I have been following the The Perfect SpamSnake - Ubuntu Jeos 9.10 how to and have got to the point of where MailScanner and Postfix are configured and running. I get the following error every time the server handles a piece of mail: Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2208 Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Clamd found 1 infections Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Found 1 viruses Here are the permissions on /var/spool/MailScanner/ root@ubuntufirewall:/var/spool/MailScanner# ll total 12 drwxr-xr-x 9 postfix www-data 4096 2010-04-28 12:44 incoming drwxr-xr-x 3 postfix www-data 4096 2010-04-28 12:05 quarantine drwxr-xr-x 2 postfix www-data 4096 2010-04-28 12:05 spamassassin Here are the permissions on /var/spool/MailScanner/incomming root@ubuntufirewall:/var/spool/MailScanner/incoming# ll total 44 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 2193 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2199 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2202 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2205 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2208 drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 Locks -rw------- 1 postfix www-data 4096 2010-04-28 12:44 Processing.db -rw------- 1 postfix www-data 10240 2010-04-28 12:44 SpamAssassin.cache.db drwx------ 2 postfix www-data 4096 2010-04-28 12:44 SpamAssassin-Temp I also get a warning message in /var/log/clamav/clamav.log Wed Apr 28 12:44:24 2010 -> WARNING: lstat() failed on: /var/spool/MailScanner/incoming/2208 /opt/MailScanner/etc/MailScanner.conf is set as per the how to. Where Incoming Work Group = clamav Incoming Work Permissions = 0640 /etc/clamav/clamd.conf is configured with User clamav AllowSupplementaryGroups true To try and fix the problem I have Added clamav to the postfix group: postfix:x:115:clamav Added the following line to /etc/apparmor.d/usr.sbin.clamd: /var/spool/MailScanner/incomming/* rw,
Hey, Try the following: usermod -a -G postfix clamav Verify 'AllowSupplementaryGroups yes' is set in clamd.conf Let me know if that worked and i'll update the guide. Thanks
I ran usermod -a -G postfix clamav and Verified 'AllowSupplementaryGroups tRue' in the clamav.conf. I still received the error. I should have mentioned in the original post i am using Ubuntu Server 9.10 AMD64. I am not sure if that would make a difference but thought I should mention it. Thanks
OK it looks like I have got it fixed. First I removed Apparmor - I am sure there is a way to modify the profile to get it to go but i couldn't figure it out. I could leave apparmor installed and put the clamav profile in complain mode and it worked as well. Second I added clamav to the www-data group. Which now that I am looking back at the permissions I posted for the /var/spool/MailScanner/incoming directory makes perfect sense. Thanks for your help..i am off to finish the how to.
Just to Add to Maxum's post I did the following which ridded me of the dreaded Clam error: Assumptions: 1. clamd is located in Code: /usr/sbin 2. AppAromor profiles are held in Code: /etc/apparmor.d 3. MailScanner incoming queue is Code: /var/spool/MailScanner/incoming Obviously you will need to do the following to add clamd to the www-data group so that it can access the directory: Code: sudo usermod -a -G www-data clamav Now edit the profile for clamd: Code: sudo nano /etc/apparmor.d/usr.sbin.clamd Add the Incoming folder to the list of folders Code: /var/spool/MailScanner/** rw, /var/spool/MailScanner/incoming/** rw, Now to be honest, I dont really need the second line as the ** means files AND directories underneath the current directory but will leave it in there as "it's what worked for me". After that I reload ALL the Apparmor profiles (it was easier at the time to find that than find how to reload just one). Code: sudo /etc/init.d/apparmor reload After this send yourself a test mail and look at mail.log using: Code: tail -f /var/log/mail.log And watch as clamd does not error. Hope this helps. Regards Drex
Good addition. I take it that you didn't remove apparmor? This is good for those who prefer to use it. Thanks, Rocky
Hi Rocky, No, I didn't, I didn't see any point in removing it plus it just means my system that that bit more secure! Though I could be wrong as I am no Genius when it comes to Linux. Regards Drex
