[ZendTo] {Disarmed} Re: Zend.to error during drop-off

Jules Field Jules at Zend.To
Thu Oct 25 17:43:06 BST 2018


Adding "apache" to the "virusgroup" is a safer way of fixing this problem.

Cheers,
Jules.

On 25/10/2018 16:48, Gray McCord via ZendTo wrote:
>
> Jules, you triggered something I found a few weeks ago: a problem with 
> the latest clamd update on my Centos 7 Zendto systems.
>
> After updating to clamd v100.1, uploads failed in Zendto. The error 
> was that the clamd daemon could not access the needed socket file in 
> /var/run/clamd.scan
>
> The problem was that the update apparently changed something that 
> altered the group used by the clamd daemon to "virusgroup" from 
> "clamscan" Changing the group owner of /var/run/clamd.scan to 
> "clamscan" fixed it BUT
>
> Every time the system rebooted, the /var/run/clamd.scan directory was 
> recreated with the wrong group owner "virusgroup"
>
> The fix required editing a template file, 
> /usr/lib/tmpfiles.d/clamd.scan.conf, and changing the contents:
>
> From:
>
> d /run/clamd.scan 0710 clamscan virusgroup
>
> To:
>
> d /run/clamd.scan 0710 clamscan clamscan
>
> That fixes it!
>
> Maybe this is the issue?
>
> Gray McCord
>
> /Adapt, Mutate, Migrate, or Die/
>
> -C. Darwin
>
> *From: *ZendTo <zendto-bounces at zend.to> on behalf of Jules Field via 
> ZendTo <zendto at zend.to>
> *Organization: *ZendTo
> *Reply-To: *ZendTo Users <zendto at zend.to>
> *Date: *Thursday, October 25, 2018 at 10:41 AM
> *To: *Ken Etter <kle at msktd.com>, ZendTo List <zendto at zend.to>
> *Cc: *Jules Field <Jules at Zend.To>
> *Subject: *{Disarmed} Re: [ZendTo] Zend.to error during drop-off
>
> Edit your /etc/passwd file to set the shell for your Apache user to 
> /bin/bash.
> Then "pwconv" so the change takes effect.
> Then try this
>     su - apache (or whatever user your Apache is running as)
>     clamdscan /var/zendto/*
>     clamdscan --fdpass /var/zendto/*
>     exit
> What happened? Did the virus scans both complete successfully?
>
> If not, and you're running CentOS/RedHat 7, try this and then give the 
> above another try:
>     groupmems --group virusgroup --add apache
>     systemctl restart httpd
>
> I added that extra groupmems command to the Installer a day or two ago 
> when I discovered that RedHat/CentOS had changed their group 
> membership rules in an update.
>
> Any improvement?
>
> Cheers,
> Jules.
>
> P.S. Otherwise, if you can give me remote ssh access I can login 
> myself and take a look for you. I would be interested to see what it 
> is, if it's not any of the above.
>
> On 25/10/2018 16:22, Ken Etter wrote:
>
>     Yep, PHP 7.2 is installed.  I've run through the installer
>     multiple times now.  No change, still get the error.
>
>     Ken
>
>     >>> Jules Field <Jules at Zend.To> <mailto:Jules at Zend.To> 10/25/2018
>     11:15 AM >>>
>
>     > Do you have PHP 7.2 installed?
>
>     My Installer can be run in stages, and those stages can be run
>     independently.
>
>     So you might want to download the Installer, unpack it and wander
>     into it. In what will obviously be the right sub-dir for your OS,
>     you will see the numbered scripts.
>
>     # cd install.ZendTo/CentOS-RedHat/
>
>     # ls
>
>     1-devtools.sh 3-clamav.sh 5-httpd-php.sh 7-zendto.sh CentOS6 RHEL7
>
>     2-php.sh 4-firewall.sh 6-email.sh 8-selinux.sh RHEL5
>
>     #
>
>     If your web server is already working nicely, then you can
>     probably skip stage 1 (though it won't do any harm).
>
>     If you haven't installed PHP 7.2 along with things like the sodium
>     extension, then run stage 2 which installs PHP. (Grab a backup
>     copy of your ZendTo installation first, as it may have to remove
>     the *whole* of PHP first which can also remove ZendTo and other
>     PHP applications in the process, before it can install the correct
>     version).
>
>     Stages 3 and 5 shouldn't do any damage, but will add any new
>     settings they need for PHP and so on.
>
>     Stage 7 does the actual ZendTo installation itself, which it will
>     do as an upgrade if it finds a zendto RPM already installed. Well
>     worth running.
>
>     Stage 8 is only relevant if you are using SELinux, and won't do
>     anything if you're not.
>
>     Since version 4, ZendTo no longer needs any form of custom-built
>     PHP or anything like that. So there's no recompiling to be done.
>
>     Then if you have a previous preferences.php and/or zendto.conf,
>     you need to use
>
>     /opt/zendto/bin/upgrade_preferences_php
>
>     and
