amavis-user April 2014 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: (no subject)

(no subject)

From: Alexander Dalloz via amavis-users <amavis-users_at_nospam>
Date: Tue Apr 15 2014 - 12:39:52 GMT
To: amavis-users@amavis.org

Hello,

I have some questions about the interoperability between amavisd-new and
helper tools like the Kaspersky anti-virus solution. I am facing problems
which I have already summarized in a post on the Kaspersky forum:

http://forum.kaspersky.com/index.php?showtopic=293506

I hope it is ok to reference that other posting.

There had been a posting in January 2014 on this mailinglist about more or
less the same problem situation:

http://lists.amavis.org/pipermail/amavis-users/2014-January/002737.html

Unfortunately it hadn't much response and in fact no solution.

>From what I have found and tested it feels to be more an amavisd-new issue
than a Kaspersky software problem. Information about the Debian Wheezy
amavisd-new version and its Perl helper modules, which I haven't added to
the Kaspersky forum post, are these:

Apr 15 14:18:06 ikes19 amavis[3125]: logging initialized, log level 2,
syslog: amavis.mail
Apr 15 14:18:06 ikes19 amavis[3125]: starting. /usr/sbin/amavisd-new at
iskeg03.iske.net amavisd-new-2.7.1 (20120429), Unicode aware
, LANG="en_GB.UTF-8"
Apr 15 14:18:06 ikes19 amavis[3125]: perl=5.014002, user=, EUID: 106
(106); group=, EGID: 110 110 (110 110)
Apr 15 14:18:07 ikes19 amavis[3125]: INFO: no optional modules:
Unix::Getrusage
Apr 15 14:18:07 ikes19 amavis[3125]: SpamControl: scanner SpamAssassin,
module Amavis::SpamControl::SpamAssassin
Apr 15 14:18:07 ikes19 amavis[3125]: INFO: SA version: 3.3.2, 3.003002, no
optional modules: Net::CIDR::Lite Encode::Detect Razor2::
Client::Agent IP::Country::Fast Image::Info Image::Info::GIF
Image::Info::JPEG Image::Info::PNG Image::Info::BMP Image::Info::TIFF Ma
il::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech
Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::
Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6
Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod
Mail::SPF::Mod::Ex
p Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech
Mail::SPF::v1::Record Mail::SPF::v2::Record auto::NetAddr::IP::full6
auto::Net
Addr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::inet_n2ad
auto::NetAddr::IP::Util::inet_any2n auto::NetAddr::IP::Util::ipv6_aton
Apr 15 14:18:07 ikes19 amavis[3125]: SpamControl: init_pre_chroot on
SpamAssassin done
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: Process Backgrounded
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: 2014/04/15-14:18:07
Amavis (type Net::Server::PreForkSimple) starting! pid(3174)
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: Binding to UNIX socket
file "/var/lib/amavis/amavisd.sock"
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: Binding to TCP port
10022 on host 127.0.0.1 with IPv4
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: Binding to TCP port
10024 on host 127.0.0.1 with IPv4
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: Group Not Defined.
Defaulting to EGID '110 110'
Apr 15 14:18:07 ikes19 amavis[3174]: Net::Server: User Not Defined.
Defaulting to EUID '106'
Apr 15 14:18:07 ikes19 amavis[3174]: config files read:
/usr/share/amavis/conf.d/10-debian_scripts,
/usr/share/amavis/conf.d/20-pack
age, /etc/amavis/conf.d/01-debian, /etc/amavis/conf.d/05-domain_id,
/etc/amavis/conf.d/05-node_id, /etc/amavis/conf.d/15-av_scanners,
 /etc/amavis/conf.d/15-content_filter_mode,
/etc/amavis/conf.d/20-debian_defaults,
/etc/amavis/conf.d/25-amavis_helpers, /etc/amavis/
conf.d/30-template_localization, /etc/amavis/conf.d/50-user
Apr 15 14:18:07 ikes19 amavis[3174]: Module Amavis::Conf 2.303
Apr 15 14:18:07 ikes19 amavis[3174]: Module Archive::Zip 1.30
Apr 15 14:18:07 ikes19 amavis[3174]: Module BerkeleyDB 0.51
Apr 15 14:18:07 ikes19 amavis[3174]: Module Compress::Zlib 2.033
Apr 15 14:18:07 ikes19 amavis[3174]: Module Convert::TNEF 0.17
Apr 15 14:18:07 ikes19 amavis[3174]: Module Convert::UUlib 1.4
Apr 15 14:18:07 ikes19 amavis[3174]: Module Crypt::OpenSSL::RSA 0.28
Apr 15 14:18:07 ikes19 amavis[3174]: Module DB_File 1.821
Apr 15 14:18:07 ikes19 amavis[3174]: Module Digest::MD5 2.51
Apr 15 14:18:07 ikes19 amavis[3174]: Module Digest::SHA 5.61
Apr 15 14:18:07 ikes19 amavis[3174]: Module File::Temp 0.22
Apr 15 14:18:07 ikes19 amavis[3174]: Module IO::Socket::INET6 2.69
Apr 15 14:18:07 ikes19 amavis[3174]: Module MIME::Entity 5.503
Apr 15 14:18:07 ikes19 amavis[3174]: Module MIME::Parser 5.503
Apr 15 14:18:07 ikes19 amavis[3174]: Module MIME::Tools 5.503
Apr 15 14:18:07 ikes19 amavis[3174]: Module Mail::DKIM::Signer 0.39
Apr 15 14:18:07 ikes19 amavis[3174]: Module Mail::DKIM::Verifier 0.39
Apr 15 14:18:07 ikes19 amavis[3174]: Module Mail::Header 2.09
Apr 15 14:18:07 ikes19 amavis[3174]: Module Mail::Internet 2.09
Apr 15 14:18:07 ikes19 amavis[3174]: Module Mail::SpamAssassin 3.003002
Apr 15 14:18:07 ikes19 amavis[3174]: Module Net::DNS 0.66
Apr 15 14:18:07 ikes19 amavis[3174]: Module Net::Server 2.006
Apr 15 14:18:07 ikes19 amavis[3174]: Module NetAddr::IP 4.062
Apr 15 14:18:07 ikes19 amavis[3174]: Module Socket6 0.23
Apr 15 14:18:07 ikes19 amavis[3174]: Module Time::HiRes 1.972101
Apr 15 14:18:07 ikes19 amavis[3174]: Module URI 1.60
Apr 15 14:18:07 ikes19 amavis[3174]: Module Unix::Syslog 1.1
Apr 15 14:18:07 ikes19 amavis[3174]: Amavis::DB code loaded

