amavids-new + clamav = lstat() failed

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
zg0re
Posts: 104
Joined: 2003-06-04 15:33

amavids-new + clamav = lstat() failed

Post by zg0re » 2006-06-12 09:55

So, mein zweites Problem ;)

Ich bekomme folgende Meldungen im Log:

ask_av (ClamAV-clamd) FAILED - unexpected result: /var/amavis/tmp/amavis-20060612T094746-19825/parts: lstat() failed. ERRORn
Jun 12 09:47:46 server amavis[19825]: (19825-01) WARN: all primary virus scanners failed, considering backups

clamav ist in amavis ganz normal eingeschaltet:

['ClamAV-clamd',
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.sock"],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

System ist gentoo:

Code: Select all

emerge --info
Portage 2.1 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r3, 2.6.14-hardened-r8 i686)
=================================================================
System uname: 2.6.14-hardened-r8 i686 AMD Opteron(tm) Processor 146
Gentoo Base System version 1.6.14
dev-lang/python:     2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE=""
ARCH="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CCACHE_SIZE="2G"
CFLAGS="-O2 -pipe -march=opteron -mtune=opteron -momit-leaf-frame-pointer -fomit-frame-pointer -fforce-addr -ftracer"
CHOST="i686-pc-linux-gnu"
CLEAN_DELAY="5"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
CXXFLAGS="-O2 -pipe -march=opteron -mtune=opteron -momit-leaf-frame-pointer -fomit-frame-pointer -fforce-addr -ftracer -fvisibility-inlines-hidden"
DISTDIR="/usr/portage/distfiles"
ELIBC="glibc"
EMERGE_WARNING_DELAY="10"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox"
FETCHCOMMAND="/usr/bin/wget -t 3 --passive-ftp -P ${DISTDIR} ${URI}"
GENTOO_MIRRORS="ftp://ftp.mesh-solutions.com/gentoo ftp://ftp6.uni-muenster.de/pub/linux/distributions/gentoo http://distfiles.gentoo.org"
GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic hardened dlloader"
HOME="/home/philipp"
KERNEL="linux"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
LOGNAME="root"
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.6"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa x86"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib/portage/bin"
PORTAGE_CALLER="emerge"
PORTAGE_CONFIGROOT="/"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="3"
PORTAGE_PYM_PATH="/usr/lib/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
PORT_LOGDIR="/var/log/portage"
PRELINK_PATH=""
PRELINK_PATH_MASK=""
RESUMECOMMAND="/usr/bin/wget -c -t 3 --passive-ftp -P ${DISTDIR} ${URI}"
ROOT="/"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
STAGE1_USE="hardened pic userlocales"
SUDO_COMMAND="/usr/bin/emerge -av --info"
SUDO_GID="100"
SUDO_UID="1000"
SUDO_USER="philipp"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
TERM="xterm"
USE="x86 berkdb bzip2 caps crypt curl dlloader erandom expat fam gdbm glibc-omitfp gmp gzip hardened hash iconv idn imap ithreads libwww linuxthreads-tls logrotate maildir memlimit mhash mime mmap ncurses nls no-old-linux nocd nomac nptl nptlonly pam pcre perl pic posix pwdb python readline sharedmem sockets ssl symlink sysfs sysvipc tcpd threads ucs2 udev unicode urandom userlocales utf8 xml xml2 xsl zlib elibc_glibc kernel_linux linguas_en userland_GNU"
USER="root"
USERLAND="GNU"
USE_EXPAND="DVB_CARDS ELIBC FCDSL_CARDS FRITZCAPI_CARDS INPUT_DEVICES KERNEL LINGUAS LIRC_DEVICES USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults"
XARGS="xargs -r"
Die Mails werden dann nur über ['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

gescannt.

Kann es sein, dass das irgendwie am grsec liegt?

Hier die betreffenden Zeilen aus der kernel config:

Code: Select all

CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
CONFIG_GRKERNSEC_MEDIUM=y
# CONFIG_GRKERNSEC_HIGH is not set
# CONFIG_GRKERNSEC_CUSTOM is not set
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
# CONFIG_GRKERNSEC_PROC_ADD is not set
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
# CONFIG_GRKERNSEC_CHROOT_FCHDIR is not set
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
# CONFIG_GRKERNSEC_CHROOT_SHMAT is not set
CONFIG_GRKERNSEC_CHROOT_UNIX=y
# CONFIG_GRKERNSEC_CHROOT_FINDTASK is not set
# CONFIG_GRKERNSEC_CHROOT_NICE is not set
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
# CONFIG_GRKERNSEC_RESLOG is not set
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
# CONFIG_GRKERNSEC_PROC_IPADDR is not set
CONFIG_GRKERNSEC_EXECVE=y
# CONFIG_GRKERNSEC_SHM is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDSRC=y
# CONFIG_GRKERNSEC_SOCKET is not set
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

tiberian
Posts: 61
Joined: 2006-04-14 01:45

Re: amavids-new + clamav = lstat() failed

Post by tiberian » 2006-06-12 22:04

Hi,

hast Du zufällig kurz vorher den Clamav updated und die Configfile via etc-update überschrieben ?

Bei mir war das n ähnliches Problem und das lag an folgendem Eintrag in der /etc/clamd.conf

Code: Select all

User clamav
das mag amavisd-new nicht wenn da n user eingetragen ist. Einfach wieder auskommentieren.

Evtl. ist das die Lösung deines Problems.

Grüße
Tiberian

zg0re
Posts: 104
Joined: 2003-06-04 15:33

Re: amavids-new + clamav = lstat() failed

Post by zg0re » 2006-06-13 10:33

Danke dir, das hat das Problem gelöst :)