Question RE Kaspersky 8.0 (klms) socket permission error

Jakob Curdes via amavis-users amavis-users at amavis.org
Mon Jan 20 16:07:39 CET 2014


Am 20.01.2014 15:31, schrieb Jernej Porenta:
> What about directory permissions of /var/run/klms?
>
Looks correct to me:
drwxrwx---. 2 kluser    klusers   4096 Jan 20 16:05 klms

JC

>
> On 20/01/14 15:15, Jakob Curdes via amavis-users wrote:
>>
>> Hi, we are installing the kaspersky for linux mail scanner 8.0 in
>> conjunction with amavis following klms's manual.
>> We are looking at our screens and do not understand why this is not
>> working.
>>
>> We have
>>    ### Kaspersky Security 8.0 for Linux Mail Server
>>    ['Kaspersky Security 8.0 for Linux Mail Server',
>>      \&ask_daemon, ["nCONTSCAN {}\n", "/var/run/klms/rds_av"],
>>      qr/\bOK$/m, qr/\bFOUND$/m,
>>      qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>>
>> and the socket looks like this:
>>
>> srw-rw----. 1 kluser klusers 0 Jan 20 14:57 /var/run/klms/rds_av
>>
>> The user "amavis" is member of the "klusers" group so he should be able
>> to access the socket.
>> But the log tells us differently:
>> Jan 20 15:02:36 commsrv amavis[18023]: (18023-01) (!)connect to
>> /var/run/klms/rds_av failed, attempt #1: Can't connect to UNIX socket
>> /var/run/klms/rds_av: Permission denied
>> Jan 20 15:02:36 commsrv amavis[18023]: (18023-01) Kaspersky Security 8.0
>> for Linux Mail Server: All attempts (1) failed connecting to
>> /var/run/klms/rds_av, retrying (1)
>> Jan 20 15:02:37 commsrv amavis[18023]: (18023-01) (!)connect to
>> /var/run/klms/rds_av failed, attempt #1: Can't connect to UNIX socket
>> /var/run/klms/rds_av: Permission denied
>>
>> etc.
>> We checked that the amavis process actually uses the user amavis and
>> double-checked the group entries. All is correct, still we get "no
>> permission". SELinux is set to "permissive" for testing and does not
>> report any denies.
>> Even when I set the user of the socket file to amavis:amavis, we still
>> get "permission denied" errors.  What is this?
>>
>>
>> Regards,
>> JC
>>



More information about the amavis-users mailing list