/var/log/maillog qmail-scanner error

Posted by bbinkovitz on 2006.10.21 @ 09:22

Filed under:

We were getting this series of errors when running the qmail-scanner test script (/downloads/qmailrocks/qmail-scanner-1.25/contrib/test_installation.sh -doit):

spamd[18368]: spamd: connection from localhost.localdomain [127.0.0.1] at port 51721 
spamd[18368]: spamd: setuid to qscand succeeded 
spamd[18368]: spamd: creating default_prefs: /home/qscand/.spamassassin/user_prefs 
spamd[18368]: config: cannot write to /home/qscand/.spamassassin/user_prefs: Permission denied 
spamd[18368]: spamd: failed to create readable default_prefs: /home/qscand/.spamassassin/user_prefs 
spamd[18368]: spamd: checking message <20061020172304.21308.qmail@leikata.softpixel.com> for qscand:509 
spamd[18368]: locker: safe_lock: cannot create tmp lockfile /home/qscand/.spamassassin/auto-whitelist.lock.leikata.softpixel.com.18368 for /home/qscand/.spamassassin/auto-whitelist.lock: Permission denied 
spamd[18368]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /home/qscand/.spamassassin/auto-whitelist.lock.leikata.softpixel.com.18368 for /home/qscand/.spamassassin/auto-whitelist.lock: Permission denied 
spamd[18368]: bayes: locker: safe_lock: cannot create tmp lockfile /home/qscand/.spamassassin/bayes.lock.leikata.softpixel.com.18368 for /home/qscand/.spamassassin/bayes.lock: Permission denied 
spamd[18368]: spamd: clean message (-0.0/5.0) for qscand:509 in 0.0 seconds, 327 bytes. 
spamd[18368]: spamd: result: . 0 - NO_RECEIVED,NO_RELAYS scantime=0.0, size=327,user=qscand,uid=509, required_score=5.0,rhost=localhost.localdomain, raddr=127.0.0.1, rport=51721,mid=< 20061020172304.21308.qmail@leikata.softpixel.com>, autolearn=failed 
spamd[18366]: prefork: child states: II 
qmail-scanner[21309]: Clear:RC:1(127.0.0.1):SA:0(0.0/5.0): 0.068512 327 <> postmaster@softpixel.com Qmail-Scanner_test_(1/4):_inoffensive_message <20061020172304.21308.qmail@leikata.softpixel.com> 1161364984.21311-0.leikata:68 orig-leikata116136498477521309:327 
X-Antivirus-MYDOMAIN-1.25-st-qms: [leikata116136498577521320] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

I had to manually create the .spamassassin directory for user spamd:

# cd /home/qscand
# mkdir .spamassassin
# chown qscand:qscand .spamassassin/
# chmod 700 .spamassassin/

This solved the first few errors.

We still got the qmail-scanner error, however:

spamd[21615]: spamd: connection from localhost.localdomain [127.0.0.1] at port 52795 
spamd[21615]: spamd: checking message <20061020174801.21726.qmail@leikata.softpixel.com> for root:510 
spamd[21615]: spamd: clean message (-0.0/5.0) for root:510 in 0.1 seconds, 327 bytes. 
spamd[21615]: spamd: result: . 0 - NO_RECEIVED,NO_RELAYS scantime=0.1,size=327,user=root,uid=510, required_score=5.0, rhost=localhost.localdomain, raddr=127.0.0.1,rport=52795, mid=< 20061020174801.21726.qmail@leikata.softpixel.com>, autolearn=ham 
spamd[21612]: prefork: child states: II 
qmail-scanner[21727]: Clear:RC:1(127.0.0.1):SA:0(0.0/5.0): 0.105559 327 <> postmaster@softpixel.com Qmail-Scanner_test_(1/4):_inoffensive_message < 20061020174801.21726.qmail@leikata.softpixel.com> orig-leikata116136648177521727:327 1161366481.21729-0.leikata:68 
X-Antivirus-MYDOMAIN-1.25-st-qms: [leikata116136648177521738] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

By turning on debugging in qmail-scanner.pl, I determined that this was a permissions issue: qmail-scanner was running clamd as user qscand, but user qscand didn’t have privileges to see the files qmail-scanner wanted it to scan.

Making qmail-scanner run as root by disabling the setuid line in /etc/clamd.conf…

# Run as a selected user (clamd must be started by root).
# Default: disabled
#User qscand

…causes it to work (and the qmail-scanner test script to execute successfully), but we really shouldn’t be doing this.

Instead we need to make qmail-scanner write the files to scan with appropriate permissions.

1 Comments so far

Thank you for reminding me that clamd should be run as qscand rather than the user clamav was created which normally is clamav. After running clamav for years using the same clamd.conf I had to change the clamd.conf to run the new clamav-0.90rc2 and forgot to change the user. This is the reason for clamdscan not working with qmail-scanner-1.25.

Submitted by Frank (not verified) on 2006.11.06 @ 18:32. |

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <pre> <div> <span> <b> <i> <br> <table> <tr> <td> <th> <small> <sub> <tex> <equation> <equations> <s>
  • You can enable syntax highlighting of source code with the following tags: [code], [blockcode], [applescript], [bash], [c], [cpp], [css], [diff], [drupal5], [drupal6], [html4], [java], [javascript], [latex], [lisp], [lua], [m68k], [make], [mysql], [objc], [pascal], [perl], [php], [python], [ruby], [sql], [xml].
  • You may insert videos with [video:URL]
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Adds typographic refinements.
  • LaTex commands embedded in text will be interpreted and rendered. Additional information can be found at DruTex Documentation Pages
    • Allowed commands include: \atop \binom \cdot \cfrac \choose \frac \int \ln \over \sum \to
      Allowed environments include: align array equation equations gather matrix split
    • Provides different environments to create rendered images (especially maths).
    • Assists automatic numbering of tex, equation, and equations environments.

    More information about formatting options