Could still use some more help, that wasn't a problem... I tried your
scan suggestion using the /tmp folder perms unchanged
r...@li112-80:/etc# su qscand
$ cd /var/spool/qscan
$ pwd
/var/spool/qscan
$ ls -l
total 47528
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 archives
-rwxr-x--- 1 qscand qmail 1434 Oct 12 09:13 log-report.sh
-rw-rw---- 1 qscand qmail 48544499 Feb 7 08:45 qmail-queue.log
-rw-rw---- 1 qscand qmail 63 Oct 12 09:13
qmail-scanner-queue-version.txt
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 quarantine
-rw-r----- 1 qscand qmail 12288 Oct 12 09:16 quarantine-events.db
-rw-r----- 1 qscand qmail 10438 Oct 12 09:16 quarantine-events.txt
-rw-rw---- 1 qscand qmail 16211 Feb 1 10:22 quarantine.log
-rw-r----- 1 qscand qmail 2739 Oct 12 09:13 settings_per_domain.txt
drwxrwxr-x 2 qscand qmail 4096 Feb 7 08:45 tmp
drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 working
$ clamdscan tmp
/var/spool/qscan/tmp: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
On Sat, 6 Feb 2010 20:31:49 +0100, MP Annihilator <annihilator...@msn.com>
wrote:
> Hi ,
>
> The problem is mentioned in your log :
>
> [QUOTE]
> clamdscan was:
> /var/spool/qscan/tmp/li112-80126546157778720001: lstat() failed:
> Permission denied. ERROR
> [/QUOTE]
>
>
> Seems like your Anti-Virus clamd process has no rights to your
> /var/spool/tmp/... directories ( where qmail brakes down your emails to
> scannable components )
>
> Try to chmod this directory till you see this :
>
> --------
> 12 drwxr-x--- 2 qscand qscand 12288 2009-06-22 13:44 tmp
> --------
>
> To test if clamd is able to scan your temp directory , type the
following
> :
>
> clamdscan /var/spool/qscan/tmp/
>
> Success ...
>
>
>> Date: Sat, 6 Feb 2010 07:32:32 -0600
>> From: i...@derdev.com
>> To: Qmail-scanner-general@lists.sourceforge.net
>> Subject: [Qmail-scanner-general] clamav permissions problem and
>> qmail-scanner
>>
>> I know this question has been done to death and I wouldn't post here if
I
>> hadn't tried and tried...
>>
>> I'm having trouble scanning attachments, but all mail deliveries still
>> work.
>>
>> 25MB softlimit in /var/qmail/supervise/smtp/run
>>
>> Sorry in advance for the long post, I'm stumped.
>>
>> +++++ qmail-queue.log snippet in debug mode with a .DOC file attached,
>> roughly same results for .ZIP files +++++++
>>
>> Sat, 06 Feb 2010 07:06:17 CST:20001: +++ starting debugging for process
>> 20001 (ppid=20000) by uid=89
>> Sat, 06 Feb 2010 07:06:17 CST:20001: setting UID to EUID so
subprocesses
>> can access files generated by this script
>> Sat, 06 Feb 2010 07:06:17 CST:20001: program name is
>> qmail-scanner-queue.pl, version 2.06st
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: mkdir
>> /var/spool/qscan/tmp/li112-80126546157778720001
>> Sat, 06 Feb 2010 07:06:17 CST:20001: c_a_g: found MIME attachment
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: primary Content-Type of
>> multipart/mixed found
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: found a top-level boundary
>> definition of 0\-1667733030\-1265461576\=\:93955
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 1: Content-Type
of
>> multipart/alternative found
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 2: Content-Type
of
>> text/plain found
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 3: Content-Type
of
>> text/html found
>> Sat, 06 Feb 2010 07:06:17 CST:20001: found C-T attachment filename
>> "confidentiality agreement - mutual - ca-003.doc"
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: attachment 5: Content-Type
of
>> application/msword found
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: rename new msg from
>> /var/spool/qscan/working/tmp/li112-80126546157778720001 to
>> /var/spool/qscan/working/new/li112-8
>> 0126546157778720001
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: (this is basically the time
it
>> took the client to send the message over the network
>> Sat, 06 Feb 2010 07:06:17 CST:20001: w_c: resetting timer so as to
>> measure
>> actual Qmail-Scanner processing time
>> Sat, 06 Feb 2010 07:06:17 CST:20001: incoming SMTP connection from via
>> SMTP from 209.191.69.137
>> Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: Checking all attachments to
see
>> if they're MS-TNEF
>> Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: Check for zip files...
>> Sat, 06 Feb 2010 07:06:17 CST:20001: d_m: unpacking message took
0.013726
>> seconds
>> Sat, 06 Feb 2010 07:06:17 CST:20001: unsetting QMAILQUEUE env var
>> Sat, 06 Feb 2010 07:06:17 CST:20001: g_e_h: return-path is
>> "myu...@yahoo.com", recips is "myu...@localdomain.tld"
>> Sat, 06 Feb 2010 07:06:17 CST:20001: from=myuser
>> <myu...@yahoo.com>,subj=incoming,
>> x-qmail-scanner-message-id=<725645.93955...@web33107.mail.mud.
>> yahoo.com> via SMTP from 209.191.69.137
>> Sat, 06 Feb 2010 07:06:17 CST:20001: ini_sc: start scanning
>> Sat, 06 Feb 2010 07:06:17 CST:20001: ini_sc: recursively scan the
>> directory /var/spool/qscan/tmp/li112-80126546157778720001/
>> Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop: starting scan of
directory
>> "/var/spool/qscan/tmp/li112-80126546157778720001"...
>> Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
>> scanner=clamdscan_scanner,plain_text_msg=0
>> Sat, 06 Feb 2010 07:06:17 CST:20001: clamdscan: starting scan of
>> directory
>> "/var/spool/qscan/tmp/li112-80126546157778720001"...
>> Sat, 06 Feb 2010 07:06:17 CST:20001: run /usr/bin/clamdscan
--no-summary
>> /var/spool/qscan/tmp/li112-80126546157778720001 2>&1
>> Sat, 06 Feb 2010 07:06:17 CST:20001: --output of clamdscan was:
>> /var/spool/qscan/tmp/li112-80126546157778720001: lstat() failed:
>> Permission denied. ERROR
>> Sat, 06 Feb 2010 07:06:17 CST:20001: clamdscan: finished scan of dir
>> "/var/spool/qscan/tmp/li112-80126546157778720001" in 0.003737 secs
>> Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
>> scanner=spamassassin,plain_text_msg=0
>> Sat, 06 Feb 2010 07:06:17 CST:20001: SA-1: run /usr/bin/spamc -t 30 -s
>> 256000 < /var/spool/qscan/working/new/li112-80126546157778720001
>> Sat, 06 Feb 2010 07:06:17 CST:20001: SA: overwriting
>> /var/spool/qscan/working/new/li112-80126546157778720001 with
>> /var/spool/qscan/working/new/li112-80126546
>> 157778720001.spamc
>> Sat, 06 Feb 2010 07:06:17 CST:20001: SA: nope, mmmm... ham...
(score=-2.5
>> required=5.3)
>> Sat, 06 Feb 2010 07:06:17 CST:20001: SA: required_hits 5.3 /
>> sa_quarantine
>> +0 / sa_delete +9
>> Sat, 06 Feb 2010 07:06:17 CST:20001: SA: finished scan of dir
>> "/var/spool/qscan/tmp/li112-80126546157778720001" in 0.450812 secs -
>> hits=-2.5/5.3
>> Sat, 06 Feb 2010 07:06:17 CST:20001: scanloop:
>> scanner=perlscan_scanner,plain_text_msg=0
>>
>>
>> ++++++++++++++++ end qmail-queue.log +++++++++++++++++++++++
>>
>> +++++ BEGIN qscan FOLDER PERMS +++++
>> r...@li112-80:/var/spool# ls -l
>> total 12
>> drwxr-xr-x 2 root root 4096 Oct 5 16:57 anacron
>> drwxr-xr-x 5 root root 4096 Dec 12 06:52 cron
>> lrwxrwxrwx 1 root root 7 Aug 6 2009 mail -> ../mail
>> drwxr-xr-x 6 qscand qscand 4096 Feb 4 16:53 qscan
>>
>> r...@li112-80:/var/spool# cd qscan/
>>
>> r...@li112-80:/var/spool/qscan# ls -l
>> total 45320
>> drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 archives
>> -rwxr-x--- 1 qscand qmail 1434 Oct 12 09:13 log-report.sh
>> -rw-rw---- 1 qscand qmail 46283129 Feb 6 07:06 qmail-queue.log
>> -rw-rw---- 1 qscand qmail 63 Oct 12 09:13
>> qmail-scanner-queue-version.txt
>> drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 quarantine
>> -rw-r----- 1 qscand qmail 12288 Oct 12 09:16 quarantine-events.db
>> -rw-r----- 1 qscand qmail 10438 Oct 12 09:16 quarantine-events.txt
>> -rw-rw---- 1 qscand qmail 16211 Feb 1 10:22 quarantine.log
>> -rw-r----- 1 qscand qmail 2739 Oct 12 09:13 settings_per_domain.txt
>> drwxrwxr-x 2 qscand qmail 4096 Feb 6 07:06 tmp
>> drwxrwx--- 5 qscand qmail 4096 Oct 12 09:13 working
>>
>> r...@li112-80:/var/spool/qscan# df
>> Filesystem 1K-blocks Used Available Use% Mounted on
>> /dev/xvda 16124880 3138116 12986764 20% /
>> tmpfs 184428 0 184428 0% /lib/init/rw
>> varrun 184428 60 184368 1% /var/run
>> varlock 184428 0 184428 0% /var/lock
>> udev 184428 108 184320 1% /dev
>> tmpfs 184428 0 184428 0% /dev/shm
>>
>> ++++++++ end folder perms +++++++++++
>>
>> ++++++++++++++ BEGIN PROCESS OWNERS +++++++++++++++
>> r...@li112-80:/var/spool/qscan# ps waux | egrep -i 'clam|qmail|scan'
>> root 2753 0.0 0.1 1768 436 ? Ss 2009 0:00
/bin/sh
>> /command/svscanboot
>> root 2774 0.0 0.0 1716 348 ? S 2009 0:00 svscan
>> /service
>> root 2776 0.0 0.0 1556 288 ? S 2009 0:00
>> supervise
>> qmail-pop3d
>> root 2778 0.0 0.0 1556 292 ? S 2009 0:00
>> supervise
>> qmail-send
>> root 2780 0.0 0.0 1560 292 ? S 2009 0:00
>> supervise
>> qmail-smtpd
>> qmaill 2793 0.0 0.0 1700 320 ? S 2009 0:00
>> /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/dovecot
>> clamav 3757 0.0 0.3 3092 1284 ? Ss 2009 0:22
>> /usr/bin/freshclam -d --quiet
>> root 25915 0.0 0.1 1756 524 ? S 2009 0:00
>> /usr/local/bin/tcpserver -H -l {snip host} -v -x
>> /home/vpopmail/etc/tcp.pop3.cdb -c 5 -R 0 pop3
/var/qmail/bin/qmail-popup
>> {snip host} /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d
Maildir
>> vpopmail 25916 0.0 0.1 1756 532 ? S 2009 0:00
>> /usr/local/bin/tcpserver -H -l {snip host} -v -x
>> /home/vpopmail/etc/tcp.smtp.cdb -c 20 -R -u 89 -g 89 0 smtp
>> /usr/local/bin/rblsmtpd -b -C -r zen.spamhaus.org:Your message was
>> rejected. Please consult http://www.spamhaus.org/ -t 5
>> /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /usr/bin/true
>> qmails 25920 0.0 0.1 1736 412 ? S 2009 0:02
>> qmail-send
>> qmaill 25921 0.0 0.0 1700 364 ? S 2009 0:00
>> /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd
>> qmaill 25922 0.0 0.1 1700 384 ? S 2009 0:00
>> /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d
>> root 25923 0.0 0.0 1696 340 ? S 2009 0:01
>> qmail-lspawn ./Maildir/
>> qmailr 25924 0.0 0.0 1696 356 ? S 2009 0:00
>> qmail-rspawn
>> qmailq 25925 0.0 0.0 1684 340 ? S 2009 0:00
>> qmail-clean
>> qmaill 25929 0.0 0.0 1696 340 ? S 2009 0:00
>> /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send
>> qscand 26623 0.0 22.3 101524 82608 ? Ssl Feb04 0:05
>> /usr/sbin/clamd
>> root 20144 0.0 0.1 1968 624 pts/0 S+ 07:13 0:00 egrep
-i
>> clam|qmail|scan
>>
>> ++++++++++++++++ end process ownership +++++++++++++++++++++++++
>>
>> ++++++++++++++++++ begin clamd.conf details +++++++++++++++++++++++++++
>> r...@li112-80:/var/spool/qscan# cat /etc/clamav/clamd.conf | grep -v
>> "^#"
>> LocalSocket /var/run/clamav/clamd.ctl
>> FixStaleSocket true
>> User qscand
>> AllowSupplementaryGroups yes
>> ScanMail true
>> ScanArchive true
>> ArchiveBlockEncrypted true
>> MaxDirectoryRecursion 15
>> FollowDirectorySymlinks false
>> FollowFileSymlinks false
>> ReadTimeout 180
>> MaxThreads 12
>> MaxConnectionQueueLength 15
>> StreamMaxLength 10M
>> LogSyslog false
>> LogFacility LOG_LOCAL6
>> LogClean false
>> LogVerbose false
>> PidFile /var/run/clamav/clamd.pid
>> DatabaseDirectory /var/lib/clamav
>> SelfCheck 3600
>> Foreground false
>> Debug false
>> ScanPE true
>> ScanOLE2 true
>> ScanHTML true
>> DetectBrokenExecutables false
>> MailFollowURLs false
>> ExitOnOOM false
>> LeaveTemporaryFiles false
>> AlgorithmicDetection true
>> ScanELF true
>> IdleTimeout 30
>> PhishingSignatures true
>> PhishingScanURLs true
>> PhishingAlwaysBlockSSLMismatch false
>> PhishingAlwaysBlockCloak false
>> DetectPUA false
>> ScanPartialMessages false
>> HeuristicScanPrecedence false
>> StructuredDataDetection false
>> CommandReadTimeout 5
>> SendBufTimeout 200
>> MaxQueue 100
>> LogFile /var/log/clamav/clamav.log
>> LogTime true
>> LogFileUnlock false
>> LogFileMaxSize 0
>>
>> ++++++++++++++++ end clamd.conf details ++++++++++++++++++++++++++++++
>>
>> ++++++++++++++++++ begin product install versions
+++++++++++++++++++++++
>>
>> ubuntu 9.04
>> netqmail 1.06
>> qmail-scanner 2.06st
>> ClamAV 0.95.1/10362/Sat Feb 6 01:14:06 2010
>>
>>
>> ++++++++++++++ end product install ++++++++++++++++++
>>
>> ++++++++++ BEGIN qmail-scanner config snippet +++++++++++++
>> #!/usr/bin/perl -T
>> #
>> # File: qmail-scanner-queue.pl
>> # Version: 2.06 - st - patch - 20090419
>> #
>> # Author: Jason L. Haar <jhaar - users.sourceforge.net>
>> #
>> # Patch by: Salvatore Toribio <toribio - pusc.it>
>> #
>> # See the file README-st-patch for information about the patch
>> # This version deletes/rejects spam based in Chris Hine's patch for
v1.16
>> #
>> # Each user could has his own scanners and sa_settings.
>> #
>> # This file was auto-generated by:
>> #
>> # ./configure --qs-user qmailq --qs-group qmail --admin antivirus
>> --domain
>> surfinbox.com --admin-description "System Anti-Virus Administrator"
>> --notify psend
>> er,nmlvadm --local-domains surfinbox.com --silent-viruses auto
>> --virus-to-delete 1 --skip-text-msgs 1 --lang en_GB --debug no
>> --minidebug
>> 1 --add-dscr-hdrs y
>> es --dscr-hdrs-text "X-Qmail-Scanner" --normalize yes --archive 0
>> --settings-per-domain 0 --max-scan-size 100000000 --unzip 0
>> --max-zip-size
>> 80000000 --max-u
>> npacked-files 2000 --redundant 1 --log-details syslog --log-crypto 0
>> --fix-mime 1 --ignore-eol-check 1 --sa-delta 0 --sa-alt 0 --sa-debug 0
>> --sa-report 0 --s
>> a-quarantine 0 --sa-delete 9 --sa-reject 1 --scanners
>> "clamdscan,verbose_spamassassin" --install 1
>> #
>> # Scanners installed =
>> ("clamdscan_scanner","spamassassin","perlscan_scanner")
>> #
>>
>> +++++++++++++++++ end qmail scanner ++++++++++++++++++++++++
>>
>>
>> +++++++++++++ sample eicar test local clamdscan +++++++++++++++++
>> r...@li112-80:/home/user# clamdscan eicar.com.txt
>> /home/daver/eicar.com.txt: Eicar-Test-Signature FOUND
>>
>> ----------- SCAN SUMMARY -----------
>> Infected files: 1
>> Time: 0.001 sec (0 m 0 s)
>>
>> ++++++++++++++ end sample eicar test +++++++++++++++++++++++
>>
>>
>> THANKS!!!!!!!!!!!!!!!
>>
>>
>>
>>
>>
>>
>>
------------------------------------------------------------------------------
>> The Planet: dedicated and managed hosting, cloud storage, colocation
>> Stay online with enterprise data centers and the best network in the
>> business
>> Choose flexible plans and management services without long-term
contracts
>> Personal 24x7 support from experience hosting pros just a phone call
>> away.
>> http://p.sf.net/sfu/theplanet-com
>> _______________________________________________
>> Qmail-scanner-general mailing list
>> Qmail-scanner-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
>
> _________________________________________________________________
> Lentekriebels? Speel samen met je vrienden de spelletjes die Windows
Live
> je aanbiedt!
> http://www.messengerbillboard.be/nl/play
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
