-server with Debian Sarge.
    Everything looks fine.

    After that (i think i trust you a lot) i installed it on one of my production servers.
    (Debian Sarge unofficial 64 bit)

    Everything looks ok, but i have to wait to see if the strange clamav-files within /tmp do not appear again.

    Thanks for your work, i think you did it!
     
  10. till

    till Super Moderator

    Thats great to hear :)

    By the wy, I enabled logging in freshclam to the mail logfile, if you run a grep for clam or freshclam on the logfile, you should now be able to monitor if the update of the signatures is ok :)
     
  11. Hans

    Hans Moderator

    That's a nice option.

    I will give that a try as well!

    ((( :)))))
     
  12. Hans

    Hans Moderator

    Till,

    After one night, i've checked my /tmp file and no clamav stuff anymore.
    So, that's good.

    Within the my email-header, i can see that the new clamav is functioning:

    X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90.1/2735/Mon Mar 5 16:23:59 2007

    No problems, so far! :)
     

Share This Page