Your message dated Fri, 29 Jan 2016 00:34:07 +0000
with message-id <[email protected]>
and subject line Bug#812325: fixed in amavisd-new 1:2.10.1-2
has caused the Debian Bug report #812325,
regarding amavisd-new fails recognizing viruses on non-English systems if the 
AV scanner writes localized messages to stdout
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
812325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812325
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amavisd-new
Severity: important
Version: 1:2.10.1-1
X-Debbugs-Cc: [email protected]

Dear maintainer(s),

Together with a customer, I stumbled over some nasty issue in the jessie (and currently also testing/unstable) amavisd-new package in Debian (and probably also in earlier versions of the package).

On Debian systems, the amavisd process (using SystemV here, but probably also using systemd) gets launched with the system-wide settings for the LANG and LC_* env variables). In our case, amavisd runs in German (de_DE.UTF-8).

The environment settings of amavis are than passed on to the evoked virus scanner applications. In our case savscan (Sophos Anti-Virus).

The recent version of Sophos Antivirus for Linux has been localized. If a virus gets detected by savscan, I see this on my (German) screen:

"""
Virus 'Troj/DocDl-AUK' gefunden in Datei .Junk/cur/1453286635.M577163P24063.office.testdomain.de,S=34583,W=35093:2,Sab/RECHNUNG48122217.doc Virus 'Mal/Phish-A' gefunden in Datei .Junk/cur/1453304872.M447841P9753.office.testdomain.de,S=363101,W=367859:2,Sb/DHL_RECEIPT_TRACKING_s (1).pdf Virus 'Mal/Phish-A' gefunden in Datei .Junk/cur/1453304872.M447607P9756.office.testdomain.de,S=363071,W=367829:2,Sb/DHL_RECEIPT_TRACKING_s (1).pdf Virus 'Troj/DocDl-AVA' gefunden in Datei .Junk/cur/1453372769.M405056P9872.office.testdomain.de,S=70734,W=71737:2,Sab/Invoice_316103_Jul_2013.doc Virus 'Troj/DocDl-AVA' gefunden in Datei .Junk/cur/1453373095.M639960P7529.office.testdomain.de,S=70734,W=71737:2,Sab/Invoice_316103_Jul_2013.doc Virus 'Mal/Phish-A' gefunden in Datei .Junk/cur/1453235831.M554201P24002.office.testdomain.de,S=11275,W=11481:2,Sb/DHL-Details-PDF.htm
"""

As you can see, the av scanner's stdout text is localized (German).

However, the regexp for discovering a virus when using savscan is this:

"""
### http://www.sophos.com/
['Sophos Anti Virus (savscan)', 'savscan',
  '-nmbr -nbs -nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
  '--no-reset-atime {}',
  [0,2], qr/Virus .*? found/m,
  qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
],
# # other options to consider: -idedir=/usr/local/sav
"""

As you can see, the regexp scans for the English expression "Virus .*? found". All of the above virus mails passed amavisd-new and ended up in the user's INBOX on the customer's server.


The issue here is hidden in the init script of the amavisd-new package in Debian. Upstream recommends this in their documentation's "Tips and FAQ -- general" section:

"""
It is best to run amavisd-new in a non-UTF8 locale environment. Either adjust the settings in /etc/sysconfig/i18n (Linux), or set environment variables LANG and LC_ALL to "C" or "en_US" (instead of "en_US.UTF-8") when starting amavisd-new daemon. Depending on the shell used, one may start amavisd-new by (with Bourne or compatible shell):

    # su - vscan -c 'LANG=C LC_ALL=C /usr/local/sbin/amavisd'

or the long way:

    # su - vscan
    $ export LANG; export LC_ALL; LANG=C; LC_ALL=C
    $ /usr/local/sbin/amavisd
"""

Please consider applying this change (launch amavisd with LANG=C) to amavisd-new in Debian testing/stretch and also possibly via security.debian.org in older releases of Debian. (Feedback from the security team is appreciated on this).

Thanks,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: [email protected], http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de

Attachment: pgpWYVEcfEVkd.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message ---
Source: amavisd-new
Source-Version: 1:2.10.1-2

We believe that the bug you reported is fixed in the latest version of
amavisd-new, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May <[email protected]> (supplier of updated amavisd-new package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Jan 2016 11:00:58 +1100
Source: amavisd-new
Binary: amavisd-new
Architecture: source
Version: 1:2.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: Brian May <[email protected]>
Changed-By: Brian May <[email protected]>
Description:
 amavisd-new - Interface between MTA and virus scanner/content filters
Closes: 812325
Changes:
 amavisd-new (1:2.10.1-2) unstable; urgency=medium
 .
   * Set LC_ALL before running daemon. Closes: #812325.
Checksums-Sha1:
 338b0eabece76efb908fb6f02a84bd3b1b670eae 1994 amavisd-new_2.10.1-2.dsc
 c8b7ca365703f07039a489416f98a82a55091533 56296 
amavisd-new_2.10.1-2.debian.tar.xz
Checksums-Sha256:
 6b4ca797a41dc86a1f6adc7d80529c5e909dfbe70129a5008e83847c826ef9ab 1994 
amavisd-new_2.10.1-2.dsc
 497dbdb84dc7f59e561345b4dc3132b34bd2bf7d2dbe2139ab2ff305bb36f166 56296 
amavisd-new_2.10.1-2.debian.tar.xz
Files:
 3f54a1302c4b4185c432be8ce1b7872d 1994 mail extra amavisd-new_2.10.1-2.dsc
 90ec44bd694a4604577f5bcddfa01eac 56296 mail extra 
amavisd-new_2.10.1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWqrLQAAoJEJyE7hq50CY2bDIP/0bW6ypN29DAKcAfbJ8JcgIa
/+86BJthu28AblS5D+Z+sVOBWcM5XtuMaHtbPHUP1DLqumrih+WRclk9gTbyRz0Q
XX7rfWlf/gfY190lVQxtUxXpmnBXCDn+bCIeBKsZhzg/M1Mu4DmUENVPzcSg/ZDx
+XbN1qlsvUBI+fstS6WXlyBlKNzZQ6qbMubBxBeClxYN/Iv45osLPOvJYScIGGtx
P2ISwuGUlHUy/iN08ZWlkVsNeSbUWYL8YHs+i9ihtW8gPuQUzr7e/nhLTz8bdKC6
iODYYR4YdSI2R1AzD0ZhfOTkrT6CUHG0fhX3VZBICyXNHdsgwJjvwrgiSd2GXgMJ
dvVw1TUDLPUEUv8EXsIgSdcaZ06U90Cgq1jOpoG6kRnES52/IYSWA4ePj0Vc6wjb
NY7bRGVnqE6KqJWFIRlLL0HRJg+3P/EbhksELjsiIzF/spXBRv69Rrea0Vy6iysg
9uxZwwZkI14WynUUUNr2BtVHiRAR5Ge/7bkoRznZ1CaU+NrI/BQGnR+0Q+YnRWE1
TrA0WJBj7JGOk/3gDdW+XpBJ8hwhfGJl15JXaIrIyVX8A9VSp+t7IHC6L562hExk
q82tdwJdDTAkSIM1h0nqZ10FVwqmWE5CNh5cY5xG10VdNH9aKpWxDPaI9pICyION
6EWtsV93mckdFTDA3D0m
=dlnC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to