ClamAV and MailScanner Bug

Rick Cooper rcooper at DWFORD.COM
Thu May 5 18:33:11 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Thursday, May 05, 2005 11:41 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: ClamAV and MailScanner Bug
>
>
> Desai, Jason wrote:
>
> >Julian Field wrote:
> >
> >
> >>Please tell me what the line in your /etc/MailScanner/
> >>virus.scanners.conf says about clamav. Also please check that your
> >>Incoming Work Directory path has no links in it. This is by far the
> >>most common error and would explain your symptoms.
> >>
> >>
> >
> >Julian, I think I've suggested this before, but don't remember
> hearing back
> >from you about it.  Would it be possible for MailScanner
> (possibly only once
> >at startup) to determine the real path of the Incoming Work Directory and
> >use that, so that symbolic links would be allowed?
> >
> >Granted, people are not reading the comments in the config file, and are
> >misconfiguring their servers.  But to detect and still deliver a virus is
> >not a good thing.  And I think with some simple code, MailScanner could
> >reduce the risk of such a misconfigured server.  What do you think?
> >
> >
> How would you recommend I do this in a platform-agnostic way? I
> certainly wouldn't trust `pwd`.
>
> --
> Julian Field

How about:

#!/usr/bin/perl
# Program CheckSymlink.pl

use File::Spec;
use File::Spec::Link;

my $link = $ARGV[0];
my $file = $link;


print "Checking for $link\n";

# Check to be sure symlinks are supported on this platform.
# If they do, use File::Spec::Link->resolve to return the absolute
# path to the file and/or diredctory, if not use the supplied path/filename

$symlink_exists =  eval { symlink("",""); 1 };
$file = File::Spec::Link->resolve($link) unless !$symlink_exists;
print "Found $file\n";

# end program

If you test it using the following commands (use your own symlinks of
course)

./CheckSymlink.pl /etc/squid/errors/ERR_ONLY_IF_CACHED_MISS
returns:
Checking for /etc/squid/errors/ERR_ONLY_IF_CACHED_MISS
Found /usr/lib/squid/errors/English/ERR_ONLY_IF_CACHED_MISS


./CheckSymlink.pl /etc/squid/errors
Returns:
Checking for /etc/squid/errors
Found /usr/lib/squid/errors/English

And

./CheckSymlink.pl /etc
Returns:
Checking for /etc
Found /etc

./CheckSymlink.pl /etc/resolv.conf
Checking for /etc/resolv.conf
Found /etc/resolv.conf

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list