[Qmail-scanner-general]Q-S tmp dir/file permissions

Ein Bielaczyc Mon, 08 Nov 2004 11:57:53 -0800

I've ran across more users reporting similar issues, but I have not been
able to resolve it.


First the system specifics:
New install Fedora Core 1, qmail, vpopmail, courier imap, spamassassin,
clamav. Individually all are working normally. Introducing Q-S v1.24 or
v1.23 has been problematic. Running the contrib/test_installation.sh
script produces the following:
        [EMAIL PROTECTED] contrib]# ./test_installation.sh -doit
        QMAILQUEUE was not set, defaulting to
        /var/qmail/bin/qmail-scanner-queue.pl for this test...
         
        Sending standard test message - no viruses...
        qmail-inject: fatal: qq temporary problem (#4.3.0)
        Bad error. qmail-inject died
        
qmail-queue.log reads as follows:

> [EMAIL PROTECTED] qmailscan]# more qmail-queue.log
> Mon, 08 Nov 2004 14:07:03 EST:17838: +++ starting debugging for process 17838 
> by uid=0
> Mon, 08 Nov 2004 14:07:03 EST:17838: setting UID to EUID so subprocesses can 
> access files generated by this script
> Mon, 08 Nov 2004 14:07:03 EST:17838: program name is qmail-scanner-queue.pl, 
> version 1.23
> Mon, 08 Nov 2004 14:07:03 EST:17838: s_q: re-create the quarantine version 
> file
> Mon, 08 Nov 2004 14:07:03 EST:17838: s_q: detecting version of clamdscan
> Mon, 08 Nov 2004 14:07:03 EST:17838: s_q: detecting version of spamassassin
> Mon, 08 Nov 2004 14:07:04 EST:17838: s_q: cleaning up files older than 2 days 
> via /usr/bin/find /var/spool/qmailscan/tmp -mtime +2 -exec /bin/rm -rf {} ;
> Mon, 08 Nov 2004 14:07:24 EST:17871: +++ starting debugging for process 17871 
> by uid=0
> Mon, 08 Nov 2004 14:07:24 EST:17871: setting UID to EUID so subprocesses can 
> access files generated by this script
> Mon, 08 Nov 2004 14:07:24 EST:17871: program name is qmail-scanner-queue.pl, 
> version 1.23
> Mon, 08 Nov 2004 14:07:24 EST:17871: incoming pipe connection from via local 
> process 17871
> Mon, 08 Nov 2004 14:07:24 EST:17871: w_c: mkdir 
> /var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871
> Mon, 08 Nov 2004 14:07:24 EST:17871: w_c: start dumping incoming msg into 
> /var/spool/qmailscan/working/tmp/mxgate.walledlake.k12.mi.us109994084448217871
>  [0.000553]
> Mon, 08 Nov 2004 14:07:24 EST:17871: w_c: rename new msg from 
> /var/spool/qmailscan/working/tmp/mxgate.walledlake.k12.mi.us109994084448217871
>  to 
> /var/spool/qmailscan/working/new/mxgate.walledlake.k12.mi.us109994084448217871
>  [0.000631]
> Mon, 08 Nov 2004 14:07:24 EST:17871: d_m: starting /usr/bin/reformime  
> -x/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871/ 
> </var/spool/qmailscan/working/new/mxgate.walledlake.k12.mi.us109994084448217871
>  [0.000127]
> Mon, 08 Nov 2004 14:07:24 EST:17871: d_m: finished /usr/bin/reformime  
> -x/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871/ 
> [0.002419]
> Mon, 08 Nov 2004 14:07:24 EST:17871: d_m: Checking all attachments to see if 
> they're MS-TNEF
> Mon, 08 Nov 2004 14:07:24 EST:17871: d_m: is 
> /var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871/1099940844.17873-0.mxgate.walledlake.k12.mi.us
>  is a TNEF file?: 256 [0.00098]
> Mon, 08 Nov 2004 14:07:24 EST:17871: d_m: unpacking message took 0.003521 
> seconds
> Mon, 08 Nov 2004 14:07:24 EST:17871: unsetting QMAILQUEUE env var
> Mon, 08 Nov 2004 14:07:24 EST:17871: g_e_h: return-path is "", recips is 
> "[EMAIL PROTECTED]"
> Mon, 08 Nov 2004 14:07:24 EST:17871: from=Qmail-Scanner Test <[EMAIL 
> PROTECTED]>,subj=Qmail-Scanner test (1/4): inoffensive message, 
> x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via local process 17871
> Mon, 08 Nov 2004 14:07:24 EST:17871: This is a PLAIN text message (because 
> it's either not mime, or is text/plain), skip virus scanners - but not SA
> Mon, 08 Nov 2004 14:07:24 EST:17871: ini_sc: start scanning
> Mon, 08 Nov 2004 14:07:24 EST:17871: ini_sc: recursively scan the directory 
> /var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871/
