FIX! clamdscan: corrupt or unknown clamd scanner error

Started by LogicX, March 24, 2004, 10:44:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

LogicX

March 24, 2004, 10:44:30 AM
once again, I was getting this in my maillog, like many others:
Mar 24 11:52:35 maranello X-Qmail-Scanner-1.21: [maranello.coleone.com108014715547061641] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 2

after reading lots of code, and figure out whats going on -- I'll give a summary, a choice of fixes, and what I decided to do and how I went about it.

qmail has its user, vpopmail has its user, and apparently qmail-scanner has its own --

the qmail scanner program tosses the incoming mail into /var/spool/qmailscan/tmp
qmailscan, tmp, and the temp directory created in here, AND the temp file created in there are all
owned by qscand:qscand
--
CLAM Antivirus --
has its own user/group -- clamav/clamav


Solution 1:
add clamav to qscand's group, and proceed to change all perms on
/var/spool/qmailscan/tmp/*dynamically_created_dir*/*dynamically*created*file
-- problem with this are those dynamically created dirs and files -- you'd have to edit the umask and do some chowns in the qmail-scanner perl -- you probably don't want to do that.

Here's what I did -- since I only use clamav to scan mail, I didn't really care...

edit /etc/clamav.conf
set user to qscand

chown -R qscand /var/run/clamav
/usr/local/etc/rc.d/clamav-clamd.sh stop
/usr/local/etc/rc.d/clamav-clamd.sh start

as far as I can tell -- freshclam can keep running as clamav, keep writing the new definitions to /usr/share/clamav, and we'll just nicely watch that happen, and access it from qscand user.

walla! no more qq mail failed sending errors
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com

tick

#1
April 03, 2004, 04:12:14 PM
Thanks for that one  Razz

That really saved my day  Laughing

TheASP

#2
May 09, 2004, 12:12:32 AM
I registered an account just so I could post and say "THANK YOU!".

ASP

LogicX

#3
July 07, 2004, 08:40:36 AM
Just wanted to make another note.  I upgraded my freebsd mail toaster's ports today, clamav 0.74 was there, upgraded.

Didn't start.

in log: /var/log/clamav/clamd.log
ERROR: Socket file /var/run/clamav/clamd could not be bound: Permission denied

Here's the fix:
because we're running clamd as qscand, not clamav we have to modify /var/run/clamav so that it can store the pid, and socket:

chown qscand:clamav /var/run/clamav
chmod 770 /var/run/clamav

should look like this:
ls -ld clamav/
drwxrwxr-x  2 qscand  clamav  512 Jul  7 10:32 clamav/

this will now allow both freshclam and clamd to store its files here and both to run w/o error:
ls -la clamav/
total 8
drwxrwxr-x  2 qscand  clamav   512 Jul  7 10:32 .
drwxr-xr-x  9 root    wheel   1024 Jul  7 00:31 ..
srwxrwxrwx  1 qscand  clamav     0 Jul  7 10:32 clamd
-rw-rw----  1 qscand  clamav     5 Jul  7 10:32 clamd.pid
-rw-rw----  1 clamav  clamav     5 Jul  7 10:32 freshclam.pid


enjoy!
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com

eskriste

#4
July 09, 2004, 06:23:27 AM
I also had to register just to say thank you!

Tried to upgrade clamd, but after I got the same error.

Thank you again!

Very Happy

runcz

tnx
#5
July 23, 2004, 05:17:28 AM
As many others I was getting this "exit status 2" and many similar errors in my maillog.. of course not all problems were caused by this permission misconfiguration, but this was one of the greatest...  so big thanks to  LogicX for drawing my attention to /var/spool/qmailscan/tmp directory permissions.

however, given solution did not work out for my system (it's not *BSD), and that's why I decided to register and add a note that on Slackware 10.0 (netqmail1.05/vpopmail 5.45/qmail-scanner 1.22/ClamAV 0.74/SpamAssassin 2.63) these just for scanning temporary stored e-mails, in some strange way have root ownership.. so I just don't have any other choice, than to run clamdscan with root permissions.
i just hope, that it's not some huge security hole.. [I haven't googled on this topic yet], or maybe just some wrong configuration options.

Thank you again Wink
[ sorry for my english, it's not native for me Wink ]

LogicX

#6
August 09, 2004, 10:55:10 AM Last Edit: November 17, 2008, 09:42:44 AM by LogicX
Same old clamav error:

Aug  9 12:18:57 tract vpopmail[86717]: vchkpw-submission: (CRAM-MD5) login success <a href="mailto:ANTISPAM_REDACTED" target="_blank">ANTISPAM_REDACTED</a>:68.54.133.135

Aug  9 12:18:57 tract X-Qmail-Scanner-1.22: [tract.imcc.ca109206833747986718] clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50


with qmail-scanner debug on, /var/spool/qmailscan/qmail-queue.log showed:


Mon, 09 Aug 2004 12:23:45 EDT:86917: run /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 --max-space=100000  /var/spool/qmailscan/tmp/tract.imcc.ca109206862547986917 2>&1

Mon, 09 Aug 2004 12:23:45 EDT:86917: --output of clamscan was:

LibClamAV Error: cli_calloc(): Can't allocate memory (1052 bytes).

calloc_problem: Cannot allocate memory

LibClamAV Error: readdb(): Malformed pattern line 1404 (file /var/spool/qmailscan/tmp/tract.imcc.ca109206862547986917/clamav-5b219ebc1202832a/viruses.db2).

LibClamAV Error: cli_calloc(): Can't allocate memory (8 bytes).

calloc_problem: Cannot allocate memory

ERROR: Database initialization error: Unable to allocate memory


This helpful google groups post lead me in the right direction:

<a href="http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=6e258d9d.0312122356.580c0427%40posting.google.com&rnum=1&prev=/groups%3Fq%3Dcli_calloc%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26selm%3D6e258d9d.0312122356.580c0427%2540posting.google.com%26rnum%3D1" target="_blank">Google Groups</a>


<font size="18">The correct 'Mail Toaster' way to fix the problem:

edit your toaster-watcher.conf file,

change

submit_max_memory_per_connection = 25

TO

submit_max_memory_per_connection = 35</font>


as long as you already have

*/5 * * * * /usr/local/sbin/toaster-watcher.pl in your cron

-- in 5 minutes it should recreate the proper files, and you're all set.


Now the gory details for those who care, and for searching purposes:


It seems the softlimit for smtp in /var/service/smtp/run (symlink to /var/qmail/supervise/smtp/run)  is set to 35840000

however -- I've lately been using submit (authenticated TLS on port 587) to submit my mail, so user's ISPs don't block port 25 SMTP for spamming.


so the problem is that /var/service/submit/run (symlink to /var/qmail/supervise/submit/run) was set to softlimit 25600000 which apparently was inadequate.  simply changed it to 35840000, and the error went away.

now reads: exec softlimit -m 35840000 tcpserver -H -R -c50 -u 89 -g 89 0 submission qmail-smtpd /usr/vpopmail/bin/vchkpw /usr/bin/true splogger qmail


*NOTE* if you change this line manually, without modifying toaster-watcher.conf, toaster-watcher.pl will overwrite your changes in 5 minutes!



Now my question for Matt: is there any reason to have submit set for a 25 MB max , vs. smtp's 35MB?
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com
Print
Go Up Pages1
User actions