Package: clamav Version: 0.94.dfsg.1-1 Severity: important
So, using a script from the examples directory is probably buyer-beware but I'll bet lots of people do it anyhow. I use clampipe in the obvious procmail rule: :0fw | perl /usr/share/doc/clamav/examples/clampipe Unfortunately, it wants to call call clamscan with the --unzip option which was apparently recently deprecated, leaving me with mailboxes which have mails that look something like this: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on foo.bar.org X-Spam-Level: *** X-Spam-Status: No, score=3.2 required=5.0 tests=BAYES_00, CORRUPT_FROM_LINE_IN_HDRS,FUZZY_CPILL,MISSING_DATE,MISSING_HB_SEP, MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, NO_RELAYS,URIBL_GREY autolearn=no version=3.2.5 WARNING: Ignoring deprecated option --unzip >From [EMAIL PROTECTED] Sat Nov 15 02:10:32 2008 Return-Path: <[EMAIL PROTECTED]> this messes up mail readers and IMAP daemons expecting mbox format which should look like this: >From [EMAIL PROTECTED] Sat Nov 15 02:10:32 2008 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on foo.bar.org X-Spam-Level: *** X-Spam-Status: No, score=3.2 required=5.0 tests=BAYES_00, CORRUPT_FROM_LINE_IN_HDRS,FUZZY_CPILL,MISSING_DATE,MISSING_HB_SEP, MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, NO_RELAYS,URIBL_GREY autolearn=no version=3.2.5 Return-Path: <[EMAIL PROTECTED]> The visible symptom is that there doesn't seem to be any new mail...in reality due to the corrupted mailbox, it just looks like the new mails are being tacked onto the end of the last one. Arguably this is a bug in procmail, but I don't know what the protocol is supposed to be here. Maybe this isn't a bug anywhere and is purely user error, but I figured it was worth documenting in any case. Trivial fix to clampipe attached (remove --unzip from clamscan line) -- Package-specific info: --- configuration --- /etc/clamav/clamd.conf: clamd directives ------------------------------ LogFile = "/var/log/clamav/clamav.log" LogFileUnlock = no LogFileMaxSize = 0 LogTime = yes LogClean = no LogVerbose = no LogSyslog = no LogFacility = "LOG_LOCAL6" PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory = "/tmp" ScanPE = yes ScanELF = yes DetectBrokenExecutables = no ScanMail = yes MailFollowURLs = no ScanPartialMessages = no PhishingSignatures = yes PhishingScanURLs = yes PhishingAlwaysBlockCloak = no PhishingAlwaysBlockSSLMismatch = no HeuristicScanPrecedence = no DetectPUA = no ExcludePUA not set IncludePUA not set StructuredDataDetection = no StructuredMinCreditCardCount = 3 StructuredMinSSNCount = 3 StructuredSSNFormatNormal = yes StructuredSSNFormatStripped = no AlgorithmicDetection = yes ScanHTML = yes ScanOLE2 = yes ScanPDF = yes ScanArchive = yes MaxScanSize = 104857600 MaxFileSize = 26214400 MaxRecursion = 16 MaxFiles = 10000 ArchiveLimitMemoryUsage = no ArchiveBlockEncrypted = no DatabaseDirectory = "/var/lib/clamav" TCPAddr not set TCPSocket not set LocalSocket = "/var/run/clamav/clamd.ctl" MaxConnectionQueueLength = 15 StreamMaxLength = 10485760 StreamMinPort = 1024 StreamMaxPort = 2048 MaxThreads = 12 ReadTimeout = 180 IdleTimeout = 30 MaxDirectoryRecursion = 15 ExcludePath not set FollowDirectorySymlinks = no FollowFileSymlinks = no ExitOnOOM = no Foreground = no Debug = no LeaveTemporaryFiles = no FixStaleSocket = yes User = "clamav" AllowSupplementaryGroups = yes SelfCheck = 3600 VirusEvent not set ClamukoScanOnAccess not set ClamukoScanOnOpen not set ClamukoScanOnClose not set ClamukoScanOnExec not set ClamukoIncludePath not set ClamukoExcludePath not set ClamukoMaxFileSize = 5242880 DevACOnly not set DevACDepth not set *** MailMaxRecursion is DEPRECATED *** *** ArchiveMaxFileSize is DEPRECATED *** *** ArchiveMaxRecursion is DEPRECATED *** *** ArchiveMaxFiles is DEPRECATED *** *** ArchiveMaxCompressionRatio is DEPRECATED *** *** ArchiveBlockMax is DEPRECATED *** /etc/clamav/freshclam.conf: freshclam directives ------------------------------ LogFileMaxSize = 0 LogTime = no LogVerbose = no LogSyslog = no LogFacility = "LOG_LOCAL6" PidFile = "/var/run/clamav/freshclam.pid" DatabaseDirectory = "/var/lib/clamav/" Foreground = no Debug = no AllowSupplementaryGroups = no DatabaseOwner = "clamav" Checks = 24 UpdateLogFile = "/var/log/clamav/freshclam.log" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net" DatabaseMirror = "database.clamav.net" DatabaseMirror = "db.us.clamav.net" MaxAttempts = 5 ScriptedUpdates = yes CompressLocalDatabase = no HTTPProxyServer = "localhost" HTTPProxyPort = 3128 HTTPProxyUsername not set HTTPProxyPassword not set HTTPUserAgent not set NotifyClamd not set OnUpdateExecute not set OnErrorExecute not set OnOutdatedExecute not set LocalIPAddress not set ConnectTimeout = 30 ReceiveTimeout = 30 SubmitDetectionStats not set DetectionStatsCountry not set Engine and signature databases ------------------------------ Engine version: 0.94.1 Database directory: /var/lib/clamav/ main db: Format: .cld, Version: 49, Build time: Wed Oct 22 18:03:26 2008 daily db: Format: .cld, Version: 8644, Build time: Mon Nov 17 16:35:21 2008 --- data dir --- total 41472 -rw-r--r-- 1 clamav clamav 106913 2005-10-18 04:28 clamav-8c647fc0d00091f3 drwxr-xr-x 2 clamav clamav 4096 2008-09-04 22:43 clamav-abf0d1b943879b7711480014d5d0b485 -rw-r--r-- 1 clamav clamav 1692672 2008-11-17 17:38 daily.cld -rw-r--r-- 1 clamav clamav 40598016 2008-10-22 18:50 main.cld -rw------- 1 clamav clamav 1404 2007-06-26 12:40 mirrors.dat -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages clamav depends on: ii clamav-freshclam [clam 0.94.dfsg.1-1 anti-virus utility for Unix - viru ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.7-16 GNU C Library: Shared libraries ii libclamav5 0.94.dfsg.1-1 anti-virus utility for Unix - libr ii libgmp3c2 2:4.2.2+dfsg-3 Multiprecision arithmetic library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages clamav recommends: ii clamav-base 0.94.dfsg.1-1 anti-virus utility for Unix - base Versions of packages clamav suggests: ii clamav-docs 0.94.dfsg.1-1 anti-virus utility for Unix - docu ii lha 1.14i-10.3 lzh archiver ii unrar 1:3.8.4-1 Unarchiver for .rar files (non-fre -- no debconf information
--- clampipe~ 2008-11-11 20:01:10.000000000 -0500 +++ clampipe 2008-11-17 19:17:41.000000000 -0500 @@ -9,7 +9,7 @@ $/=undef; my $msg=<>; -open (CLAM, "| clamscan --quiet --unzip -") +open (CLAM, "| clamscan --quiet -") || die "cannot run clamscan: $!"; # The --mbox support is flakey and requires a From header as in a real # mbox.