[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Kai Schaetzl maillists at conactive.com
Thu Dec 11 16:43:12 GMT 2008

Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:

> Please let me know what you think works and what still doesn't work, if 
> anything.

So far so good. Got this on first restart:

Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file ownership 
abilities on 
/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, please 
delete the file

file doesn't exist, though. Directory contains lockfiles for all the 
virusscan wrappers, no matter if in use or not. Is this intended?

Everything seems to be fine. 
How to test? Run /etc/cron.hourly/update_virus_scanners ?

I also noticed a somewhat strange behavior of upgrade_MailScanner_conf. It 
Added new: Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
although this was already present in MailScanner.conf (from 4.74.4).

One request for mailscanner*.rpm: could you add a check that stops 
creating the /etc/spamassassin/mailscanner.conf symlink in case there's 
already a symlink or file? I tried touching an empty file there, but the 
rpm just wiped it away.


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

More information about the MailScanner mailing list