[Qmail-scanner-general]clamav/access denied on test_installation.sh under RH9 - possible bug in Q-S/Docs/Perl?

[Yermo M. Lamers]

I've read the thread on Access Denied errors in qmail-scanner when used 
with clamav under Redhat 9.0.

This is Access Denied on running ./contrib/test_installation.sh

Bug in the install docs? Bug in Q-S? Bug in Perl 5.8.0 ?

---------------------------------
/var/qmail/bin/qmail-scanner.pl -v:
qmail-scanner-queue.pl

Version: 1.20

Perl:    Summary of my perl5 (revision 5.0 version 8 subversion 0) 
configuration:

Scanners: perlscanner, clamscan_scanner

Scanner versioning: clamscan: 0.65.

Operating System: Linux, 2.4.20-8smp
Hardware:         i686
----------------------------------------------------------------
su - normal_user
/var/qmail/bin/qmail-scanner -g

perlscanner: generate new DB file from 
/var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.

So this is not related to the setuidgid item mentioned in the configure 
script.

----------------------------------------------------------------
Error in the /var/spool/qmailscan/qmail-queue.log after running 
test_installation.sh:

Wed, 10 Dec 2003 03:31:57 -0500:29187: run 
/usr/local/clamav/bin/clamscan -r --disable-summary --max-recursion=10 
--max-space=1000000 
/var/spool/qmailscan/tmp/nbi_master.yml.com107104511746129187 2>&1
Wed, 10 Dec 2003 03:31:57 -0500:29187: --output of clamscan was:
/var/spool/qmailscan/tmp/nbi_master.yml.com107104511746129187/1071045117.29189-0.nbi_master.yml.com: 
Access denied.
--

the qmail-scanner perlscan works just fine as I get the messages through 
I would expect. Something is happening that the child process of 
qmail-scanner cannot read the tmp files.

-----------------------------------------------------
Permissions on relevant files:
-rwsr-xr-x    1 qscand   qscand      76812 Dec 10 03:33 
/var/qmail/bin/qmail-scanner-queue.pl

/var/spool/qmailscan/:
total 180
drwxrwx---    5 qscand   qscand       4096 Dec  9 15:38 archives
-rw-------    1 qscand   qscand     132382 Dec 10 03:33 qmail-queue.log
-rw-------    1 qscand   root           16 Dec 10 00:45 
qmail-scanner-queue-version.txt
drwxrwx---    5 qscand   qscand       4096 Dec  9 15:38 quarantine
-rw-r-----    1 qscand   nofiles     12288 Dec 10 03:20 
quarantine-attachments.db
-rw-rw----    1 qscand   qscand       4279 Dec  9 15:38 
quarantine-attachments.txt
-rw-rw----    1 qscand   qscand       3239 Dec 10 03:33 quarantine.log
drwxrwxrwx    3 qscand   qscand       4096 Dec 10 03:33 tmp
lrwxrwxrwx    1 qscand   qscand         31 Dec 10 00:45 viruses -> 
/var/spool/qmailscan/quarantine
lrwxrwxrwx    1 qscand   qscand         35 Dec 10 00:45 viruses.log -> 
/var/spool/qmailscan/quarantine.log
drwxrwx---    5 qscand   qscand       4096 Dec  9 15:38 working

---------------------------------------------------------------------------
I have perl-suid installed.
The Access Denied error is occurring at the point there qmail-scanner.pl 
 launches clamavscan so some more investigating:

sub clamscan_scanner {
  #ClamScan scanner
  &debug("clamscan: starting scan of directory \"$ENV{'TMPDIR'}\"...");
  my ($start_clamscan_time)=[gettimeofday];
  my ($DD,$clamscan_status,$stop_clamscan_time,$clamscan_time);
  my ($clamscan_verbose,$clamscan_status);
  $clamscan_verbose="-v" if ($DEBUG);
  &debug("run $clamscan_binary $clamscan_options  $ENV{'TMPDIR'} 2>&1");

system("/bin/ls -lR /var/spool/qmailscan/tmp > /tmp/out" );

  $DD=`$clamscan_binary $clamscan_options $ENV{'TMPDIR'} 2>&1`;
  $clamscan_status=($? >> 8);
...

Interestingly the output of the ls shows:

/var/spool/qmailscan/tmp/:
total 4
drwx------    2 qscand   root         4096 Dec 10 03:33 
nbi_master.yml.com107104519646129462

/var/spool/qmailscan/tmp/nbi_master.yml.com107104519646129462:
total 8
-rw-------    1 root     qmail         300 Dec 10 03:33 
1071045196.29470-0.nbi_master.yml.com
-rw-------    1 root     qmail          69 Dec 10 03:33 Eicar.com

Note that the Eicar.com file is rw root only. Running as a child of a 
setuid process running as qscand clamscan would not be allowed to access 
this file.

It looks like the file is being dumped out of qmail-scanner with the 
wrong permissions. It's pretty easy to kludge it to get it to work but 
I'm interested if anyone has tracked this thing down already before I 
spend too many more hours on it.

thanks,

-- Yermo

---------------------------------------------------------------------
DTLink Software                                 http://www.dtlink.com
FieldPost Business Email                     http://www.fieldpost.com
Nuts and Bolts Interactive, Inc.         http://www.nbinteractive.com
---------------------------------------------------------------------


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general