weird mailscanner clamd error

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 25 15:37:46 GMT 2011


It's in the ChangeLog and the code base already :-)

On 25/01/2011 15:26, Rick Cooper wrote:
> Achim J. Latz wrote:
>> Hello Rick:
>>
>> Did Julian reply to your suggestion/bug fix?
>>
>> Perhaps it got lost in the depths of Christmas/New Year's traffic?
> No I have noticed anything from Julian on this issue but from experience
> it's not uncommon for him to look into something that has been addressed or
> or a patch suggested on the list, fix it and not mention it until the next
> update. If there is nothing in that change log then might want to bother him
> again.
>
> Rick
>> Best regards, Achim
>>
>> -------- Original Message --------
>> Subject: RE: weird mailscanner clamd error
>> Date: Thu, 6 Jan 2011 12:25:06 -0500
>> From: Rick Cooper<rcooper at dwford.com>
>> Reply-To: MailScanner discussion<mailscanner at lists.mailscanner.info>
>> To: 'MailScanner discussion'<mailscanner at lists.mailscanner.info>
>> Newsgroups: gmane.mail.virus.mailscanner
>> References:
>>
> <201101051200.p05C0MhO008128 at safir.blacknight.ie><9453A32CAC9FFB4D8F59285E34
> B6A5062F6F at hotc_exch.harperotc.com><AANLkTi=noruKSuqY_R3mCcmJw3yTd68QRVK7YwG
> TJCMA at mail.gmail.com><7CA580B59C1ABD45B4614ED90D4C7B85113DFF at HC-EXMBX02.here
> fordshire.gov.uk><AANLkTi=JA0tjh9GWtoMf+S4dhJ2-Mt7kAPA2yeh8h6PC at mail.gmail.c
> om>
>> <9453A32CAC9FFB4D8F59285E34B6A5062F73 at hotc_exch.harperotc.com>
>>
>> Naz Snidanko wrote:
>>> I just checked:
>>>
>>> /opt/MailScanner-4.82.3-1/lib/MailScanner/MessageBatch.pm
>>>
>>> I am using 4.82.3-1 and this modification is there. It does not solve
>>> the problem. I haven't tried running clamd under root since it would
>>> violate our security principles.
>>>
>>> Are you guys sure it is not a problem with clamd itself? Clamav
>>> doesn't get this error.
>> Actually the more I looked at this, I believe the code in Message.pm
>> beginning at line 3348 that reads
>>
>>       # Untaint member's attributes.
>>       $member->unixFileAttributes(0600);
>>
>> Should be
>>
>>       # Untaint member's attributes.
>> 	my $workperms = MailScanner::Config::Value('workperms') || '0600';
>>       $member->unixFileAttributes($workperms);
>> For some reason it appears Julian forced the extracted files to 0600
>> in the original code. The change I have listed above would set them
>> to what ever the mailscanner config has for the work permissions or
>> 600 if no value exists.
>>
>> Julian any comment?
>>
>>
>> Rick
>>
>>> Regards,
>>>
>>> Naz Snidanko
>>> Desktop&  Network Support
>>> Harper Power Products Inc.
>>> (p) 416 201- 7506
>>>   nsnidanko at harperpowerproducts.com
>>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>> Iulian L Dragomir Sent: January 6, 2011 6:05 AM
>>> To: MailScanner discussion
>>> Subject: Re: weird mailscanner clamd error
>>>
>>> On Thu, Jan 6, 2011 at 12:24 PM, Randal, Phil
>>> <prandal at herefordshire.gov.uk>  wrote:
>>>> The only workaround I've found is to run clamd as root.
>>>>
>>>>
>>>>
>>>> I've seen the same issue with MailScanner / sendmail on CentOS.
>>> If it is the same problem then try this:
>>>
>>> http://lists.mailscanner.info/pipermail/mailscanner/2010-April/095611.ht
>>> ml --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website! --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>> --
>> Achim J. Latz, Qustodium Internet Security
>> achim.latz at qustodium.net . http://www.qustodium.net
>> Data Encryption . Backup Automatisation . E-Mail Protection
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info

Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

'All programs have a desire to be useful' - Tron, 1982


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list