Yesterday my mail don't received and I see in log Mar 13 09:01:45 gameinside X-Qmail-Scanner-1.25st: [gameinside.ua117376930571811663] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 Mar 13 09:03:04 gameinside X-Qmail-Scanner-1.25st: [gameinside.ua117376938371811829] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 After discover the problem I found that clamav logrotate file contain create 640 clamav clamav and after this -rw-r----- 1 clamav clamav 0 2007-03-13 14:46 clamd.log before I have -rw-r----- 1 qscand qscand 1813 2007-03-13 14:28 clamd.log # /etc/init.d/clamd start * Starting clamd ... Running as user qscand (UID 210, GID 210) ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!). ERROR: Problem with internal logger. Please check the permissions on the /var/log/clamav/clamd.log file. * Failed to start clamd [ !! ] * Starting freshclam ... ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). * Failed to start freshclam [ !! ] and strange status set # /etc/init.d/clamd start * WARNING: clamd has already been started. clamav init.d script try chown log file only in milter mode (why not for all ?) so in logrotate file put code like local clamav_user=`awk '$1 == "User" { print $2 }' /etc/clamd.conf` from init.d script or in this init.d script try fix perms always
You're right. In the past, the initscript changed owner of both log files to user clamav (hardcoded). Then the code was removed. I guess I never thought of that because I never hit the bug you describe. Anyway, the initscript now changes ownership of both logs to correct user (parsed from config files). Thanks for suggestion!
I also suggest in logrotate file change postrotate /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true to postrotate /etc/init.d/clamd restart 2>/dev/null || true because before it create 640 clamav clamav and log files create under clamav clamav or remove this string anywhere
I think - I must reopen bug for pay attention my previous comment problem still exists unless fix logrotate file
Ok, I moved permission/ownership fix to a separate logfix() function in the initscript, which is called from start(), as well as from the logrotate script. How does that sound?
permission now ok but you not reload clamav :( so clamd use old open pipe lsof show clamd 16701 qscand 3w REG 8,3 30511 267443 /var/log/clamav/clamd.log.1 (deleted) please change (in clamav.logrotate) /etc/init.d/clamd logfix to /etc/init.d/clamd restart
A better idea is to reload clamd/freshclam using SIGHUP, just like before. This time, however it is after permissions are fixed, so all should be peachy. Changes committed.
now all ok thanks