clamav-milter postfix defaults fail

Bug #151850 reported by Matt LaPlante on 2007-10-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Debian)
Fix Released
Unknown
clamav (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: clamav-milter

Testing clamav-milter in Gutsy, 0.91.2-3ubuntu1. The default socket given for postfix is SOCKET=local:/var/spool/postfix/clamav/ (in /etc/defaults/clamav-milter). First of all, this seems weird since it's a directory and not a file name. Regardless, milter startup fails:

local:/var/spool/postfix/clamav/: No such file or directory
LibClamAV Error: Can't open/create local:/var/spool/postfix/clamav/
Fri Oct 12 01:19:47 2007 -> Stopping ClamAV version 0.91.2, clamav-milter version 0.91.2
Fri Oct 12 01:27:21 2007 -> ClamAV-milter started at Fri Oct 12 01:27:21 2007

What's additionally annoying is that the init script returns OK, even though the daemon didn't start properly.

Another point is that the milter init script tries to rm -f the socket file at one point, which fails since the file here is a directory.

Even if one changes the directory to a filename (remove the trailing slash), creation still fails with permission denied.

Fri Oct 12 01:28:06 2007 -> ClamAV-milter started at Fri Oct 12 01:28:06 2007
local:/var/spool/postfix/clamav: Permission denied
LibClamAV Error: Can't open/create local:/var/spool/postfix/clamav
Fri Oct 12 01:28:06 2007 -> Stopping ClamAV version 0.91.2, clamav-milter version 0.91.2

Related branches

Scott Kitterman (kitterman) wrote :

Note that by default that entry is commented out. Please give me the clamav milter related bits of your Postfix main.cf and master.cf so I can try to replicate the situation (I use Postfix with clamav, but use clamsmtp so I don't have a clamav-milter setup handy).

Even if I setup Postfix to point to the actual socket, there are still
permissions issues to deal with (that I haven't figured out yet). Unless I
can figure a general solution to getting clamav-milter working with Postfix
that won't break using it with Sendmail, I'm going to leave this alone for
Gutsy.

If you unchroot Postfix it will find the socket file in the normal location.

Matt LaPlante (cybrmatt) wrote :

Yes, well my rationale was that if an example is going to be included that one can uncomment and use, it should probably work. :)

I can solve the problem fairly simply... I leave the path as suggested, but add an actual socket file name to it:
SOCKET=local:/var/spool/postfix/clamav/clamav.ctl

I then manually create the clamav directory (as root). My current working system has the clamav dir, plus the socket, owned by clamav and in the postfix group, mode 775. This should be fairly trivial to do with the new init script since it already has a variable specifying postfix.

Scott Kitterman (kitterman) wrote :

Adding the filename to the default option makes sense and seems to be the only thing missing after you do what's in README.Debian.

Changed in clamav:
assignee: nobody → kitterman
importance: Undecided → Low
status: New → In Progress
Matt LaPlante (cybrmatt) wrote :

There are a couple other issues with the init script that will case it to fail with postfix chroot:

- It doesnt give the postfix user any write permissions to the socket (which is dynamically created/destroyed).
- There's a race condition where it doesn't wait for the socket file to be created, so the chgrp command actually fails silently.

I've made the following modifications which, although not particularly dynamic, make it work properly on my setup:

  while [ ! -e "$SOCKET_PATH" ]; do
    sleep 2
  done

  if [ $ret = 0 ] && [ -e "$SOCKET_PATH" ] && [ "$USE_POSTFIX" = 'yes' ]; then
    chgrp postfix $SOCKET_PATH
    chmod g+w $SOCKET_PATH
  fi

Scott Kitterman (kitterman) wrote :

Uploaded.

Changed in clamav:
assignee: kitterman → nobody
status: In Progress → Fix Committed
Scott Kitterman (kitterman) wrote :

README.Debian gives instructions that I think work through the permissions issues. I'm not comfortable this close to release with automagically messing with permissions issues.

The Debian maintainer and I have discussed closer cooperation on clamav. I've added a better set of options for Postfix to my list of things to discuss with him.

Thanks for your contribution. In the meantime Debian has the exact same issues, so if you want to file bugs against clamav-milter in the Debian BTS, that would help get this on his radar screen.

Changed in clamav:
status: Unknown → New
Scott Kitterman (kitterman) wrote :

clamav (0.91.2-3ubuntu2) gutsy; urgency=low

  * Correct Postfix socket location for clamav-milter in
    debian/clamav-milter.default (LP: #151850)

 -- Scott Kitterman <email address hidden> Fri, 12 Oct 2007 11:13:10 -0400

Changed in clamav:
status: Fix Committed → Fix Released
Changed in clamav:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.