Question

7

How to fix amvavis reporting "permission denied" for clamav

rated 0 times [ 7] [ 0] / answers: 1 / hits: 28883 / 3 Years ago, tue, november 30, 2021, 11:09:23

I've recently noticed a frustrating niggle... When processing email, an Ubuntu Server (with all the updates applied) reports "Permission denied" when trying to virus scan attachments.

Apr  2 14:05:20 svr amavis[6376]: (06376-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/parts: lstat() failed: Permission denied. ERROR

"

Apr  2 14:05:20 svr amavis[6376]: (06376-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x30cf250) unexpected , output="/var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/parts: lstat() failed: Permission denied. ERROR

" at (eval 136) line 899.

Apr  2 14:05:20 svr amavis[6376]: (06376-01) (!)WARN: all primary virus scanners failed, considering backups

When I look at the directories in question, I see this:

$ ls -ld /var/lib/amavis/tmp

drwxrwx--- 4 amavis amavis 4096 Apr  2 14:16 /var/lib/amavis/tmp

$ ls -ld /var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/

drwxr-x--- 3 amavis amavis 4096 Apr  2 14:05 /var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/

$ ls -ld /var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/parts                                                                                                                                                                           

drwxr-x--- 2 amavis amavis 4096 Apr  2 14:16 /var/lib/amavis/tmp/amavis-20150402T140519-06376-PZcyHfOt/parts

I made sure the clamd user is a member of the amavisd group - but this didn't fix anything. Can anyone tell me, specifically, which component wants what permissions - and... ideally... what to do to fix this?

Clarification: I am not looking for explanations of the fundamentals of permissions. I am looking for a solution appropriate to this specific problem - which, at first glance, at least, looks as if a component of the amavis suite (perhaps clamd) is using the wrong umask value. Of course, this fault may have arisen as a result of a number of bugs or configuration glitches. I am looking, specifically, for the most appropriate resolution for this case... where a 'vanilla' amavis/clamav install fails to access the contents of temporary folders it creates as/when required to scan inbound email.

I am aware of this similar (non-Ubuntu) question. The Redhat/Centos answer doesn't solve the problem I experience with Ubuntu.

This problem is encountered on "Ubuntu 14.04.2 LTS" - there are no pending updates.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ofunn

Add To Favorites

Follow

Total Points: 164

Total Questions: 116

Total Answers: 116

Location: Liberia

Member since Fri, Oct 22, 2021

3 Years ago

answered 3 Years ago rvousnove · Accepted Answer

While the clamd user was a member of the amavis group, the clamd process was running as the clamav (not clamd) user.

Adding clamav to the amavis group solved the issue.