Something is different between this time, using all current copies of the "parts" and when I set it up originally two years ago. The original setup worked right out of the box, and this has been giving me fits for two weeks now. There does appear to be something about including clamdscan in the list of virus checkers that causes the error, since removing clamdscan from the list, leaving f-prot and spamassassin, stops the errors.
In looking through qmail-scanner-queue.pl, I wonder if changing the umask would help?? I know it would directly affect the permissions of the temporary files, but it seems an extreme move for a system I'm trying to keep as secure as possible.
Other ideas are welcome.
Terry
On Thu, 15 Jul 2004, Michael Ralston wrote:
I don't believe this is related to reformime or any permissions problems... My problem began to occur after upgrading clamav... Before then it worked perfectly.
Everything is owned by qscand... I've ran qmail-scanner with the suidperl binary and the ordinary perl binary with no difference... I've changed the permissions on the tmp directory which is mentioned in my logs so that it is owned by uid/gid 89 which qmail-scanner appears to be running as... I've also suided the directory so new files created in it would be accessible by anybody... All with no difference...
Maybe I should downgrade clamav to see if it fixes the problems
Michael
-----Original Message----- From: Dean Mumby [mailto:[EMAIL PROTECTED] Sent: Thursday, 15 July 2004 5:22 PM To: [EMAIL PROTECTED] Cc: 'Terry Letsche'; [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]Permissions problem /var/spool/qmailscan/tmp
Michael Ralston wrote:
I'm having a similar problem to Terry since I upgraded clamav to debian version 0.73-2.
Log output shown below
Thu, 15 Jul 2004 11:44:06 EST:2915: scanloop: scanner=clamdscan_scanner,plain_text_msg=0 Thu, 15 Jul 2004 11:44:06 EST:2915: clamdscan: starting scan of directory "/var/spool/qmailscan/tmp/ns1.stral.net10898558444802915"... Thu, 15 Jul 2004 11:44:06 EST:2915: run /usr/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space=100000 /var/spool/qmailscan/tmp/ns1.stral.net10898558444802915 2>&1 Thu, 15 Jul 2004 11:44:06 EST:2915: --output of clamdscan was: /var/spool/qmailscan/tmp/ns1.stral.net10898558444802915: Can't access the file ERROR -- Thu, 15 Jul 2004 11:44:06 EST:2915: error_condition: X-Qmail-Scanner-1.22: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 2
Michael Ralston Stral.net
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Letsche Sent: Thursday, 15 July 2004 12:01 AM To: Dean Mumby Cc: [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]Permissions problem /var/spool/qmailscan/tmp
Hmmm... My reformime looks like this:
[EMAIL PROTECTED] terry]$ ls -l `which reformime` -rwxr-xr-x 1 bin bin 61020 Jul 13 16:51 /usr/bin/reformime
I'd tried a number of things with it after seeing references to this in the archives, but none seemed to work! I even made a copy of it owned by qscand and called that instead, tried making it suid qscand, etc. Perhaps it's something even easier?
There are two pieces I forgot to include earlier that might make a difference. The behavior appears to be the same whether -T is used as a parameter to perl or not, and secondly, I'm calling qmail-scanner-queue with a C wrapper script to make it suid, rather than use perl-suid.
Terry
On Wed, 14 Jul 2004, Dean Mumby wrote:
Terry Letsche wrote:
Hi.
Files and directories are being created with the following permissions when checked by clamav:
/var/spool/qmailscan/working/new/blah root.root 0600 /var/spool/qmailscan/tmp dirs are root.root 0700
This gives me the following errors in the logs: Tue, 13 Jul 2004 17:03:09 CDT:2410: ini_sc: start scanning Tue, 13 Jul 2004 17:03:09 CDT:2410: ini_sc: recursively scan the directory /var/spool/qmailscan/tmp/www.letsche.net10897561884822410/ Tue, 13 Jul 2004 17:03:09 CDT:2410: scanloop: starting scan of directory "/var/spool/qmailscan/tmp/www.letsche.net10897561884822410"... Tue, 13 Jul 2004 17:03:09 CDT:2410: scanloop: scanner=clamdscan_scanner,plain_text_msg=0 Tue, 13 Jul 2004 17:03:09 CDT:2410: clamdscan: starting scan of directory "/var/spool/qmailscan/tmp/www.letsche.net10897561884822410"... Tue, 13 Jul 2004 17:03:09 CDT:2410: run /usr/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space=100000 /var/spool/qmailscan/tmp/www.letsche.net10897561884822410 2>&1 Tue, 13 Jul 2004 17:03:09 CDT:2410: --output of clamdscan was: /var/spool/qmailscan/tmp/www.letsche.net10897561884822410: Access denied.
ERROR /var/spool/qmailscan/tmp/www.letsche.net10897561884822410: OK -- Tue, 13 Jul 2004 17:03:09 CDT:2410: error_condition:
X-Qmail-Scanner-1.22:
clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 2
This is with qmail-scanner 1.22, spamassassin 2.63, f-prot 4.4.2/3.14.11, maildrop 1.6.3.20040608-1.2, qmail 1.03 and clamav 0.74-1 on Fedora Core 2. I'm running clamd as user qscand, BTW. Changing ownership of reformime, as has been suggested didn't help. /var/spool/qmailscan/working and /var/spool/qmailscan/tmp are both owned by qscand.qscand, 0770. Removing clamdscan from scanner_array returns operation back to normal (using f-prot and spamassassin without clamav).
I'm sure it's something obvious, but I can't put my finger on it!
Thanks.
Terry
check your permissions on reformine
Regards Dean
Maybe its time this became a FAQ
-- Terry Letsche | http://terry.letsche.net | terry at letsche dot net
------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
this is what I have and it works
[EMAIL PROTECTED] root]# ls -al /usr/bin/reformime -r-xr-xr-x 1 root qmail 48792 Aug 5 2003 /usr/bin/reformime
-- Terry Letsche | http://terry.letsche.net | terry at letsche dot net
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
