avast4linux with avast4mail on gentoo - permission problem?

Avast Mac Security
1

Hi,

I installed avast4linux and avst4mail (and libavastengine) on a gentoo-machine with qmail an like to integrate it into qmail.
I followed the instructions in the INSTALL file but I get the following error when starting avastd:


May 04 15:07:51 avastd[25301]: info: Starting avast! daemon
May 04 15:07:51 avastd[25301]: info: using this configuration for section 'mail'
May 04 15:07:51 avastd[25301]: info:   daemons count: default=3, maximum=10
May 04 15:07:51 avastd[25301]: info:   avast! interface: /var/run/avastmail/mailscanner.sock (timeout: 300s)
May 04 15:07:51 avastd[25301]: info:   user: avmail
May 04 15:07:51 avastd[25301]: info:   group: avmail
May 04 15:07:51 avastd[25301]: info:   rootdir: /var
May 04 15:07:51 avastd[25301]: info:   datadir: /var/lib/avast4
May 04 15:07:51 avastd[25301]: info:   tempdir: /var/tmp/avast4
May 04 15:07:51 avastd[25301]: info:   licensefile: /var/lib/avast4/License.dat
May 04 15:07:51 avastd[25301]: info:   scan subdirectories: no
May 04 15:07:51 avastd[25301]: info:   avast! engine flags: testall
May 04 15:07:51 avastd[25301]: info:   packers: types=A, maxdepth=32, summary archives=no
May 04 15:07:51 avastd[25301]: info:   packers bombs: maxfilesize=500000, maxcompressratio=50, compresscheckthre
shold=10000
May 04 15:07:51 avastd[25301]: info:                  maxtotalcompressratio=100, totalcompresscheckthreshold=100
0
May 04 15:07:51 avastd[25301]: info:   log scan results: loginfected logscanerrors
May 04 15:07:51 avastd[25301]: info: listenning on unix socket /var/run/avastmail/mailscanner.sock
May 04 15:07:51 avastd[25302]: warning: can't set group name to 'avmail', Operation not permitted
May 04 15:07:51 avastd[25302]: warning: can't change program root directory to '/var', Operation not permitted
May 04 15:07:51 avastd[25301]: info: started new 'mail' process (pid=25302)
May 04 15:07:51 avastd[25303]: warning: can't set group name to 'avmail', Operation not permitted
May 04 15:07:51 avastd[25303]: warning: can't change program root directory to '/var', Operation not permitted
May 04 15:07:51 avastd[25301]: info: started new 'mail' process (pid=25303)
May 04 15:07:51 avastd[25304]: warning: can't set group name to 'avmail', Operation not permitted
May 04 15:07:51 avastd[25304]: warning: can't change program root directory to '/var', Operation not permitted
May 04 15:07:51 avastd[25301]: info: started new 'mail' process (pid=25304)

But the avastd seems to run.

When sending a mail I get the following error:


May 04 15:09:47 avastd[23278]: info: new avast! socket connection at /var/run/avastmail/mailscanner.sock
May 04 15:09:47 avastd[23278]: warning: mail[23279]: /var/lib/avastmail/tmp/msg131675372  [E]     Permission denied
May 04 15:09:47 avastd[23278]: info: closing avast! connection

In the header of the send mail I get the following:


X-Antivirus: avast! (VPS 100226-0, 26.02.2010)
X-Antivirus-Status: Unscanned, scan failed

Yes, I know, the VPS is not up to date but its only on a seperated virtual machine for testing the basic funtionallity.

Any help would be nice. I can give more info if one needs it.

Regards

2

hallo,
just make sure that those groups exist, and the detination directories have the proper rights. this is usually distribution-dependent.

regards,
pc

3

Hello,

thank you for your answer. Which directories do you mean exactly?
Here are my user:group configs:


# grep avmail /etc/passwd
avmail:x:412:412:avastmail:/var/run/avastmail:/sbin/nologon
# grep avmail /etc/group
avmail:x:412:
# groups avmail
avmail

Permissions of directories:


# ls -al /var/lib/avastmail/
insgesamt 1
drwxrwxr-x  4 avmail avmail  104  5. Mai 15:30 .
drwxr-xr-x 41 root   root   1136  5. Mai 15:30 ..
drwxrwxr-x  2 avmail avmail   88  5. Mai 15:30 notification
drwxrwx---  2 avmail avmail   48  5. Mai 15:40 tmp
# ls -al /var/run/avastmail/
insgesamt 1
drwxrwx--T  2 avmail avmail  80  5. Mai 16:01 .
drwxr-xr-x 16 root   root   824  5. Mai 16:01 ..
srw-rw----  1 avmail avmail   0  5. Mai 16:01 mailscanner.sock

Thank you for your help!

4

do you run avastd as root, to be able to switch to the proper uid/gid?

regards,
pc

5

Yes, I start it as root. Its the same result if I start it with /etc/init.d/avastd or directly with /usr/sbin/avastd
Here’s the ps output from a running process. As you see, the gid is not changed:


# ps -eo uid,gid,args | grep avast
    0     0 avastd
  412     0 avastd
  412     0 avastd
  412     0 avastd
6

then, run avastd under strace -f , to get clue why are the system calls for setuid/setgid/chdir failing (why is the returned value -EPERM). doesn’;t make sense for me, when the software runs under root-account.

regards,
pc

7

I have run avastd under strace -f but do not find a reason for my problem. The log is to big to attach it. Here is the link to it. Would be nice if you could have a look at it.
http://dl.dropbox.com/u/712194/avastd-strace.txt

regards and thank you

8

Seems like there’s bad ordering of id-changes, where uid-change preceedes groupid-change - i’ll forward it to my colleague who’s responsible for this piece of code, test build will be available tommorow.

regards,
pc

9

Hallo,
here’s the test-build, the issue should be gone - please, let me know:

http://public.avast.com/~cimbal/avastd_fix.tar.gz

regards,
pc

10

It works! Thanks a lot!

11

ok, fixed release is built right now…
pc