> Mon, 08 Nov 2004 14:07:24 EST:17871: scanloop: starting scan of directory 
> "/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871"...
> Mon, 08 Nov 2004 14:07:24 EST:17871: scanloop: 
> scanner=clamdscan_scanner,plain_text_msg=1
> Mon, 08 Nov 2004 14:07:24 EST:17871: scanloop: 
> scanner=spamassassin,plain_text_msg=1
> Mon, 08 Nov 2004 14:07:24 EST:17871: SA: run /usr/bin/spamc  -c  -u "[EMAIL 
> PROTECTED]" < 
> /var/spool/qmailscan/working/new/mxgate.walledlake.k12.mi.us109994084448217871
> Mon, 08 Nov 2004 14:07:24 EST:17871: spamassassin: finished scan of dir 
> "/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871" in 
> 0.053182
> secs
> Mon, 08 Nov 2004 14:07:24 EST:17871: scanloop: finished scan of 
> "/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871"...
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s: starting scan of directory 
> "/var/spool/qmailscan/tmp/mxgate.walledlake.k12.mi.us109994084448217871"...
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '81:ILOVEYOU' = 'Virus-subject' = 
> 'Love Letter Virus/Trojan'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> subject: ILOVEYOU
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '82:message/partial.*' = 
> 'Virus-content-type' = 'Message/partial MIME attachments blocked by policy'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> content-type: message/partial.*
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '85:.{100,}' = 'Virus-date' = 
> 'MIME Header Buffer Overflow'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> date: .{100,}
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '86:.{100,}' = 
> 'Virus-mime-version' = 'MIME Header Buffer Overflow '
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> mime-version: .{100,}
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '87:.{100,}' = 'Virus-resent-date' 
> = 'MIME Header Buffer Overflow'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> resent-date: .{100,}
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  '90:[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]' = 
> 'Virus-to' = 'BadTrans Trojan exploit!'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  type is a header!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  checking for objects containing 
> to: [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL 
> PROTECTED]|[EMAIL PROTECTED]
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  'eicar.com' = '69' = 'EICAR Test 
> Virus'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s: type is a size!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  'happy99.exe' = '10000' = 'Happy99 
> Trojan'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s: type is a size!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s:  'zipped_files.exe' = '120495' = 
> 'W32/ExploreZip.worm.pak virus'
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s: type is a size!
> Mon, 08 Nov 2004 14:07:24 EST:17871: p_s: skipping auto-generated file 
> 1099940844.17873-0.mxgate.walledlake.k12.mi.us
> Mon, 08 Nov 2004 14:07:24 EST:17871: error_condition: X-Qmail-Scanner-1.23: 
> owner of unpacked files (uid=0) doesn't match UID of Qmail-Scanner (uid=503) 
> - can't expect this to work. Fix whatever is creating files with uid=0

I've Q-S script installed to normal, /var/qmail/bin, owner/group qscand.
Spamd and clamav also set to run as qscand. Spool directory
/var/spool/qmailscan permissions/owner/group set by Q-S installation
script. 

The message appears to be unpacked into 2
(1099940844.17873-0.mxgate.walledlake.k12.mi.us the message body and
orig-mxgate.walledlake.k12.mi.us109994084448217871 the entire message)
files but the owner and permissions 
1099940844.17873-0.mxgate.walledlake.k12.mi.us of one is set incorrectly, e.g. 
root:qmail , rw- --- ---. 

Why? 

Any assistance would be appreciated.

Ein Bielaczyc

signature.asc
Description: This is a digitally signed message part

[Qmail-scanner-general]Q-S tmp dir/file permissions

Reply via email to