Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Qmail-scanner and ClamAV problem
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Mon Aug 30, 2004 1:34 pm    Post subject: Qmail-scanner and ClamAV problem Reply with quote

I've installed Qmail-scanner 1.23 and clamav 0.75.
When a virus infected mail arrives I get this error:
Code:
X-Qmail-Scanner-1.23st:[some numbers] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
qmail-inject: fatal: qq temporary problem (#4.3.0)


I'm not sure if this is a good thing or not. It's good that when ppl send infected mails, they get an error, but it would be nice if the error was not "temporary", and informed the sender why he get the error.

SOFTLIMIT is 80MB - should be enough.
If I make clamd run as qscand it dies without any error - even when compiled with -debug.
Temparary I've made qmail-scanner run clamscan insted of clamdscan.

Any clues why this problem ocures?
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Tue Sep 14, 2004 11:09 pm    Post subject: Reply with quote

i solved it by applying this quick FAQ:
http://www.clamav.net/faq.html

see if that is the case that applies to you (Q26) and come back with details if you don't manage to have it working.


Last edited by radulucian on Thu Nov 18, 2004 11:49 am; edited 1 time in total
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Sep 17, 2004 10:43 am    Post subject: Reply with quote

Softlimit = 80MB should be enough. The faq sugest 40MB.
Clamd is running. As I wrote, if I make clamd run as qscand it dies without any error - even when compiled with -debug.

When making QmS 1.23 run clamscan instead of clamdscan, random virus infected mails passes unchecked through the scanner. The same virus test mail sent 10 times, only got detected 6 times!

I downgraded to QmS 1.16 and everything works, but I'd like to use QmS 1.23 if there was a way to make it work.
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Thu Nov 18, 2004 11:50 am    Post subject: Reply with quote

i ran into the same problem again and it was solved the same way (the right way)
since the FAQ on the website i quoted seems to change it's numbers here's a quote that would solve your problem
Quote:
Most likely clamd is not running at all, or you are running Qmail-Scanner and clamd under a different uid. If you are running Qmail-Scanner as qscand (default setting) you could put User qscand inside your clamav.conf file and restart clamd. Remember to check that qscand can create clamd.ctl (usually located at /var/run/clamav/clamd.ctl). The same applies to the log file.
Another possibility is that your softlimit is set too low. Try raising it to 40MB at least.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sun Nov 28, 2004 4:28 pm    Post subject: Reply with quote

I've tried this with 3 servers now. The latest server was installed this weekend, and get the same problem every time!
Downgrading to QmS 1.16 seems to be the only way around.

I've tried running clamav as qscand. I've tried to run QmS as clamav. Softlimit is 80MB.
Aparently the only way to make QmS 1.23 work is to make it use clamscan insted of clamdscan, but then some random viruses passes trough undetected!

Am I the only one to get this problem?
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sun Nov 28, 2004 10:02 pm    Post subject: Reply with quote

Clearly I have permission problems.... For the experiment I made clamd run as root - then everything worked!
The FAQ tells to run clamav (/etc/clamav.conf) run as qscand - which user clamav runs as doesn't seem to make any change. It's the user clamd (/etc/clamd.conf) that makes the stuff work.

The only error I get is from qmail-scanner:
Code:

clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

Even when clamav is compiled with the extra debug option enabled there is no error messages from it!
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sun Dec 12, 2004 1:33 am    Post subject: Reply with quote

Can someone please tell me which files clamav / qscand needs access to?

I upgraded perl on a company server today, so qmail-scanner 1.16 does no longer work. QMS 1.24 works only if clamd is running as ROOT!
Somehow the eicar test virus (testmail #2) passes undetected trough the virus check when clamd is running as root. When running as qscand or clamav, clamd returns the error qouted in previous post when sending testmail #2.
Testmail #3 does get detekted when running as root.
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Fri Dec 31, 2004 2:51 am    Post subject: Reply with quote

try this, if you haven't already, or given up already:

in /etc/conf.d/clamd

change first line to
START_CLAMD=yes

otherwise clamav online starts the freshclam process that is not detected by qmail_scanner upon execution.
this solved my problem with a default instalation and without any other modifications
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Dec 31, 2004 8:02 pm    Post subject: Reply with quote

It's started, otherwise it wouldn't helped much to change the user it runs as. As it works great when running as root, I'm sure the problem is related to file premissions. All the files the documentation refers to I've made world writeable, but still I get the permission problem!
Is there any way to log all files a process tries to access, so I could debug this?
Back to top
View user's profile Send private message
derheld42
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2003
Posts: 97
Location: Washington, US

PostPosted: Sun Feb 27, 2005 8:39 am    Post subject: Reply with quote

Any idea if the error above could result in email getting dropped?

If that's the case (which I think it is)... qmail with qmail-mail-scanner.pl with spamassassin with clamav shouldn't drop email... Anybody else had this problem?

I think a bug report is in order, but I'm not sure which piece is at fault....
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Sun Feb 27, 2005 9:04 pm    Post subject: Reply with quote

As posted - depending on which user it runs as it might drop mails with or withour errors.
Back to top
View user's profile Send private message
TheSlab
n00b
n00b


Joined: 29 Apr 2004
Posts: 18
Location: Lanham, MD USA

PostPosted: Fri Jun 17, 2005 4:50 am    Post subject: Reply with quote

petterg wrote:
As posted - depending on which user it runs as it might drop mails with or withour errors.


Did you ever figure this out petterg? The other admin on my server did a world update and i've been going crazy the last 6 hours trying to get email working. It's running as root now but I'd really like to not have that. Gonna look at it after I get back Sunday but figured I'd ask first.
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Jun 17, 2005 11:47 pm    Post subject: Reply with quote

It's still running as root on all servers I'm adming.
Please post if you find a way to get around this.
Back to top
View user's profile Send private message
Casshan
n00b
n00b


Joined: 07 May 2004
Posts: 53

PostPosted: Thu Jul 07, 2005 9:58 pm    Post subject: Reply with quote

Check permissions on:

/var/run/clamav

I had the same problem, and it can't create the pid file :0
Back to top
View user's profile Send private message
petterg
Guru
Guru


Joined: 25 Mar 2004
Posts: 500
Location: Oslo, Norway

PostPosted: Fri Jul 08, 2005 11:30 pm    Post subject: Reply with quote

I've carefully changed the ownership of clamav's run folder and logfolder every time i've changed the username it runs as... to no sucsess.
I've asumed that the folders should be owned by the user clamd is running as. Is that a bad thing?
Back to top
View user's profile Send private message
Casshan
n00b
n00b


Joined: 07 May 2004
Posts: 53

PostPosted: Sat Jul 09, 2005 12:34 am    Post subject: Reply with quote

I have clamd running as the qmaild user I think, whichever one runs the qmail-scanner
Back to top
View user's profile Send private message
DrUberEgo
n00b
n00b


Joined: 21 May 2005
Posts: 5

PostPosted: Mon Oct 10, 2005 1:54 am    Post subject: Oh come on! hasn't anybody figured this out yet???? Reply with quote

Three months later and apparently there's still no fix for this. :roll:

I'm in the same boat. :x

Here's some steps to reproduce...
1) emerge spamassassin
2) emerge clamav
3) emerge qmail-scanner
4) Spend all day figuring out that clamd and freshclam need to run as user qscand and NOT clamav
(This is something the ebuild maintainers should take care)
5) Change all qmail/spamassassin AND clamav file/directory and ownership to qscand:qscand
(which should be taken care of at the ebuild level.)
6) Find out that it still doesn't work!!!
7) Shoot yourself :?:

What the heck is the fix for this???
it is ***NOT*** permissions or SOFTLIMITs so don't bother suggesting it. Don't believe me?...

Here's proof... clam stuff is running and running as qscand
root@mail:~# ps -elf | grep clam
1 S qscand 18417 1 0 76 0 - 8314 - 18:18 ? 00:00:00 /usr/sbin/clamd
1 S qscand 18419 1 0 75 0 - 3467 pause 18:18 ? 00:00:00 /usr/bin/freshclam -d
0 R root 18616 18246 0 75 0 - 654 - 18:29 pts/7 00:00:00 grep clam