Perl's Net::Server is a central component as much as I know and takes care
for binding to the defined ports. Which part is responsible for the EGID
und EUID used by the amavisd-new processes? It looks like there is a main
issue. Why else would there be an error

Apr 14 17:14:29 ikes19 amavis[4265]: (04265-01) (!)connect to
/var/run/klms/rds_av failed, attempt #1: Can't connect to UNIX socket
/var/run/klms/rds_av: Permission denied

when the amavisd-new daemon runs as amavis:amavis (106:110) and the UNIX
permissions for the Kaspersky socket including the complete path are as
outlined in the forum post:

# ls -ld / /var /var/run /var/run/klms
drwxr-xr-x 24 root root 4096 Mar 27 16:24 /
drwxr-xr-x 11 root root 4096 Mar 27 16:16 /var
lrwxrwxrwx 1 root root 4 Mar 24 16:00 /var/run -> /run
drwxrwx--- 2 kluser klusers 1980 Apr 14 18:25 /var/run/klms
# ls -al /var/run/klms/rds_av
srw-rw---- 1 kluser klusers 0 Apr 14 17:47 /var/run/klms/rds_av

# getent group klusers
klusers:x:111:kluser,amavis

The amavis user part of the klusers group.

Regarding the other error situation where the on-demand Kaspersky scanner
fails with "Can't connect to facade" seems to originate from the same
permissions situation.

# ls -al /var/run/klms/facade
srwxr-xr-x 1 kluser klusers 0 Apr 14 17:47 /var/run/klms/facade

amavisd-new isn't setup to run chrooted, while Postfix is (as in Debian's
default configuration).

How to debug this further? I would be really greatful if someone more
intimate with amavisd-new could comment on this and if my report does not
end in the same way as the January posts by Jakob Curdes.

I am a long-time user of amavisd-new and hadn't such problems so far using
ClamAV. It's the firt time that I use the Kaspersky Security 8.0 for Linux
Mail Server product (the anti-virus part only) as a helper for
amavisd-new.

Kind regards

Alexander