Bug 73001 - clamav 0.80 doesn't work with qmail-scanner.
|
Bug#:
73001
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: critical
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: qmail-bugs@gentoo.org
|
Reported By: david@rohr.se
|
|
Component: Applications
|
|
|
URL:
|
|
Summary: clamav 0.80 doesn't work with qmail-scanner.
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2004-12-01 00:37 0000
|
@4000000041ad8266106e8cf4 X-Qmail-Scanner-1.24st:[angelica110189014068027253]
clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms
problem - exit status 512/2
I get this on every mail that comes in. Works great with 0.75.
Also tested with the FixStaleSocket option, didn't help at all..
Reproducible: Always
Steps to Reproduce:
1. Upgrade to clamav 0.80
2.
3.
Actual Results:
qmail-scanner stoped working.
Expected Results:
A working mailscanner.
Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4,
glibc-2.3.4.20040808-r1, 2.4.27-grsec-2.0.1 i686)
=================================================================
System uname: 2.4.27-grsec-2.0.1 i686 AMD Duron(tm) processor
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.15.90.0.1.1-r3
Headers: sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=i686 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/bind /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=i686 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://ftp.du.se/pub/os/gentoo http://gentoo.oregonstate.edu
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="apache2 apm arts avi berkdb bitmap-fonts chroot crypt curl encode f77
foomaticdb fortran gd gdbm gif gmp gpm gtk2 imagemagick imap imlib ipv6 java
jpeg libg++ libwww mad mailbox maildir mbox mcal mikmod motif mpeg mysql
ncurses nls oggvorbis opengl oss pam pdflib perl perlsuid png python quicktime
readline ruby sasl sdl session slang snmp spamassassin spell ssl svga tcpd tiff
truetype x86 xml2 xmms xv zlib"
I noticed that the old 0.75.1 uses root as user, and 0.80 uses clamav. So maybe
the problem is there... But isn't right permissions set for the clamav user?
get newer qmail-scanner. the problem is there (fixed in 1.24).
the real issue is that version string of clamdscan has changed and qmail scanner gets confused on that.
ah. sorry. You have 1.24.
Hi,
I'm not sure what you mean when you say that clamd uses root as user. Can you clarify? clamdscan is working fine over here. :)
/etc/clamav.conf
User qscand
Regards
Lim Swee Tat
On 0.75.1 clamav uses the root-user, and when I tested 0.80 i changed the
options to use a diffrent user, clamd. Using this user causes the message i
displayed. Maybe it works better with qscand, haven't tried that one...
Now tested with "User qscand" and now everything works. Guess this should be
noticed in the documents for either clamav or qmail-scanner.
Here's an interesting page on this issue:
http://qmail.jms1.net/clamav-qms.shtml
And this is the test program to see if you're configuration is working:
/usr/share/doc/qmail-scanner-1.25-r1/contrib/test_installation.sh.gz
I've tried everything on google and everything on the first link and I continue
to get the problem mentioned in this bug.. I have these versions installed.
* app-antivirus/clamav :
[ I] 0.86.2 (0)
* mail-filter/spamassassin :
[ I] 3.0.4 (0)
* mail-filter/qmail-scanner :
[ I] 1.25-r1 (0)
advocate etc # /tmp/test_installation.sh -doit
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for
this test...
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for
this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
X-Qmail-Scanner-1.25st:[advocate112525294571831715] clamdscan: corrupt or
unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died
When the test_installation program is run, do you see this problem?
NOTE: I just retested setting "User root" in etc/clamd.conf and I get
advocate etc # /tmp/test_installation.sh -doit
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for
this test...
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for
this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by
commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using
SpamAssassin...
Done!
Finished test. Now go and check Email for root@localhost
What on that previous link is still wrong where root is still needed?
I have just hit the same problem with clamav-0.88 and qmail-scanner-1.25-r1.
The fix for me was:
# vim /etc/clamd.conf # set User to qscand
# chown qscand /var/run/clamav
This should be noted in qmail-scanner-1.25-r1.ebuild:pkg_postinst
right after the line with:
export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
I can confirm that this problem is solved by:
instructions on http://qmail.jms1.net/clamav-qms.shtml
COMBINED with
export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
note that you should not use the .pl file.
(In reply to comment #12)
> I can confirm that this problem is solved by:
> instructions on http://qmail.jms1.net/clamav-qms.shtml
> COMBINED with
> export QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue
>
> note that you should not use the .pl file.
