No problem, but like I said, be careful when dolling out 777 perms, a virus may be the least of your worries then... Perms are still important....
Brian Read wrote: > I'm using the a local socket in /var/lib/clamav/clamd.sock > > I've now set the permissons on the /var/lib/clamav to 777, deleted the > socket, and it seems to be working.. > > Many thanks > > Brian > > > > > At 20:45 28/12/2002, you wrote: > >> OK, now we have to figure out weather or not we're having a problem >> with binding the UNIX or TCP port, what does your config say for >> TCPSocket and LocalSocket? >> >> Also 777 for /var/run may not be the best security, 765 is probably >> better, but in your /etc/group file, you should add the clamav user >> to root's group, so far that's the most secure way I've found that >> clamd can still operate without making a HUGE security hole... Just >> make a clamav user at 102/102 and add the clamav group to root, then >> set group write to /tmp and /var/run clamd can then use /var/run, but >> not allow security holes, and it can access /tmp to bind a socket, >> but will not make any holes in your local machine security... having >> /var/run 777 may be a problem because then an arbitrary program can >> easily identify file descriptors for priveleged access, not a good >> thing... >> >> Try that and see how it goes... >> >> I should be back tomorrow around noon or so... >> >> Good Luck, >> -Matt >> >> >> Brian Read wrote: >> >>> Ok, set /var/run to 777, and that eliminated the error message about >>> /var/run/clamd.pid >>> >>> but still get bind() error >>> >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> Sat Dec 28 11:38:22 2002 -> +++ Started at Sat Dec 28 11:38:22 2002 >>> Sat Dec 28 11:38:22 2002 -> Log file size limited to 1048576 bytes. >>> Sat Dec 28 11:38:22 2002 -> Verbose logging activated. >>> Sat Dec 28 11:38:22 2002 -> Running as user qmailq (UID 404, GID 401) >>> Sat Dec 28 11:38:22 2002 -> Reading databases from /usr/share/clamav >>> Sat Dec 28 11:38:23 2002 -> Protecting against 7286 viruses. >>> Sat Dec 28 11:38:23 2002 -> ERROR: bind() error. >>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>> >>> any more thoughts? >>> >>> cheers >>> >>> Brian >>> >>> >>> >>> At 00:07 28/12/2002, you wrote: >>> >>>> Check out the clamav.conf file... In the file, there are two >>>> locations you want to check... >>>> >>>> The first entry is LocalSocket it set to /tmp/clamd by default. Set >>>> this to somewhere that clamd can write to with its UID/GID. /tmp is >>>> the best, but that requires perms to /tmp. >>>> >>>> The second entry is TCPSocket, it's simply a number set 3310 by >>>> default. If 3310 is already in use by another program, and you wish >>>> to use it as a TCP based virus server, then change this to >>>> something else that you know can be accessed by other machines, >>>> etc, but unless clamd is being run as root, which in your case, it >>>> is not, definately don't go below 1024.... You likely do not use >>>> this, so just make sure its commented out... It's kind of a useless >>>> feature unless you're doing something real bizarre with clamd. >>>> >>>> Best thing to do is change the UID/GID that clamd is running >>>> under.... I have clamd running as it's own user with UID/GID at >>>> 102/102, my perms for /tmp are 777 owned by root.root and perms for >>>> /var/run are 755 root.root as well. my clamav user is also in the >>>> root group, allwing me to give it more without letting perms go... >>>> Just make sure not to let the clamav user log in... ;-) >>>> >>>> Thus clamav runs with priveleged permissions, and has access to >>>> lots of things that it needs in order to run right... >>>> >>>> Brian Read wrote: >>>> >>>>> At 20:15 27/12/2002, you wrote: >>>>> >>>>>> On Fri, 27 Dec 2002 12:38:11 -0700 >>>>>> Matt Blecha <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>> > Here's another question... Does the qmailq user have perms to >>>>>> bind to >>>>>> > unix or tcp sockets, if it can't bind a unix or tcp socket, >>>>>> that would >>>>>> > be why the crash happens... clamd does not do very good error >>>>>> reporting >>>>>> >>>>>> There was no crash, just an error and exit. clamd don't log to >>>>>> the console, >>>>>> because it detaches from it just after dropping the privileges. I >>>>>> think >>>>>> you're reight, and this is a permission problem. Brian, try to >>>>>> change >>>>>> the TCPSocket value. >>>>> >>>>> >>>>> >>>>> >>>>> You'll have to give me some details of what to do, I am out of my >>>>> depth here. >>>>> >>>>> cheers >>>>> >>>>> Brian >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> Brian J Read >>> www.abandonmicrosoft.co.uk >>> www.theonlineorganiser.com >>> www.thepersonalknowledgebase.com >>> Mitel SMEserver Contributions and Howtos: >>> www.abandonmicrosoft.co.uk/abandon/links.html >>> +44 1695 723723 >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > Brian J Read > www.abandonmicrosoft.co.uk > www.theonlineorganiser.com > www.thepersonalknowledgebase.com > Mitel SMEserver Contributions and Howtos: > www.abandonmicrosoft.co.uk/abandon/links.html > +44 1695 723723 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
