Mailinglist Archive: opensuse-bugs (2746 mails)

< Previous Next >
[Bug 826354] New: clamav: group and permissions of /var/spool/amavis conflicts with other av programms
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 24 Jun 2013 08:22:15 +0000
  • Message-id: <bug-826354-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=826354

https://bugzilla.novell.com/show_bug.cgi?id=826354#c0


Summary: clamav: group and permissions of /var/spool/amavis
conflicts with other av programms
Classification: openSUSE
Product: openSUSE 11.4
Version: Final
Platform: x86-64
OS/Version: SLES 11
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Maintenance
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: stefan.jakobs@xxxxxxxxxxxxxxxxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101
Firefox/21.0

I'm referencing to:
# rpm -q clamav
clamav-0.97.8-0.2.1

The directory /var/spool/amavis has the following rights:
# ls -ld /var/spool/amavis
drwx------ 8 vscan root 4096 4. Jun 6 17:29 /var/spool/amavis

This conflicts with other av scanners, like sophie. They need to access the
files in /var/spool/amavis but doesn't run as the user vscan but in the group
vscan.

From the INSTALL file in the amavisd-new sourceball:
"Check or set the ownership and protection of the directories to be readable
and writable by the chosen UID, and not writable by other non-privileged users;
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
"

I suggest to change the rights to 750 and make the group vscan, too. It will
look like:
drwxr-x--- 8 vscan vscan 4096 4. Jun 17:29 /var/spool/amavis


Reproducible: Always

Steps to Reproduce:
1. manually change permissons: # chgrp vscan /var/spool/amavis/
2. # chmod 750 /var/spool/amavis/
3. # ls -ld /var/spool/amavis/
drwxr-x--- 8 vscan vscan 4096 4. Jun 17:29 /var/spool/amavis/
4. # zypper install --force clamav
5. # ls -ld /var/spool/amavis/
drwx------ 8 vscan root 4096 4. Jun 17:29 /var/spool/amavis/

Actual Results:
Other av scanners will fail:
amavis[22776]: (22776-03) (!)run_av (Sophie) FAILED - unexpected ,
output="-1:/var/spool/amavis/tmp/amavis-20130624T083714-22776-qr9FqnNd/parts/
(Permission denied)"
amavis[22776]: (22776-03) (!)Sophie av-scanner FAILED: CODE(0x16a60d8)
unexpected ,
output="-1:/var/spool/amavis/tmp/amavis-20130624T083714-22776-qr9FqnNd/parts/
(Permission denied)" at (eval 125) line 899, <GEN37> line 32.
amavis[22776]: (22776-03) (!)WARN: all primary virus scanners failed,
considering backups

Expected Results:
amavis[22807]: (22807-02) run_av (Sophie):
/var/spool/amavis/tmp/amavis-20130624T091223-22807-fadhRZ8h/parts INFECTED:
EICAR-AV-Test
amavis[22807]: (22807-02) virus_scan: (EICAR-AV-Test), detected by 1 scanners:
Sophie

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
Follow Ups