[ZendTo] Re: unable to upload

Gavin Silver GSilver at rampuptech.com
Wed Jul 21 20:25:37 BST 2010


I did restart clamd after editing /etc/group.

according to some docs i found: grpconv "will ignore entries that already have a password of x and convert those that do not."

maybe that is why it didnt work.






----------------------------------
Gavin Silver


From: zendto-bounces at zendto.com [mailto:zendto-bounces at zendto.com] On Behalf Of Jules
Sent: Wednesday, July 21, 2010 2:37 PM
To: ZendTo Users
Subject: [ZendTo] Re: unable to upload



On 21/07/2010 17:53, Gavin Silver wrote:
I appened "apache" to the end of the clamav line on /etc/group, then i ran grpconv, but i still got access denied when trying to scan.
And you did restart clamd after doing that?

using usermod to add clamav to apache seemed to work though. not sure what usermod did that adding the line in /etc/group did not as my /etc/group file looks the same
I'll update the docs, that's a neater solution that doesn't require editing any files or running grpconv.



[root at files ~]# usermod -a -G apache clamav
[root at files ~]# service clamd restart
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon:                            [  OK  ]
[root at files ~]# clamdscan /var/zendto/incoming/*
/var/zendto/incoming/testscanme: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)


thanks!



----------------------------------
Gavin Silver

From: zendto-bounces at zendto.com<mailto:zendto-bounces at zendto.com> [mailto:zendto-bounces at zendto.com] On Behalf Of Jules
Sent: Wednesday, July 21, 2010 11:34 AM
To: ZendTo Users
Subject: [ZendTo] Re: unable to upload



On 21/07/2010 15:27, Gavin Silver wrote:
[root at files ~]# freshclam
ClamAV update process started at Wed Jul 21 14:21:25 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
Downloading daily-11403.cdiff [100%]
daily.cld updated (version: 11403, sigs: 103267, f-level: 53, builder: arnaud)
bytecode.cvd is up to date (version: 31, sigs: 7, f-level: 53, builder: nervous)
Database updated (808001 signatures) from db.local.clamav.net (IP: 194.8.197.22)
Clamd successfully notified about the update.
[root at files ~]# service clamd restart
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon:                            [  OK  ]
[root at files ~]# chkconfig clamd on
[root at files ~]# which clamdscan
/usr/bin/clamdscan
[root at files ~]# echo hi > /var/zendto/incoming/testscanme
[root at files ~]# chown apache.apache /var/zendto/incoming/*
That will still leave the file "testscanme" most likely with global read permissions, which isn't what ZendTo should do by default. So please read on...


[root at files ~]# clamdscan /var/zendto/incoming/*
/var/zendto/incoming/testscanme: OK
That looks okay, but what happens if you
    chmod o-rwx /var/zendto/incoming/*
    clamdscan /var/zendto/incoming/*
?
If that doesn't work, then add "apache" to the end of the line that starts "clamav" in /etc/group and then run "grpconv". Then restart clamd and try clamdscan again.

The full list of dependencies is listed at
    http://www.zendto.com/rpm.html

If you still can't make it work, then as a stop-gap measure while we investigate further you can edit your /opt/zendto/config/preferences.php and change "clamdscan" to "clamscan". This will be a lot slower, but should get around the problem for now.

"clamdscan" uses the daemon "clamd" to do the actual scanning, which has already started up and read all the virus signature databases, which is why it's lots faster. However, clamd runs as the "clamav" user, not as root. So it can only access files which are available to the "clamav" user or the "clamav" group.

So you have to add the "apache" group (which owns all the files created by the web server, and hence all the files created by ZendTo) to the "clamav" group so that clamd can read them if it's given group read permissions (and group execute permissions in the case of directories).

So by adding "apache" to the "clamav" line in /etc/group, then rebuilding the shadow file using "grpconv", and then restarting clamd, it gets to refresh its version of what it can read.

At which point clamdscan will work.

Hopefully that helps explain what is going on and how it all works a little better.

Cheers,
Jules.





----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
[root at files ~]#





----------------------------------
Gavin Silver

From: zendto-bounces at zendto.com<mailto:zendto-bounces at zendto.com> [mailto:zendto-bounces at zendto.com] On Behalf Of Jules
Sent: Tuesday, July 20, 2010 5:26 PM
To: ZendTo Users
Subject: [ZendTo] Re: unable to upload



On 20/07/2010 21:24, Gavin Silver wrote:
centos 4.5
rpm install

followed docs to download and install all the dependencies including clamav
That means it probably couldn't find clamdscan, which should be part of the ClamAV RPMs the docs told you to download. When logged in as root, what do you get from a "which clamdscan" command?

The error return code 2 implies an error occurred during virus scanning. Put some files (anything will do for a test) into /var/zendto/incoming, then "chown apache.apache /var/zendto/incoming/*" and run a command such as
    clamdscan /var/zendto/incoming/*
and see what it says.

If it says "acccess denied" lots of times then what might be wrong is that the clamav group may need adding to the apache group in /etc/group. Find the line in /etc/group starting with "apache" and add "clamav" to the end of it. Then run the command "grpconv" to build the shadow file. Then "service clamd restart" and then try clamdscan again.

If it still complains that it couldn't read files, then you either need to disable SELinux or configure it correctly so it can read the files under /var/zendto/incoming. I don't know much about SELinux so you're on your own a bit there, hopefully Google will help.

When you find the solution, please let me know so that I can add it to the docs.

Once you have got "clamdscan /var/zendto/incoming" working, you should be there.

Thanks,
Jules.





getting:

Upload Error

The attempt to virus-scan your drop-off failed. Please contact your administrator for assistance.


after the file uploads


Where should I start looking first?


----------------------------
Gavin Silver










_______________________________________________

ZendTo mailing list

ZendTo at zendto.com<mailto:ZendTo at zendto.com>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto







Jules



--

Julian Field MEng CITP CEng

www.ZendTo.com<http://www.ZendTo.com>



Need help fixing or optimising your systems?

Contact me!

Need help getting you started solving new requirements from your boss?

Contact me!



PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Follow me at twitter.com/JulesFM
--





_______________________________________________

ZendTo mailing list

ZendTo at zendto.com<mailto:ZendTo at zendto.com>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto






Jules



--

Julian Field MEng CITP CEng

www.ZendTo.com<http://www.ZendTo.com>



Need help fixing or optimising your systems?

Contact me!

Need help getting you started solving new requirements from your boss?

Contact me!



PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Follow me at twitter.com/JulesFM
--





_______________________________________________

ZendTo mailing list

ZendTo at zendto.com<mailto:ZendTo at zendto.com>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto





Jules



--

Julian Field MEng CITP CEng

www.ZendTo.com<http://www.ZendTo.com>



Need help fixing or optimising your systems?

Contact me!

Need help getting you started solving new requirements from your boss?

Contact me!



PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Follow me at twitter.com/JulesFM
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100721/c6aaa4f0/attachment-0001.html 


More information about the ZendTo mailing list