<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16700"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial>Julian would know more as to why this is set this way but in
the latest (don't know how far back this goes) 4.81.4 version of
Message.pm line 3349 is</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011> <FONT
color=#0000ff size=2
face=Arial>$member->unixFileAttributes(0600);</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial>what happens when you set this to
$member->unixFileAttributes(0640);</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial>That is the only place I noticed where, during the unzip
process, the file permissions apear to be set to 0600. clamav should
work as it would be executed under the mailscanner user and there should not be
an issue with the 0600 permissions.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=217293716-06012011><FONT color=#0000ff
size=2 face=Arial>Rick</FONT></SPAN></DIV><BR>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of </B>Curu
Wong<BR><B>Sent:</B> Thursday, January 06, 2011 3:40 AM<BR><B>To:</B>
MailScanner discussion<BR><B>Subject:</B> Re: weird mailscanner clamd
error<BR></FONT><BR></DIV>
<DIV></DIV>My system also has this problem. When a zip archive is scanned, I
will always get clamd error
like:<BR>-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR>Jan
5 16:47:34 spamsnake MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR ::
./BAD697FE65.AD0DB/zbeyond3g.jpg<BR>Jan 5 16:47:34 spamsnake
MailScanner[3887]: Clamd::ERROR:: Access denied. ERROR ::
./BAD697FE65.AD0DB/zchi_button-02.jpg<BR>-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR><BR>all
other attachent type, like rar, works fine.<BR><BR>the files in ms incoming
queue get removed after it finished processing, and I use this command to
monitor file permissions under the incoming queue:<BR><BR>while true; do ls -lR
/var/spool/MailScanner/incoming/ >> file_list.txt; sleep
1;done<BR><BR>Send an email with rar
attachment:<BR>=======================================================<BR>-rw-r-----
1 postfix www-data 4 2011-01-06 16:13
nmsg-24184-11.txt<BR>-rw-r----- 1 postfix www-data 1536750 2011-01-06 16:13
nPI2.3.2.rar<BR>-rw-r----- 1 postfix www-data 150576 2011-01-06 16:13
rPI2.3.2.pdf<BR>-rw-r----- 1 postfix www-data 2141878 2011-01-06 16:13
rPoisonIvy2.3.2.exe<BR>=======================================================<BR><BR>Send
an email with zip
attachment<BR>=================================================<BR>-rw-r----- 1
postfix www-data 4 2011-01-06 15:57
nmsg-24198-1.txt<BR>-rw-r----- 1 postfix www-data 1665916 2011-01-06 15:57
ntest.zip<BR>-rw------- 1 postfix www-data 238
2010-10-15 18:58 zall-wcprops<BR>-rw------- 1 postfix www-data 23100
2010-10-15 18:58 zbeyond3g.jpg<BR>-rw------- 1 postfix www-data
26180 2010-10-15 18:58 zchi_button-02.jpg<BR>-rw------- 1 postfix
www-data 2472 2010-10-15 23:33
zchi_button-reset.jpg<BR>-rw------- 1 postfix www-data 2478
2010-10-15 23:33 zchi_button-submit.jpg<BR>-rw------- 1 postfix
www-data 6042 2010-10-18 15:34 zchi_edm.html<BR>-rw------- 1
postfix www-data 4345 2010-10-18 15:35
zchi_web.html<BR>========================================================<BR><BR>And
I have this settings in MailScanner.conf:<BR><BR>Incoming Work Permissions =
0640<BR><BR>We can see that the test.zip file has the correct permissions, but
its extracted files have wrong permission.<BR>In fact, even if I change Incoming
Work Permissions to 0777, the file permissions is still rw------, so
weird.<BR><BR>Can anyone point out the problem?<BR><BR>I think there maybe
