Hi there,
On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote:
> I managed to install clamav-0.103.5 but I can't get it to work with
> mimedefang. In the maillog I always get:
>
> mimedefang.pl[3520]: 245Fuojh003739: Could not connect to clamd daemon
> at /var/spool/MIMEDefang/clamd.sock
When you use clamd to scan mail, something (obviously) has to send the
mail to clamd. The data passes between the process which sends it and
the clamd process through something called a socket. If the processes
are on different machines (as I explained is the way I do it here) the
socket will be a network-style socket. It can also be that kind of
socket if the processes are on the same machine, but usually it's what
we call a Unix socket. The socket appears in the filesystem as a file
and it has characteristics usually associated with files, e.g. a name,
ownerships and a set of permissions. Whatever sends the mail to clamd
and clamd itself need both to be configured with those things in mind.
To communicate with each other, the processes share a single socket.
It's clamd which creates it. MIMEDefang looks for it. Obviously the
socket needs to be created before MIMEDefang looks for it so clamd has
to be started before MIMEDefang so the socket is there to be found.
> when I ran ./configure to install mimedefang it detected clamd and it said:
> 'Make sure clamd runs as the defang user!'
> how does one do this?
It's not strictly necessary. The daemons need to be able to confer,
and having them all run as the same user/group IDs is one way that can
be used to give them the needed permissions on the shared socket.
If the process sending the data to clamd doesn't have write permission
for the socket then clamd won't get the data. If it doesn't have read
permission, it won't get clamd's replies.
The clamd configuration in clamd.conf (or whatever danged silly name
this configuration file has in a Fedora/RedHat/CentOS system) tells
clamd the owner/group that it's to run as. The ownership/group of the
socket created by clamd will be that of the user and group given there
too. MIMEDefang has configuration information stored in a similar way
in its configuration file. The socket pathname needs to be the same
in both configurations so that the two daemons can talk to each other
via that socket. If the daemons happen to be running as two different
users you can get around the socket ownership/permissions by putting
those users in the same group. You can create a group for the purpose
or use an existing one like clamav or mimedefang. Give the socket the
same group ID and group read/write permission. You could instead give
to the socket read and write permission for *everyone*, but that's bad
advice so only do it for testing.
> I tried:
> # runuser -l defang -c/usr/local/sbin/clamd &
> but md still throws the same error. it's not creating the clamd.sock file.
If clamd is in /usr/local/sbin/clamd then to start it from the command
line you could just type
/usr/local/sbin/clamd
but you need to configure it by editing the configuration file(s) first.
I say "file(s)" because some distributions mess about with configuration
file names and locations, and Red Hat in particular is one of them.
You can send commands to clamd from the command line for testing.
Read the man page using
man clamd
which explains the syntax. For example after I edit my Yara rules, I
might send the 'reload' command to the clamd daemon using
# echo "RELOAD" | telnet 192.168.33.19 3310
Notice that's root sending the command, so it has the permissions. If
I tried to do taht using my own account
$ echo "RELOAD" | telnet 192.168.33.19 3310
it would fail. My own account doesn't have the needed permissions.
You can set verbose logging in the configuration, and look in the logs
to get more information than you ever thought you wanted about what's
happening at startup...
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml