Mailing List Archive

Hi there,

On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:

> Seems starting or restarting clamav-milter (systemctl restart clamav-milter.service)
> changes owner and group of /var/run/clamav-milter.socket to root which make the
> socket inaccessible to postfix (at least).

This isn't about clamav-milter, it's about your system and the way it
does things. Try reading some of the the systemd 'man' pages, e.g.

man systemctl
man systemd.socket
man systemd.syntax

and if that doesn't help search for something like

systemctl unit files

with which you will probably need to get used to tinkering.

If you have 'locate' on your system you could also try

locate .socket | grep clam

which might find your clamav-milter systemd .socket file.

I admit (profess?) I much prefer to do things like this myself, rather
than have something like systemd do it for me, but it seems to be The
Way Of The World at the moment.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hi there,
>
> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Seems starting or restarting clamav-milter (systemctl restart
> clamav-milter.service)
>> changes owner and group of /var/run/clamav-milter.socket to root which make
> the
>> socket inaccessible to postfix (at least).
>
> This isn't about clamav-milter, it's about your system and the way it
> does things. Try reading some of the the systemd 'man' pages, e.g.
>
> man systemctl
> man systemd.socket
> man systemd.syntax
>
> and if that doesn't help search for something like
>
> systemctl unit files
>
> with which you will probably need to get used to tinkering.
>
> If you have 'locate' on your system you could also try
>
> locate .socket | grep clam
>
> which might find your clamav-milter systemd .socket file.

Don't I already know where the sockets are?

/var/run/clamav-milter.socket and /run/clamav-milter.socket

The "unit" files seem to be at

/usr/lib/systemd/system/clamav-milter.service
/usr/lib/systemd/system/clamd.service

the clamav-milter.service is quite similar to the clamd.service
which does not alter the owner or group.

[Unit]
Description=Clamav antivirus milter daemon
After=network.target clamd.service
Requires=clamd.service

[Service]
Type=forking
ExecStart=/usr/sbin/clamav-milter
; it will switch to vscan user
;User=vscan
;Group=vscan
;PrivateTmp=yes

[Install]
WantedBy=multi-user.target


> I admit (profess?) I much prefer to do things like this myself, rather
> than have something like systemd do it for me, but it seems to be The
> Way Of The World at the moment.
>
> --
>
> 73,
> Ged.

I'll keep at it. Maybe have a go at the opensuse support forums as well.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:

> Hi there,
>
> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Seems starting or restarting clamav-milter (systemctl restart
>> clamav-milter.service)
>> changes owner and group of /var/run/clamav-milter.socket to root
>> which make the
>> socket inaccessible to postfix (at least).
>
> This isn't about clamav-milter, it's about your system and the way it
> does things. Try reading some of the the systemd 'man' pages, e.g.

It *is* about clamav-miiter. The owner and permissions of the socket
are set in /etc/clamav-milter.conf, Joe may want to check this
configuration file as I believe the defaults in there are not what is
needed on openSUSE when you use Postfix.

Regards, Arjen


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>
>> Hi there,
>>
>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>
>>> Seems starting or restarting clamav-milter (systemctl restart
>>> clamav-milter.service)
>>> changes owner and group of /var/run/clamav-milter.socket to root
>>> which make the
>>> socket inaccessible to postfix (at least).
>>
>> This isn't about clamav-milter, it's about your system and the way it
>> does things. Try reading some of the the systemd 'man' pages, e.g.
>
> It *is* about clamav-miiter. The owner and permissions of the socket
> are set in /etc/clamav-milter.conf, Joe may want to check this
> configuration file as I believe the defaults in there are not what is
> needed on openSUSE when you use Postfix.
>
> Regards, Arjen
>

Setting "MilterSocketGroup" to "postfix" did the deed.

Thanks. Yet another one I should have figure out on my own.

joe a



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>>
>>> Hi there,
>>>
>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>>
>>>> Seems starting or restarting clamav-milter (systemctl restart
>>>> clamav-milter.service)
>>>> changes owner and group of /var/run/clamav-milter.socket to root
>>>> which make the
>>>> socket inaccessible to postfix (at least).
>>>
>>> This isn't about clamav-milter, it's about your system and the way it
>>> does things. Try reading some of the the systemd 'man' pages, e.g.
>>
>> It *is* about clamav-miiter. The owner and permissions of the socket
>> are set in /etc/clamav-milter.conf, Joe may want to check this
>> configuration file as I believe the defaults in there are not what is
>> needed on openSUSE when you use Postfix.
>>
>> Regards, Arjen
>>
>
> Setting "MilterSocketGroup" to "postfix" did the deed.
>
> Thanks. Yet another one I should have figure out on my own.
>
> joe a

My error. It did change group to postfix, but left owner as root, which
still prevents socket access.






_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Tue, 23 Feb 2021, Arjen de Korte via clamav-users wrote:
> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>>
>>
>> This isn't about clamav-milter, it's about your system and the way it
>> does things. Try reading some of the the systemd 'man' pages, e.g.
>
> It *is* about clamav-miiter. The owner and permissions of the socket are set
> in /etc/clamav-milter.conf, Joe may want to check this configuration file as
> I believe the defaults in there are not what is needed on openSUSE when you
> use Postfix.

You do have a point, and I may have jumped a couple of steps, but with
the greatest respect the OP installed from OpenSUSE packages and has
already posted his configuration (from 'clamconf -n'). He's using the
default values, which are not to set these things in the clamav-milter
config but to let the system do it. I haven't seen an OpenSUSE Clamav
installation but I *think* it uses systemd to do these things. Whatever
it uses, I'm sure that OpenSUSE's packaging should handle it, and if it
doesn't do that correctly it needs to be fixed. That's beyond the OP's
scope at the moment but he'll get there.

It's also true that the OP may have changed things without telling us,
and that there may be some quirks I don't know about - as I've already
said in this thread - but I do think the issue here is systemd config.

This is not to say that it can't be worked around by the configuration
of clamav-milter directly, of course it can, but if he does that he'll
be confused by the next update, when it bleats about files having been
changed from the versions which were distributed in OpenSUSE packages.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>
>>> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>>>
>>>> Hi there,
>>>>
>>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>>>
>>>>> Seems starting or restarting clamav-milter (systemctl restart
>>>>> clamav-milter.service)
>>>>> changes owner and group of /var/run/clamav-milter.socket to root
>>>>> which make the
>>>>> socket inaccessible to postfix (at least).
>>>>
>>>> This isn't about clamav-milter, it's about your system and the way it
>>>> does things. Try reading some of the the systemd 'man' pages, e.g.
>>>
>>> It *is* about clamav-miiter. The owner and permissions of the socket
>>> are set in /etc/clamav-milter.conf, Joe may want to check this
>>> configuration file as I believe the defaults in there are not what is
>>> needed on openSUSE when you use Postfix.
>>>
>>> Regards, Arjen
>>>
>>
>> Setting "MilterSocketGroup" to "postfix" did the deed.
>>
>> Thanks. Yet another one I should have figure out on my own.
>>
>> joe a
>
> My error. It did change group to postfix, but left owner as root, which
> still prevents socket access.
>

Sorry for the email blasts, I should have more discipline at my age.

/etc/clamav-milter.conf has yet another item "User" the escaped my
notice. Perhaps medication is a solution . . .

joe a.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Joe Acquisto-j4 <joea@j4computers.com>:

>>> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>>>
>>>> Hi there,
>>>>
>>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>>>
>>>>> Seems starting or restarting clamav-milter (systemctl restart
>>>>> clamav-milter.service)
>>>>> changes owner and group of /var/run/clamav-milter.socket to root
>>>>> which make the
>>>>> socket inaccessible to postfix (at least).
>>>>
>>>> This isn't about clamav-milter, it's about your system and the way it
>>>> does things. Try reading some of the the systemd 'man' pages, e.g.
>>>
>>> It *is* about clamav-miiter. The owner and permissions of the socket
>>> are set in /etc/clamav-milter.conf, Joe may want to check this
>>> configuration file as I believe the defaults in there are not what is
>>> needed on openSUSE when you use Postfix.
>>>
>>> Regards, Arjen
>>>
>>
>> Setting "MilterSocketGroup" to "postfix" did the deed.
>>
>> Thanks. Yet another one I should have figure out on my own.
>>
>> joe a
>
> My error. It did change group to postfix, but left owner as root, which
> still prevents socket access.

Uncommenting the line

#MilterSocketMode 660

will probably fix that.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Citeren Joe Acquisto-j4 <joea@j4computers.com>:
>
>>>> Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:
>>>>
>>>>> Hi there,
>>>>>
>>>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>>>>
>>>>>> Seems starting or restarting clamav-milter (systemctl restart
>>>>>> clamav-milter.service)
>>>>>> changes owner and group of /var/run/clamav-milter.socket to root
>>>>>> which make the
>>>>>> socket inaccessible to postfix (at least).
>>>>>
>>>>> This isn't about clamav-milter, it's about your system and the way it
>>>>> does things. Try reading some of the the systemd 'man' pages, e.g.
>>>>
>>>> It *is* about clamav-miiter. The owner and permissions of the socket
>>>> are set in /etc/clamav-milter.conf, Joe may want to check this
>>>> configuration file as I believe the defaults in there are not what is
>>>> needed on openSUSE when you use Postfix.
>>>>
>>>> Regards, Arjen
>>>>
>>>
>>> Setting "MilterSocketGroup" to "postfix" did the deed.
>>>
>>> Thanks. Yet another one I should have figure out on my own.
>>>
>>> joe a
>>
>> My error. It did change group to postfix, but left owner as root, which
>> still prevents socket access.
>
> Uncommenting the line
>
> #MilterSocketMode 660
>
> will probably fix that.
>
>

It did. Owner changed back to root, with commenting out User, but,
all appears to work.

joe a



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net>:

> This is not to say that it can't be worked around by the configuration
> of clamav-milter directly, of course it can, but if he does that he'll
> be confused by the next update, when it bleats about files having been
> changed from the versions which were distributed in OpenSUSE packages.

As soon as you modify a file in openSUSE that is marked as a
configuration file in the package (and I can confirm, the
/etc/clamav-milter.conf file is marked as such) it will not be
overwritten on updates. In this case, /etc/clamav-milter.conf.rpmnew
will be created which can then be merged back by using the
'etc-update' tool. So there is no risk that changes will be overwritten.

Note that in openSUSE, the milter interface is primarily used for
'sendmail' so the defaults in the /etc/clamav-milter.conf file may be
more geared towards that than 'postfix'.

Regards, Arjen



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml