store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 1:59 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: wrong user in clamd.conf and freshclam.conf
Unread postPosted: Fri Oct 03, 2014 6:37 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
For many years now, every now and then clamd.conf and freshclam.conf have mysteriously had the User and DatabaseOwner changed back to the default qscand, even though I had changed both to "root" for use with ASL's FTP scanning.

This has annoyed the heck out of me.

I initially thought it was down to the configs being overwritten during a qmail-scanner reinstall event, but I looked very carefully and found the configs are no longer overwritten.

The problem turns out to be related to that, but not in the way I first thought - it is the qmail-scanner-reconfigure script that actually makes the changes.

The script looks at the CLAMD_USER setting in /etc/qmail-scanner.ini and rewrites the clamd.conf and freshclam.conf confgs based on the user shown in that line.

Has anyone looked any deeper into the qmail-scanner code? Is this the ONLY use that CLAMD_USER is put to? If so, a simple solution to my problem is changing that from qscand to root and boom, nothing more to worry about - although I really hate running clamd as root.

Edit: Having looked more closely, it does use that variable for other things. Hmm....

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: wrong user in clamd.conf and freshclam.conf
Unread postPosted: Fri Oct 03, 2014 9:07 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
I could put that project up on our github repo, it hasnt had a big review for things like this in quite a while. https://github.com/atomicorp/

We already have project-gamera, aooi, and the atomic-scanner plesk plugin there


Top
 Profile  
Reply with quote  
 Post subject: Re: wrong user in clamd.conf and freshclam.conf
Unread postPosted: Sun Oct 05, 2014 7:26 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
It's OK really.

qmail-scanner-reconfigure, a one-off event, will change the User and DatabaseOwner to qscand by default.

And within an hour /etc/cron.hourly/freshclam will have changed ownership on the clamav databases and logs to match.

So the only thing that fails when this happens is FTP scanning.

Maybe the freshclam script just needs to be changed to look for the presence of the ASL-specific psa-proftpd (and associated config?), and if found it should actually change user and databaseowner to root rather changing the owner of the database and logs to whatever is in the clamd.conf and freshclam.conf files?

Better still, maybe the clamav User/DatabaseOwner could be something specified in the ASL config file, with the cron freshclam script checking for that and sucking the setting out of that?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: wrong user in clamd.conf and freshclam.conf
Unread postPosted: Sat Feb 07, 2015 1:27 pm 
Offline
Forum User
Forum User

Joined: Thu Jan 08, 2009 4:31 am
Posts: 35
Location: Fort Worth, TX
I have 2 servers all using the qmail-scanner stack and this problem crops up all the time only on my primary server.

On my secondary server, clamav is happy is a clam to run as qscand:qscand.

Both run CentOS release 6.6 (Final).

Running 'freshclam' is how I test.

Code:
-bash-4.1# ls -la
total 312
drwxrwxr-x  2 qscand qscand   4096 Jan 29 13:36 .
drwxr-xr-x 18 root   root     4096 Feb  7 03:15 ..
-rwxrwxr-x  1 clamav clamav  26624 Feb  7 12:04 freshclam.log
-rwxrwxr-x  1 clamav clamav  43264 Dec 28 05:06 freshclam.log-20141228
-rwxrwxr-x  1 clamav clamav  85504 Jan 11 03:56 freshclam.log-20150111
-rwxrwxr-x  1 clamav clamav  43776 Jan 18 06:18 freshclam.log-20150118
-rwxrwxr-x  1 clamav clamav 102334 Feb  2 17:21 freshclam.log-20150202
-bash-4.1# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64


Code:
[root@server clamav]# ls -la
total 852
drwxrwxr-x  2 qscand qscand   4096 Jan 29 12:36 .
drwxr-xr-x 16 root   root     4096 Feb  7 03:17 ..
-rwxrwxr-x  1 qscand qscand  52975 Feb  7 11:21 clamd.log
-rwxrwxr-x  1 qscand qscand  58970 Jan 11 02:27 clamd.log-20150111
-rwxrwxr-x  1 qscand qscand  61772 Jan 18 02:29 clamd.log-20150118
-rwxrwxr-x  1 qscand qscand  61149 Jan 25 02:26 clamd.log-20150125
-rwxrwxr-x  1 qscand qscand  61262 Feb  1 03:03 clamd.log-20150201
-rwxrwxr-x  1 qscand qscand 115401 Feb  7 11:22 freshclam.log
-rwxrwxr-x  1 qscand qscand  39454 Jan 11 02:27 freshclam.log-20150111
-rwxrwxr-x  1 qscand qscand 124712 Jan 18 02:29 freshclam.log-20150118
-rwxrwxr-x  1 qscand qscand 122044 Jan 25 02:26 freshclam.log-20150125
-rwxrwxr-x  1 qscand qscand 141409 Feb  1 03:03 freshclam.log-20150201
[root@server clamav]# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64


Now to break the server with qscand:qscand:
Code:
[root@server clamav]# chown clamav:clamav *
[root@server clamav]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
[root@server clamav]# chown qscand:qscand *
[root@server clamav]# freshclam
ClamAV update process started at Sat Feb  7 11:26:48 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20041, sigs: 1320012, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 245, sigs: 43, f-level: 63, builder: dgoddard)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group