Re: [Clamav-users] smtp-vilter-1.1.2/clamav-0.65 - error scanning file, temporary failure

Mon, 15 Dec 2003 07:17:14 -0800

Marc Balmer wrote:

(The following example assumes we are chrooted to /var/smtp-vilter)

The temporary directory must be readable by clamd.

/home/marc (1) $ ls -l /var/smtp-vilter/
total 6
drwx------  2 _vilter  _vilter  512 Nov 16 15:50 etc
drwx------  2 _vilter  _vilter  512 Dec 14 22:24 run
drwxrwx--T  2 _vilter  _clamd   512 Dec 15 07:18 tmp
/home/marc (2) $

Your example shows the temporary directory as *writable* by _clamd, no? And what is the reasoning on the last permission mode of "o=T"? When I set the tmp directory writable by any other user/group than _vilter, I get these errors:

Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter (smtp-vilter): local socket name /var/smtp-vilter/tmp/smtp
-vilter.sock unsafe
Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter (smtp-vilter): to error state
Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter: initialization failed, temp failing commands

Here are my new ownerships/permissions, and the new error message:

drwxr-xr-x  4 _vilter  _vilter  512 Dec 13 17:51 /var/smtp-vilter/
drwxr-x---  2 _vilter  _clamd   512 Dec 15 07:03 /var/smtp-vilter/tmp/

Dec 15 07:03:59 sendmail-test smtp-vilter[30064]: unable to change group ownership of temp file, Operation not permitted
Dec 15 07:03:59 sendmail-test sm-mta[20175]: hBFE3xPq020175: Milter: from=<[EMAIL PROTECTED]>, reject=451 4.7.1 Please try a
gain later


Then the temporary files created by smtp-vilter must be made group readable, you need the following setting in /etc/smtp-vilter/smtp-vilter.conf:

tmpfiles=g+r

This I do have.


As the pathname for tempfiles is /tmp/filename for smtp-vilter, but /var/smtp-vilter/tmp/filename for clamd, you need to define chroot-scanrealpath in /etc/smtp-vilter/vilter-clamd.conf:

option=chroot-scanrealpath

This I also have.




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to