Bug#553333: [Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav
Hi, On Fri, Oct 30, 2009 at 10:12 PM, Stephen Gran wrote: > Hi there, > > I understand how: > >> @@ -279,5 +279,5 @@ fi >> >> make_dir "$DataBaseDirectory" >> -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then >> +if [ "${SOCKET_TYPE}" = "local" ]; then >> make_dir $(dirname "$SOCKET_PATH") >> chown $User $(dirname "$SOCKET_PATH") > > could be a problem (maybe - if the variable $SOCKET_PATH includes the > string 'inet' but somehow the variable $SOCKET_PATH remains unset), but Agree, this is the only mandatory part for fixing the reported problem. Maybe a better test case is this: "${SOCKET_TYPE}" != "inet" if the variable ${SOCKET_TYPE} could remain empty for local/unix sockets. > I don't see how: > >> @@ -172,5 +172,5 @@ make_dir() >> [ -n "$User" ] || User=clamav >> mkdir -p -m 0755 "$DIR" >> - chown "$User:$User" "$DIR" >> + chown "$User" "$DIR" >> } > > Cause any problems or indeed makes any difference? I've just mentioned this because the assumption to have the same group name as the user name is wrong. Is someone decides to use another user name than 'clamav' it could have a different group name. Also, this is the only part where $Group is mentioned but not for sure a variable in CLAMAVCONF otherwise it should have been initialized just like $User. Thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#553333: [Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav
Hi there, I understand how: > @@ -279,5 +279,5 @@ fi > > make_dir "$DataBaseDirectory" > -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then > +if [ "${SOCKET_TYPE}" = "local" ]; then >make_dir $(dirname "$SOCKET_PATH") >chown $User $(dirname "$SOCKET_PATH") could be a problem (maybe - if the variable $SOCKET_PATH includes the string 'inet' but somehow the variable $SOCKET_PATH remains unset), but I don't see how: > @@ -172,5 +172,5 @@ make_dir() >[ -n "$User" ] || User=clamav >mkdir -p -m 0755 "$DIR" > - chown "$User:$User" "$DIR" > + chown "$User" "$DIR" > } Cause any problems or indeed makes any difference? Cheers, -- - | ,''`.Stephen Gran | | : :' :sg...@debian.org | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav
Package: clamav-milter Version: 0.95.2+dfsg-1~volatile1 Severity: serious Tags: patch Because of some communication problems between postfix and clamav-milter local socket, I've choosed to configure clamav-milter with a network socket: MilterSocket = "inet:7...@127.0.0.1" The problem is that every execution of the init.d script will change the owner of /root directory to 'clamav'. This patch fixes the problem: COBRANEW:~# diff -pU2 /etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1 /etc/init.d/clamav-milter --- /etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1 2009-07-11 21:50:02.0 +0300 +++ /etc/init.d/clamav-milter 2009-10-30 12:45:20.0 +0200 @@ -172,5 +172,5 @@ make_dir() [ -n "$User" ] || User=clamav mkdir -p -m 0755 "$DIR" - chown "$User:$User" "$DIR" + chown "$User" "$DIR" } @@ -279,5 +279,5 @@ fi make_dir "$DataBaseDirectory" -if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then +if [ "${SOCKET_TYPE}" = "local" ]; then make_dir $(dirname "$SOCKET_PATH") chown $User $(dirname "$SOCKET_PATH") Please include it in the next upload (probably for the new upstream release 0.95.3). Thanks -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf --- LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize disabled LogTime = "yes" LogClean disabled LogSyslog = "yes" LogFacility = "LOG_MAIL" LogVerbose disabled PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" LocalSocket = "/var/run/clamav/clamd.ctl" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength disabled StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "20" FollowDirectorySymlinks disabled FollowFileSymlinks disabled SelfCheck = "3600" VirusEvent disabled ExitOnOOM disabled Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups = "yes" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" MailFollowURLs disabled ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" ScanPDF = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" ClamukoScanOnAccess disabled ClamukoScanOnOpen disabled ClamukoScanOnClose disabled ClamukoScanOnExec disabled ClamukoIncludePath disabled ClamukoExcludePath disabled ClamukoMaxFileSize = "5242880" DevACOnly disabled DevACDepth disabled Config file: freshclam.conf --- LogFileMaxSize disabled LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled PidFile = "/var/run/clamav/freshclam.pid" DatabaseDirectory = "/var/lib/clamav/" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" MaxAttempts = "5" ScriptedUpdates = "yes" CompressLocalDatabase disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled SafeBrowsing disabled Config file: clamav-milter.conf --- LogFile = "/var/log/clamav/milter.log" LogFileUnlock disabled LogFileMaxSize disabled LogTime = "yes" LogSyslog = "yes" LogFacility = "LOG_MAIL" LogVerbose = "yes" PidFile = "/var/run/clamav/clamav-milter.pid" TemporaryDirectory = "/tmp" FixStaleSocket = "yes" MaxThreads = "10" ReadTimeout = "120" Foreground disabled User = "clamav" AllowSupplementaryGroups = "yes" MaxFileSize disabled ClamdSocket = "unix:/var/run/clamav/clamd.ctl" MilterSocket = "inet:7...@127.0.0.1" LocalNet = "local" OnClean = "Accept" OnInfected = "Reject" OnFail = "Defer" RejectMsg disabled AddHeader = "Replace" Chroot disabled Whitelist disabled SkipAuthenticated disabled LogInfected = "Full" Software settings - Version: 0.95.2 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZI