73001 2004-12-01 00:37 0000 clamav 0.80 doesn't work with qmail-scanner. 2008-01-04 22:49:02 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P2 critical --- 1 david@rohr.se qmail-bugs@gentoo.org carter.smithhart@gmail.com gentoo@oliwel.de mmokrejs@ribosome.natur.cuni.cz david@rohr.se 2004-12-01 00:37:27 0000 @4000000041ad8266106e8cf4 X-Qmail-Scanner-1.24st:[angelica110189014068027253] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 I get this on every mail that comes in. Works great with 0.75. Also tested with the FixStaleSocket option, didn't help at all.. Reproducible: Always Steps to Reproduce: 1. Upgrade to clamav 0.80 2. 3. Actual Results: qmail-scanner stoped working. Expected Results: A working mailscanner. david@rohr.se 2004-12-01 00:37:48 0000 Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.4.27-grsec-2.0.1 i686) ================================================================= System uname: 2.4.27-grsec-2.0.1 i686 AMD Duron(tm) processor Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=i686 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=i686 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://ftp.du.se/pub/os/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 apm arts avi berkdb bitmap-fonts chroot crypt curl encode f77 foomaticdb fortran gd gdbm gif gmp gpm gtk2 imagemagick imap imlib ipv6 java jpeg libg++ libwww mad mailbox maildir mbox mcal mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl perlsuid png python quicktime readline ruby sasl sdl session slang snmp spamassassin spell ssl svga tcpd tiff truetype x86 xml2 xmms xv zlib" david@rohr.se 2004-12-01 00:46:00 0000 I noticed that the old 0.75.1 uses root as user, and 0.80 uses clamav. So maybe the problem is there... But isn't right permissions set for the clamav user? glen@delfi.ee 2004-12-05 16:32:13 0000 get newer qmail-scanner. the problem is there (fixed in 1.24). the real issue is that version string of clamdscan has changed and qmail scanner gets confused on that. glen@delfi.ee 2004-12-05 16:36:13 0000 ah. sorry. You have 1.24. st_lim@gentoo.org 2004-12-23 19:09:51 0000 Hi, I'm not sure what you mean when you say that clamd uses root as user. Can you clarify? clamdscan is working fine over here. :) /etc/clamav.conf User qscand Regards Lim Swee Tat david@rohr.se 2004-12-24 00:42:02 0000 On 0.75.1 clamav uses the root-user, and when I tested 0.80 i changed the options to use a diffrent user, clamd. Using this user causes the message i displayed. Maybe it works better with qscand, haven't tried that one... david@rohr.se 2004-12-28 13:27:54 0000 Now tested with "User qscand" and now everything works. Guess this should be noticed in the documents for either clamav or qmail-scanner. carter.smithhart@gmail.com 2005-08-28 11:16:54 0000 Here's an interesting page on this issue: http://qmail.jms1.net/clamav-qms.shtml And this is the test program to see if you're configuration is working: /usr/share/doc/qmail-scanner-1.25-r1/contrib/test_installation.sh.gz I've tried everything on google and everything on the first link and I continue to get the problem mentioned in this bug.. I have these versions installed. * app-antivirus/clamav : [ I] 0.86.2 (0) * mail-filter/spamassassin : [ I] 3.0.4 (0) * mail-filter/qmail-scanner : [ I] 1.25-r1 (0) advocate etc # /tmp/test_installation.sh -doit QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test... QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test... Sending standard test message - no viruses... done! Sending eicar test virus - should be caught by perlscanner module... X-Qmail-Scanner-1.25st:[advocate112525294571831715] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 qmail-inject: fatal: qq temporary problem (#4.3.0) Bad error. qmail-inject died When the test_installation program is run, do you see this problem? carter.smithhart@gmail.com 2005-08-28 11:20:25 0000 NOTE: I just retested setting "User root" in etc/clamd.conf and I get advocate etc # /tmp/test_installation.sh -doit QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test... QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test... Sending standard test message - no viruses... done! Sending eicar test virus - should be caught by perlscanner module... done! Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... Done! Finished test. Now go and check Email for root@localhost What on that previous link is still wrong where root is still needed? ufs@sapo.pt 2005-09-07 19:57:26 0000 The solution for your problems might be here: http://qmail.jms1.net/clamav-qms.shtml Mine Was!!! ;) mmokrejs@ribosome.natur.cuni.cz 2006-02-06 11:42:21 0000 I have just hit the same problem with clamav-0.88 and qmail-scanner-1.25-r1. The fix for me was: # vim /etc/clamd.conf # set User to qscand # chown qscand /var/run/clamav This should be noted in qmail-scanner-1.25-r1.ebuild:pkg_postinst right after the line with: export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue johan@bondeson.mine.nu 2006-02-08 15:19:54 0000 I can confirm that this problem is solved by: instructions on http://qmail.jms1.net/clamav-qms.shtml COMBINED with export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue note that you should not use the .pl file. mailbin@comcast.net 2006-04-05 12:29:25 0000 (In reply to comment #12) > I can confirm that this problem is solved by: > instructions on http://qmail.jms1.net/clamav-qms.shtml > COMBINED with > export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue > > note that you should not use the .pl file. > Well I'm not sure what I'm doing wrong, but I followed the above instructions and still get the error. rentorbuy@yahoo.com 2006-04-11 01:52:27 0000 (In reply to comment #13) > Well I'm not sure what I'm doing wrong, but I followed the above instructions > and still get the error. Here's what I've done. Edit /etc/clamd.conf: User qscand Edit /etc/freshclam.conf: DatabaseOwner qscand # chown -R qscand:qscand /var/lib/clamav # chown -R qscand:qscand /var/run/clamav # chown -R qscand:qscand /var/log/clamav For the first bundle of processed emails, everythng works fine but then I get clamd segfaults. /var/log: Tue Apr 11 09:26:51 2006 -> /var/spool/qmailscan/tmp/INF-BL07114474041172614965/ msg.pif: Worm.SomeFool.P FOUND Tue Apr 11 09:26:52 2006 -> /var/spool/qmailscan/tmp/INF-BL07114474041272614996/ message.scr: Worm.SomeFool.P FOUND Tue Apr 11 09:26:52 2006 -> /var/spool/qmailscan/tmp/INF-BL07114474041272614996/ textfile2: Exploit.HTML.IFrame FOUND Tue Apr 11 09:29:44 2006 -> /var/spool/qmailscan/tmp/INF-BL07114474058472618615/ message.scr: Worm.SomeFool.P FOUND Tue Apr 11 09:29:44 2006 -> /var/spool/qmailscan/tmp/INF-BL07114474058472618615/ textfile2: Exploit.HTML.IFrame FOUND Tue Apr 11 09:29:54 2006 -> Segmentation fault :-( Bye.. @40000000443b64bd275436e4 X-Qmail-Scanner-1.25st:[INF-BL07114474309172615709] cl amdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 The same happens if I change to root: Edit /etc/clamd.conf: User root I changed softlimit in /var/qmail/control/conf-common: SOFTLIMIT_OPTS="-m 128000000" # this server has 4GB RAM but I still have the same problem (i.e. clamd works fine for a while then segfaults). This has started happening after emerging clamav-0.88.1 (0.88 was doing fine). I still have a second server with 0.88 and is working fine. (same config as the main server; just different clamav version) rentorbuy@yahoo.com 2006-04-11 02:26:36 0000 (In reply to comment #14) Maybe qmail-scanner has to be re-emerged. Has anyone tried that? mmokrejs@ribosome.natur.cuni.cz 2006-04-11 02:31:01 0000 I saw some config file changes lifted up by my etc-update(1). If I remeber right it seems someone at Gentoo gave up and made the default user in clamav.conf User "clamav" instead of "qscand". That means one won't have to chown() the spool directories anymore. Be prepared to revert back. I have myself reject the config file change. rentorbuy@yahoo.com 2006-04-11 04:15:49 0000 I had to downgrade to 0.88 because 0.88.1 segfaults after correctly processing a certain number of messages. This behavior makes me think, although I may be wrong, that it's neither the ebuild's fault nor a file permission/ownership issue. I will check the clamav mailing list. mmokrejs@ribosome.natur.cuni.cz 2006-04-11 05:40:34 0000 Well, the segfaults have definitely another cause. Try: USE="debug" emerge qmail-scanner clamav # maybe others? and try to get the segfaults happen when you run the clamdscan daemon in foreground mode (--stdout). Does clamscan(1) crash as well? Or does clamd(1) die? rentorbuy@yahoo.com 2006-04-11 10:40:55 0000 (In reply to comment #18) There **may** be an issue with zip scanning on 64-bit platforms as reported by Chris Wakelin on the clamav mailing list. Will test and post back. rentorbuy@yahoo.com 2006-04-11 13:41:18 0000 Created an attachment (id=84469) possible clamav source patch for 64bit systems Testing this patch on a 64bit system. Procedure: emerge gentoolkit equery which clamav ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild clean ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild unpack cd /var/tmp/portage/clamav-0.88.1/work/ patch -p0 < /tmp/clamav-0.88.1-zziplib-64bit.patch ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild compile ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild install ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild qmerge Patched clamd daemon running since Apr. 11th 2006 22:00 GMT+1 on a system scanning aprox. 400 mailboxes. Will report segmentation faults, if any. rentorbuy@yahoo.com 2006-04-12 08:14:47 0000 (In reply to comment #20) Since this bug report is different I opened a new one, for amd64: http://bugs.gentoo.org/show_bug.cgi?id=129702 gentoo@oliwel.de 2006-07-18 00:31:14 0000 Hi QMS2.0 is not in stable arch and so I dont want to use it. The approach of making clamav run as qscand user is imho the most common and the most secure one - so whats about adding a "qmailscanner" useflag to the ebuild, that correctly sets the config and the rights of the associated files/dirs ? I think this can be done in a whimp and will not break or depend on anything else Oliver tupone@gentoo.org 2008-01-04 22:49:02 0000 Should be fixed in 2.01-r1. Additional instruction for clamav configuration are in the package. Thanks 84469 2006-04-11 13:41 0000 possible clamav source patch for 64bit systems clamav-0.88.1-zziplib-64bit.patch text/plain LS0tIGNsYW1hdi0wLjg4LjEvbGliY2xhbWF2L3p6aXBsaWIvenppcC16aXAuYy5vcmlnCTIwMDYt MDMtMjggMDA6NDM6NTMuMDAwMDAwMDAwICswMTAwCisrKyBjbGFtYXYtMC44OC4xL2xpYmNsYW1h di96emlwbGliL3p6aXAtemlwLmMJMjAwNi0wNC0xMSAxODowNTowNi4yNzU2NDQwODYgKzAxMDAK QEAgLTMwLDYgKzMwLDggQEAKICNpbmNsdWRlIDxzeXMvc3RhdC5oPgogI2luY2x1ZGUgPHVuaXN0 ZC5oPgogCisjaW5jbHVkZSAib3RoZXJzLmgiCisKIC8qCiAjaW5jbHVkZSAiX19tbWFwLmgiCiAj aW5jbHVkZSAiX19kZWJ1Zy5oIgo=