[Bug 663726] New: amavisd-new: group of /var/spool/amavis conflicts with av programms
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c0 Summary: amavisd-new: group of /var/spool/amavis conflicts with av programms Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: All OS/Version: SLES 11 Status: NEW Severity: Minor Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: stefan.jakobs@rus.uni-stuttgart.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101203 SUSE/3.6.13-3.1 Firefox/3.6.13 I'm referencing to: # rpm -q amavisd-new amavisd-new-2.6.2-1.14 The directory /var/spool/amavis has the following rights: # ls -ld /var/spool/amavis drwx------ 8 vscan root 4096 Dec 6 15:36 /var/spool/amavis This conflicts with av scanners, like sophie. They need to access the files in /var/spool/amavis but doesn't run as the user vscan. I suggest to change the rights to 750 and make the group vscan, too. It will look like: drwxr-x--- 8 vscan vscan 4096 Dec 6 15:36 /var/spool/amavis Reproducible: Always Steps to Reproduce: 1. Install and run amavisd-new with sophie 2. activate sophie in /etc/amavisd.conf with: ### http://www.vanja.com/tools/sophie/ ['Sophie', \&ask_daemon, ["{}/\n", '/var/run/sophie'], qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], ); 3. send a message through amavisd-new and see in the logs: amavis[9000]: (09000-04) (!!)Sophie av-scanner FAILED: CODE(0x277c0a8) un expected , output="-1:/var/spool/amavis/tmp/amavis-20110110T234409-09000/parts/ (Permission denied)" at (eval 110) line 543, <GEN23> line 506. Actual Results: The av scanner failed to access the file. Expected Results: The av scanner finshes without a failure. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c wei wang <wewang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wewang@novell.com AssignedTo|bnc-team-screening@forge.pr |varkoly@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c1 Peter Varkoly <varkoly@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |stefan.jakobs@rus.uni-stutt | |gart.de --- Comment #1 from Peter Varkoly <varkoly@novell.com> 2011-02-10 09:50:48 UTC --- Is it enough for sophie to have read access in /var/spool/amavis. May be 770 would be better -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c2 Stefan Jakobs <stefan.jakobs@rus.uni-stuttgart.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|stefan.jakobs@rus.uni-stutt | |gart.de | --- Comment #2 from Stefan Jakobs <stefan.jakobs@rus.uni-stuttgart.de> 2011-02-10 12:22:43 UTC --- Read access is sufficient. There is no need to write to the files in /var/spool/amavis.
From the INSTALL file in the amavisd-new sourceball: "Check or set the ownership and protection of the directories to be readable and writable by the chosen UID, and not writable by other non-privileged users; chown -R amavis:amavis /var/amavis chmod -R 750 /var/amavis "
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c3 Peter Varkoly <varkoly@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FIXED --- Comment #3 from Peter Varkoly <varkoly@novell.com> 2011-02-21 17:58:32 UTC --- created request id 62373 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:planned:update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c4 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |max@suse.com, | |meissner@suse.com --- Comment #4 from Marcus Meissner <meissner@suse.com> 2013-04-29 14:32:54 UTC --- also doing the same for clamav now, otherwise we have conflicting directory permissions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-30 10:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (663726) was mentioned in https://build.opensuse.org/request/show/173882 Factory / clamav -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663726 https://bugzilla.novell.com/show_bug.cgi?id=663726#c6 --- Comment #6 from Marcus Meissner <meissner@suse.com> 2013-05-02 08:42:42 UTC --- your original fix was not correct, it left /var/spool/amavis and its subdirectories in mode 755 instead of 750. i resubmitted a fixed package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com