[clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands

Robert Kudyba rkudyba at fordham.edu
Tue Jul 17 15:50:49 EDT 2018


An update, I got clamav-milter to run, from the clamav-milter logs:
Tue Jul 17 15:34:15 2018 -> +++ Started at Tue Jul 17 15:34:15 2018
Tue Jul 17 15:34:15 2018 -> Probe for slot 1 returned: success
Tue Jul 17 15:35:50 2018 -> +++ Started at Tue Jul 17 15:35:50 2018
Tue Jul 17 15:35:50 2018 -> Probe for slot 1 returned: success


ps -auwx | grep clam
clamupd+  2252  0.0  0.0  50740  3832 ?        Ss   Jul11   0:45
/usr/bin/freshclam -d -c 4
clamscan 18943  0.0  4.6 1406760 1142296 ?     Ssl  15:34   0:00
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
root     19249  0.0  0.0 119104  3080 ?        Ss   15:00   0:00 /bin/bash
/usr/share/clamav/freshclam-sleep
clamilt  20686  0.0  0.0 107312   524 ?        Ssl  15:35   0:00
/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf

However I still get these errors in sendmail:
Milter: data, reject=451 4.3.2 Please try again later

The sendmail.mc ClamAV line looks like this:
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav-milter/clamav-milter.socket,F=T,T=S:4m;R:4m;E:10m')dnl

Some relevant results from clamconf:

ClamdSocket = "unix:/var/run/clamd.scan/clamd.sock"
MilterSocket = "/var/run/clamav-milter/clamav-milter.socket"
MilterSocketGroup = "virusgroup"
[...]
LocalSocket = "/var/run/clamd.scan/clamd.sock"
LocalSocketGroup = "clamscan"
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled





On Mon, Jul 16, 2018 at 12:27 PM, Micah Snyder (micasnyd) <
micasnyd at cisco.com> wrote:

> What are your current user/group ownership and permissions on:
>  /var/run/clamd.scan/clamd.sock ?
>
> Regards,
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 16, 2018, at 12:19 PM, Robert Kudyba <rkudyba at fordham.edu> wrote:
>
> I set:
> MilterSocketGroup clamscan
> User clamscan
>
> Still getting the permission denied.
>
> Note the process:
> clamscan 30407  1.4  4.6 1406020 1150544 ?     Ssl  10:57   1:08
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>
> And I added most of the clamav-related users to the closely name groups:
> clamilt:x:123:clamav,clamscan
> clamav:x:124:clamscan,clamilt
> clamupdate:x:125:
> clamscan:x:126:clamilt,clamav
> virusgroup:x:127:clamupdate,clamscan,clamilt
>
>
> On Mon, Jul 16, 2018 at 11:50 AM, Micah Snyder (micasnyd) <
> micasnyd at cisco.com> wrote:
>
>> Hi Robert,
>>
>> clamav-milter is a separate process that interacts with clamd.  What user
>> are you running clamav-milter under?  It seems as thought clamav-milter
>> doesn't have permission to access the clamd socket file to interact with
>> clamd.
>>
>> Regarding multiple socket options:
>>
>> You are correct in that the ClamdSocket option in the milter config file
>> may be used multiple times in case you have multiple clamd instances set
>> up.  However, each clamd instance will only listen on 1 socket, so you must
>> select either 1 TCP or 1 Unix/Local.
>>
>> Cheers,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>> On Jul 16, 2018, at 11:06 AM, Robert Kudyba <rkudyba at fordham.edu> wrote:
>>
>> Thanks Micah, now getting a different error:
>> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to remove
>> /var/run/clamd.scan/clamd.sock: Permission denied
>> Jul 16 10:59:23 storm clamav-milter[32079]: ERROR: Failed to create
>> socket /var/run/clamd.scan/clamd.sock
>> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to create
>> listening socket on conn /var/run/clamd.scan/clamd.sock
>>
>> ls -l /var/run/clamd.scan/clamd.sock
>> srw-rw-rw- 1 clamscan clamscan 0 Jul 16 10:57
>> /var/run/clamd.scan/clamd.sock
>>
>> In the /etc/mail/clamav-milter.conf I have:
>> MilterSocket /var/run/clamd.scan/clamd.sock
>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>
>> Clamd is running, note as the user clamscan:
>> ps -auwx | grep clam
>> clamupd+  2252  0.0  0.0  50740  3832 ?        Ss   Jul11   0:38
>> /usr/bin/freshclam -d -c 4
>> root     17462  0.0  0.0 119104  3264 ?        Ss   09:00   0:00
>> /bin/bash /usr/share/clamav/freshclam-sleep
>> clamscan 30407  0.0  4.6 1406020 1141612 ?     Ssl  10:57   0:00
>> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>>
>> The last few lines of /var/log/clamav-milter.log has:
>> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 1 returned: failed
>> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 2 returned: failed
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 3 returned: success
>>
>> You wrote: "You should use only 1 ( TCP _or_ Unix/Local ) socket for
>> clamd"
>> But in the clamav-milter.conf it says:
>> # This option can be repeated several times with different sockets or even
>> # with the same socket: clamd servers will be selected in a round-robin
>> # fashion.
>>
>> Anyways, seems to be a permission problem. Is clamav-milter trying to
>> restart clamd based on the logs above??
>>
>> On Fri, Jul 13, 2018 at 9:06 AM, Micah Snyder (micasnyd) <
>> micasnyd at cisco.com> wrote:
>>
>>> It looks to me like you have 2 types of sockets set up in your milter
>>> config, and only 1 type of socket set up in your clamd config:
>>>
>>>
>>> ClamdSocket tcp:localhost:3310
>>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>>
>>> Lines in /etc/clamd.d/scan.conf
>>>
>>> TCPSocket 3310
>>> TCPAddr 127.0.0.1
>>>
>>> You should use only 1 ( TCP _or_ Unix/Local ) socket for clamd.  We
>>> recommend using Unix/Local sockets.
>>>
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>> On Jul 10, 2018, at 5:12 PM, Robert Kudyba <rkudyba at fordham.edu> wrote:
>>>
>>>
>>> ClamdSocket tcp:localhost:3310
>>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>>
>>> Lines in /etc/clamd.d/scan.conf
>>>
>>> TCPSocket 3310
>>> TCPAddr 127.0.0.1
>>>
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.cl
>>> amav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&
>>> c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4
>>> iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=unhaF4uJnMs3AVEXQaA4Mffu_
>>> 38QO9gp0_R1MQ-vQbQ&s=WuF3C5NO_kof-zA6OSL5C7p8pwYXzTfQq5aoMOg0GSM&e=
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
>>> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l
>>> 0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-ps
>>> V3GejY&m=unhaF4uJnMs3AVEXQaA4Mffu_38QO9gp0_R1MQ-vQbQ&s=
>>> iUmHiP0ZFNaK22hm6e5QIA7sGao0Gh0ztdSLV2Qhg9U&e=
>>>
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clam
>>> av.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0
>>> sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV
>>> 3GejY&m=unhaF4uJnMs3AVEXQaA4Mffu_38QO9gp0_R1MQ-vQbQ&s=d-
>>> 9aIaJVTefoOJR2YIGYgVGiD73p8LHdsXg3uY8WeNs&e=
>>>
>>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.clamav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwMFAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=sEj6BTig-WzjS1ciLt-7MaTBzf3bsr431mDsH8E8F8Y&s=Ma8bUEpcbTMKCnB7TgSZsHpftktY7mN4GyaRSRuGeAM&e=>
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwMFAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=sEj6BTig-WzjS1ciLt-7MaTBzf3bsr431mDsH8E8F8Y&s=LFgCSVxCUoPCAzoz-OGuKanF9QiOaVZtcQJLe6dqK4M&e=>
>>
>> http://www.clamav.net/contact.html#ml
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwMFAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=sEj6BTig-WzjS1ciLt-7MaTBzf3bsr431mDsH8E8F8Y&s=Z6mWTROA1JWmTp_MmK4QtVnYdendm-5iJ-oMDSN4JA4&e=>
>>
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.cl
>> amav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&
>> c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4
>> iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=r2bNshHrUVxKD_COhef
>> 4PEadqcNLeu05lE_qjKrOO4A&s=vLMXaWC6wZVrusx9eRcsYvAEaOKtX8MW2pspqOsv4rI&e=
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
>> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l
>> 0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-
>> psV3GejY&m=r2bNshHrUVxKD_COhef4PEadqcNLeu05lE_qjKrOO4A&s=TTz
>> eifPhHyRt8cSdV4LPAqwaMatyW6sDC0-PAMjdS4k&e=
>>
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clam
>> av.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy
>> 8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-
>> psV3GejY&m=r2bNshHrUVxKD_COhef4PEadqcNLeu05lE_qjKrOO4A&s=
>> 2wZ9N-vkiLPuzmJ4H7B2UD642faHuWMGzogtZx4SAdU&e=
>>
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.
> clamav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=
> aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_
> qVtR3lLNo4tOL1ry_m7-psV3GejY&m=sEj6BTig-WzjS1ciLt-
> 7MaTBzf3bsr431mDsH8E8F8Y&s=Ma8bUEpcbTMKCnB7TgSZsHpftktY7mN4GyaRSRuGeAM&e=
>
>
> Help us build a comprehensive ClamAV guide:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&
> m=sEj6BTig-WzjS1ciLt-7MaTBzf3bsr431mDsH8E8F8Y&s=LFgCSVxCUoPCAzoz-
> OGuKanF9QiOaVZtcQJLe6dqK4M&e=
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.
> clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&
> m=sEj6BTig-WzjS1ciLt-7MaTBzf3bsr431mDsH8E8F8Y&s=
> Z6mWTROA1JWmTp_MmK4QtVnYdendm-5iJ-oMDSN4JA4&e=
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180717/a6537e8e/attachment.html>


More information about the clamav-users mailing list