Discussion:
[Mimedefang] Error with mimedefang + clamd
Info @ brainwash
2017-11-22 15:11:03 UTC
Permalink
Hello,

I have installed MIMEDefang 2.8.3 from the EPEL repository on a Centos
7-4.1708.el7.centos.x86_64 VM. I have also installed CLAMAV as clamd (daemon
- v0.99.2/24063) under user clamscan and I have also configured
clamav-milter to integrate it with Postfix. All of them run successfully.

I then configured MIMEDefang to scan mails using clamd and not only perform
Spam check via SpamAssassin. MIMEDefang runs under the user defang. User
degang is a member of the clamscan group and vice versa. The
/var/spool/MIMEDefang/ directory has rights 0766 and belongs to user
defang:defang (it is been reset to these values every time the mimedefang
service restarts or the server reboots).

Clam has been unable to scan for e-mails when received by MIMEDefang,
producing the following error in the log:

WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UB1us0i/Work

. and within maillog:

Clamd returned error: lstat() failed: Permission denied
Problem running virus scanner: code=999, category=swerr, action=tempfail
filter:  tempfail=1
Tempfailing because filter instructed us to

From what I found when Googling this error, the issue is that MIMEDefang
cannot create the work directory thus Clam cannot find the file to scan. I
tried to make the directory 0777 and even change the users using chown, to
no effect.

Can anyone help with this error as MIMEDefang cannot work with clam? Running
clam as user defang is not an option unfortunately due to admin
restrictions.

Thank you






_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.
Dianne Skoll
2017-11-22 15:18:58 UTC
Permalink
Hi,

You should either add the ClamAV user to the "defang" group and
use the "-G" option to have mimedefang create group-accessible files, or
simply run clamd as the "defang" user directly.

Regards,

Dianne.
Post by Info @ brainwash
Clam has been unable to scan for e-mails when received by MIMEDefang,
WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UB1us0i/Work
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/lis
Bill Cole
2017-11-22 18:52:28 UTC
Permalink
Post by Info @ brainwash
/var/spool/MIMEDefang/ directory has rights 0766 and belongs to user
defang:defang (it is been reset to these values every time the
mimedefang
service restarts or the server reboots).
Dianne has already given the proper solution but this begs for a general
warning...

Setting the world-writable bit on any file or on a directory without
also setting the sticky bit is a risky action. You should NEVER leave a
file or directory world-writable. Also on directories, it is generally
not useful to set read bits without also setting the execute (i.e.
search, for directories) bits.
Post by Info @ brainwash
From what I found when Googling this error, the issue is that
MIMEDefang cannot create the work directory thus Clam cannot find the
file to scan.
It's usually best to read the man pages that are written by the author
of a program before searching for random answers on the web who may not
understand their problem, may not be getting an error message for the
same reason you are, and may be using a version (or platform variant)
that is unlike yours. This looks to me like a wrong answer but it really
does not matter because the fix is simple and clearly documented in the
mimedefang man page.
Post by Info @ brainwash
I tried to make the directory 0777 and even change the users using
chown, to no effect.
Reiterating the above: don't set the world-writable bit anywhere except
on shared directories with the sticky bit set (e.g. /tmp and /var/tmp
use mode 1777) and (sometimes) sockets and devices. It's not a safe
solution to any problem and usually isn't even helpful as a
troubleshooting tool.

MIMEDefang by design creates and destroys many files and directories for
short lives, so for safety it needs to manage permissions itself very
carefully and tightly. It cannot rely on sysadmins creating safe working
ownership and permission constructs because it is a known fact that many
sysadmins never actually read documentation. It is conceivable that MD
could have been written to be entirely ignorant of security issues and
rely on sysadmins to use whatever mix of standard ownership &
permissions, BSD setgid semantics, and ACLs is available and necessary
to allow everything MD does to work safely. I believe that if that were
the case, MD would have a reputation of being hard to make work and
grossly insecure. It's better this way.
--
Bill Cole
***@scconsult.com or ***@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roari
Info @ brainwash
2017-11-23 12:25:28 UTC
Permalink
Hello Dianne & Bill,

Thank you both for your replies..

@Dianne: I have already tested your recommendation, i.e. run mimedefang with the -G option and have the clamav user as member of the defang group. In particular, the startup parameters of both services are:

/usr/bin/mimedefang -P /run/mimedefang.pid -o /var/spool/MIMEDefang/mimedefang.lock -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -y -R -1 -U defang -r -s -t -G -q -p inet:14865

/usr/bin/mimedefang-multiplexor -p /run/mimedefang-multiplexor.pid -o /var/spool/MIMEDefang/mimedefang-multiplexor.lock -m 2 -x 10 -y 0 -U defang -b 600 -r 200 -l -t /var/log/mimedefang/stats -Z -G -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock

.. and I get the issues with the Work files creation as initially mentioned, even though clamav user is a member of the defang group. Unfortunately, I cannot run clamav under defang due to admin restricions/policies.

@Bill, as per the 0766 setting, I changed it as a troubleshooting method. The directory does not have 0766 permissions under normal operation. You are right in your statements and thank you for describing them in detail. I had checked the manual pages and found Dianne's recommendation, however as it was not working on our system I started searching even deeper.

Anything else I can check regarding this error, should it provide more insight towards solving the issue?

Thank you,

Socrates


-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Bill Cole
Sent: Wednesday, November 22, 2017 8:52 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd
Post by Info @ brainwash
/var/spool/MIMEDefang/ directory has rights 0766 and belongs to user
defang:defang (it is been reset to these values every time the
mimedefang service restarts or the server reboots).
Dianne has already given the proper solution but this begs for a general warning...

Setting the world-writable bit on any file or on a directory without also setting the sticky bit is a risky action. You should NEVER leave a file or directory world-writable. Also on directories, it is generally not useful to set read bits without also setting the execute (i.e.
search, for directories) bits.
Post by Info @ brainwash
From what I found when Googling this error, the issue is that
MIMEDefang cannot create the work directory thus Clam cannot find the
file to scan.
It's usually best to read the man pages that are written by the author of a program before searching for random answers on the web who may not understand their problem, may not be getting an error message for the same reason you are, and may be using a version (or platform variant) that is unlike yours. This looks to me like a wrong answer but it really does not matter because the fix is simple and clearly documented in the mimedefang man page.
Post by Info @ brainwash
I tried to make the directory 0777 and even change the users using
chown, to no effect.
Reiterating the above: don't set the world-writable bit anywhere except on shared directories with the sticky bit set (e.g. /tmp and /var/tmp use mode 1777) and (sometimes) sockets and devices. It's not a safe solution to any problem and usually isn't even helpful as a troubleshooting tool.

MIMEDefang by design creates and destroys many files and directories for short lives, so for safety it needs to manage permissions itself very carefully and tightly. It cannot rely on sysadmins creating safe working ownership and permission constructs because it is a known fact that many sysadmins never actually read documentation. It is conceivable that MD could have been written to be entirely ignorant of security issues and rely on sysadmins to use whatever mix of standard ownership & permissions, BSD setgid semantics, and ACLs is available and necessary to allow everything MD does to work safely. I believe that if that were the case, MD would have a reputation of being hard to make work and grossly insecure. It's better this way.

--
Bill Cole
***@scconsult.com or ***@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole _______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http
Dianne Skoll
2017-11-23 15:23:12 UTC
Permalink
On Thu, 23 Nov 2017 14:25:28 +0200
Post by Info @ brainwash
mimedefang with the -G option and have the clamav user as member of
the defang group. In particular, the startup parameters of both
[...]
Post by Info @ brainwash
.. and I get the issues with the Work files creation as initially
mentioned, even though clamav user is a member of the defang group.
Unfortunately, I cannot run clamav under defang due to admin
restricions/policies.
Try stopping MIMEDefang and running:

chgrp -R defang /var/spool/MIMEDefang
chmod 750 /var/spool/MIMEDefang
chmod g+s /var/spool/MIMEDefang

That will make /var/spool/MIMEDefang have group "defang" and set
the SGID bit on the directory, meaning any directories or files
created under /var/spool/MIMEDefang will also have group "defang"
(and recursively down the whole tree.)

Rgeards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedef
Info @ brainwash
2017-11-23 18:36:50 UTC
Permalink
Hi Dianne,

Thank you for the swift reply.

Tried the commands you mention.. to no effect however.. :(

Still @ maillog:

mimedefang.pl[25993]: B8D39D49: Clamd returned error: lstat() failed: Permission denied.
mimedefang.pl[25993]: B8D39D49: Problem running virus scanner: code=999, category=swerr, action=tempfail
mimedefang.pl[25993]: B8D39D49: filter: tempfail=1
mimedefang[26008]: B8D39D49: Tempfailing because filter instructed us to

... and @ clamav log:

-> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBuyV00/Work

As a reminder, clamav user is a member of the defang group and vice versa..


-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Dianne Skoll
Sent: Thursday, November 23, 2017 5:23 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

On Thu, 23 Nov 2017 14:25:28 +0200
Post by Info @ brainwash
mimedefang with the -G option and have the clamav user as member of
the defang group. In particular, the startup parameters of both
[...]
Post by Info @ brainwash
.. and I get the issues with the Work files creation as initially
mentioned, even though clamav user is a member of the defang group.
Unfortunately, I cannot run clamav under defang due to admin
restricions/policies.
Try stopping MIMEDefang and running:

chgrp -R defang /var/spool/MIMEDefang
chmod 750 /var/spool/MIMEDefang
chmod g+s /var/spool/MIMEDefang

That will make /var/spool/MIMEDefang have group "defang" and set the SGID bit on the directory, meaning any directories or files created under /var/spool/MIMEDefang will also have group "defang"
(and recursively down the whole tree.)

Rgeards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists
Dianne Skoll
2017-11-23 18:45:23 UTC
Permalink
On Thu, 23 Nov 2017 20:36:50 +0200
Post by Info @ brainwash
Tried the commands you mention.. to no effect however.. :(
Please post the output of these commands:

id clamav
ls -ld / /var /var/spool /var/spool/MIMEDefang/

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lis
Info @ brainwash
2017-11-23 18:52:02 UTC
Permalink
Actually, user is clamscan..

Output of the commands you asked for:

uid=996(clamscan) gid=992(clamscan) groups=992(clamscan),993(virusgroup),984(defang),983(clamilt)

&

dr-xr-xr-x. 18 root root 4096 Nov 20 20:02 /
drwxr-xr-x. 28 root root 4096 Nov 17 14:39 /var
drwxr-xr-x. 14 root root 4096 Nov 21 14:27 /var/spool
drwxr-s--- 4 defang defang 4096 Nov 23 20:50 /var/spool/MIMEDefang/

-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Dianne Skoll
Sent: Thursday, November 23, 2017 8:45 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

On Thu, 23 Nov 2017 20:36:50 +0200
Post by Info @ brainwash
Tried the commands you mention.. to no effect however.. :(
Please post the output of these commands:

id clamav
ls -ld / /var /var/spool /var/spool/MIMEDefang/

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.ro
Dianne Skoll
2017-11-23 19:04:30 UTC
Permalink
Hi,
Post by Info @ brainwash
Actually, user is clamscan..
Did you restart ClamAV after adding clamscan to the defang group?

And did you ensure that AllowSupplementaryGroups in clamd.conf is set
to "yes" ?

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.
Paul Murphy
2017-11-23 19:04:27 UTC
Permalink
Also, you probably need to set AllowSupplementaryGroups in your clamd.conf file:

AllowSupplementaryGroups BOOL
Initialize a supplementary group access (the process must be started by root).
Default: no

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpe
Paul Murphy
2017-11-23 18:59:15 UTC
Permalink
Also, please post the output from: ps -eo pid,group,user,args |grep clam

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringp
Info @ brainwash
2017-11-24 09:13:05 UTC
Permalink
@Paul/Dianne

Output of the command you asked for:

8510 clamscan clamscan /usr/bin/freshclam -d -c 4
9697 clamscan clamscan /usr/sbin/clamd -c /etc/clamd.d/scan.conf
15710 root root /bin/bash /usr/share/clamav/freshclam-sleep

Regarding clamav config, yes.. AllowSupplementaryGroups in clamd.conf is set to "yes"!!!

So far I believe I have followed every step/direction mentioned in the documentation regarding the mimedefang service configuration.. that's why I am baffled!

