1 Topic by tomb

  • tomb
  • Member
  • Offline
  • Registered: 2012-02-23
  • Posts: 17

Topic: ClamAV permission problems

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

I use iRedMail 0.8.4, LDAP backend, CentOS 6.4 and iRedAmin Pro 1.9

In my maillog I have tons of entries like this:

May 31 15:22:51 mail1 amavis[17805]: (17805-14) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2e10410) unexpected , output="/var/spool/amavisd/tmp/amavis-20130531T070101-17805-MExCgKdR/parts: lstat() failed: Permission denied. ERROR\n" at (eval 116) line 897.

The file permissions are:
drwxr-x--- 3 amavis amavis 4096 31. Mai 07:01 amavis-20130531T070101-17805-MExCgKdR
drwxr-x--- 3 amavis amavis 4096 31. Mai 07:01 amavis-20130531T070101-17806-eJhduccQ

In my clamd.conf I have:
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav

In my group file I have:
clamav:x:492:clamav,clam
amavis:x:491:clamav

Why does this permission error occur? What kind of permission is required?? If I set 777 it works, but that is not the recommended configuration I think.....

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by camel1cz

  • camel1cz
  • camel1cz
  • Member
  • Offline
  • From: Czech Republic
  • Registered: 2013-04-20
  • Posts: 220

Re: ClamAV permission problems

I have the same setup and also I see the same permissions set for the amavis temp files...

clamav is member of amavis group so it is able to read the files... try to check the permissions of all folders in the path...

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ClamAV permission problems

Did you upgrade ClamAV with EPEL repo?

4 Reply by tomb

  • tomb
  • Member
  • Offline
  • Registered: 2012-02-23
  • Posts: 17

Re: ClamAV permission problems

Hmm, yes looks like:

[root@mail1 ~]# yum list installed | grep clam
clamav.x86_64           0.97.8-1.el6    @epel                                   
clamav-db.x86_64        0.97.8-1.el6    @epel                                   
clamd.x86_64            0.97.8-1.el6    @epel                                   

I use the following repos:
[root@mail1 yum.repos.d]# ls -l
insgesamt 48
-rw-r--r--. 1 root root 1926 25. Feb 09:57 CentOS-Base.repo
-rw-r--r--. 1 root root  638 25. Feb 09:57 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  630 25. Feb 09:57 CentOS-Media.repo
-rw-r--r--. 1 root root 3664 25. Feb 09:57 CentOS-Vault.repo
-rw-r--r--. 1 root root  957  5. Nov 2012  epel.repo
-rw-r--r--. 1 root root 1056  5. Nov 2012  epel-testing.repo
-rw-r--r--. 1 root root   86 22. Mai 20:47 iRedMail.repo
-rw-r--r--. 1 root root 1102 25. Mär 20:08 ius-archive.repo
-rw-r--r--. 1 root root 1084 25. Mär 20:08 ius-dev.repo
-rw-r--r--. 1 root root 1025 25. Mär 20:08 ius.repo
-rw-r--r--. 1 root root 1102 25. Mär 20:08 ius-testing.repo
-rw-r--r--. 1 root root  442 24. Sep 2012  pgdg-92-centos.repo


I use virtual machines and these repos are part of my CentOS template to create new VMs. Does your code not work with these repos? If so, what do I need to change to get it working? The box is dedicated to mail, I can make an individual change, but new VMs are generated based on some 'standard' templates we use for our CentOS boxes.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ClamAV permission problems

Reference: http://www.iredmail.org/forum/topic4636 … pdate.html

6 Reply by tomb

  • tomb
  • Member
  • Offline
  • Registered: 2012-02-23
  • Posts: 17

Re: ClamAV permission problems

OK, seems to work after changing the permissions.