I am running a test installation in RedHat 9 if I do
ps -ef | grep qscand appear the clamav daemon running as qscand qscand 17996 17988 0 Feb17 pts/2 00:00:24 /usr/local/sbin/clamd qscand 17999 17989 0 Feb17 pts/2 00:00:00 /usr/local/bin/multilog t s1000000 n20 /var/log/clamd and several lines like this one, one per e-mail being scanned qscand 12524 12496 0 18:47 pts/2 00:00:00 /usr/bin/suidperl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl It is the same for you ? On Wed, 18 Feb 2004, Mark Pratt wrote: %% Date: Wed, 18 Feb 2004 19:53:26 +0000 %% From: Mark Pratt <[EMAIL PROTECTED]> %% To: [EMAIL PROTECTED] %% Subject: Re: [Qmail-scanner-general]Problems with AV scanning %% %% At 08:42 18/02/2004, Salvatore Toribio wrote: %% >At 2:39 +0000 18-02-2004, Mark Pratt wrote: %% >>At 08:11 16/02/2004, Salvatore Toribio wrote: %% >>>At 12:23 +1300 16-02-2004, Jason Haar wrote: %% >>>>On Sun, Feb 15, 2004 at 10:40:53PM +0000, Mark Pratt wrote: %% >>>>> When I run sophie (and ClamAV) as the user qscand, I receive the %% >>>>> message as %% >>>>> shown below. If I run Sophie as root, the processing completes as normal %% >>>>> and the message is delivered. What appears to be happening is that the %% >>>>> message is dropped into a directory under /var/spool/qmailscan/tmp/ %% >>>>> which %% >>>>> is chown-ed by root.qmail and chmod 700. Obviously, poor old qscand does %% >>>>> not have access to this directory and the scan fails. %% >>>> %% >>>>You have a horribly broken install then. %% >>>> %% >>>>Since when would Q-S *EVER* be doing anything as root!!!! %% >>>> %% >>>>I bet your using that broken Qmail-Toaster install. It installs %% >>>>reformime as %% >>>>setuid root - which means the message written into %% >>>>/var/spool/qmailscan/tmp/ %% >>>>is owned by root instead of qscand. %% >>>> %% >>>>I can see why DJB has such issues with people creating distributions - %% >>>>total %% >>>>loss of quality control... %% >>>> %% >>>>EVERYTHING UNDER /var/spool/qmailscan SHOULD BE OWNED BY "qscand" %% >>>> %% >>>>Anything that changes that is broken. %% >>> %% > %% > %% > %% >>Hi Salvatore. %% >> %% >>Thanks for info but I am using an installer as shown below. The %% >>directories under /var/spool/qmailscan are owned by qscand.qscand but %% >>Sophie and ClamAV are still failing on what looks like a permissions problem. %% >> %% >>I have reinstalled Qmail and Qmail Scanner (ST) from afresh and the %% >>temporary files under /var/spool/qmailscan/tmp are still owned by root so %% >>I guess this is how it works. %% >> %% >>Strange thing is that spamd does not have any difficulty reading from the %% >>same directory but this is not running under perl. Could this be a suid %% >>problem on my machine which is causing Qmail Scanner to run as root and %% >>not qscand? I'm not too hot on perl so am guessing a bit here ... %% >> %% >>Thanks again. %% >> %% >>#!/bin/sh %% >>./configure \ %% >> --domain hsvnet.demon.co.uk \ %% >> --admin av-admin \ %% >> --notify admin \ %% >> --scanners fast_spamassassin,sophie \ %% >> --local-domains hsvnet.demon.co.uk \ %% >> --log-details yes \ %% >> --redundant yes \ %% >> --run-first-p-s yes \ %% >> --debug yes \ %% >> --sa-quarantine 8.5 \ %% >> --sa-debug yes \ %% >> --minidebug yes \ %% >> --sa-alt yes \ %% >> --install %% > %% >Sorry, I misunderstood what Jason said, I thought he was talking about the %% >installer of 1.20st... %% > %% >Inside the qmail-scanner directory everything is owned by the user running %% >"qmail-scanner-queue.pl", so something is creating that file owned by %% >root. Check what Jason said: What are the privileges of %% >"/usr/local/bin/reformime"? If it is "suid" root, then this will be the %% >reasson. %% > %% >Cheers %% > %% >Salvatore %% %% Hi Salvatore %% %% I do not have Qmail-Toaster installed and reformime has been reinstalled %% from source Owner is root.bin and privs are 0711. I have even reinstalled %% Qmail and Qmail Scanner (st) but the problem still persists. %% /var/spool/qmailscan/tmp/ is owned by qscand. The same error occurs if I %% send a plain text e-mail (a copy of your reply in fact) as this should not %% use reformime at all??? %% %% Thanks for your assistance. %% Regards, Mark. %% %% %% %% ------------------------------------------------------- %% SF.Net is sponsored by: Speed Start Your Linux Apps Now. %% Build and deploy apps & Web services for Linux with %% a free DVD software kit from IBM. Click Now! %% http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click %% _______________________________________________ %% Qmail-scanner-general mailing list %% [EMAIL PROTECTED] %% https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general %% ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