something wrong with the perl Archive::Zip module or MS itself.<BR><BR>
<DIV class=gmail_quote>2011/1/5 Naz Snidanko <SPAN dir=ltr><<A
href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</A>></SPAN><BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>MailScanner --lint was generating "found 2 viruses" instead
of a proper<BR>"found 1 virus". So I got fed up, scrapped clamd and went with
clamav.<BR>Clamav works as it should: --lint generates "found 1 virus" and no
more<BR>errors with .ZIP archives. This is a small site and speed should not
be<BR>a factor.<BR><BR>Tons of thanks,<BR>
<DIV class=im><BR>Naz Snidanko<BR>Desktop & Network Support<BR>Harper
Power Products Inc.<BR>(p) 416 201- 7506<BR> <A
href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</A><BR><BR></DIV>
<DIV class=im>-----Original Message-----<BR>Date: Tue, 4 Jan 2011 14:45:51
-0500<BR>From: "Rick Cooper" <<A
href="mailto:rcooper@dwford.com">rcooper@dwford.com</A>><BR>Subject: RE:
weird mailscanner clamd error<BR>To: "'MailScanner discussion'" <<A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A>><BR></DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>Message-ID:
<3AD1272E15D14A43BD27F7E3F3C17BD1@SAHOMELT><BR>Content-Type: text/plain;
charset="us-ascii"<BR><BR>Have you attempted to manually scan an example file
with clamscan or<BR>clamdscan? (preferably as the same user as would
mailscanner). Have you<BR>tried sending with MailScanner running in
debug mode? The error you are<BR>seeing is coming from
clamd,<BR><BR> _____<BR><BR>From: <A
href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</A><BR>[mailto:<A
href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</A>]
On Behalf Of Naz<BR>Snidanko<BR>Sent: Tuesday, January 04, 2011 10:07
AM<BR>To: <A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A><BR>Subject:
Re: weird mailscanner clamd error<BR><BR><BR><BR>Glenn,<BR><BR><BR><BR>/tmp
and incoming directories both have chmod 777. Also from my guess
if<BR>it<BR>had something to do with permissions it would generate this error
for<BR>all<BR>files, not just ZIP archives created by Winrar and Winzip
programs. I<BR>also<BR>completely removed apparmor (even though it originally
had rw<BR>permissions<BR>for clamd on incoming directory).<BR><BR><BR><BR>Is
there a module within MailScanner that does .zip file
extracting<BR>before<BR>it goes for a clamd scan?<BR><BR>Any help is much
appreciated.<BR><BR>Thank you,<BR><BR>Naz Snidanko<BR><BR>Desktop &
Network Support<BR><BR>Harper Power Products Inc.<BR><BR>(p) 416 201-
7506<BR><BR></DIV></DIV> <mailto:<A
href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</A>><BR>
<DIV>
<DIV></DIV>
<DIV class=h5><A
href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</A><BR><BR>------------------------------<BR><BR><BR><BR>Message:
4<BR><BR>Date: Tue, 4 Jan 2011 11:40:03 +0100<BR><BR>From: Glenn Steen <<A
href="mailto:glenn.steen@gmail.com">glenn.steen@gmail.com</A>><BR><BR>Subject:
Re: weird mailscanner clamd error<BR><BR>To: MailScanner discussion <<A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A>><BR><BR>Message-ID:<BR><BR>
<<A
href="mailto:AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE%2B503D-uSTMug@mail.gmail.com">AANLkTikQ0EraC0imktQRZ-L-q2sqwqOE+503D-uSTMug@mail.gmail.com</A>><BR><BR>Content-Type:
text/plain; charset=windows-1252<BR><BR><BR><BR>On 3 January 2011 21:34, Naz
Snidanko<BR><<A
href="mailto:nsnidanko@harperpowerproducts.com">nsnidanko@harperpowerproducts.com</A>><BR>wrote:<BR><BR>>
I have weird stuff happening. When we put any file into ZIP
archive<BR>created<BR><BR>> from Winzip or Winrar I get the following log
