OK new server… still hetzner, but other location.
I did a new clean installation.
After the setup Spamassassin was complaning about procmail config, but somehow now it isn’t anymore.
BUT mails with the eicar test virus still get deliverd normally into the users mailbox.
sudo cat /var/log/procmail.log
ERROR: Could not connect to clamd on LocalSocket /run/clamd.scan/clamd.sock: Permission denied
ERROR: Could not connect to clamd on LocalSocket /run/clamd.scan/clamd.sock: Permission deniedI’m on Debian 11 so it appears to be different, but here’s what I have for reference:
root@main:/etc/webmin# ls -lath /run/clamd.scan/clamd.sock
ls: cannot access '/run/clamd.scan/clamd.sock': No such file or directory
root@main:/etc/webmin# ls -lath /run/clamav/clamd.ctl
srw-rw-rw- 1 clamav clamav 0 Dec 6 10:21 /run/clamav/clamd.ctl
procmail: Program failure (1) of "/etc/webmin/virtual-server/clam-wrapper.pl"
From x@x.com Wed Dec 18 13:08:33 2024
Subject: test
Folder: /dev/null 2932
Time:1734545314 From:x@x.com To:y@y.com User:y@y.com Size:2933 Dest:/dev/null Mode:Virus
I think I got it!
I just dont use the sockets.
/etc/clamd.d/scan.conf
LocalSocketMode 666 → disabled
LocalSocket /run/clamd.scan/clamd.sock → disabled
TCPSocket 3310 → enabbled
TCPAddr localhost → enabled
In /var/log/procmail.log
procmail: Program failure (1) of "/etc/webmin/virtual-server/clam-wrapper.pl"
From hello@panic.at Wed Dec 18 19:22:53 2024
Subject: EICAR Test Virus
Folder: /home/o-arp.de/homes/arpo/Maildir/.virus/new/1734546173.1360 4962
Time:1734546173 From:hello@panic.at To:arpo@o-arp.de User:arpo.o-arp.de Size:5008 Dest:/home/o-arp.de/homes/arpo/Maildir/.virus/new/1734546173.1360_0.server.o-arp.de Mode:VirusI still get Program failure - but dosen’t this just means that it has found a virus?
Maybe procmail: Program failure (1) of “/etc/webmin/virtual-server/clam-wrapper.pl” can the changed to something like “virus found” only?
I just hope I don’t run into any other problems not becose of the changes.
On the other side… the virus scanner is only used for email.
So I was right … It was just a misconfigured ISO problem.
No. A socket is the usual way to connect to locally running services (and the more secure way), and the way we normally do so. Changing to using ports doesn’t provide a general solution to this problem.
Ideally, we’d answer the question of why the file socket configuration isn’t working, rather than switch to using ports.
I’m not sure to understand why You said this to me. Wasn’t it @Skafan who was suggesting Socket ? Me I was talking about the ISO. And reading again I think it was the problem (Because he only used the Hetzner ISO, the fact he changed of location, according to me, doesn’t change anything, the ISO is probably the same. He didn’t try the one from the Official Debian repo or Rocky)
We don’t know if the ISO is “misconfigured”. All we know is that the installer script didn’t work. Different configurations doesn’t equal wrong. This could simply be carry over from older builds.
Speculation at best. It could be correct but we don’t know. As far as I know I can’t download the ISO from either of my providers. It is preinstalled. It might be nice for testing purposes but expensive on bandwidth from theirs. Mine also point to internal repos so even trying to work with them remotely would be problematic.
I’m saying that the ISO has nothing to do with it, as a socket is the default in all supported distros and it is the right way for it to be configured.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.