Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Bug#553333: clamav-milter: inet milter socket configuratio..

  
   Soft32 Home -> Linux -> Bugs RC RSS
Next:  Bug#553319: CVE-2009-3826, CVE-2009-3700  
Author Message
Teodor

External


Since: Nov 08, 2008
Posts: 16



(Msg. 1) Posted: Fri Oct 30, 2009 7:20 am
Post subject: Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav
Archived from groups: linux>debian>bugs>rc (more info?)
Package: clamav-milter
Version: 0.95.2+dfsg-1~volatile1
Severity: serious
Tags: patch

Because of some communication problems between postfix and
clamav-milter local socket, I've choosed to configure clamav-milter
with a network socket:
MilterSocket = "inet:7357@127.0.0.1"

The problem is that every execution of the init.d script will change
the owner of /root directory to 'clamav'. This patch fixes the
problem:

COBRANEW:~# diff -pU2
/etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1
/etc/init.d/clamav-milter
--- /etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1 2009-07-11
21:50:02.000000000 +0300
+++ /etc/init.d/clamav-milter 2009-10-30 12:45:20.000000000 +0200
@@ -172,5 +172,5 @@ make_dir()
[ -n "$User" ] || User=clamav
mkdir -p -m 0755 "$DIR"
- chown "$User:$User" "$DIR"
+ chown "$User" "$DIR"
}

@@ -279,5 +279,5 @@ fi

make_dir "$DataBaseDirectory"
-if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
+if [ "${SOCKET_TYPE}" = "local" ]; then
make_dir $(dirname "$SOCKET_PATH")
chown $User $(dirname "$SOCKET_PATH")

Please include it in the next upload (probably for the new upstream
release 0.95.3).

Thanks


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
LocalSocket = "/var/run/clamav/clamd.ctl"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength disabled
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "20"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
MailFollowURLs disabled
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamukoScanOnAccess disabled
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
CompressLocalDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
SafeBrowsing disabled

Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav/milter.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
MaxFileSize disabled
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "inet:7357@127.0.0.1"
LocalNet = "local"
OnClean = "Accept"
OnInfected = "Reject"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "Replace"
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected = "Full"

Software settings
-----------------
Version: 0.95.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2
Database directory: /var/lib/clamav/
main.cvd: version 51, sigs: 545035, built on Thu May 14 17:28:45 2009
daily.cld: version 9964, sigs: 96802, built on Fri Oct 30 03:39:02 2009
daily.cld: WARNING: This database requires f-level 44 (current f-level: 43)

--- data dir ---
total 26608
-rw-r--r-- 1 clamav clamav 5947392 2009-10-30 04:37 daily.cld
-rw-r--r-- 1 clamav clamav 21253696 2009-10-26 15:02 main.cvd
-rw------- 1 clamav clamav 572 2009-10-30 12:37 mirrors.dat

-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-Cool
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav-milter depends on:
ii adduser 3.110 add and remove users and groups
ii clamav-base 0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - base
ii clamav-freshclam 0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - viru
ii debconf [debconf 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libmilter1.0.1 8.14.3-5 Sendmail Mail Filter API (Milter)
ii logrotate 3.7.1-5 Log rotation utility
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii ucf 3.0016 Update Configuration File: preserv
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages clamav-milter recommends:
ii clamav-daemon 0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - scan

Versions of packages clamav-milter suggests:
pn clamav-docs <none> (no description available)
pn daemon <none> (no description available)

-- debconf information:
* clamav-milter/LogFile: /var/log/clamav/milter.log
* clamav-milter/LogSyslog: true
* clamav-milter/MilterSocket: inet:7357@127.0.0.1
* clamav-milter/OnInfected: Reject
* clamav-milter/User: clamav
* clamav-milter/LogInfected: Full
* clamav-milter/MaxFileSize: 0
* clamav-milter/FixStaleSocket: true
* clamav-milter/LogFileUnlock: false
* clamav-milter/Chroot:
* clamav-milter/ReadTimeout: 120
clamav-milter/AddGroups:
* clamav-milter/LogFileMaxSize: 0
* clamav-milter/OnFail: Defer
* clamav-milter/LocalNet: local
* clamav-milter/debconf: true
* clamav-milter/LogTime: true
* clamav-milter/RejectMsg:
* clamav-milter/TemporaryDirectory: /tmp
* clamav-milter/LogFacility: LOG_MAIL
* clamav-milter/ClamdSocket: unix:/var/run/clamav/clamd.ctl
* clamav-milter/PidFile: /var/run/clamav/clamav-milter.pid
* clamav-milter/Foreground: false
* clamav-milter/AddHeader: Replace
* clamav-milter/LogVerbose: true
* clamav-milter/Whitelist:



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org
Back to top
Login to vote
Teodor

External


Since: Nov 08, 2008
Posts: 16



(Msg. 2) Posted: Sat Oct 31, 2009 7:20 am
Post subject: Bug#553333: [Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi,

On Fri, Oct 30, 2009 at 10:12 PM, Stephen Gran <sgran DeleteThis @debian.org> wrote:
> Hi there,
>
> I understand how:
>
>> @@ -279,5 +279,5 @@ fi
>>
>>  make_dir "$DataBaseDirectory"
>> -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
>> +if [ "${SOCKET_TYPE}" = "local" ]; then
>>    make_dir $(dirname "$SOCKET_PATH")
>>    chown $User $(dirname "$SOCKET_PATH")
>
> could be a problem (maybe - if the variable $SOCKET_PATH includes the
> string 'inet' but somehow the variable $SOCKET_PATH remains unset), but

Agree, this is the only mandatory part for fixing the reported
problem. Maybe a better test case is this:
"${SOCKET_TYPE}" != "inet"

if the variable ${SOCKET_TYPE} could remain empty for local/unix sockets.

> I don't see how:
>
>> @@ -172,5 +172,5 @@ make_dir()
>>    [ -n "$User" ] || User=clamav
>>    mkdir -p -m 0755 "$DIR"
>> -  chown "$User:$User" "$DIR"
>> +  chown "$User" "$DIR"
>>  }
>
> Cause any problems or indeed makes any difference?

I've just mentioned this because the assumption to have the same group
name as the user name is wrong. Is someone decides to use another user
name than 'clamav' it could have a different group name. Also, this is
the only part where $Group is mentioned but not for sure a variable in
CLAMAVCONF otherwise it should have been initialized just like $User.

Thanks



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Bug#435572: octave2.1-forge: the package cannot be install.. - Package: octave2.1-forge Severity: serious Justification: Policy 3.5 Hi, the package depends on libgsl0 which is no....

Bug#424445: Proposed patch for #424445 (turkey FTBFS) - I have used a slightly modified version of your patch in Ubuntu, and now thanks to you we also are able to compile for....

Bug#311188: (no subject) - I send some little pings to some of the bugs who can be easily fixed. For the syslogd stuff I would wait if joey..

Bug#435586: centerim-utf8: undeclared overlap with centerim - Package: centerim-utf8 Version: 4.22.1-1 Severity: serious Package does not install: Unpacking centerim-utf8 (from..

Bug#435600: apt-rpm_0.5.15lorg3.2-2(ia64/unstable): FTBFS:.. - Package: apt-rpm Version: 0.5.15lorg3.2-2 Severity: serious There was an error while trying to autobuild your package:...

Reg: redundancy in inet socket - list_for_each_rcu(p, &inetsw[sock->type]) { answer = list_entry(p, struct inet_protosw, list); /* Check the...
       Soft32 Home -> Linux -> Bugs RC All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]