Here are the ownerships of all clam files/directories:
-rw-r--r-- 1 root root 193 Oct 9 17:48 /etc/conf.d/clamd
-rwxr-xr-x 1 root root 2037 Oct 9 17:48 /etc/init.d/clamd
lrwxrwxrwx 1 root root 17 Oct 9 16:30 /etc/runlevels/default/clamd -> /etc/init.d/clamd
-rw-r--r-- 1 root root 8173 Oct 9 17:59 /etc/clamd.conf
-rw-r--r-- 1 root root 3257 Oct 9 18:00 /etc/freshclam.conf
drwxrwxr-x 2 qscand qscand 104 Oct 9 17:56 /var/lib/clamav
-rw-r--r-- 1 qscand qscand 97021 Oct 9 17:56 /var/lib/clamav/daily.cvd
-rw-rw-r-- 1 qscand qscand 2560365 Oct 9 17:48 /var/lib/clamav/main.cvd
lrwxrwxrwx 1 root root 17 Oct 9 18:18 /var/lib/init.d/started/clamd -> /etc/init.d/clamd
lrwxrwxrwx 1 root root 17 Oct 9 17:33 /var/lib/init.d/softscripts/clamd -> /etc/init.d/clamd
drwxr-xr-x 2 qscand qscand 104 Oct 9 17:48 /var/log/clamav
-rw-r----- 1 qscand qscand 11787 Oct 9 18:18 /var/log/clamav/clamd.log
drwxr-xr-x 2 qscand qscand 168 Oct 9 18:18 /var/run/clamav
-rw-rw---- 1 qscand qscand 5 Oct 9 18:18 /var/run/clamav/freshclam.pid
-rw-rw---- 1 qscand qscand 5 Oct 9 18:18 /var/run/clamav/clamd.pid
srwxrwxrwx 1 qscand qscand 0 Oct 9 18:18 /var/run/clamav/clamd.sock
-rwxr-xr-x 1 root root 1073 Oct 9 17:48 /usr/bin/clamav-config
-rwxr-xr-x 1 root root 34592 Oct 9 17:48 /usr/bin/clamdscan
-rwxr-xr-x 1 root root 47256 Oct 9 17:48 /usr/bin/freshclam
-rwxr-xr-x 1 root root 55448 Oct 9 17:48 /usr/bin/clamscan
-rwxr-xr-x 1 root root 1676 Oct 6 22:56 /usr/kde/3.4/bin/kmail_clamav.sh
-rwxr-xr-x 1 root root 67152 Oct 9 17:48 /usr/sbin/clamd
-rwxr-xr-x 1 root root 765 Oct 9 17:48 /usr/lib64/libclamav.la
lrwxrwxrwx 1 root root 19 Oct 9 17:48 /usr/lib64/libclamav.so -> libclamav.so.1.0.16
-rw-r--r-- 1 root root 274 Oct 9 17:48 /usr/lib64/pkgconfig/libclamav.pc
-rw-r--r-- 1 root root 567786 Oct 9 17:48 /usr/lib64/libclamav.a
-rwxr-xr-x 1 root root 314632 Oct 9 17:48 /usr/lib64/libclamav.so.1.0.16
lrwxrwxrwx 1 root root 19 Oct 9 17:48 /usr/lib64/libclamav.so.1 -> libclamav.so.1.0.16
drwxr-xr-x 2 root root 296 Oct 9 17:48 /usr/share/doc/clamav-0.87
-rw-r--r-- 1 root root 655 Oct 9 17:48 /usr/share/doc/clamav-0.87/clamav-milter.README.gentoo.gz
-rw-r--r-- 1 root root 735 Oct 9 17:50 /usr/share/doc/qmail-scanner-1.25-r1/contrib/test-clamd.pl.gz
-rw-r--r-- 1 root root 898 Oct 9 17:48 /usr/share/man/man1/clamdscan.1.gz
-rw-r--r-- 1 root root 6838 Oct 9 17:48 /usr/include/clamav.h

So yes, qscand does have accecss to what it needs since I have recursively set
ownership of /var/lib/clamav, /var/log/clamav and /var/run/clamav to qscand:qscand.

Ho yea... the memory problem...
root@mail:~# grep SOFTLIMIT /var/qmail/control/conf-common
SOFTLIMIT_OPTS="-m 64000000"
So fpppppt if you think that's the problem.

Oh... did I forget to restart something?...
root@mail:~# /etc/init.d/svscan stop
* Stopping service scan ... [ ok ]
* Stopping services ... [ ok ]
* Stopping service logging ... [ ok ]
root@mail:~# /etc/init.d/clamd stop
* Stopping clamd ... [ ok ]
* Stopping freshclam ... [ ok ]
root@mail:~# /etc/init.d/spamd stop
* Stopping spamd ... [ ok ]
root@mail:~# ps -elf | grep qmail
0 S qmaild 18617 1 0 75 0 - 2038 - 18:29 pts/5 00:00:00 /var/qmail/bin/qmail-smtpd
0 S root 19005 18246 0 76 0 - 653 pipe_w 18:43 pts/7 00:00:00 grep qmail
root@mail:~# kill -TERM 18617
root@mail:~# ps -elf | grep qmail
0 R root 19007 18246 0 77 0 - 653 - 18:43 pts/7 00:00:00 grep qmail

Start everything from scratch...
root@mail:~# /etc/init.d/clamd start
* Starting clamd ... [ ok ]
* Starting freshclam ... [ ok ]
[1]+ Done emacs clamfiles
root@mail:~# /etc/init.d/spamd start
* Starting spamd ... [ ok ]
root@mail:~# /etc/init.d/svscan start
* Starting service scan ... [ ok ]

And yet...
root@mail:/usr/share/doc/qmail-scanner-1.25-r1/contrib# ./test_installation.sh -doit
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...
done!

Sending eicar test virus - should be caught by perlscanner module...
X-Qmail-Scanner-1.25st:[mail112890882871826055] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

So it *STILL* doesn't work!

Has anybody figured this out yet?

- Jeff

And, as an aside: The second worst mistake a programmer can make is to produce
general error messages. (The first being no error messages at all; but general messages
are just about as bad.) Error messages should point out the specific action that
failed and why if at all possible. This general "corrupt or unknown clamd scanner error or
memory/resource/perms problem" is absolutely useless to the point of being frustrating.
I fixed perm problems and I fixed memory problems. What... am I suppose to guess
what I'm suppose to fix next? clamdscan (or whatever program is encountering an
error) should log it and *specifically* tell you what it tried to do and couldn't.
Back to top
View user's profile Send private message
Kooky
n00b
n00b


Joined: 10 Sep 2005
Posts: 23
Location: Mannheim

PostPosted: Sat Feb 18, 2006 11:50 pm    Post subject: Reply with quote

I know this is a post from last year but i had the same problem today.

Here is how i solved it:
Clam Config:
USER qscand

chown -R qscand /var/log/clamav
chown -R qscand /var/run/clamav

softlimit 40.....
(all the things that you can read everywhere)
AND:

chmod u+s /var/qmail/bin/qmail-scanner-queue.pl
(and also USE="perlsuid" emerge -avuN perl)


Maybe it will help other people.

Greets Kooky
Back to top
View user's profile Send private message
Gio
n00b
n00b


Joined: 01 Jul 2002
Posts: 19
Location: Wheaton, IL USA

PostPosted: Mon Apr 10, 2006 2:29 pm    Post subject: Yep - that helps. Reply with quote

Helped me, thanks Kooky.
Back to top
View user's profile Send private message
chamont
n00b
n00b


Joined: 18 Jun 2004
Posts: 3
Location: Pleasant Grove, Utah (USA)

PostPosted: Thu Apr 13, 2006 4:49 am    Post subject: Another me too Reply with quote

Kooky you rock. Worked great for me as well. Some random update in the past day or two must have gotten me.
Back to top
View user's profile Send private message
TheNewb
Apprentice
Apprentice


Joined: 10 Jun 2005
Posts: 183

PostPosted: Wed May 03, 2006 5:45 am    Post subject: Reply with quote

Took me a long time to figure this out before I found this post... Many thanks! Got me up and running.
_________________
#define struct union /* A Real space saver! :) */
Back to top
View user's profile Send private message
lcj
Tux's lil' helper
Tux's lil' helper


Joined: 25 Apr 2004
Posts: 82
Location: Opole, Poland

PostPosted: Fri Jun 15, 2007 6:56 pm    Post subject: Reply with quote

@DrUberEgo

Please check this your setup matches mine:

Code:

-rws--x--x 1 qscand qscand   3168 Aug  9  2006 /var/qmail/bin/qmail-scanner-queue
-rwxr-xr-x 1 qscand qscand 140111 Dec 27 00:10 /var/qmail/bin/qmail-scanner-queue.pl


I was maybe on the same level of frustration, but I had one server running, so I checked the perms once more.
_________________
--
Lukasz C. Jokiel via web
Back to top
View user's profile Send private message
ycUygB1
Apprentice
Apprentice


Joined: 27 Jul 2005
Posts: 276
Location: Portland, Oregon

PostPosted: Sun Sep 01, 2013 8:30 pm    Post subject: Reply with quote

Follow the comments of Antarctica here: http://qmailrocks.thibs.com/qmail-scanner.php,
which worked for me. To avoid making you click yet another link, here are the instructions:

Using visudo, add

Code:
ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl


Near line 71, add to /var/qmail/bin/qmail-scanner-queue.pl

Code:
$ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($<) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
}


Then redo the test, and it should work:

Code:
# cd /usr/share/doc/qmail-scanner-2.08/contrib/
# ./test_installation.sh -doit --log-details syslog

Sending standard test message - no viruses... 1/4
done!

Sending eicar test virus - should be caught by perlscanner module... 2/4
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... 3/4
done!

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... 4/4


If you have enabled $sa_quarantine, $sa_delete or $sa_reject the
spam-message wont't arrive to the recipients. But if you have enabled
(good idea!) 'minidebug' or 'debug' you should check
/var/spool/qscan/qmail-queue.log (or where ever you have the log).


        Done!

Finished test. Now go and check Email sent to postmaster@tough-widgets.com and/or the log..


Last edited by ycUygB1 on Mon Sep 02, 2013 1:03 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum