Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: uli334 on June 16, 2016, 03:08:38 PM
-
Hello,
I've installed dansguardian on "SME 9.1 i386" following the wiki (https://wiki.contribs.org/Dansguardian).
Then activated "ClamAV support" exactly as described.
Then, if I use HTTPS (i.e. "https://www.google.de/") in Firefox on a connected workstation, I can reach that site.
But if I try to reach site with HTTP (i.e. "http://pro-linux.de/'), the site is blocked with the reason "/tmp/tfMY2JuE: Access denied. ERROR" in the browser.
In "/var/log/messages" you can see:
"ClamD error: /tmp/tfMY2JuE: Access denied. ERROR"
"dansguardian[12337]: scanFile/Memory returned error: -1"
Has anybody installed dansguardian on SME 9.1 as I did? I use it on a couple of SME 8.2 servers without any problem...
Greetings,
Uli
-
I've looked in post https://forums.contribs.org/index.php?topic=42736.0 and changed to "clamdudsfile = '/var/run/clamav/clamd.socket'" in "clamdscan.conf". This results in the error: "Error connecting to ClamD socket" in the browser.
-
clamdudsfile = '/var/clamav/clamd.socket' is the correct value you should have.
just posted the link ( on your other topic) in case, so you can go back.
Then what I suspect more is a problem on the side of clamd.
I suggest you to take a look at the following and report any warnings:
/var/log/messages
/var/log/clamd/current
also the output of the following commands could help:
# config show clamd
# /sbin/e-smith/audittools/newrpms
# /sbin/e-smith/audittools/templates
-
In "/var/log/messages" you can see:
"ClamD error: /tmp/tfMY2JuE: Access denied. ERROR"
"dansguardian[12337]: scanFile/Memory returned error: -1"
last thought :
the access denied error ( maybe you will have more on this in the logfile of clamav) but could indicate that the tmp file created by dansguardiand is for user and group dansguardian:dansguardian with no read access to the file to other groups.
if this is the problem one workaround could be:
usermod -a -G dansguardian clamav
maybe your setting with sme8 gave higher allowance in file size for in memory scanning avoiding to have to scan a temp file.
-
Hello,
tried "usermod -a -G dansguardian clamav" restarted dansguardian and loaded a http- site in the Browser:
Result in "/var/log/messages":
ClamD error: /tmp/tfV5M7Ab: Access denied. ERROR
Jun 18 13:26:37 <servername> dansguardian[14962]: scanFile/Memory returned error: -1
Jun 18 13:26:39 <servername> dansguardian[14964]: ClamD error: /tmp/tfd5v1pQ: Access denied. ERROR
Jun 18 13:26:39 <servername> dansguardian[14964]: scanFile/Memory returned error: -1
Jun 18 13:26:41 <servername> dansguardian[14966]: ClamD error: /tmp/tfce0ZEt: Access denied. ERROR
Jun 18 13:26:41 <servername> dansguardian[14966]: scanFile/Memory returned error: -1
Jun 18 13:26:45 <servername> dansguardian[14967]: ClamD error: /tmp/tfd9CtcU: Access denied. ERROR
In "/var/log/clamd/current":
@400000005765300222622984 Access denied: /tmp/tfUXDO2o
@40000000576530312fc79334 Access denied: /tmp/tfZwlFjo
----------
Commands and output:
- config show clamd:
"clamd=service
MemLimit=1400000000
status=enabled"
----------
- /sbin/e-smith/audittools/newrpms
dansguardian.i386 2.10.1.1-1.el6.sme @smecontribs
hddtemp.i686 0.3-0.20.beta15.el6 @smecontribs
perl-rrdtool.i686 1.4.7-1.el6.rfx @smecontribs
rrdtool.i686 1.4.7-1.el6.rfx @smecontribs
smeserver-crontab_manager.noarch 2.4-3.el6.sme @smecontribs
smeserver-dansguardian.noarch 2.10-1.el6.sme @smecontribs
smeserver-diskusage.noarch 0.2.0-2.el6.sme @smecontribs
smeserver-lazy_admin_tools.noarch 1.1-4.el6.sme @smecontribs
smeserver-sme9admin.noarch 1.5-15.el6.sme @smecontribs
unrar.i686 5.0.3-1.el6.rf @/unrar-5.0.3-1.el6.rf.i686
----------
- /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/squid/squid.conf/05refreshpattern: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/smb.conf/11logonScript: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/home/e-smith/ssl.crt: MANUALLY_ADDED, OVERRIDE
----------
-
I did this to get dansguardian to use clamav:
1) install dansguardian according to the wiki
yum --enablerepo=smecontribs install smeserver-dansguardian
2) enable clamav according to the wiki
edit /etc/dansguardian/dansguardian.conf and uncomment following line:
contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
at the end of the file, add following lines:
# OPTION: virusscanexceptions
# If off, antivirus scanner will ignore exception sites and urls.
virusscanexceptions = on
edit /etc/dansguardian/contentscanners/clamdscan.conf and uncomment
clamdudsfile = '/var/run/clamav/clamd.socket'
3. Correct settings for SME 9
I believe that the path to clamd.socket changed with SME 9 (the Dansguardian wiki page was last edited in 2009...). I don't know if the two processes (dansguardian and clamav) have always needed to run as the same user, or if this is also new since 2009.
3a. The path to clamd.socket must match the path given in /etc/clamd.conf
edit /etc/dansguardian/contentscanners/clamdscan.conf and set clamdudsfile to:
clamdudsfile = '/var/clamav/clamd.socket'
3b. Dansguardian and Clamav must run as the same user for clamav scanning to work. Set Dansguardian to run as 'clamav' as follows:
edit /etc/dansguardian/dansguardian.conf , uncomment 'daemonuser' and 'daemongroup', and set 'daemonuser' to 'clamav':
daemonuser = 'clamav'
daemongroup = 'dansguardian'
3c. Correct the ownership problems you'll run into if you change the dansguardian daemonuser:
chown clamav /var/log/dansguardian/access.log
'rm' -rf /tmp/.dguardianipc
'rm' -rf /dguardianurlipc
4. Restart dansguardian and test
/etc/init.d/dansguardian restart
That's it -- the dansguardian log now reports "*SCANNED*" instead of "*INFECTED* *DENIED*"
-
Hello mmccarn, hello Jean-Philippe,
the last post did it! Online scanning now works, I tested it with sone eicar- files.
Thank you for your help! The correctures shouldt appear in the wiki, how can this be done?
Best regards, Uli
-
Added to the wiki:
https://wiki.contribs.org/Dansguardian#ClamAV_.26_Dansguardian_on_SME_9.2B
If there is a maintainer for the contrib that should probably be updated, too...
-
If there is a maintainer for the contrib that should probably be updated, too...
He (myself) will
;)
thanks for the debuging
-
Hello,heres something that still attracted my attention,
I'll close this here soon, but one detail shows up yesterday: dansguardian, running as "clamav:dansguardian" closed and archived the first "access.log" and then didn't succseed in creating a new. As consequence of this, dansguardian stopped.
I think the reason was that the rights, set on the directory "/var/log/dansguardian/" were still "dansguardian:dansguardian" and "755". I changed them now to "clamav:dansguardian" and "775". I'll close this here, when dansguardian successful archives the next "access.log" and creates a new...
Greetings, Uli
-
actually I am planning of patching this by removing group and user dansguardian and run dansguardian as clamav:clamav, I will provide all the migration fragment so it will be transparent for users
thanks for reporting this element.
-
Hello, and sorry, I've benn in holidays for three weeks...
it's really so, that after changing the rights of "/var/log/dansguardian/" as described, dansguardian does'nt succseed in creating a new "access.log". As consequence of this it stops working.
I can work around from week to week by creating the "access.log" by hand.
Actually it looks like this in "/var/log/dansguardian/":
-rw-rw-r-- 1 clamav dansguardian 132532 20. Jul 02:43 access.log.1.gz
-rw-rw-r-- 1 clamav dansguardian 39852709 26. Jun 03:20 access.log-20160626
-rw-rw-r-- 1 clamav dansguardian 424917 3. Jul 03:21 access.log-20160703
-rw-rw-r-- 1 clamav dansguardian 1972026 19. Jul 03:47 access.log-20160719
-rw-rw-r-- 1 clamav dansguardian 30388 6. Jul 03:01 access.log.3.gz
-rw-rw-r-- 1 clamav dansguardian 917036 29. Jun 03:21 access.log.4.gz
It seems, that dansguardian creates new logfiles, but not with the correct name, but with date in its name.
For a while it works with this, but anytime its stops...
Now I rename "access.log-20160719" to "access.log" and restart dansguardian.
Patching it would be nice, thanks Jean-Philippe.
Uli
-
Hi
Just done a new server install and installed latest dansguardian
Had same problem with log file, after following post above and wiki to set up content scanning with clamav.
When access.log rotates, dansguardian can't create a new one. restarting dansguardian gives failure message that it is running as user clamav and can't create the access.log
I changed the ownership of all files in the /var/log/dansguardian directory to clamav:dansguardian.
Changing the ownership of the /var/log/dansguardian directory itself resolved the problem. Access.log created and dansguardian restarted OK