2009-09-03 11:54:51 |
Imre Gergely |
bug |
|
|
added bug |
2009-09-03 13:41:49 |
Imre Gergely |
attachment added |
|
usr.sbin.clamd.diff http://launchpadlibrarian.net/31274001/usr.sbin.clamd.diff |
|
2009-09-03 15:34:13 |
Scott Kitterman |
clamav (Ubuntu): status |
New |
Triaged |
|
2009-09-03 18:20:07 |
Launchpad Janitor |
clamav (Ubuntu): status |
Triaged |
Fix Released |
|
2009-09-03 18:20:21 |
Scott Kitterman |
bug task added |
|
clamav (Ubuntu Jaunty) |
|
2009-09-03 18:20:54 |
Scott Kitterman |
clamav (Ubuntu Jaunty): importance |
Undecided |
Medium |
|
2009-09-03 18:20:54 |
Scott Kitterman |
clamav (Ubuntu Jaunty): status |
New |
In Progress |
|
2009-09-03 18:21:22 |
Scott Kitterman |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2009-09-03 18:28:20 |
Scott Kitterman |
clamav (Ubuntu Jaunty): status |
In Progress |
Fix Committed |
|
2009-09-03 18:28:26 |
Scott Kitterman |
clamav (Ubuntu): importance |
Undecided |
Medium |
|
2009-09-03 18:36:01 |
Imre Gergely |
description |
Binary package hint: clamav
havp content scanner can use clamav to scan for viruses in downloaded files. It can use either libclamav or clamav daemon through socket. When the latter is selected havp fails to start and an entry is made in havp/error.log
03/09/2009 14:32:24 === Starting HAVP Version: 0.89
03/09/2009 14:32:24 Running as user: havp, group: havp
03/09/2009 14:32:24 --- Initializing Clamd Socket Scanner
03/09/2009 14:32:24 ERROR: Clamd Socket Scanner failed EICAR virus test! (Access denied.)
In /var/log/messages the following error appears:
Sep 3 14:32:24 utest-jj kernel: [192255.269799] type=1503 audit(1251977544.838:15): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=110 name="/var/spool/havp/havp-iwGmjS" pid=6734 profile="/usr/sbin/clamd"
Steps to recreate:
1. install apparmor, clamav-daemon and havp
1a. usermod -a -G havp clamav (and restart clamav-daemon) !
2. configure havp to use clamav-daemon for scanning, edit /etc/havp/havp.config
ENABLECLAMLIB false
ENABLECLAMD true
CLAMDSOCKET /var/run/clamav/clamd.ctl
3. try (re)starting havp, it should not start, with the following message:
root@utest-jj:/etc/havp# /etc/init.d/havp start
Mounting /var/lib/havp/havp.loop under /var/spool/havp ...done
Cleaning up /var/spool/havp... done
Starting havp: Starting HAVP Version: 0.89
One or more scanners failed to initialize!
Check errorlog for errors.
Exiting..
4. check the logs for the errors (/var/log/havp/error.log and /var/log/messages)
This is confirmed in Jaunty/Intrepid/Hardy/Dapper with the latest clamav version backported. As we're always trying to backport the latest clamav, IMHO this should be fixed in Karmic's 0.95.2+dfsg-4ubuntu2 and we'll backport it. |
Binary package hint: clamav
havp content scanner can use clamav to scan for viruses in downloaded files. It can use either libclamav or clamav daemon through socket. When the latter is selected havp fails to start and an entry is made in havp/error.log
TEST CASE:
1. install apparmor, clamav-daemon and havp
1a. usermod -a -G havp clamav (and restart clamav-daemon) !
2. configure havp to use clamav-daemon for scanning, edit /etc/havp/havp.config:
ENABLECLAMLIB false
ENABLECLAMD true
CLAMDSOCKET /var/run/clamav/clamd.ctl
3. try (re)starting havp, it should not start, with the following message:
root@utest-jj:/etc/havp# /etc/init.d/havp start
Mounting /var/lib/havp/havp.loop under /var/spool/havp ...done
Cleaning up /var/spool/havp... done
Starting havp: Starting HAVP Version: 0.89
One or more scanners failed to initialize!
Check errorlog for errors.
Exiting..
4. check the logs for errors
/var/log/havp/error.log:
03/09/2009 14:32:24 === Starting HAVP Version: 0.89
03/09/2009 14:32:24 Running as user: havp, group: havp
03/09/2009 14:32:24 --- Initializing Clamd Socket Scanner
03/09/2009 14:32:24 ERROR: Clamd Socket Scanner failed EICAR virus test! (Access denied.)
/var/log/messages:
Sep 3 14:32:24 utest-jj kernel: [192255.269799] type=1503 audit(1251977544.838:15): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=110 name="/var/spool/havp/havp-iwGmjS" pid=6734 profile="/usr/sbin/clamd"
It means clamd doesn't have access to havp's temporary files to scan them.
5. regression potential is considered very low, as the only change was to make apparmor less restrictive |
|
2009-09-09 10:40:21 |
Martin Pitt |
clamav (Ubuntu Jaunty): assignee |
|
Scott Kitterman (kitterman) |
|
2009-09-09 10:41:06 |
Martin Pitt |
tags |
|
verification-needed |
|
2009-09-14 07:30:29 |
Martin Pitt |
tags |
verification-needed |
verification-done |
|
2009-09-18 15:57:22 |
Launchpad Janitor |
clamav (Ubuntu Jaunty): status |
Fix Committed |
Fix Released |
|
2011-04-08 02:48:13 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/clamav |
|
2011-04-08 02:57:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/dapper-backports/clamav |
|
2011-04-08 03:02:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/hardy-backports/clamav |
|
2011-04-08 03:04:18 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/intrepid-backports/clamav |
|
2011-04-08 03:05:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/jaunty-updates/clamav |
|