Bug#553333: [Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav

2009-10-31 Thread Teodor 
Hi,

On Fri, Oct 30, 2009 at 10:12 PM, Stephen Gran  wrote:
> Hi there,
>
> I understand how:
>
>> @@ -279,5 +279,5 @@ fi
>>
>>  make_dir "$DataBaseDirectory"
>> -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
>> +if [ "${SOCKET_TYPE}" = "local" ]; then
>>    make_dir $(dirname "$SOCKET_PATH")
>>    chown $User $(dirname "$SOCKET_PATH")
>
> could be a problem (maybe - if the variable $SOCKET_PATH includes the
> string 'inet' but somehow the variable $SOCKET_PATH remains unset), but

Agree, this is the only mandatory part for fixing the reported
problem. Maybe a better test case is this:
  "${SOCKET_TYPE}" != "inet"

if the variable ${SOCKET_TYPE} could remain empty for local/unix sockets.

> I don't see how:
>
>> @@ -172,5 +172,5 @@ make_dir()
>>    [ -n "$User" ] || User=clamav
>>    mkdir -p -m 0755 "$DIR"
>> -  chown "$User:$User" "$DIR"
>> +  chown "$User" "$DIR"
>>  }
>
> Cause any problems or indeed makes any difference?

I've just mentioned this because the assumption to have the same group
name as the user name is wrong. Is someone decides to use another user
name than 'clamav' it could have a different group name. Also, this is
the only part where $Group is mentioned but not for sure a variable in
CLAMAVCONF otherwise it should have been initialized just like $User.

Thanks



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#553333: [Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav

2009-10-30 Thread Stephen Gran 
Hi there,

I understand how:

> @@ -279,5 +279,5 @@ fi
> 
>  make_dir "$DataBaseDirectory"
> -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
> +if [ "${SOCKET_TYPE}" = "local" ]; then
>make_dir $(dirname "$SOCKET_PATH")
>chown $User $(dirname "$SOCKET_PATH")

could be a problem (maybe - if the variable $SOCKET_PATH includes the
string 'inet' but somehow the variable $SOCKET_PATH remains unset), but
I don't see how:

> @@ -172,5 +172,5 @@ make_dir()
>[ -n "$User" ] || User=clamav
>mkdir -p -m 0755 "$DIR"
> -  chown "$User:$User" "$DIR"
> +  chown "$User" "$DIR"
>  }

Cause any problems or indeed makes any difference?

Cheers,
-- 
 -
|   ,''`.Stephen Gran |
|  : :' :sg...@debian.org |
|  `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
 -


signature.asc
Description: Digital signature

Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav

2009-10-30 Thread Teodor 
Package: clamav-milter
Version: 0.95.2+dfsg-1~volatile1
Severity: serious
Tags: patch

Because of some communication problems between postfix and
clamav-milter local socket, I've choosed to configure clamav-milter
with a network socket:
MilterSocket = "inet:7...@127.0.0.1"

The problem is that every execution of the init.d script will change
the owner of /root directory to 'clamav'. This patch fixes the
problem:

COBRANEW:~# diff -pU2
/etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1
/etc/init.d/clamav-milter
--- /etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1   2009-07-11
21:50:02.0 +0300
+++ /etc/init.d/clamav-milter   2009-10-30 12:45:20.0 +0200
@@ -172,5 +172,5 @@ make_dir()
   [ -n "$User" ] || User=clamav
   mkdir -p -m 0755 "$DIR"
-  chown "$User:$User" "$DIR"
+  chown "$User" "$DIR"
 }

@@ -279,5 +279,5 @@ fi

 make_dir "$DataBaseDirectory"
-if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
+if [ "${SOCKET_TYPE}" = "local" ]; then
   make_dir $(dirname "$SOCKET_PATH")
   chown $User $(dirname "$SOCKET_PATH")

Please include it in the next upload (probably for the new upstream
release 0.95.3).

Thanks


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
LocalSocket = "/var/run/clamav/clamd.ctl"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength disabled
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "20"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
MailFollowURLs disabled
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
ClamukoScanOnAccess disabled
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled

Config file: freshclam.conf
---
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
CompressLocalDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
SafeBrowsing disabled

Config file: clamav-milter.conf
---
LogFile = "/var/log/clamav/milter.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
MaxFileSize disabled
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "inet:7...@127.0.0.1"
LocalNet = "local"
OnClean = "Accept"
OnInfected = "Reject"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "Replace"
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected = "Full"

Software settings
-
Version: 0.95.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZI