OK, now we have to figure out weather or not we're having a problem with binding the UNIX or TCP port, what does your config say for TCPSocket and LocalSocket?
Also 777 for /var/run may not be the best security, 765 is probably better, but in your /etc/group file, you should add the clamav user to root's group, so far that's the most secure way I've found that clamd can still operate without making a HUGE security hole... Just make a clamav user at 102/102 and add the clamav group to root, then set group write to /tmp and /var/run clamd can then use /var/run, but not allow security holes, and it can access /tmp to bind a socket, but will not make any holes in your local machine security... having /var/run 777 may be a problem because then an arbitrary program can easily identify file descriptors for priveleged access, not a good thing... Try that and see how it goes... I should be back tomorrow around noon or so... Good Luck, -Matt Brian Read wrote: > Ok, set /var/run to 777, and that eliminated the error message about > /var/run/clamd.pid > > but still get bind() error > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>> > Sat Dec 28 11:38:22 2002 -> +++ Started at Sat Dec 28 11:38:22 2002 > Sat Dec 28 11:38:22 2002 -> Log file size limited to 1048576 bytes. > Sat Dec 28 11:38:22 2002 -> Verbose logging activated. > Sat Dec 28 11:38:22 2002 -> Running as user qmailq (UID 404, GID 401) > Sat Dec 28 11:38:22 2002 -> Reading databases from /usr/share/clamav > Sat Dec 28 11:38:23 2002 -> Protecting against 7286 viruses. > Sat Dec 28 11:38:23 2002 -> ERROR: bind() error. > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > > any more thoughts? > > cheers > > Brian > > > > At 00:07 28/12/2002, you wrote: > >> Check out the clamav.conf file... In the file, there are two >> locations you want to check... >> >> The first entry is LocalSocket it set to /tmp/clamd by default. Set >> this to somewhere that clamd can write to with its UID/GID. /tmp is >> the best, but that requires perms to /tmp. >> >> The second entry is TCPSocket, it's simply a number set 3310 by >> default. If 3310 is already in use by another program, and you wish >> to use it as a TCP based virus server, then change this to something >> else that you know can be accessed by other machines, etc, but unless >> clamd is being run as root, which in your case, it is not, definately >> don't go below 1024.... You likely do not use this, so just make sure >> its commented out... It's kind of a useless feature unless you're >> doing something real bizarre with clamd. >> >> Best thing to do is change the UID/GID that clamd is running >> under.... I have clamd running as it's own user with UID/GID at >> 102/102, my perms for /tmp are 777 owned by root.root and perms for >> /var/run are 755 root.root as well. my clamav user is also in the >> root group, allwing me to give it more without letting perms go... >> Just make sure not to let the clamav user log in... ;-) >> >> Thus clamav runs with priveleged permissions, and has access to lots >> of things that it needs in order to run right... >> >> Brian Read wrote: >> >>> At 20:15 27/12/2002, you wrote: >>> >>>> On Fri, 27 Dec 2002 12:38:11 -0700 >>>> Matt Blecha <[EMAIL PROTECTED]> wrote: >>>> >>>> > Here's another question... Does the qmailq user have perms to >>>> bind to >>>> > unix or tcp sockets, if it can't bind a unix or tcp socket, that >>>> would >>>> > be why the crash happens... clamd does not do very good error >>>> reporting >>>> >>>> There was no crash, just an error and exit. clamd don't log to the >>>> console, >>>> because it detaches from it just after dropping the privileges. I >>>> think >>>> you're reight, and this is a permission problem. Brian, try to change >>>> the TCPSocket value. >>> >>> >>> >>> You'll have to give me some details of what to do, I am out of my >>> depth here. >>> >>> cheers >>> >>> Brian >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > Brian J Read > www.abandonmicrosoft.co.uk > www.theonlineorganiser.com > www.thepersonalknowledgebase.com > Mitel SMEserver Contributions and Howtos: > www.abandonmicrosoft.co.uk/abandon/links.html > +44 1695 723723 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