>
Well I'm not sure what I'm doing wrong, but I followed the above instructions
and still get the error.
(In reply to comment #13)
> Well I'm not sure what I'm doing wrong, but I followed the above instructions
> and still get the error.
Here's what I've done.
Edit /etc/clamd.conf:
User qscand
Edit /etc/freshclam.conf:
DatabaseOwner qscand
# chown -R qscand:qscand /var/lib/clamav
# chown -R qscand:qscand /var/run/clamav
# chown -R qscand:qscand /var/log/clamav
For the first bundle of processed emails, everythng works fine but then I get
clamd segfaults.
/var/log:
Tue Apr 11 09:26:51 2006 ->
/var/spool/qmailscan/tmp/INF-BL07114474041172614965/
msg.pif: Worm.SomeFool.P FOUND
Tue Apr 11 09:26:52 2006 ->
/var/spool/qmailscan/tmp/INF-BL07114474041272614996/
message.scr: Worm.SomeFool.P FOUND
Tue Apr 11 09:26:52 2006 ->
/var/spool/qmailscan/tmp/INF-BL07114474041272614996/
textfile2: Exploit.HTML.IFrame FOUND
Tue Apr 11 09:29:44 2006 ->
/var/spool/qmailscan/tmp/INF-BL07114474058472618615/
message.scr: Worm.SomeFool.P FOUND
Tue Apr 11 09:29:44 2006 ->
/var/spool/qmailscan/tmp/INF-BL07114474058472618615/
textfile2: Exploit.HTML.IFrame FOUND
Tue Apr 11 09:29:54 2006 -> Segmentation fault :-( Bye..
@40000000443b64bd275436e4 X-Qmail-Scanner-1.25st:[INF-BL07114474309172615709]
cl
amdscan: corrupt or unknown clamd scanner error or memory/resource/perms
problem
- exit status 512/2
The same happens if I change to root:
Edit /etc/clamd.conf:
User root
I changed softlimit in /var/qmail/control/conf-common:
SOFTLIMIT_OPTS="-m 128000000" # this server has 4GB RAM
but I still have the same problem (i.e. clamd works fine for a while then
segfaults).
This has started happening after emerging clamav-0.88.1 (0.88 was doing fine).
I still have a second server with 0.88 and is working fine. (same config as the
main server; just different clamav version)
(In reply to comment #14)
Maybe qmail-scanner has to be re-emerged. Has anyone tried that?
I saw some config file changes lifted up by my etc-update(1). If I remeber
right it seems someone at Gentoo gave up and made the default user in
clamav.conf User "clamav" instead of "qscand". That means one won't have to
chown() the spool directories anymore. Be prepared to revert back. I have
myself reject the config file change.
I had to downgrade to 0.88 because 0.88.1 segfaults after correctly processing
a certain number of messages. This behavior makes me think, although I may be
wrong, that it's neither the ebuild's fault nor a file permission/ownership
issue. I will check the clamav mailing list.
Well, the segfaults have definitely another cause. Try:
USE="debug" emerge qmail-scanner clamav # maybe others?
and try to get the segfaults happen when you run the clamdscan daemon in
foreground mode (--stdout). Does clamscan(1) crash as well? Or does clamd(1)
die?
(In reply to comment #18)
There **may** be an issue with zip scanning on 64-bit platforms as reported by
Chris Wakelin on the clamav mailing list.
Will test and post back.
Created an attachment (id=84469) [details]
possible clamav source patch for 64bit systems
Testing this patch on a 64bit system.
Procedure:
emerge gentoolkit
equery which clamav
ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild clean
ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild unpack
cd /var/tmp/portage/clamav-0.88.1/work/
patch -p0 < /tmp/clamav-0.88.1-zziplib-64bit.patch
ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild compile
ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild install
ebuild /usr/portage/app-antivirus/clamav/clamav-0.88.1.ebuild qmerge
Patched clamd daemon running since Apr. 11th 2006 22:00 GMT+1 on a system
scanning aprox. 400 mailboxes.
Will report segmentation faults, if any.
Hi
QMS2.0 is not in stable arch and so I dont want to use it. The approach of
making clamav run as qscand user is imho the most common and the most secure
one - so whats about adding a "qmailscanner" useflag to the ebuild, that
correctly sets the config and the rights of the associated files/dirs ?
I think this can be done in a whimp and will not break or depend on anything
else
Oliver
Should be fixed in 2.01-r1. Additional instruction for clamav configuration are
in the package.
Thanks