-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Paul Murphy
Sent: Thursday, November 23, 2017 8:59 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

Also, please post the output from: ps -eo pid,group,user,args |grep clam

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedef
Richard Laager
2017-11-24 09:59:45 UTC
Permalink
Does your system have apparmor or SELinux that could be blocking access
separately from filesystem permissions?
--
Richard
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mai
Info @ brainwash
2017-11-24 10:07:00 UTC
Permalink
@Richard: Apparmor is not installed.. SELinux has been disabled..

-----Original Message-----
From: Richard Laager [mailto:***@wiktel.com]
Sent: Friday, November 24, 2017 12:00 PM
To: Info @ brainwash <***@brainwash.gr>
Cc: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

Does your system have apparmor or SELinux that could be blocking access separately from filesystem permissions?

--
Richard


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mime
Paul Murphy
2017-11-24 10:21:26 UTC
Permalink
If your policy permits it, the next steps I would take would be:

1. Enable the "-D" option in MIMEDefang to leave the spool directories in place after scanning, so that you have an example to work with. Restart MIMEDefang to make this active. You only need to have this enabled until you have processed 3-4 messages, rather than storing everything.

2. "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3. Inspect the permissions on the spool folders to ensure that the group access is present:

total 104
drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
drwxr-xr-x. 17 root root 4096 Nov 5 2016 ..
srw-rw----. 1 defang defang 0 Oct 31 12:03 clamd.sock
drwxr-x---. 4 defang defang 4096 Nov 24 07:55 mdefang-vAO7tER3031965
drwxr-x---. 4 defang defang 4096 Nov 24 07:57 mdefang-vAO7vcqG032097
drwxr-x---. 4 defang defang 4096 Nov 24 08:01 mdefang-vAO802P1032251

4. Also verify here that the clamd.sock socket file is present, and is writable by MIMEDefang, otherwise the request to scan the file cannot be sent. If it does not exist in this folder, how does MIMEDefang find it? Hint - line 174 of /usr/bin/mimedefang.pl:
$ClamdSock = '/var/spool/MIMEDefang/clamd.sock';

5. Try to "cd" into one of the folders as clamscan, and see what happens. If it works, the group memberships and spool folder permissions are correct. Run clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, I'm stumped.

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaring
Info @ brainwash
2017-11-24 10:52:56 UTC
Permalink
@Paul

Thank you for your time taken to compile the list of steps regarding this issue.

Results..
(1):

/var/spool/MIMEDefang has the following permissions after Dianne's recommendations:

drwxr-s--- 4 defang defang 4096 MIMEDefang

I started mimedefang with the -D option, as indicated. However, no working directories within /var/spool/MIMEDefang/ were created and, as a result, I get in maillog (again):

clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work

(2)/(3):

drwxr-s--- 4 defang defang 4096 .
drwxr-xr-x. 14 root root 4096 ..
-rw------- 1 defang defang 0 mimedefang.lock
-rw------- 1 defang defang 0 mimedefang-multiplexor.lock
srwxrwx--- 1 defang defang 0 mimedefang-multiplexor.sock
drwx------ 2 defang defang 4096 .pyzor
drwxr-x--- 2 defang defang 4096 .razor

(4) clamd socket file is present, albeit present in another directory as clamd runs as another user (clamscan) and not as defang. It is also defined within the mimedefang.pl as

$ClamdSock = '/var/run/clamd /clamd.sock';

The /var/run/clamd/ directory has the following privileges:

drwx--x--- 2 clamscan clamscan clamd

.. and the contents of this directory:

-rw-rw-r-- 1 clamscan clamscan 5 clamd.pid
srw-rw-rw- 1 clamscan clamscan 0 clamd.sock

User defang is already a member of the clamscan group. Clamd.sock is also group readable/writeable.

It seems from the logs that the request to clamd is sent by MIMEDefang, however there is no file present at the location indicated (work folders could not get created by mimedefang) thus clamd crashes as it tries to scan something that does not exist.

(5) As (1) could not be completed (no work directories created) I cannot check clamscan by scanning individual messages.


-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Paul Murphy
Sent: Friday, November 24, 2017 12:21 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

If your policy permits it, the next steps I would take would be:

1. Enable the "-D" option in MIMEDefang to leave the spool directories in place after scanning, so that you have an example to work with. Restart MIMEDefang to make this active. You only need to have this enabled until you have processed 3-4 messages, rather than storing everything.

2. "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3. Inspect the permissions on the spool folders to ensure that the group access is present:

total 104
drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
drwxr-xr-x. 17 root root 4096 Nov 5 2016 ..
srw-rw----. 1 defang defang 0 Oct 31 12:03 clamd.sock
drwxr-x---. 4 defang defang 4096 Nov 24 07:55 mdefang-vAO7tER3031965
drwxr-x---. 4 defang defang 4096 Nov 24 07:57 mdefang-vAO7vcqG032097
drwxr-x---. 4 defang defang 4096 Nov 24 08:01 mdefang-vAO802P1032251

4. Also verify here that the clamd.sock socket file is present, and is writable by MIMEDefang, otherwise the request to scan the file cannot be sent. If it does not exist in this folder, how does MIMEDefang find it? Hint - line 174 of /usr/bin/mimedefang.pl:
$ClamdSock = '/var/spool/MIMEDefang/clamd.sock';

5. Try to "cd" into one of the folders as clamscan, and see what happens. If it works, the group memberships and spool folder permissions are correct. Run clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, I'm stumped.

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/
Paul Murphy
2017-11-24 11:33:30 UTC
Permalink
Post by Info @ brainwash
I started mimedefang with the -D option, as indicated. However, no working directories within /var/spool/MIMEDefang/
clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work
Did you check that MIMEDefang was correctly handling mail before you enabled Clamav? This would suggest that the issue is within MIMEDefang, and that the spool directories are never created, so there is no message to process.

Also, my apologies - the option to keep working directories is "-d", not "-D" ...

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/ma
Info @ brainwash
2017-11-24 13:53:44 UTC
Permalink
@Paul: With clamd scanning disabled, mimedefang scans for spam using spamassassin and adds the relevant headers into the e-mail messages.

With the -d option, MIMEDefang does create work folders, e.g. :

drwxr-x--- 4 defang defang 4096 Nov 24 14:12 mdefang-UBMc800
drwxr-x--- 2 defang defang 4096 Nov 24 14:38 mdefang-UBMCI0l
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcl01
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcm02
drwxr-x--- 2 defang defang 4096 Nov 24 14:38 mdefang-UBMCQ0m
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcu03
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcv04
drwxr-x--- 2 defang defang 4096 Nov 24 14:12 mdefang-UBMcV05
drwxr-x--- 4 defang defang 4096 Nov 24 14:14 mdefang-UBMeh06
drwxr-x--- 2 defang defang 4096 Nov 24 14:40 mdefang-UBMEL0n
drwxr-x--- 2 defang defang 4096 Nov 24 14:40 mdefang-UBMEN0o
drwxr-x--- 4 defang defang 4096 Nov 24 14:40 mdefang-UBMEO0p
drwxr-x--- 4 defang defang 4096 Nov 24 14:14 mdefang-UBMez07
drwxr-x--- 2 defang defang 4096 Nov 24 14:41 mdefang-UBMF20q
drwxr-x--- 2 defang defang 4096 Nov 24 14:42 mdefang-UBMG20r
drwxr-x--- 2 defang defang 4096 Nov 24 14:42 mdefang-UBMGS0s
drwxr-x--- 2 defang defang 4096 Nov 24 14:44 mdefang-UBMIE0t
drwxr-x--- 2 defang defang 4096 Nov 24 14:44 mdefang-UBMIJ0u
drwxr-x--- 2 defang defang 4096 Nov 24 14:45 mdefang-UBMJ20v
drwxr-x--- 2 defang defang 4096 Nov 24 14:45 mdefang-UBMJT0w
drwxr-x--- 2 defang defang 4096 Nov 24 14:20 mdefang-UBMk108
drwxr-x--- 4 defang defang 4096 Nov 24 14:20 mdefang-UBMke09
drwxr-x--- 2 defang defang 4096 Nov 24 14:21 mdefang-UBMl90a
drwxr-x--- 4 defang defang 4096 Nov 24 14:48 mdefang-UBMLB0x
drwxr-x--- 2 defang defang 4096 Nov 24 14:47 mdefang-UBMLF0y
drwxr-x--- 2 defang defang 4096 Nov 24 14:22 mdefang-UBMmG0b
drwxr-x--- 2 defang defang 4096 Nov 24 14:22 mdefang-UBMmK0c
drwxr-x--- 4 defang defang 4096 Nov 24 14:50 mdefang-UBMOf0z
drwxr-x--- 4 defang defang 4096 Nov 24 14:24 mdefang-UBMop0d
drwxr-x--- 2 defang defang 4096 Nov 24 14:50 mdefang-UBMOu0A
drwxr-x--- 2 defang defang 4096 Nov 24 14:25 mdefang-UBMpt0e
drwxr-x--- 2 defang defang 4096 Nov 24 14:52 mdefang-UBMQE0B
drwxr-x--- 2 defang defang 4096 Nov 24 14:53 mdefang-UBMRE0C
drwxr-x--- 4 defang defang 4096 Nov 24 14:27 mdefang-UBMrj0f
drwxr-x--- 2 defang defang 4096 Nov 24 14:54 mdefang-UBMSy0D
drwxr-x--- 4 defang defang 4096 Nov 24 14:29 mdefang-UBMtt0g
drwxr-x--- 2 defang defang 4096 Nov 24 14:55 mdefang-UBMTw0E
drwxr-x--- 4 defang defang 4096 Nov 24 14:30 mdefang-UBMub0h
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUM0F
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUQ0G
drwxr-x--- 4 defang defang 4096 Nov 24 14:30 mdefang-UBMur0i
drwxr-x--- 2 defang defang 4096 Nov 24 14:56 mdefang-UBMUU0H
drwxr-x--- 2 defang defang 4096 Nov 24 14:59 mdefang-UBMXW0I
drwxr-x--- 2 defang defang 4096 Nov 24 14:34 mdefang-UBMyS0j
drwxr-x--- 4 defang defang 4096 Nov 24 14:35 mdefang-UBMzN0k
drwxr-x--- 4 defang defang 4096 Nov 24 15:02 mdefang-UBN2e0J
drwxr-x--- 4 defang defang 4096 Nov 24 15:05 mdefang-UBN4X0K
drwxr-x--- 4 defang defang 4096 Nov 24 15:05 mdefang-UBN5a0L
drwxr-x--- 4 defang defang 4096 Nov 24 15:07 mdefang-UBN7K0M
drwxr-x--- 2 defang defang 4096 Nov 24 15:08 mdefang-UBN8r0N
drwxr-x--- 4 defang defang 4096 Nov 24 15:10 mdefang-UBNaS0O
drwxr-x--- 2 defang defang 4096 Nov 24 15:11 mdefang-UBNbr0P
drwxr-x--- 4 defang defang 4096 Nov 24 15:12 mdefang-UBNcB0R
drwxr-x--- 2 defang defang 4096 Nov 24 15:12 mdefang-UBNcS0S
drwxr-x--- 2 defang defang 4096 Nov 24 15:12 mdefang-UBNct0Q
drwxr-x--- 2 defang defang 4096 Nov 24 15:39 mdefang-UBNDD1c
drwxr-x--- 4 defang defang 4096 Nov 24 15:14 mdefang-UBNdX0T
drwxr-x--- 2 defang defang 4096 Nov 24 15:14 mdefang-UBNeu0U
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF81d
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF91e
drwxr-x--- 2 defang defang 4096 Nov 24 15:41 mdefang-UBNF91f
drwxr-x--- 2 defang defang 4096 Nov 24 15:16 mdefang-UBNgD0W
drwxr-x--- 4 defang defang 4096 Nov 24 15:16 mdefang-UBNgp0V
drwxr-x--- 4 defang defang 4096 Nov 24 15:17 mdefang-UBNh00X
drwxr-x--- 2 defang defang 4096 Nov 24 15:17 mdefang-UBNh710
drwxr-x--- 4 defang defang 4096 Nov 24 15:17 mdefang-UBNhA11
drwxr-x--- 2 defang defang 4096 Nov 24 15:44 mdefang-UBNI81g
drwxr-x--- 2 defang defang 4096 Nov 24 15:44 mdefang-UBNIa1h
drwxr-x--- 2 defang defang 4096 Nov 24 15:45 mdefang-UBNJT1i
drwxr-x--- 4 defang defang 4096 Nov 24 15:20 mdefang-UBNkp12
drwxr-x--- 4 defang defang 4096 Nov 24 15:21 mdefang-UBNlf13
drwxr-x--- 4 defang defang 4096 Nov 24 15:47 mdefang-UBNLs1j
drwxr-x--- 2 defang defang 4096 Nov 24 15:23 mdefang-UBNnq14
drwxr-x--- 2 defang defang 4096 Nov 24 15:25 mdefang-UBNp615
drwxr-x--- 2 defang defang 4096 Nov 24 15:25 mdefang-UBNpr16
drwxr-x--- 2 defang defang 4096 Nov 24 15:26 mdefang-UBNqE17
drwxr-x--- 2 defang defang 4096 Nov 24 15:33 mdefang-UBNxj18
drwxr-x--- 2 defang defang 4096 Nov 24 15:33 mdefang-UBNxr19
drwxr-x--- 2 defang defang 4096 Nov 24 15:34 mdefang-UBNyc1a
drwxr-x--- 2 defang defang 4096 Nov 24 15:35 mdefang-UBNzW1b

