What are your current user/group ownership and permissions on: /var/run/clamd.scan/clamd.sock ?
Regards,Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 12:19 PM, Robert Kudyba <rkudyba@fordham.edu> wrote:
I set:MilterSocketGroup clamscanUser clamscan
Still getting the permission denied.
Note the process:
clamscan 30407 1.4 4.6 1406020 1150544 ? Ssl 10:57 1:08 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
And I added most of the clamav-related users to the closely name groups:
clamilt:x:123:clamav,clamscan
clamav:x:124:clamscan,clamilt
clamupdate:x:125:
clamscan:x:126:clamilt,clamav
virusgroup:x:127:clamupdate,clamscan,clamilt
______________________________
On Mon, Jul 16, 2018 at 11:50 AM, Micah Snyder (micasnyd) <micasnyd@cisco.com> wrote:
Hi Robert,
clamav-milter is a separate process that interacts with clamd. What user are you running clamav-milter under? It seems as thought clamav-milter doesn't have permission to access the clamd socket file to interact with clamd.
Regarding multiple socket options:
You are correct in that the ClamdSocket option in the milter config file may be used multiple times in case you have multiple clamd instances set up. However, each clamd instance will only listen on 1 socket, so you must select either 1 TCP or 1 Unix/Local.
Cheers,Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 11:06 AM, Robert Kudyba <rkudyba@fordham.edu> wrote:
http://lists.clamav.net/cgi-bi______________________________Thanks Micah, now getting a different error:Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to remove /var/run/clamd.scan/clamd.sock: Permission denied
Jul 16 10:59:23 storm clamav-milter[32079]: ERROR: Failed to create socket /var/run/clamd.scan/clamd.sock
Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to create listening socket on conn /var/run/clamd.scan/clamd.sock
ls -l /var/run/clamd.scan/clamd.sock
srw-rw-rw- 1 clamscan clamscan 0 Jul 16 10:57 /var/run/clamd.scan/clamd.sock
In the /etc/mail/clamav-milter.conf I have:MilterSocket /var/run/clamd.scan/clamd.sockClamdSocket unix:/var/run/clamd.scan/clamd.sock
Clamd is running, note as the user clamscan:
ps -auwx | grep clam
clamupd+ 2252 0.0 0.0 50740 3832 ? Ss Jul11 0:38 /usr/bin/freshclam -d -c 4
root 17462 0.0 0.0 119104 3264 ? Ss 09:00 0:00 /bin/bash /usr/share/clamav/freshclam-sleep
clamscan 30407 0.0 4.6 1406020 1141612 ? Ssl 10:57 0:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
The last few lines of /var/log/clamav-milter.log has:Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
Mon Jul 16 10:30:15 2018 -> Probe for slot 1 returned: failed
Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
Mon Jul 16 10:30:15 2018 -> Probe for slot 2 returned: failed
Mon Jul 16 10:30:15 2018 -> Probe for slot 3 returned: success
You wrote: "You should use only 1 ( TCP _or_ Unix/Local ) socket for clamd"But in the clamav-milter.conf it says:
# This option can be repeated several times with different sockets or even
# with the same socket: clamd servers will be selected in a round-robin
# fashion.
Anyways, seems to be a permission problem. Is clamav-milter trying to restart clamd based on the logs above??
On Fri, Jul 13, 2018 at 9:06 AM, Micah Snyder (micasnyd) <micasnyd@cisco.com> wrote:
It looks to me like you have 2 types of sockets set up in your milter config, and only 1 type of socket set up in your clamd config:
ClamdSocket tcp:localhost:3310
ClamdSocket unix:/var/run/clamd.scan/clamd.sock
Lines in /etc/clamd.d/scan.conf
TCPSocket 3310
TCPAddr 127.0.0.1
You should use only 1 ( TCP _or_ Unix/Local ) socket for clamd. We recommend using Unix/Local sockets.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 10, 2018, at 5:12 PM, Robert Kudyba <rkudyba@fordham.edu> wrote:
ClamdSocket tcp:localhost:3310
ClamdSocket unix:/var/run/clamd.scan/clamd.sock
Lines in /etc/clamd.d/scan.conf
TCPSocket 3310
TCPAddr 127.0.0.1
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.cl amav.net_cgi-2Dbin_mailman_lis tinfo_clamav-2Dusers&d=DwICAg& c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnU RkcqADc2guUW8IM&r=X0jL9y0sL4r4 iU_qVtR3lLNo4tOL1ry_m7-psV3Gej Y&m=unhaF4uJnMs3AVEXQaA4Mffu_ 38QO9gp0_R1MQ-vQbQ&s=WuF3C5NO_ kof-zA6OSL5C7p8pwYXzTfQq5aoMOg 0GSM&e=
Help us build a comprehensive ClamAV guide:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github. com_vrtadmin_clamav-2Dfaq&d=Dw ICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l 0sPnURkcqADc2guUW8IM&r=X0jL9y0 sL4r4iU_qVtR3lLNo4tOL1ry_m7-ps V3GejY&m=unhaF4uJnMs3AVEXQaA4M ffu_38QO9gp0_R1MQ-vQbQ&s= iUmHiP0ZFNaK22hm6e5QIA7sGao0Gh 0ztdSLV2Qhg9U&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clam av.net_contact.html-23ml&d=DwI CAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0 sPnURkcqADc2guUW8IM&r=X0jL9y0s L4r4iU_qVtR3lLNo4tOL1ry_m7-psV 3GejY&m=unhaF4uJnMs3AVEXQaA4Mf fu_38QO9gp0_R1MQ-vQbQ&s=d- 9aIaJVTefoOJR2YIGYgVGiD73p8LHd sXg3uY8WeNs&e=
_________________
clamav-users mailing list
clamav-users@lists.clamav.net
n/mailman/listinfo/clamav-user s
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.cl amav.net_cgi-2Dbin_mailman_lis tinfo_clamav-2Dusers&d=DwICAg& c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnU RkcqADc2guUW8IM&r=X0jL9y0sL4r4 iU_qVtR3lLNo4tOL1ry_m7- psV3GejY&m=r2bNshHrUVxKD_COhef 4PEadqcNLeu05lE_qjKrOO4A&s=vLM XaWC6wZVrusx9eRcsYvAEaOKtX8MW2 pspqOsv4rI&e=
Help us build a comprehensive ClamAV guide:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github. com_vrtadmin_clamav-2Dfaq&d=Dw ICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l 0sPnURkcqADc2guUW8IM&r=X0jL9y0 sL4r4iU_qVtR3lLNo4tOL1ry_m7- psV3GejY&m=r2bNshHrUVxKD_COhef 4PEadqcNLeu05lE_qjKrOO4A&s=TTz eifPhHyRt8cSdV4LPAqwaMatyW6sDC 0-PAMjdS4k&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clam av.net_contact.html-23ml&d= DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy 8l0sPnURkcqADc2guUW8IM&r=X0jL9 y0sL4r4iU_qVtR3lLNo4tOL1ry_m7- psV3GejY&m=r2bNshHrUVxKD_COhef 4PEadqcNLeu05lE_qjKrOO4A&s= 2wZ9N-vkiLPuzmJ4H7B2UD642faHuW MGzogtZx4SAdU&e=
_________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav- users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists. clamav.net_cgi-2Dbin_mailman_ listinfo_clamav-2Dusers&d= DwICAg&c= aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk cqADc2guUW8IM&r= X0jL9y0sL4r4iU_ qVtR3lLNo4tOL1ry_m7-psV3GejY& m=sEj6BTig-WzjS1ciLt- 7MaTBzf3bsr431mDsH8E8F8Y&s= Ma8bUEpcbTMKCnB7TgSZsHpftktY7m N4GyaRSRuGeAM&e=
Help us build a comprehensive ClamAV guide:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github. com_vrtadmin_clamav-2Dfaq&d= DwICAg&c= aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk cqADc2guUW8IM&r= X0jL9y0sL4r4iU_ qVtR3lLNo4tOL1ry_m7-psV3GejY& m=sEj6BTig-WzjS1ciLt- 7MaTBzf3bsr431mDsH8E8F8Y&s= LFgCSVxCUoPCAzoz- OGuKanF9QiOaVZtcQJLe6dqK4M&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__www. clamav.net_contact.html-23ml& d=DwICAg&c= aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk cqADc2guUW8IM&r= X0jL9y0sL4r4iU_ qVtR3lLNo4tOL1ry_m7-psV3GejY& m=sEj6BTig-WzjS1ciLt- 7MaTBzf3bsr431mDsH8E8F8Y&s= Z6mWTROA1JWmTp_MmK4QtVnYdendm- 5iJ-oMDSN4JA4&e=