<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
On 21/07/2010 15:27, Gavin Silver wrote:
<blockquote
cite="mid:AF3B610E0140EA4C9D8C9D50ECF75D9201BFD4D495B3@galvatron"
type="cite">
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# freshclam<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">ClamAV
update process started at
Wed Jul 21 14:21:25 2010<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">main.cvd
is up to date (version:
52, sigs: 704727, f-level: 44, builder: sven)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Downloading
daily-11403.cdiff
[100%]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">daily.cld
updated (version:
11403, sigs: 103267, f-level: 53, builder: arnaud)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">bytecode.cvd
is up to date
(version: 31, sigs: 7, f-level: 53, builder: nervous)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Database
updated (808001
signatures) from db.local.clamav.net (IP: 194.8.197.22)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Clamd
successfully notified
about the update.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# service clamd
restart<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Stopping
Clam AntiVirus
Daemon: [ OK ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Starting
Clam AntiVirus
Daemon: [ OK ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# chkconfig clamd
on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# which clamdscan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">/usr/bin/clamdscan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# echo hi >
/var/zendto/incoming/testscanme<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# chown
apache.apache /var/zendto/incoming/*</span></p>
</div>
</blockquote>
That will still leave the file "testscanme" most likely with global
read permissions, which isn't what ZendTo should do by default. So
please read on...<br>
<blockquote
cite="mid:AF3B610E0140EA4C9D8C9D50ECF75D9201BFD4D495B3@galvatron"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]# clamdscan
/var/zendto/incoming/*<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">/var/zendto/incoming/testscanme:
OK</span></p>
</div>
</blockquote>
That looks okay, but what happens if you<br>
chmod o-rwx /var/zendto/incoming/*<br>
clamdscan /var/zendto/incoming/*<br>
?<br>
If that doesn't work, then add "apache" to the end of the line that
starts "clamav" in /etc/group and then run "grpconv". Then restart
clamd and try clamdscan again.<br>
<br>
The full list of dependencies is listed at<br>
<a class="moz-txt-link-freetext" href="http://www.zendto.com/rpm.html">http://www.zendto.com/rpm.html</a><br>
<br>
If you still can't make it work, then as a stop-gap measure while we
investigate further you can edit your
/opt/zendto/config/preferences.php and change "clamdscan" to
"clamscan". This will be a lot slower, but should get around the
problem for now.<br>
<br>
"clamdscan" uses the daemon "clamd" to do the actual scanning, which
has already started up and read all the virus signature databases,
which is why it's lots faster. However, clamd runs as the "clamav"
user, not as root. So it can only access files which are available to
the "clamav" user or the "clamav" group.<br>
<br>
So you have to add the "apache" group (which owns all the files created
by the web server, and hence all the files created by ZendTo) to the
"clamav" group so that clamd can read them if it's given group read
permissions (and group execute permissions in the case of directories).<br>
<br>
So by adding "apache" to the "clamav" line in /etc/group, then
rebuilding the shadow file using "grpconv", and then restarting clamd,
it gets to refresh its version of what it can read.<br>
<br>
At which point clamdscan will work.<br>
<br>
Hopefully that helps explain what is going on and how it all works a
little better.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<br>
<blockquote
cite="mid:AF3B610E0140EA4C9D8C9D50ECF75D9201BFD4D495B3@galvatron"
type="cite">
<div class="Section1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">-----------
SCAN SUMMARY
-----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Time:
0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">[root@files
~]#<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);">----------------------------------<br>
Gavin Silver</span><span style="color: rgb(31, 73, 125);"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">
<a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zendto.com">zendto-bounces@zendto.com</a>
[<a class="moz-txt-link-freetext" href="mailto:zendto-bounces@zendto.com">mailto:zendto-bounces@zendto.com</a>] <b>On Behalf Of </b>Jules<br>
<b>Sent:</b> Tuesday, July 20, 2010 5:26 PM<br>
<b>To:</b> ZendTo Users<br>
<b>Subject:</b> [ZendTo] Re: unable to upload<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><br>
<br>
On 20/07/2010 21:24, Gavin Silver wrote: <o:p></o:p></p>
<p class="MsoNormal">centos 4.5<o:p></o:p></p>
<p class="MsoNormal">rpm install<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">followed docs to download and install all the
dependencies
including clamav<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 12pt; font-family: "Times New Roman","serif";">That
means it probably couldn't find clamdscan, which should be part of the
ClamAV
RPMs the docs told you to download. When logged in as root, what do you
get
from a "which clamdscan" command?<br>
<br>
The error return code 2 implies an error occurred during virus
scanning. Put
some files (anything will do for a test) into /var/zendto/incoming,
then
"chown apache.apache /var/zendto/incoming/*" and run a command such
as<br>
clamdscan /var/zendto/incoming/*<br>
and see what it says.<br>
<br>
If it says "acccess denied" lots of times then what might be wrong is
that the clamav group may need adding to the apache group in
/etc/group. Find
the line in /etc/group starting with "apache" and add
"clamav" to the end of it. Then run the command "grpconv"
to build the shadow file. Then "service clamd restart" and then try
clamdscan again.<br>
<br>
If it still complains that it couldn't read files, then you either need
to
disable SELinux or configure it correctly so it can read the files
under
/var/zendto/incoming. I don't know much about SELinux so you're on your
own a
bit there, hopefully Google will help.<br>
<br>
When you find the solution, please let me know so that I can add it to
the
docs.<br>
<br>
Once you have got "clamdscan /var/zendto/incoming" working, you
should be there.<br>
<br>
Thanks,<br>
Jules.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">getting: </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<table class="MsoNormalTable"
style="border-style: solid none; border-color: -moz-use-text-color; border-width: 1.5pt medium; width: 50%;"
border="1" cellpadding="0" width="50%">
<tbody>
<tr>
<td style="border: medium none ; padding: 0.75pt;">
<p class="MsoNormal"><b><span
style="font-size: 9pt; font-family: "Times New Roman","serif"; color: rgb(0, 0, 64);">Upload
Error</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border: medium none ; padding: 0.75pt;">
<p class="MsoNormal" style="text-align: justify;"><span
style="font-size: 7.5pt; font-family: "Times New Roman","serif"; color: rgb(0, 0, 64);">The
attempt to virus-scan your drop-off failed. Please contact your
administrator for assistance.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);">after the file
uploads</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);">Where should I
start looking first?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; color: rgb(31, 73, 125);">----------------------------<br>
Gavin Silver<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:ZendTo@zendto.com">ZendTo@zendto.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CITP CEng<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.ZendTo.com">www.ZendTo.com</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Need help fixing or optimising your systems?<o:p></o:p></pre>
<pre>Contact me!<o:p></o:p></pre>
<pre>Need help getting you started solving new requirements from your boss?<o:p></o:p></pre>
<pre>Contact me!<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
<pre>Follow me at twitter.com/JulesFM<o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size: 12pt; font-family: "Times New Roman","serif"; color: windowtext;">--
<o:p></o:p></span></p>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zendto.com">ZendTo@zendto.com</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.ZendTo.com">www.ZendTo.com</a>
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
</pre>
</body>
</html>