[clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands

Robert Kudyba rkudyba at fordham.edu
Mon Jul 16 12:19:31 EDT 2018


I set:
MilterSocketGroup clamscan
User clamscan

Still getting the permission denied.

Note the process:
clamscan 30407  1.4  4.6 1406020 1150544 ?     Ssl  10:57   1:08
/usr/sbin/clamd -c /etc/clamd.d/scan.conf

And I added most of the clamav-related users to the closely name groups:
clamilt:x:123:clamav,clamscan
clamav:x:124:clamscan,clamilt
clamupdate:x:125:
clamscan:x:126:clamilt,clamav
virusgroup:x:127:clamupdate,clamscan,clamilt


On Mon, Jul 16, 2018 at 11:50 AM, Micah Snyder (micasnyd) <
micasnyd at cisco.com> wrote:

> Hi Robert,
>
> clamav-milter is a separate process that interacts with clamd.  What user
> are you running clamav-milter under?  It seems as thought clamav-milter
> doesn't have permission to access the clamd socket file to interact with
> clamd.
>
> Regarding multiple socket options:
>
> You are correct in that the ClamdSocket option in the milter config file
> may be used multiple times in case you have multiple clamd instances set
> up.  However, each clamd instance will only listen on 1 socket, so you must
> select either 1 TCP or 1 Unix/Local.
>
> Cheers,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 16, 2018, at 11:06 AM, Robert Kudyba <rkudyba at fordham.edu> wrote:
>
> Thanks Micah, now getting a different error:
> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to remove
> /var/run/clamd.scan/clamd.sock: Permission denied
> Jul 16 10:59:23 storm clamav-milter[32079]: ERROR: Failed to create socket
> /var/run/clamd.scan/clamd.sock
> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to create
> listening socket on conn /var/run/clamd.scan/clamd.sock
>
> ls -l /var/run/clamd.scan/clamd.sock
> srw-rw-rw- 1 clamscan clamscan 0 Jul 16 10:57
> /var/run/clamd.scan/clamd.sock
>
> In the /etc/mail/clamav-milter.conf I have:
> MilterSocket /var/run/clamd.scan/clamd.sock
> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>
> Clamd is running, note as the user clamscan:
> ps -auwx | grep clam
> clamupd+  2252  0.0  0.0  50740  3832 ?        Ss   Jul11   0:38
> /usr/bin/freshclam -d -c 4
> root     17462  0.0  0.0 119104  3264 ?        Ss   09:00   0:00 /bin/bash
> /usr/share/clamav/freshclam-sleep
> clamscan 30407  0.0  4.6 1406020 1141612 ?     Ssl  10:57   0:00
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>
> The last few lines of /var/log/clamav-milter.log has:
> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
> Mon Jul 16 10:30:15 2018 -> Probe for slot 1 returned: failed
> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
> Mon Jul 16 10:30:15 2018 -> Probe for slot 2 returned: failed
> Mon Jul 16 10:30:15 2018 -> Probe for slot 3 returned: success
>
> You wrote: "You should use only 1 ( TCP _or_ Unix/Local ) socket for clamd"
> But in the clamav-milter.conf it says:
> # This option can be repeated several times with different sockets or even
> # with the same socket: clamd servers will be selected in a round-robin
> # fashion.
>
> Anyways, seems to be a permission problem. Is clamav-milter trying to
> restart clamd based on the logs above??
>
> On Fri, Jul 13, 2018 at 9:06 AM, Micah Snyder (micasnyd) <
> micasnyd at cisco.com> wrote:
>
>> It looks to me like you have 2 types of sockets set up in your milter
>> config, and only 1 type of socket set up in your clamd config:
>>
>>
>> ClamdSocket tcp:localhost:3310
>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>
>> Lines in /etc/clamd.d/scan.conf
>>
>> TCPSocket 3310
>> TCPAddr 127.0.0.1
>>
>> You should use only 1 ( TCP _or_ Unix/Local ) socket for clamd.  We
>> recommend using Unix/Local sockets.
>>
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>> On Jul 10, 2018, at 5:12 PM, Robert Kudyba <rkudyba at fordham.edu> wrote:
>>
>>
>> ClamdSocket tcp:localhost:3310
>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>
>> Lines in /etc/clamd.d/scan.conf
>>
>> TCPSocket 3310
>> TCPAddr 127.0.0.1
>>
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.cl
>> amav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&
>> c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4
>> iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=unhaF4uJnMs3AVEXQaA4Mffu_38QO9
>> gp0_R1MQ-vQbQ&s=WuF3C5NO_kof-zA6OSL5C7p8pwYXzTfQq5aoMOg0GSM&e=
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
>> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l
>> 0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=
>> unhaF4uJnMs3AVEXQaA4Mffu_38QO9gp0_R1MQ-vQbQ&s=iUmHiP0ZFNaK22
>> hm6e5QIA7sGao0Gh0ztdSLV2Qhg9U&e=
>>
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clam
>> av.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy
>> 8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=
>> unhaF4uJnMs3AVEXQaA4Mffu_38QO9gp0_R1MQ-vQbQ&s=d-9aIaJVTefoOJ
>> R2YIGYgVGiD73p8LHdsXg3uY8WeNs&e=
>>
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.
> clamav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=
> aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_
> qVtR3lLNo4tOL1ry_m7-psV3GejY&m=r2bNshHrUVxKD_
> COhef4PEadqcNLeu05lE_qjKrOO4A&s=vLMXaWC6wZVrusx9eRcsYvAEaOKtX8
> MW2pspqOsv4rI&e=
>
>
> Help us build a comprehensive ClamAV guide:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&
> m=r2bNshHrUVxKD_COhef4PEadqcNLeu05lE_qjKrOO4A&s=
> TTzeifPhHyRt8cSdV4LPAqwaMatyW6sDC0-PAMjdS4k&e=
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.
> clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&
> m=r2bNshHrUVxKD_COhef4PEadqcNLeu05lE_qjKrOO4A&s=2wZ9N-
> vkiLPuzmJ4H7B2UD642faHuWMGzogtZx4SAdU&e=
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180716/ba8683c7/attachment.html>


More information about the clamav-users mailing list