>
>     /opt/zendto/bin/upgrade_zendto_conf
>
>     to upgrade those files.
>
>     Also, if you have done an RPM upgrade from ZendTo 4, you probably
>     have a whole stack of *.rpmnew files in /opt/zendto/templates. You
>     want to move each of those into place so they replace your old
>     *.tpl files.
>
>     As I said, it really is faster/easier/better to build v5 from
>     scratch, its requirements are so different from v4.
>
>     Hope that helps,
>
>     Jules.
>
>     On 25/10/2018 15:59, Ken Etter wrote:
>
>         None of that helps. I'm building a new system. This is a
>         production system. I never had problems in the past with
>         upgrading so I went ahead and did it. Bad move. Unless anyone
>         has any other ideas, I will just keep working on setting up
>         the new system. I have to get something running again for my
>         users.
>
>         Ken
>
>         >>> Jules Field via ZendTo <zendto at zend.to> <mailto:zendto at zend.to>
>         10/25/2018 10:53 AM >>>
>
>         > Yes, those directories do need to be writable by whatever user and group
>         your web server is running as.
>
>         If you are using SELinux (most likely if you are using CentOS
>         or RedHat), then I would also advise
>
>         restorecon -FRv /opt/zendto /var/zendto
>
>         to reset all the SELinux attributes to the values configured
>         by my Installer.
>
>         Also, if you think it might be an SELinux problem, you can
>         switch it into "permissive" mode by
>
>         setenforce permissive
>
>         systemctl restart httpd
>
>         systemctl restart clamd at scan
>
>         To switch it back to "enforcing", you then do
>
>         setenforce enforcing
>
>         systemctl restart httpd
>
>         systemctl restart clamd at scan
>
>         Cheers,
>
>         Jules.
>
>         On 25/10/2018 14:31, Gray McCord via ZendTo wrote:
>
>             I’ve seen that message as well. Check the file permissions
>             on the /opt/zendto directories. Seems like I needed to
>             make them writeable by the apache user, but I could be
>             mistaken.
>
>             Gray McCord
>
>             /Adapt, Mutate, Migrate, or Die/
>
>             -C. Darwin
>
>             *From:*ZendTo <zendto-bounces at zend.to>
>             <mailto:zendto-bounces at zend.to> *On Behalf Of *Ken Etter
>             via ZendTo
>             *Sent:* Thursday, October 25, 2018 8:26 AM
>             *To:* ZendTo List <zendto at zend.to> <mailto:zendto at zend.to>
>             *Cc:* Ken Etter <KLE at msktd.com> <mailto:KLE at msktd.com>
>             *Subject:* Re: [ZendTo] Zend.to error during drop-off
>
>             Going back through the mailing list archives, I see that I
>             am having exactly the same problem as Kevin O'Connor in
>             this thread: *MailScanner has detected a possible fraud
>             attempt from "emea01.safelinks.protection.outlook.com"
>             claiming to be*
>             http://jul.es/pipermail/zendto/2018-June/003208.html
>             <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fpipermail%2Fzendto%2F2018-June%2F003208.html&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=%2FMQVOSO5ZjLwkrQ991eChCvoSfFOLwm3yUcnFSzoRc0%3D&reserved=0>
>
>             Files are uploaded, but I get that error message and the
>             email is not sent.
>
>             There is no stated resolution in that thread. Any
>             suggestions or do I have to rebuild a brand new Zend.To
>             server?
>
>             Zend.To has been fairly solid for me...a bit of a pain to
>             find this upgrade to be so fragile.
>
>             Ken
>
>             >>> Ken Etter via ZendTo <zendto at zend.to
>             <mailto:zendto at zend.to>> 10/25/2018 8:38 AM >>>
>
>             I am running this on Ubuntu 16.04.5 LTS if that matters.
>
>
>             Ken
>
>             >>> Ken Etter via ZendTo <zendto at zend.to
>             <mailto:zendto at zend.to>> 10/25/2018 8:36 AM >>>
>
>             Just upgraded my Zend.To installation from 4.x to 5.15-1.
>             Everything appeared to go ok. But when I click drop-off
>             files, I get an error that states: "Sorry, I failed to
>             drop-off your files! Note that you cannot drop-off
>             directories, only files." I'm not dropping off a
>             directory, just a single file. I tried a couple different
>             file types - same error each time. Any suggestions for
>             fixing this? Thanks!
>
>
>
>
>             *Ken Etter*, System Administrator
>
>             Architectural Group
>
>             260.432.9337 | *MailScanner has detected a possible fraud
>             attempt from "emea01.safelinks.protection.outlook.com"
>             claiming to be* msktd.com
>             <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmsktd.com%2F&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=XsZydsv5daB1usPtdakyqf%2BjPxBLH9n8NbGcrjhC34Y%3D&reserved=0>
>
>             cid:part9.1CF91C30.CC17F0DE at Zend.To
>             <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmsktd.com%2F&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=XsZydsv5daB1usPtdakyqf%2BjPxBLH9n8NbGcrjhC34Y%3D&reserved=0>
>
>             _______________________________________________
>
>             ZendTo mailing list
>
>             ZendTo at zend.to <mailto:ZendTo at zend.to>
>
>             https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjul.es%2Fmailman%2Flistinfo%2Fzendto&data=01%7C01%7CJules%40ecs.soton.ac.uk%7Ca244c38af7594fe02f4008d63a8489e3%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=xP3P4EW7oR3QO73%2Bha6sE0Qt7F6lTIDgT%2B09ppjkZZ0%3D&reserved=0
>
>         Jules
>
>         -- 
>
>         Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>         'The past is supposed to be a place of reference, not a place of
>
>         residence! There is a reason why your car has a big windshield and
>
>         a small rearview mirror. You are supposed to keep your eyes on
>         where
>
>         you are going, and just occasionally check out where you have
>         been.'
>
>           - Willie Jolley
>
>         www.Zend.To <http://www.Zend.To>
>
>         Twitter: @JulesFM
>
>     Jules
>
>     -- 
>
>     Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>     IMPORTANT: This email is intended for the use of the individual
>
>     addressee(s) named above and may contain information that is
>
>     confidential, privileged or unsuitable for overly sensitive persons
>
>     with low self-esteem, no sense of humour or irrational religious
>
>     beliefs. If you are not the intended recipient, any dissemination,
>
>     distribution or copying of this email is not authorised (either
>
>     explicitly or implicitly) and constitutes an irritating social faux
>
>     pas.
>
>     Unless the word absquatulation has been used in its correct context
>
>     somewhere other than in this warning, it does not have any legal
>
>     or no grammatical use and may be ignored. No animals were harmed
>
>     in the transmission of this email, although the kelpie next door
>
>     is living on borrowed time, let me tell you. Those of you with an
>
>     overwhelming fear of the unknown will be gratified to learn that
>
>     there is no hidden message revealed by reading this warning backwards,
>
>     so just ignore that Alert Notice from Microsoft.
>
>     However, by pouring a complete circle of salt around yourself and
>
>     your computer you can ensure that no harm befalls you and your pets.
>
>     If you have received this email in error, please add some nutmeg
>
>     and egg whites, whisk and place in a warm oven for 40 minutes.
>
>     www.Zend.To <http://www.Zend.To>
>
>     Twitter: @JulesFM
>
>
>
> Jules
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> 'It's very unlikely indeed he will ever recover consciousness, and
>   if he does he won't be the Julian you knew.'
>    - A hospital consultant I proved very wrong in 2007 :-)
> www.Zend.To  <http://www.Zend.To>
> Twitter: @JulesFM
>
> _______________________________________________ ZendTo mailing list 
> ZendTo at zend.to http://jul.es/mailman/listinfo/zendto
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'They went with songs to the battle, they were young.
  Straight of limb, true of eye, steady and aglow.
  They were staunch to the end against odds uncounted,
  They fell with their faces to the foe.

  They shall grow not old, as we that are left grow old:
  Age shall not weary them, nor the years condemn.
  At the going down of the sun and in the morning,
  We will remember them.

  They mingle not with their laughing comrades again;
  They sit no more at familiar tables of home;
  They have no lot in our labour of the day-time;
  They sleep beyond England's foam.'
     - Ode of Remembrance, Laurence Binyon

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20181025/0b81c0ec/attachment-0001.html>


More information about the ZendTo mailing list