weird mailscanner clamd error

Curu Wong prinbra at gmail.com
Fri Jan 7 03:15:15 GMT 2011 

Thank you Rick, the code you provided works.  but I think the argument of
unixFileAttributes() should be octal number, instead of string. so I
modified the code a little.
This finally works for my MailScanner version 4.81.4-1.

after apply this patch, the permission is OK:

Send an email with zip attachment
==============================
===============================
/var/spool/MailScanner/incoming/18174/8E435803B9.AB3BB:
total 3376
-rw-r----- 1 postfix www-data       4 2011-01-07 10:49 nmsg-18174-1.txt
-rw-r----- 1 postfix www-data 1665916 2011-01-07 10:49 ntest.zip
-rw-r----- 1 postfix www-data     238 2010-10-15 18:58 zall-wcprops
-rw-r----- 1 postfix www-data   23100 2010-10-15 18:58 zbeyond3g.jpg
-rw-r----- 1 postfix www-data   26180 2010-10-15 18:58 zchi_button-02.jpg
-rw-r----- 1 postfix www-data    2472 2010-10-15 23:33 zchi_button-reset.jpg
-rw-r----- 1 postfix www-data    2478 2010-10-15 23:33
zchi_button-submit.jpg
-rw-r----- 1 postfix www-data    6042 2010-10-18 15:34 zchi_edm.html
-rw-r----- 1 postfix www-data    4345 2010-10-18 15:35 zchi_web.html
-rw-r----- 1 postfix www-data     890 2010-10-15 18:58 zcw.jpeg
==============================================================
and there's no error message in maillog any more.

mailscanner_zip_permission.patch
===================================================================
--- MailScanner/Message.pm      2010-09-06 19:10:28.000000000 +0800
+++ ms/Message.pm       2011-01-07 10:41:19.107764413 +0800
@@ -3346,7 +3346,12 @@
     next if $onlycheckencryption;

     # Untaint member's attributes.
-    $member->unixFileAttributes(0600);
+    #$member->unixFileAttributes(0600);
+    my $workperms = MailScanner::Config::Value('workperms') || '0600';
+    #Make it octal with a leading zero if necessary
+    $workperms = sprintf "0%lo", $workperms unless $workperms =~ /^0/;
+    $workperms = oct($workperms); # and back to decimal for chmod
+    $member->unixFileAttributes($workperms);

     $name = $member->fileName();
     # Trim off any leading directory path
====================================================================

2011/1/7 Rick Cooper <rcooper at dwford.com>

> Naz Snidanko wrote:
> > I just checked:
> >
> > /opt/MailScanner-4.82.3-1/lib/MailScanner/MessageBatch.pm
> >
> > I am using 4.82.3-1 and this modification is there. It does not solve
> > the problem. I haven't tried running clamd under root since it would
> > violate our security principles.
> >
> > Are you guys sure it is not a problem with clamd itself? Clamav
> > doesn't get this error.
>
> Actually the more I looked at this, I believe the code in Message.pm
> beginning at line 3348 that reads
>
>    # Untaint member's attributes.
>    $member->unixFileAttributes(0600);
>
> Should be
>
>    # Untaint member's attributes.
>        my $workperms = MailScanner::Config::Value('workperms') || '0600';
>    $member->unixFileAttributes($workperms);
> For some reason it appears Julian forced the extracted files to 0600 in the
> original code. The change I have listed above would set them to what ever
> the mailscanner config has for the work permissions or 600 if no value
> exists.
>
> Julian any comment?
>
>
> Rick
>
> >
> > Regards,
> >
> > Naz Snidanko
> > Desktop & Network Support
> > Harper Power Products Inc.
> > (p) 416 201- 7506
> >  nsnidanko at harperpowerproducts.com
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> > Iulian L Dragomir
> > Sent: January 6, 2011 6:05 AM
> > To: MailScanner discussion
> > Subject: Re: weird mailscanner clamd error
> >
> > On Thu, Jan 6, 2011 at 12:24 PM, Randal, Phil
> > <prandal at herefordshire.gov.uk> wrote:
> >> The only workaround I've found is to run clamd as root.
> >>
> >>
> >>
> >> I've seen the same issue with MailScanner / sendmail on CentOS.
> >
> > If it is the same problem then try this:
> >
> > http://lists.mailscanner.info/pipermail/mailscanner/2010-April/095611.ht
> > ml
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110107/7ee457f9/attachment.html

More information about the MailScanner mailing list