[ZendTo] Re: unable to upload
Gavin Silver
GSilver at rampuptech.com
Wed Jul 21 17:53:32 BST 2010
I appened "apache" to the end of the clamav line on /etc/group, then i ran grpconv, but i still got access denied when trying to scan. using usermod to add clamav to apache seemed to work though. not sure what usermod did that adding the line in /etc/group did not as my /etc/group file looks the same
[root at files ~]# usermod -a -G apache clamav
[root at files ~]# service clamd restart
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
[root at files ~]# clamdscan /var/zendto/incoming/*
/var/zendto/incoming/testscanme: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
thanks!
----------------------------------
Gavin Silver
From: zendto-bounces at zendto.com [mailto:zendto-bounces at zendto.com] On Behalf Of Jules
Sent: Wednesday, July 21, 2010 11:34 AM
To: ZendTo Users
Subject: [ZendTo] Re: unable to upload
On 21/07/2010 15:27, Gavin Silver wrote:
[root at files ~]# freshclam
ClamAV update process started at Wed Jul 21 14:21:25 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
Downloading daily-11403.cdiff [100%]
daily.cld updated (version: 11403, sigs: 103267, f-level: 53, builder: arnaud)
bytecode.cvd is up to date (version: 31, sigs: 7, f-level: 53, builder: nervous)
Database updated (808001 signatures) from db.local.clamav.net (IP: 194.8.197.22)
Clamd successfully notified about the update.
[root at files ~]# service clamd restart
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
[root at files ~]# chkconfig clamd on
[root at files ~]# which clamdscan
/usr/bin/clamdscan
[root at files ~]# echo hi > /var/zendto/incoming/testscanme
[root at files ~]# chown apache.apache /var/zendto/incoming/*
That will still leave the file "testscanme" most likely with global read permissions, which isn't what ZendTo should do by default. So please read on...
[root at files ~]# clamdscan /var/zendto/incoming/*
/var/zendto/incoming/testscanme: OK
That looks okay, but what happens if you
chmod o-rwx /var/zendto/incoming/*
clamdscan /var/zendto/incoming/*
?
If that doesn't work, then add "apache" to the end of the line that starts "clamav" in /etc/group and then run "grpconv". Then restart clamd and try clamdscan again.
The full list of dependencies is listed at
http://www.zendto.com/rpm.html
If you still can't make it work, then as a stop-gap measure while we investigate further you can edit your /opt/zendto/config/preferences.php and change "clamdscan" to "clamscan". This will be a lot slower, but should get around the problem for now.
"clamdscan" uses the daemon "clamd" to do the actual scanning, which has already started up and read all the virus signature databases, which is why it's lots faster. However, clamd runs as the "clamav" user, not as root. So it can only access files which are available to the "clamav" user or the "clamav" group.
So you have to add the "apache" group (which owns all the files created by the web server, and hence all the files created by ZendTo) to the "clamav" group so that clamd can read them if it's given group read permissions (and group execute permissions in the case of directories).
So by adding "apache" to the "clamav" line in /etc/group, then rebuilding the shadow file using "grpconv", and then restarting clamd, it gets to refresh its version of what it can read.
At which point clamdscan will work.
Hopefully that helps explain what is going on and how it all works a little better.
Cheers,
Jules.
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
[root at files ~]#
----------------------------------
Gavin Silver
From: zendto-bounces at zendto.com<mailto:zendto-bounces at zendto.com> [mailto:zendto-bounces at zendto.com] On Behalf Of Jules
Sent: Tuesday, July 20, 2010 5:26 PM
To: ZendTo Users
Subject: [ZendTo] Re: unable to upload
On 20/07/2010 21:24, Gavin Silver wrote:
centos 4.5
rpm install
followed docs to download and install all the dependencies including clamav
That means it probably couldn't find clamdscan, which should be part of the ClamAV RPMs the docs told you to download. When logged in as root, what do you get from a "which clamdscan" command?
The error return code 2 implies an error occurred during virus scanning. Put some files (anything will do for a test) into /var/zendto/incoming, then "chown apache.apache /var/zendto/incoming/*" and run a command such as
clamdscan /var/zendto/incoming/*
and see what it says.
If it says "acccess denied" lots of times then what might be wrong is that the clamav group may need adding to the apache group in /etc/group. Find the line in /etc/group starting with "apache" and add "clamav" to the end of it. Then run the command "grpconv" to build the shadow file. Then "service clamd restart" and then try clamdscan again.
If it still complains that it couldn't read files, then you either need to disable SELinux or configure it correctly so it can read the files under /var/zendto/incoming. I don't know much about SELinux so you're on your own a bit there, hopefully Google will help.
When you find the solution, please let me know so that I can add it to the docs.
Once you have got "clamdscan /var/zendto/incoming" working, you should be there.
Thanks,
Jules.
getting:
Upload Error
The attempt to virus-scan your drop-off failed. Please contact your administrator for assistance.
after the file uploads
Where should I start looking first?
----------------------------
Gavin Silver
_______________________________________________
ZendTo mailing list
ZendTo at zendto.com<mailto:ZendTo at zendto.com>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng CITP CEng
www.ZendTo.com<http://www.ZendTo.com>
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
--
_______________________________________________
ZendTo mailing list
ZendTo at zendto.com<mailto:ZendTo at zendto.com>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng CITP CEng
www.ZendTo.com<http://www.ZendTo.com>
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100721/049f97d6/attachment-0001.html
More information about the ZendTo
mailing list