[ZendTo] Zend.to ClamAV issue
Jules Field
Jules at Zend.To
Fri Nov 2 17:23:30 GMT 2018
Derek,
# Become root, properly
sudo su -
# Change Apache's login shell to /bin/bash
chsh -s /bin/bash www-data
# Become the Apache user
su - www-data
# Try virus-scanning the /var/zendto directory
clamdscan /var/zendto/*
# And the same again but just using file handles
clamdscan --fdpass /var/zendto/*
# Stop being Apache and revert to being root
exit
# Put Apache's login shell back to what it was
chsh -s /sbin/nologin www-data
# Stop being root
exit
Note the 2 clamav commands are clam*d*scan and not just clamscan. That's
critical. clamdscan makes the clamd service/daemon do the actual scanning.
Send us the output of the clamdscan commands.
Then send us the output of "ls -al /var/zendto" and the lines in your
/etc/group file that are anything to do with www-data, apache,
virusgroup, clamd, anything like that.
It's probably just the group membership is wrong. This causes a similar
problem in CentOS/RedHat 7 as well, things changed there with ClamAV
100. 99 was fine, 100 wasn't.
Cheers,
Jules.
On 02/11/2018 15:33, Pedrosi, Derek G. via ZendTo wrote:
>
> I’m still having this issue with ClamAV, and my *nix skill are horrible.
>
> Can I get the simple version of what I’m to do with "chsh www-data",
> as I’ve been running without AV for several months.
>
> My apache users is indeed “www-data”.
>
> Thanks,
>
> derek
>
> *From:* ZendTo [mailto:zendto-bounces at zend.to] *On Behalf Of *Keith
> Erekson via ZendTo
> *Sent:* Thursday, October 25, 2018 12:14 PM
> *To:* ZendTo Users <zendto at zend.to>
> *Cc:* Keith Erekson <kbe2 at lehigh.edu>
> *Subject:* Re: [ZendTo] Zend.to error during drop-off
>
> *CAUTION EXTERNAL EMAIL:*DO NOT open attachments or click links from
> unknown or unexpected emails.
>
> Easier to use "chsh www-data" or whatever your Apache user is.
>
> ~Keith
>
>
> On Oct 25, 2018, at 11:41 AM, Jules Field via ZendTo <zendto at zend.to
> <mailto:zendto at zend.to>> wrote:
>
> Edit your /etc/passwd file to set the shell for your Apache user
> to /bin/bash.
> Then "pwconv" so the change takes effect.
> Then try this
> su - apache (or whatever user your Apache is running as)
> clamdscan /var/zendto/*
> clamdscan --fdpass /var/zendto/*
> exit
> What happened? Did the virus scans both complete successfully?
>
> If not, and you're running CentOS/RedHat 7, try this and then give
> the above another try:
> groupmems --group virusgroup --add apache
> systemctl restart httpd
>
> I added that extra groupmems command to the Installer a day or two
> ago when I discovered that RedHat/CentOS had changed their group
> membership rules in an update.
>
> Any improvement?
>
> Cheers,
> Jules.
>
> P.S. Otherwise, if you can give me remote ssh access I can login
> myself and take a look for you. I would be interested to see what
> it is, if it's not any of the above.
>
> On 25/10/2018 16:22, Ken Etter wrote:
>
> Yep, PHP 7.2 is installed. I've run through the installer
> multiple times now. No change, still get the error.
>
> Ken
>
> >>> Jules Field <Jules at Zend.To> <mailto:Jules at Zend.To> 10/25/2018 11:15
> AM >>>
>
> > Do you have PHP 7.2 installed?
>
> My Installer can be run in stages, and those stages can be run
> independently.
>
> So you might want to download the Installer, unpack it and
> wander into it. In what will obviously be the right sub-dir
> for your OS, you will see the numbered scripts.
>
> # cd install.ZendTo/CentOS-RedHat/
>
> # ls
>
> 1-devtools.sh 3-clamav.sh 5-httpd-php.sh 7-zendto.sh CentOS6
> RHEL7
>
> 2-php.sh 4-firewall.sh 6-email.sh 8-selinux.sh RHEL5
>
> #
>
> If your web server is already working nicely, then you can
> probably skip stage 1 (though it won't do any harm).
>
> If you haven't installed PHP 7.2 along with things like the
> sodium extension, then run stage 2 which installs PHP. (Grab a
> backup copy of your ZendTo installation first, as it may have
> to remove the *whole* of PHP first which can also remove
> ZendTo and other PHP applications in the process, before it
> can install the correct version).
>
> Stages 3 and 5 shouldn't do any damage, but will add any new
> settings they need for PHP and so on.
>
> Stage 7 does the actual ZendTo installation itself, which it
> will do as an upgrade if it finds a zendto RPM already
> installed. Well worth running.
>
> Stage 8 is only relevant if you are using SELinux, and won't
> do anything if you're not.
>
> Since version 4, ZendTo no longer needs any form of
> custom-built PHP or anything like that. So there's no
> recompiling to be done.
>
> Then if you have a previous preferences.php and/or
> zendto.conf, you need to use
>
> /opt/zendto/bin/upgrade_preferences_php
>
> and
>
> /opt/zendto/bin/upgrade_zendto_conf
>
> to upgrade those files.
>
> Also, if you have done an RPM upgrade from ZendTo 4, you
> probably have a whole stack of *.rpmnew files in
> /opt/zendto/templates. You want to move each of those into
> place so they replace your old *.tpl files.
>
> As I said, it really is faster/easier/better to build v5 from
> scratch, its requirements are so different from v4.
>
> Hope that helps,
>
> Jules.
>
> On 25/10/2018 15:59, Ken Etter wrote:
>
> None of that helps. I'm building a new system. This is a
> production system. I never had problems in the past with
> upgrading so I went ahead and did it. Bad move. Unless
> anyone has any other ideas, I will just keep working on
> setting up the new system. I have to get something running
> again for my users.
>
> Ken
>
> >>> Jules Field via ZendTo <zendto at zend.to>
> <mailto:zendto at zend.to> 10/25/2018 10:53 AM >>>
>
> > Yes, those directories do need to be writable by whatever user
> and group your web server is running as.
>
> If you are using SELinux (most likely if you are using
> CentOS or RedHat), then I would also advise
>
> restorecon -FRv /opt/zendto /var/zendto
>
> to reset all the SELinux attributes to the values
> configured by my Installer.
>
> Also, if you think it might be an SELinux problem, you can
> switch it into "permissive" mode by
>
> setenforce permissive
>
> systemctl restart httpd
>
> systemctl restart clamd at scan
>
> To switch it back to "enforcing", you then do
>
> setenforce enforcing
>
> systemctl restart httpd
>
> systemctl restart clamd at scan
>
> Cheers,
>
> Jules.
>
> On 25/10/2018 14:31, Gray McCord via ZendTo wrote:
>
> I’ve seen that message as well. Check the file
> permissions on the /opt/zendto directories. Seems like
> I needed to make them writeable by the apache user,
> but I could be mistaken.
>
> Gray McCord
>
> /Adapt, Mutate, Migrate, or Die/
>
> -C. Darwin
>
> *From:*ZendTo <zendto-bounces at zend.to>
> <mailto:zendto-bounces at zend.to> *On Behalf Of *Ken
> Etter via ZendTo
> *Sent:* Thursday, October 25, 2018 8:26 AM
> *To:* ZendTo List <zendto at zend.to> <mailto:zendto at zend.to>
> *Cc:* Ken Etter <KLE at msktd.com> <mailto:KLE at msktd.com>
> *Subject:* Re: [ZendTo] Zend.to error during drop-off
>
> Going back through the mailing list archives, I see
> that I am having exactly the same problem as Kevin
> O'Connor in this thread:
> http://jul.es/pipermail/zendto/2018-June/003208.html
> <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fpipermail%2Fzendto%2F2018-June%2F003208.html&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=%2FMQVOSO5ZjLwkrQ991eChCvoSfFOLwm3yUcnFSzoRc0%3D&reserved=0>
>
> Files are uploaded, but I get that error message and
> the email is not sent.
>
> There is no stated resolution in that thread. Any
> suggestions or do I have to rebuild a brand new
> Zend.To server?
>
> Zend.To has been fairly solid for me...a bit of a pain
> to find this upgrade to be so fragile.
>
> Ken
>
> >>> Ken Etter via ZendTo <zendto at zend.to <mailto:zendto at zend.to>>
> 10/25/2018 8:38 AM >>>
>
> I am running this on Ubuntu 16.04.5 LTS if that matters.
>
>
> Ken
>
> >>> Ken Etter via ZendTo <zendto at zend.to <mailto:zendto at zend.to>>
> 10/25/2018 8:36 AM >>>
>
> Just upgraded my Zend.To installation from 4.x to
> 5.15-1. Everything appeared to go ok. But when I click
> drop-off files, I get an error that states: "Sorry, I
> failed to drop-off your files! Note that you cannot
> drop-off directories, only files." I'm not dropping
> off a directory, just a single file. I tried a couple
> different file types - same error each time. Any
> suggestions for fixing this? Thanks!
>
>
>
>
> *Ken Etter*, System Administrator
>
> Architectural Group
>
> 260.432.9337 | msktd.com
> <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmsktd.com%2F&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=XsZydsv5daB1usPtdakyqf%2BjPxBLH9n8NbGcrjhC34Y%3D&reserved=0>
>
> <IMAGE.png>
> <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmsktd.com%2F&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=XsZydsv5daB1usPtdakyqf%2BjPxBLH9n8NbGcrjhC34Y%3D&reserved=0>
>
> _______________________________________________
>
> ZendTo mailing list
>
> ZendTo at zend.to <mailto:ZendTo at zend.to>
>
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fmailman%2Flistinfo%2Fzendto&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=xP3P4EW7oR3QO73%2Bha6sE0Qt7F6lTIDgT%2B09ppjkZZ0%3D&reserved=0
>
> Jules
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'The past is supposed to be a place of reference, not a
> place of
>
> residence! There is a reason why your car has a big
> windshield and
>
> a small rearview mirror. You are supposed to keep your
> eyes on where
>
> you are going, and just occasionally check out where you
> have been.'
>
> - Willie Jolley
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
> Jules
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> IMPORTANT: This email is intended for the use of the individual
>
> addressee(s) named above and may contain information that is
>
> confidential, privileged or unsuitable for overly sensitive
> persons
>
> with low self-esteem, no sense of humour or irrational religious
>
> beliefs. If you are not the intended recipient, any dissemination,
>
> distribution or copying of this email is not authorised (either
>
> explicitly or implicitly) and constitutes an irritating social
> faux
>
> pas.
>
> Unless the word absquatulation has been used in its correct
> context
>
> somewhere other than in this warning, it does not have any legal
>
> or no grammatical use and may be ignored. No animals were harmed
>
> in the transmission of this email, although the kelpie next door
>
> is living on borrowed time, let me tell you. Those of you with an
>
> overwhelming fear of the unknown will be gratified to learn that
>
> there is no hidden message revealed by reading this warning
> backwards,
>
> so just ignore that Alert Notice from Microsoft.
>
> However, by pouring a complete circle of salt around yourself and
>
> your computer you can ensure that no harm befalls you and your
> pets.
>
> If you have received this email in error, please add some nutmeg
>
> and egg whites, whisk and place in a warm oven for 40 minutes.
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
>
>
> Jules
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'It's very unlikely indeed he will ever recover consciousness, and
>
> if he does he won't be the Julian you knew.'
>
> - A hospital consultant I proved very wrong in 2007 :-)
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to <mailto:ZendTo at zend.to>
> http://jul.es/mailman/listinfo/zendto
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'If I were a Brazilian without land or money or the means to feed
my children, I would be burning the rain forest too.' - Sting
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20181102/565a428e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 12883 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20181102/565a428e/attachment-0001.jpg>
More information about the ZendTo
mailing list