I left it running for a while so that many work folders are created and then I followed your instructions, i.e. stop the service, enable clamd detection within mimedefang and then restart the mimedefang service... and... VOILA! Scan detection is performed correctly!

From clamd.log:

/var/spool/MIMEDefang/mdefang-UBNNV00/Work/msg-19979-1.txt: OK
/var/spool/MIMEDefang/mdefang-UBNNV00/Work/msg-19979-2.html: OK
/var/spool/MIMEDefang/mdefang-UBNNV00/Work/INPUTMBOX: OK
fd[11]: OK

Hence, without the -d parameter, the issue is that the work folders are removed before clamd has a chance to scan them. However, the spool files created are plenty and they have to be purged somehow.

I hope this last test provided a clearer insight towards a solution to the issue..


-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Paul Murphy
Sent: Friday, November 24, 2017 1:34 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd
Post by Info @ brainwash
I started mimedefang with the -D option, as indicated. However, no
/var/spool/MIMEDefang/mdefang-UBKLc00/Work
Did you check that MIMEDefang was correctly handling mail before you enabled Clamav? This would suggest that the issue is within MIMEDefang, and that the spool directories are never created, so there is no message to process.

Also, my apologies - the option to keep working directories is "-d", not "-D" ...

Paul.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http
Dianne Skoll
2017-11-24 15:49:28 UTC
Permalink
On Fri, 24 Nov 2017 15:53:44 +0200
Post by Info @ brainwash
Hence, without the -d parameter, the issue is that the work folders
are removed before clamd has a chance to scan them.
No, that is absolutely NOT the case. Something else has changed on your
system in the interim.

Take out the -d option and restart. It should still work.

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http:/
Info @ brainwash
2017-11-25 12:57:12 UTC
Permalink
@Dianne

You are absolutely correct, in the sense that everything works now even without the -d switch. Nothing else has changed within the server regarding its configuration, I'm pretty sure about it. I agree that the invocation including the -d switch may not be the solution to the issue, however I followed each recommendation given to me to the dot (and I reported back the findings) so that I can provide of the correct picture of the situation.

As said for many things, "if it works don't fix it", thus I'm quite happy that something from (or the succession of) the suggestions provided to me worked!

I'd like to thank you all for the assistance you provided and the time you allocated towards the solution of this issue.

-----Original Message-----
From: MIMEDefang [mailto:mimedefang-***@lists.roaringpenguin.com] On Behalf Of Dianne Skoll
Sent: Friday, November 24, 2017 5:49 PM
To: ***@lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

On Fri, 24 Nov 2017 15:53:44 +0200
Post by Info @ brainwash
Hence, without the -d parameter, the issue is that the work folders
are removed before clamd has a chance to scan them.
No, that is absolutely NOT the case. Something else has changed on your system in the interim.

Take out the -d option and restart. It should still work.

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpe

Loading...