[Pkg-clamav-devel] Bug#553333: clamav-milter: inet milter socket configuration changes the owner of /root to clamav

Teodor mteodor at gmail.com
Fri Oct 30 10:58:41 UTC 2009 

Package: clamav-milter
Version: 0.95.2+dfsg-1~volatile1
Severity: serious
Tags: patch

Because of some communication problems between postfix and
clamav-milter local socket, I've choosed to configure clamav-milter
with a network socket:
MilterSocket = "inet:7357 at 127.0.0.1"

The problem is that every execution of the init.d script will change
the owner of /root directory to 'clamav'. This patch fixes the
problem:

COBRANEW:~# diff -pU2
/etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1
/etc/init.d/clamav-milter
--- /etc/init.d/clamav-milter_0.95.2+dfsg-1~volatile1	2009-07-11
21:50:02.000000000 +0300
+++ /etc/init.d/clamav-milter	2009-10-30 12:45:20.000000000 +0200
@@ -172,5 +172,5 @@ make_dir()
   [ -n "$User" ] || User=clamav
   mkdir -p -m 0755 "$DIR"
-  chown "$User:$User" "$DIR"
+  chown "$User" "$DIR"
 }

@@ -279,5 +279,5 @@ fi

 make_dir "$DataBaseDirectory"
-if [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
+if [ "${SOCKET_TYPE}" = "local" ]; then
   make_dir $(dirname "$SOCKET_PATH")
   chown $User $(dirname "$SOCKET_PATH")

Please include it in the next upload (probably for the new upstream
release 0.95.3).

Thanks


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
LocalSocket = "/var/run/clamav/clamd.ctl"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength disabled
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "20"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
MailFollowURLs disabled
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamukoScanOnAccess disabled
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
CompressLocalDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
SafeBrowsing disabled

Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav/milter.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose = "yes"
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
MaxFileSize disabled
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "inet:7357 at 127.0.0.1"
LocalNet = "local"
OnClean = "Accept"
OnInfected = "Reject"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "Replace"
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected = "Full"

Software settings
-----------------
Version: 0.95.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2
Database directory: /var/lib/clamav/
main.cvd: version 51, sigs: 545035, built on Thu May 14 17:28:45 2009
daily.cld: version 9964, sigs: 96802, built on Fri Oct 30 03:39:02 2009
daily.cld: WARNING: This database requires f-level 44 (current f-level: 43)

--- data dir ---
total 26608
-rw-r--r-- 1 clamav clamav  5947392 2009-10-30 04:37 daily.cld
-rw-r--r-- 1 clamav clamav 21253696 2009-10-26 15:02 main.cvd
-rw------- 1 clamav clamav      572 2009-10-30 12:37 mirrors.dat

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav-milter depends on:
ii  adduser          3.110                   add and remove users and groups
ii  clamav-base      0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - base
ii  clamav-freshclam 0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - viru
ii  debconf [debconf 1.5.24                  Debian configuration management sy
ii  libc6            2.7-18                  GNU C Library: Shared libraries
ii  libmilter1.0.1   8.14.3-5                Sendmail Mail Filter API (Milter)
ii  logrotate        3.7.1-5                 Log rotation utility
ii  lsb-base         3.2-20                  Linux Standard Base 3.2 init scrip
ii  ucf              3.0016                  Update Configuration File: preserv
ii  zlib1g           1:1.2.3.3.dfsg-12       compression library - runtime

Versions of packages clamav-milter recommends:
ii  clamav-daemon    0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - scan

Versions of packages clamav-milter suggests:
pn  clamav-docs                   <none>     (no description available)
pn  daemon                        <none>     (no description available)

-- debconf information:
* clamav-milter/LogFile: /var/log/clamav/milter.log
* clamav-milter/LogSyslog: true
* clamav-milter/MilterSocket: inet:7357 at 127.0.0.1
* clamav-milter/OnInfected: Reject
* clamav-milter/User: clamav
* clamav-milter/LogInfected: Full
* clamav-milter/MaxFileSize: 0
* clamav-milter/FixStaleSocket: true
* clamav-milter/LogFileUnlock: false
* clamav-milter/Chroot:
* clamav-milter/ReadTimeout: 120
  clamav-milter/AddGroups:
* clamav-milter/LogFileMaxSize: 0
* clamav-milter/OnFail: Defer
* clamav-milter/LocalNet: local
* clamav-milter/debconf: true
* clamav-milter/LogTime: true
* clamav-milter/RejectMsg:
* clamav-milter/TemporaryDirectory: /tmp
* clamav-milter/LogFacility: LOG_MAIL
* clamav-milter/ClamdSocket: unix:/var/run/clamav/clamd.ctl
* clamav-milter/PidFile: /var/run/clamav/clamav-milter.pid
* clamav-milter/Foreground: false
* clamav-milter/AddHeader: Replace
* clamav-milter/LogVerbose: true
* clamav-milter/Whitelist:

More information about the Pkg-clamav-devel mailing list