in mail.log:<BR><BR>><BR><BR>><BR><BR>><BR><BR>> Jan 3
15:14:43 ares MailScanner[5103]: Virus and Content
Scanning:<BR>Starting<BR><BR>><BR><BR>> Jan 3 15:14:43 ares
MailScanner[5103]: Clamd::ERROR:: Access denied.<BR>ERROR<BR><BR>> ::
./66522203B7.AD6EB/zRicohdeviceUsersetup.doc<BR><BR>><BR><BR>> Jan
3 15:14:43 ares MailScanner[5103]: Virus Scanning: Clamd found
1<BR><BR>> infections<BR><BR>><BR><BR>> Jan 3 15:14:43 ares
MailScanner[5103]: Virus Scanning: Found 1<BR>viruses<BR><BR>><BR><BR>>
Jan 3 15:14:43 ares MailScanner[5103]: Spam Checks:
Starting<BR><BR>><BR><BR>><BR><BR>><BR><BR>> File delivered after
passing mailscanner to final
destination.<BR><BR>><BR><BR>><BR><BR>><BR><BR>> When I put the
same file into ZIP archive using built-in Windows XP<BR>engine<BR><BR>> it
works flawlessly and no error log is generated. No error
is<BR>generated<BR><BR>> when same file is put within .rar archive
either.<BR><BR>><BR><BR>><BR><BR>><BR><BR>> I've tried different
files anything from jpeg to pdf and end up with<BR>error<BR><BR>> described
above.<BR><BR>><BR><BR>><BR><BR>><BR><BR>> Can someone point me in
the right direct how to troubleshoot this<BR>within<BR><BR>>
mailscanner.<BR><BR>><BR><BR>><BR><BR>><BR><BR>>
System:<BR><BR>><BR><BR>><BR><BR>><BR><BR>> Clamd
0.96.5<BR><BR>><BR><BR>> Ubuntu Server 10.04<BR><BR>><BR><BR>>
MailScanner 4.82.3<BR><BR>><BR><BR>> Perl
5.10.1<BR><BR>><BR><BR>><BR><BR>Check that both postfix and clamav (or
whatever the users/groups are<BR><BR>called) have relevant perms... Run As
User/Group and 0660 perms in<BR><BR>MailScanner.conf, correct perms on your
incoming directory (perhaps<BR><BR>/var/spool/MailScanner/incoming), Also
check your clamd settings, of<BR><BR>course.<BR><BR>Perhaps the most crucial
bit though... is to make sure that you have<BR><BR>sane permissions on /tmp,
and that they can create files/directories<BR><BR>there as
needed.<BR><BR><BR><BR>Cheers<BR><BR>--<BR><BR>-- Glenn<BR><BR>email: glenn
< dot > steen < at > gmail < dot > com<BR><BR>work: glenn
< dot > steen < at > ap1 < dot >
se<BR><BR><BR><BR><BR>--<BR>This message has been scanned for viruses
and<BR></DIV></DIV>dangerous content by <<A
href="http://www.mailscanner.info/"
target=_blank>http://www.mailscanner.info/</A>> MailScanner, and is<BR>
<DIV class=im><BR>believed to be clean.<BR><BR>--<BR>This message has been
scanned for viruses and<BR>dangerous content by MailScanner, and
is<BR>believed to be clean.<BR><BR><BR></DIV>-------------- next part
--------------<BR>An HTML attachment was scrubbed...<BR>URL:<BR><A
href="http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104%0A/c3d769b6/attachment-0001.html"
target=_blank>http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110104<BR>/c3d769b6/attachment-0001.html</A><BR><BR>------------------------------<BR>
<DIV>
<DIV></DIV>
<DIV class=h5><BR><BR>--<BR>MailScanner mailing list<BR><A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A><BR><A
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
target=_blank>http://lists.mailscanner.info/mailman/listinfo/mailscanner</A><BR><BR>Before
posting, read <A href="http://wiki.mailscanner.info/posting"
target=_blank>http://wiki.mailscanner.info/posting</A><BR><BR>Support
MailScanner development - buy the book off the
website!<BR></DIV></DIV></BLOCKQUOTE></DIV><BR><BR>-- <BR>This message has been
scanned for viruses and <BR>dangerous content by <A
href="http://www.mailscanner.info/"><B>MailScanner</B></A>, and is <BR>believed
to be clean. </BODY><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</HTML>