Some more info on the Access Denied errors in /var/spool/qmailscan/qmail-queue.log under Redhat 9.0 when running test_installation.sh.
/usr/bin/reformime when invoked from suidperl qscand:qscand qmail-scanner-queue.pl (or even from a setuid qscand:sscand C wrapper invoked qmail-scanner-queue.pl) is generating files with 600 permissions owner root, group qmail.
There is some issue with permissions/ownership in launching subprocesses in perl on Redhat 9.0. Non-redhat 9.0 users don't seem to have this problem.
WORKAROUND:
in /var/qmail/bin/qmail-scanner-queue.pl
Add
umask(0000);
to the top of the deconstruct_msg() function.
and then add
umask(0077);
immediately after
close(MIME)||&error_condition("cannot close $mimeunpacker_binary - $!");
This will cause reformime to unpack the files with 666 permissions which will enable clamscan to read them. This does open up a local-user security hole however so BUYER BEWARE.
Can anyone tell me what's up with RedHat 9 perl that causes this problem in the first place and how to fix it correctly? perl 5.8.0 problem? libc problem? gcc problem?
thanks,
-- Yermo
--------------------------------------------------------------------- DTLink Software http://www.dtlink.com FieldPost Business Email http://www.fieldpost.com Nuts and Bolts Interactive, Inc. http://www.nbinteractive.com ---------------------------------------------------------------------
I've read the thread on Access Denied errors in qmail-scanner when used with clamav under Redhat 9.0.
This is Access Denied on running ./contrib/test_installation.sh
Bug in the install docs? Bug in Q-S? Bug in Perl 5.8.0 ?
--------------------------------- /var/qmail/bin/qmail-scanner.pl -v:
qmail-scanner-queue.pl
Version: 1.20
Perl: Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
Scanners: perlscanner, clamscan_scanner
Scanner versioning: clamscan: 0.65.
Operating System: Linux, 2.4.20-8smp Hardware: i686
---------------------------------------------------------------- su - normal_user
/var/qmail/bin/qmail-scanner -g
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.
So this is not related to the setuidgid item mentioned in the configure script.
----------------------------------------------------------------
Error in the /var/spool/qmailscan/qmail-queue.log after running test_installation.sh:
Wed, 10 Dec 2003 03:31:57 -0500:29187: run /usr/local/clamav/bin/clamscan -r --disable-summary --max-recursion=10 --max-space=1000000 /var/spool/qmailscan/tmp/nbi_master.yml.com107104511746129187 2>&1
Wed, 10 Dec 2003 03:31:57 -0500:29187: --output of clamscan was:
/var/spool/qmailscan/tmp/nbi_master.yml.com107104511746129187/1071045117.29189-0.nbi_master.yml.com: Access denied.
--
the qmail-scanner perlscan works just fine as I get the messages through I would expect. Something is happening that the child process of qmail-scanner cannot read the tmp files.
----------------------------------------------------- Permissions on relevant files:
-rwsr-xr-x 1 qscand qscand 76812 Dec 10 03:33 /var/qmail/bin/qmail-scanner-queue.pl
/var/spool/qmailscan/:
total 180
drwxrwx--- 5 qscand qscand 4096 Dec 9 15:38 archives
-rw------- 1 qscand qscand 132382 Dec 10 03:33 qmail-queue.log
-rw------- 1 qscand root 16 Dec 10 00:45 qmail-scanner-queue-version.txt
drwxrwx--- 5 qscand qscand 4096 Dec 9 15:38 quarantine
-rw-r----- 1 qscand nofiles 12288 Dec 10 03:20 quarantine-attachments.db
-rw-rw---- 1 qscand qscand 4279 Dec 9 15:38 quarantine-attachments.txt
-rw-rw---- 1 qscand qscand 3239 Dec 10 03:33 quarantine.log
drwxrwxrwx 3 qscand qscand 4096 Dec 10 03:33 tmp
lrwxrwxrwx 1 qscand qscand 31 Dec 10 00:45 viruses -> /var/spool/qmailscan/quarantine
lrwxrwxrwx 1 qscand qscand 35 Dec 10 00:45 viruses.log -> /var/spool/qmailscan/quarantine.log
drwxrwx--- 5 qscand qscand 4096 Dec 9 15:38 working
--------------------------------------------------------------------------- I have perl-suid installed.
The Access Denied error is occurring at the point there qmail-scanner.pl launches clamavscan so some more investigating:
sub clamscan_scanner { #ClamScan scanner &debug("clamscan: starting scan of directory \"$ENV{'TMPDIR'}\"...");
my ($start_clamscan_time)=[gettimeofday]; my ($DD,$clamscan_status,$stop_clamscan_time,$clamscan_time); my ($clamscan_verbose,$clamscan_status); $clamscan_verbose="-v" if ($DEBUG);
&debug("run $clamscan_binary $clamscan_options $ENV{'TMPDIR'} 2>&1");
system("/bin/ls -lR /var/spool/qmailscan/tmp > /tmp/out" );
$DD=`$clamscan_binary $clamscan_options $ENV{'TMPDIR'} 2>&1`; $clamscan_status=($? >> 8);
...
Interestingly the output of the ls shows:
/var/spool/qmailscan/tmp/:
total 4
drwx------ 2 qscand root 4096 Dec 10 03:33 nbi_master.yml.com107104519646129462
/var/spool/qmailscan/tmp/nbi_master.yml.com107104519646129462:
total 8
-rw------- 1 root qmail 300 Dec 10 03:33 1071045196.29470-0.nbi_master.yml.com
-rw------- 1 root qmail 69 Dec 10 03:33 Eicar.com
Note that the Eicar.com file is rw root only. Running as a child of a setuid process running as qscand clamscan would not be allowed to access this file.
It looks like the file is being dumped out of qmail-scanner with the wrong permissions. It's pretty easy to kludge it to get it to work but I'm interested if anyone has tracked this thing down already before I spend too many more hours on it.
thanks,
-- Yermo
--------------------------------------------------------------------- DTLink Software http://www.dtlink.com FieldPost Business Email http://www.fieldpost.com Nuts and Bolts Interactive, Inc. http://www.nbinteractive.com ---------------------------------------------------------------------
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
