Bug#263379: exim4: permissions on scan directory prevent email scanning

Johan Thelmén Johan Thelmén , 263379-maintonly@bugs.debian.org
Wed, 4 Aug 2004 09:00:31 +0200 

onsdagen den 4 augusti 2004 06.34 skrev David Clymer:
> On Wed, 2004-08-04 at 00:39, Marc Haber wrote:
> > severity #263379 wishlist
> > thanks
> > 
> > On Tue, Aug 03, 2004 at 10:11:53PM -0400, David Clymer wrote:
> > > following an upgrade of exim4 and from clamav 0.70 to 0.74, clamav
> > > rejects all mail due to the fact that it can no longer access the fil=
es
> > > it is attempting to scan. My assumption is that this may have been
> > > caused by a change of permissions or ownership on 
the /var/spool/exim4/scan
> > > directory, or the ownership/permissions of the files that exim puts 
there to be
> > > scanned.
> > 
> > There is no /var/spool/exim4/scan directory in the distribution.
> > 
> > Please elaborate.
> > 
> > Greetings
> > Marc
> 
> Odd. There definitely is on my system and I'm absolutely certain 
> I didn't add it myself. I did start out with woody, perhaps using a 
> backport of exim4, before moving to sarge. Is it possible that its 
> a leftover from earlier versions of the package? 
> 
> Aha! The problem is with clamav, or more accurately, caused by a change
> in the clamav package
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250335). The scan
> directory must get added by one of the clamav packages. 
> 
> My bad. I just assumed it was an exim4 directory, which is why I
> reported it as an exim4 bug.
> 
> Bug closed/retracted/whatever.

grep -U2 "create scan" exim4-4.34/debian/patches/exiscan.patch
+
+  if (!spool_mbox_ok) {
+    /* create scan directory, if not present */
+    if (!directory_make(spool_directory, US "scan", 0750, FALSE)) {
+      debug_printf("unable to create directory: %s/scan\n", 
spool_directory);

Well, it is an exim4 directory with exiscan patch.
"Contains exiscan-acl patch revision 21 (c) Tom Kistner 
[http://duncanthrax.net/exiscan/]"

We should probably discuss this if we want it to work by default.
Right now clamav does not add clamav to Debian-exim or any other group
to access the files.

It have to be done manually, see the manual. 

zmore /usr/share/doc/clamav-base/README.Debian.gz
"add clamav to group Debian-exim"

-- 
Johan Thelmén
Sweden Falun