I will change them to 765 tomorrow and check that it still works. Thanks for the help.
Brian At 18:53 29/12/2002, you wrote: >No problem, but like I said, be careful when dolling out 777 perms, a >virus may be the least of your worries then... Perms are still important.... > >Brian Read wrote: > >>I'm using the a local socket in /var/lib/clamav/clamd.sock >> >>I've now set the permissons on the /var/lib/clamav to 777, deleted the >>socket, and it seems to be working.. >> >>Many thanks >> >>Brian >> >> >> >> >>At 20:45 28/12/2002, you wrote: >> >>>OK, now we have to figure out weather or not we're having a problem with >>>binding the UNIX or TCP port, what does your config say for TCPSocket >>>and LocalSocket? >>> >>>Also 777 for /var/run may not be the best security, 765 is probably >>>better, but in your /etc/group file, you should add the clamav user to >>>root's group, so far that's the most secure way I've found that clamd >>>can still operate without making a HUGE security hole... Just make a >>>clamav user at 102/102 and add the clamav group to root, then set group >>>write to /tmp and /var/run clamd can then use /var/run, but not allow >>>security holes, and it can access /tmp to bind a socket, but will not >>>make any holes in your local machine security... having /var/run 777 may >>>be a problem because then an arbitrary program can easily identify file >>>descriptors for priveleged access, not a good thing... >>> >>>Try that and see how it goes... >>> >>>I should be back tomorrow around noon or so... >>> >>>Good Luck, >>>-Matt >>> >>> >>>Brian Read wrote: >>> >>>>Ok, set /var/run to 777, and that eliminated the error message about >>>>/var/run/clamd.pid >>>> >>>>but still get bind() error >>>> >>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>Sat Dec 28 11:38:22 2002 -> +++ Started at Sat Dec 28 11:38:22 2002 >>>>Sat Dec 28 11:38:22 2002 -> Log file size limited to 1048576 bytes. >>>>Sat Dec 28 11:38:22 2002 -> Verbose logging activated. >>>>Sat Dec 28 11:38:22 2002 -> Running as user qmailq (UID 404, GID 401) >>>>Sat Dec 28 11:38:22 2002 -> Reading databases from /usr/share/clamav >>>>Sat Dec 28 11:38:23 2002 -> Protecting against 7286 viruses. >>>>Sat Dec 28 11:38:23 2002 -> ERROR: bind() error. >>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>> >>>>any more thoughts? >>>> >>>>cheers >>>> >>>>Brian >>>> >>>> >>>> >>>>At 00:07 28/12/2002, you wrote: >>>> >>>>>Check out the clamav.conf file... In the file, there are two locations >>>>>you want to check... >>>>> >>>>>The first entry is LocalSocket it set to /tmp/clamd by default. Set >>>>>this to somewhere that clamd can write to with its UID/GID. /tmp is >>>>>the best, but that requires perms to /tmp. >>>>> >>>>>The second entry is TCPSocket, it's simply a number set 3310 by >>>>>default. If 3310 is already in use by another program, and you wish to >>>>>use it as a TCP based virus server, then change this to something else >>>>>that you know can be accessed by other machines, etc, but unless clamd >>>>>is being run as root, which in your case, it is not, definately don't >>>>>go below 1024.... You likely do not use this, so just make sure its >>>>>commented out... It's kind of a useless feature unless you're doing >>>>>something real bizarre with clamd. >>>>> >>>>>Best thing to do is change the UID/GID that clamd is running under.... >>>>>I have clamd running as it's own user with UID/GID at 102/102, my >>>>>perms for /tmp are 777 owned by root.root and perms for /var/run are >>>>>755 root.root as well. my clamav user is also in the root group, >>>>>allwing me to give it more without letting perms go... Just make sure >>>>>not to let the clamav user log in... ;-) >>>>> >>>>>Thus clamav runs with priveleged permissions, and has access to lots >>>>>of things that it needs in order to run right... >>>>> >>>>>Brian Read wrote: >>>>> >>>>>>At 20:15 27/12/2002, you wrote: >>>>>> >>>>>>>On Fri, 27 Dec 2002 12:38:11 -0700 >>>>>>>Matt Blecha <[EMAIL PROTECTED]> wrote: >>>>>>> >>>>>>> > Here's another question... Does the qmailq user have perms to bind to >>>>>>> > unix or tcp sockets, if it can't bind a unix or tcp socket, that >>>>>>> would >>>>>>> > be why the crash happens... clamd does not do very good error >>>>>>> reporting >>>>>>> >>>>>>>There was no crash, just an error and exit. clamd don't log to the >>>>>>>console, >>>>>>>because it detaches from it just after dropping the privileges. I think >>>>>>>you're reight, and this is a permission problem. Brian, try to change >>>>>>>the TCPSocket value. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>You'll have to give me some details of what to do, I am out of my >>>>>>depth here. >>>>>> >>>>>>cheers >>>>>> >>>>>>Brian >>>>>> >>>>>> >>>>>>--------------------------------------------------------------------- >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>>Brian J Read >>>>www.abandonmicrosoft.co.uk >>>>www.theonlineorganiser.com >>>>www.thepersonalknowledgebase.com >>>>Mitel SMEserver Contributions and Howtos: >>>>www.abandonmicrosoft.co.uk/abandon/links.html >>>>+44 1695 723723 >>>> >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >> >>Brian J Read >>www.abandonmicrosoft.co.uk >>www.theonlineorganiser.com >>www.thepersonalknowledgebase.com >>Mitel SMEserver Contributions and Howtos: >>www.abandonmicrosoft.co.uk/abandon/links.html >>+44 1695 723723 >> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > Brian J Read www.abandonmicrosoft.co.uk www.theonlineorganiser.com www.thepersonalknowledgebase.com Mitel SMEserver Contributions and Howtos: www.abandonmicrosoft.co.uk/abandon/links.html +44 1695 723723 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
