I'm using the a local socket in /var/lib/clamav/clamd.sock I've now set the permissons on the /var/lib/clamav to 777, deleted the socket, and it seems to be working..
Many thanks Brian At 20:45 28/12/2002, you wrote: >OK, now we have to figure out weather or not we're having a problem with >binding the UNIX or TCP port, what does your config say for TCPSocket and >LocalSocket? > >Also 777 for /var/run may not be the best security, 765 is probably >better, but in your /etc/group file, you should add the clamav user to >root's group, so far that's the most secure way I've found that clamd can >still operate without making a HUGE security hole... Just make a clamav >user at 102/102 and add the clamav group to root, then set group write to >/tmp and /var/run clamd can then use /var/run, but not allow security >holes, and it can access /tmp to bind a socket, but will not make any >holes in your local machine security... having /var/run 777 may be a >problem because then an arbitrary program can easily identify file >descriptors for priveleged access, not a good thing... > >Try that and see how it goes... > >I should be back tomorrow around noon or so... > >Good Luck, >-Matt > > >Brian Read wrote: > >>Ok, set /var/run to 777, and that eliminated the error message about >>/var/run/clamd.pid >> >>but still get bind() error >> >> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>Sat Dec 28 11:38:22 2002 -> +++ Started at Sat Dec 28 11:38:22 2002 >>Sat Dec 28 11:38:22 2002 -> Log file size limited to 1048576 bytes. >>Sat Dec 28 11:38:22 2002 -> Verbose logging activated. >>Sat Dec 28 11:38:22 2002 -> Running as user qmailq (UID 404, GID 401) >>Sat Dec 28 11:38:22 2002 -> Reading databases from /usr/share/clamav >>Sat Dec 28 11:38:23 2002 -> Protecting against 7286 viruses. >>Sat Dec 28 11:38:23 2002 -> ERROR: bind() error. >><<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> >>any more thoughts? >> >>cheers >> >>Brian >> >> >> >>At 00:07 28/12/2002, you wrote: >> >>>Check out the clamav.conf file... In the file, there are two locations >>>you want to check... >>> >>>The first entry is LocalSocket it set to /tmp/clamd by default. Set this >>>to somewhere that clamd can write to with its UID/GID. /tmp is the best, >>>but that requires perms to /tmp. >>> >>>The second entry is TCPSocket, it's simply a number set 3310 by default. >>>If 3310 is already in use by another program, and you wish to use it as >>>a TCP based virus server, then change this to something else that you >>>know can be accessed by other machines, etc, but unless clamd is being >>>run as root, which in your case, it is not, definately don't go below >>>1024.... You likely do not use this, so just make sure its commented >>>out... It's kind of a useless feature unless you're doing something real >>>bizarre with clamd. >>> >>>Best thing to do is change the UID/GID that clamd is running under.... I >>>have clamd running as it's own user with UID/GID at 102/102, my perms >>>for /tmp are 777 owned by root.root and perms for /var/run are 755 >>>root.root as well. my clamav user is also in the root group, allwing me >>>to give it more without letting perms go... Just make sure not to let >>>the clamav user log in... ;-) >>> >>>Thus clamav runs with priveleged permissions, and has access to lots of >>>things that it needs in order to run right... >>> >>>Brian Read wrote: >>> >>>>At 20:15 27/12/2002, you wrote: >>>> >>>>>On Fri, 27 Dec 2002 12:38:11 -0700 >>>>>Matt Blecha <[EMAIL PROTECTED]> wrote: >>>>> >>>>> > Here's another question... Does the qmailq user have perms to bind to >>>>> > unix or tcp sockets, if it can't bind a unix or tcp socket, that would >>>>> > be why the crash happens... clamd does not do very good error reporting >>>>> >>>>>There was no crash, just an error and exit. clamd don't log to the >>>>>console, >>>>>because it detaches from it just after dropping the privileges. I think >>>>>you're reight, and this is a permission problem. Brian, try to change >>>>>the TCPSocket value. >>>> >>>> >>>> >>>>You'll have to give me some details of what to do, I am out of my depth >>>>here. >>>> >>>>cheers >>>> >>>>Brian >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >> >>Brian J Read >>www.abandonmicrosoft.co.uk >>www.theonlineorganiser.com >>www.thepersonalknowledgebase.com >>Mitel SMEserver Contributions and Howtos: >>www.abandonmicrosoft.co.uk/abandon/links.html >>+44 1695 723723 >> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > Brian J Read www.abandonmicrosoft.co.uk www.theonlineorganiser.com www.thepersonalknowledgebase.com Mitel SMEserver Contributions and Howtos: www.abandonmicrosoft.co.uk/abandon/links.html +44 1695 723723 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
