qpsmtp + clamscan plugin combo broken

Bug #829649 reported by Imre Gergely on 2011-08-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qpsmtpd (Ubuntu)
Undecided
Unassigned

Bug Description

When using clamscan virus scanner plugin with qpsmtpd, it dies with the following error message:

Fri Aug 19 20:08:45 2011 utest-oos32[5453]: clamscan results: /usr/bin/clamscan: unrecognized option `--config-file=/etc/clamd.conf'
ERROR: Unknown option passed
ERROR: Can't parse command line options
Fri Aug 19 20:08:45 2011 utest-oos32[5453]: ClamAV error: /usr/bin/clamscan --stdout --config-file=/etc/clamd.conf --no-summary /var/spool/qpsmtpd/1313773725:5453:0 2>&1: 2
Fri Aug 19 20:08:45 2011 utest-oos32[5453]: 452 Message denied temporarily

The plugin is configured like this:

root@utest-oos32:/etc/qpsmtpd# cat /etc/qpsmtpd/plugins |grep clamav |grep -v "^#"
virus/clamav clamscan_path=/usr/bin/clamscan action=reject max_size=209715 tmp_dir=/tmp/qpsmtpd.clam

clamscan's command line options changed a lot and qpsmtpd's clamav plugin needs to be updated to not pass unknow parameters to clamscan (--config-file was removed, but I didn't find this in clamav's changelog anywhere).

Note: clamdscan plugin works just fine
Note2: as clamav 0.97.2 gets backported all the way to Hardy, this needs to be fixed in every release (Hardy, Lucid, Maverick, Natty) otherwise clamscan will not work
Note3: clamdscan (which works) should be the preferred plugin to use (because it's way faster) but this still need fixing, maybe not everybody is running clamav-daemon

Imre Gergely (cemc) wrote :

Attached a minimal patch for clamav plugin which should take care of this. Tested and working on Oneiric, the error message is gone and the mail gets scanned and flagged correctly.

Fri Aug 19 20:28:19 2011 utest-oos32[5831]: clamscan results: Eicar-Test-Signature
Fri Aug 19 20:28:19 2011 utest-oos32[5831]: Virus(es) found: Eicar-Test-Signature
Fri Aug 19 20:28:19 2011 utest-oos32[5831]: 552 Virus Found: Eicar-Test-Signature
Fri Aug 19 20:28:19 2011 utest-oos32[5831]: dispatching QUIT

I did attach the patch but I think this might/should be resolved in some other way. Looking at the clamav plugin code there is a back_compat flag which adds some deprecated options when using clamav < 0.80. Maybe something like this should be used here also.

(Note: nobody should use any older version of clamav and anything less than clamav 0.97 should be thrown out)

Imre Gergely (cemc) wrote :

I've checked /usr/share/qpsmtpd/plugins/virus/clamav file all the way back to Hardy and this bug seems to affect every release. More so because every release has at least clamav 0.96.5 in backports/security/updates.

tags: added: patch
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers