[Mimedefang] Error with mimedefang + clamd

Info @ brainwash info at brainwash.gr
Fri Nov 24 05:52:56 EST 2017


Thank you for your time taken to compile the list of steps regarding this issue.


/var/spool/MIMEDefang has the following permissions after Dianne's recommendations:

drwxr-s---   4 defang   defang   4096 MIMEDefang

I started mimedefang with the -D option, as indicated. However, no working directories within /var/spool/MIMEDefang/ were created and, as a result, I get in maillog (again):

clamd: WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UBKLc00/Work


drwxr-s---   4 defang defang 4096 .
drwxr-xr-x. 14 root   root   4096 ..
-rw-------   1 defang defang    0 mimedefang.lock
-rw-------   1 defang defang    0 mimedefang-multiplexor.lock
srwxrwx---   1 defang defang    0 mimedefang-multiplexor.sock
drwx------   2 defang defang 4096 .pyzor
drwxr-x---   2 defang defang 4096 .razor

(4) clamd socket file is present, albeit present in another directory as clamd runs as another user (clamscan) and not as defang. It is also defined within the mimedefang.pl as

$ClamdSock = '/var/run/clamd /clamd.sock';

The /var/run/clamd/ directory has the following privileges:

drwx--x---  2 clamscan clamscan   clamd

.. and the contents of this directory: 

-rw-rw-r-- 1 clamscan clamscan 5 clamd.pid
srw-rw-rw- 1 clamscan clamscan 0 clamd.sock

User defang is already a member of the clamscan group. Clamd.sock is also group readable/writeable.

It seems from the logs that the request to clamd is sent by MIMEDefang, however there is no file present at the location indicated (work folders could not get created by mimedefang) thus clamd crashes as it tries to scan something that does not exist.

(5) As (1) could not be completed (no work directories created) I cannot check clamscan by scanning individual messages.

-----Original Message-----
From: MIMEDefang [mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Paul Murphy
Sent: Friday, November 24, 2017 12:21 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Error with mimedefang + clamd

If your policy permits it, the next steps I would take would be:

1.	Enable the "-D" option in MIMEDefang to leave the spool directories in place after scanning, so that you have an example to work with.  Restart MIMEDefang to make this active.  You only need to have this enabled until you have processed 3-4 messages, rather than storing everything. 

2.	"su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3.	Inspect the permissions on the spool folders to ensure that the group access is present:

		total 104
		drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
		drwxr-xr-x. 17 root   root   4096 Nov  5  2016 ..
		srw-rw----.  1 defang defang    0 Oct 31 12:03 clamd.sock
		drwxr-x---.  4 defang defang 4096 Nov 24 07:55 mdefang-vAO7tER3031965
		drwxr-x---.  4 defang defang 4096 Nov 24 07:57 mdefang-vAO7vcqG032097
		drwxr-x---.  4 defang defang 4096 Nov 24 08:01 mdefang-vAO802P1032251

4.  Also verify here that the clamd.sock socket file is present, and is writable by MIMEDefang, otherwise the request to scan the file cannot be sent.  If it does not exist in this folder, how does MIMEDefang find it?  Hint - line 174 of /usr/bin/mimedefang.pl:
		$ClamdSock  = '/var/spool/MIMEDefang/clamd.sock';

5.  Try to "cd" into one of the folders as clamscan, and see what happens.  If it works, the group memberships and spool folder permissions are correct.  Run clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, I'm stumped.


NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com

More information about the MIMEDefang mailing list