It should still, that is what I believe I have for my lock file location... /tmp is ok 777, but maybe not, I haven't had issue so far...
Enjoy! ;-) -Matt Brian Read wrote: > I will change them to 765 tomorrow and check that it still works. > > Thanks for the help. > > Brian > > > At 18:53 29/12/2002, you wrote: > >> No problem, but like I said, be careful when dolling out 777 perms, a >> virus may be the least of your worries then... Perms are still >> important.... >> >> Brian Read wrote: >> >>> I'm using the a local socket in /var/lib/clamav/clamd.sock >>> >>> I've now set the permissons on the /var/lib/clamav to 777, deleted >>> the socket, and it seems to be working.. >>> >>> Many thanks >>> >>> Brian >>> >>> >>> >>> >>> At 20:45 28/12/2002, you wrote: >>> >>>> OK, now we have to figure out weather or not we're having a problem >>>> with binding the UNIX or TCP port, what does your config say for >>>> TCPSocket and LocalSocket? >>>> >>>> Also 777 for /var/run may not be the best security, 765 is probably >>>> better, but in your /etc/group file, you should add the clamav user >>>> to root's group, so far that's the most secure way I've found that >>>> clamd can still operate without making a HUGE security hole... Just >>>> make a clamav user at 102/102 and add the clamav group to root, >>>> then set group write to /tmp and /var/run clamd can then use >>>> /var/run, but not allow security holes, and it can access /tmp to >>>> bind a socket, but will not make any holes in your local machine >>>> security... having /var/run 777 may be a problem because then an >>>> arbitrary program can easily identify file descriptors for >>>> priveleged access, not a good thing... >>>> >>>> Try that and see how it goes... >>>> >>>> I should be back tomorrow around noon or so... >>>> >>>> Good Luck, >>>> -Matt >>>> >>>> >>>> Brian Read wrote: >>>> >>>>> Ok, set /var/run to 777, and that eliminated the error message >>>>> about /var/run/clamd.pid >>>>> >>>>> but still get bind() error >>>>> >>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>> Sat Dec 28 11:38:22 2002 -> +++ Started at Sat Dec 28 11:38:22 2002 >>>>> Sat Dec 28 11:38:22 2002 -> Log file size limited to 1048576 bytes. >>>>> Sat Dec 28 11:38:22 2002 -> Verbose logging activated. >>>>> Sat Dec 28 11:38:22 2002 -> Running as user qmailq (UID 404, GID 401) >>>>> Sat Dec 28 11:38:22 2002 -> Reading databases from /usr/share/clamav >>>>> Sat Dec 28 11:38:23 2002 -> Protecting against 7286 viruses. >>>>> Sat Dec 28 11:38:23 2002 -> ERROR: bind() error. >>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>> >>>>> any more thoughts? >>>>> >>>>> cheers >>>>> >>>>> Brian >>>>> >>>>> >>>>> >>>>> At 00:07 28/12/2002, you wrote: >>>>> >>>>>> Check out the clamav.conf file... In the file, there are two >>>>>> locations you want to check... >>>>>> >>>>>> The first entry is LocalSocket it set to /tmp/clamd by default. >>>>>> Set this to somewhere that clamd can write to with its UID/GID. >>>>>> /tmp is the best, but that requires perms to /tmp. >>>>>> >>>>>> The second entry is TCPSocket, it's simply a number set 3310 by >>>>>> default. If 3310 is already in use by another program, and you >>>>>> wish to use it as a TCP based virus server, then change this to >>>>>> something else that you know can be accessed by other machines, >>>>>> etc, but unless clamd is being run as root, which in your case, >>>>>> it is not, definately don't go below 1024.... You likely do not >>>>>> use this, so just make sure its commented out... It's kind of a >>>>>> useless feature unless you're doing something real bizarre with >>>>>> clamd. >>>>>> >>>>>> Best thing to do is change the UID/GID that clamd is running >>>>>> under.... I have clamd running as it's own user with UID/GID at >>>>>> 102/102, my perms for /tmp are 777 owned by root.root and perms >>>>>> for /var/run are 755 root.root as well. my clamav user is also in >>>>>> the root group, allwing me to give it more without letting perms >>>>>> go... Just make sure not to let the clamav user log in... ;-) >>>>>> >>>>>> Thus clamav runs with priveleged permissions, and has access to >>>>>> lots of things that it needs in order to run right... >>>>>> >>>>>> Brian Read wrote: >>>>>> >>>>>>> At 20:15 27/12/2002, you wrote: >>>>>>> >>>>>>>> On Fri, 27 Dec 2002 12:38:11 -0700 >>>>>>>> Matt Blecha <[EMAIL PROTECTED]> wrote: >>>>>>>> >>>>>>>> > Here's another question... Does the qmailq user have perms to >>>>>>>> bind to >>>>>>>> > unix or tcp sockets, if it can't bind a unix or tcp socket, >>>>>>>> that would >>>>>>>> > be why the crash happens... clamd does not do very good error >>>>>>>> reporting >>>>>>>> >>>>>>>> There was no crash, just an error and exit. clamd don't log to >>>>>>>> the console, >>>>>>>> because it detaches from it just after dropping the privileges. >>>>>>>> I think >>>>>>>> you're reight, and this is a permission problem. Brian, try to >>>>>>>> change >>>>>>>> the TCPSocket value. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> You'll have to give me some details of what to do, I am out of >>>>>>> my depth here. >>>>>>> >>>>>>> cheers >>>>>>> >>>>>>> Brian >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> >>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> >>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>> >>>>> Brian J Read >>>>> www.abandonmicrosoft.co.uk >>>>> www.theonlineorganiser.com >>>>> www.thepersonalknowledgebase.com >>>>> Mitel SMEserver Contributions and Howtos: >>>>> www.abandonmicrosoft.co.uk/abandon/links.html >>>>> +44 1695 723723 >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> Brian J Read >>> www.abandonmicrosoft.co.uk >>> www.theonlineorganiser.com >>> www.thepersonalknowledgebase.com >>> Mitel SMEserver Contributions and Howtos: >>> www.abandonmicrosoft.co.uk/abandon/links.html >>> +44 1695 723723 >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > Brian J Read > www.abandonmicrosoft.co.uk > www.theonlineorganiser.com > www.thepersonalknowledgebase.com > Mitel SMEserver Contributions and Howtos: > www.abandonmicrosoft.co.uk/abandon/links.html > +44 1695 723723 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
