[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Julian Field MailScanner at ecs.soton.ac.uk
Thu Dec 11 20:24:07 GMT 2008

You seem to be getting an old version of the file.
The mailscanner*rpm file itself should be
782198 11 Dec 14:02 mailscanner-4.74.6-1.noarch.rpm
so 782198 bytes. Please compare this with what you have downloaded.

On 11/12/08 19:59, Julian Field wrote:
> On 11/12/08 16:43, Kai Schaetzl wrote:
>> Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>>> Please let me know what you think works and what still doesn't work, if
>>> anything.
>> So far so good. Got this on first restart:
>> Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file ownership
>> abilities on
>> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, 
>> please
>> delete the file
>> file doesn't exist, though. Directory contains lockfiles for all the
>> virusscan wrappers, no matter if in use or not. Is this intended?
>> Everything seems to be fine.
>> How to test? Run /etc/cron.hourly/update_virus_scanners ?
> Do
> MailScanner --lint
> and
> /usr/sbin/update_virus_scanners
> If it complains about there not being a MailScannerCreateLocks or 
> anything in /usr/lib/MailScanner/mailscanner_create_locks or the 
> /usr/sbin/mailscanner_create_locks script not existing, please do
> ls -ld /usr/sbin/mail* /usr/sbin/Mail*
>> I also noticed a somewhat strange behavior of 
>> upgrade_MailScanner_conf. It
>> mentioned
>> Added new: Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
>> although this was already present in MailScanner.conf (from 4.74.4).
> It should have said "Added new: Lockfile Dir = 
> /var/spool/MailScanner/incoming/Locks" as well. That's to be expected, 
> I needed to overwrite people's settings for those two. People never 
> read instructions, so it's pointless just asking people to change it.
>> One request for mailscanner*.rpm: could you add a check that stops
>> creating the /etc/spamassassin/mailscanner.conf symlink in case there's
>> already a symlink or file? I tried touching an empty file there, but the
>> rpm just wiped it away.
> I'll take a look.
> Jules


Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list