Your message dated Sat, 19 Aug 2023 18:58:39 +0000
with message-id <e1qxr9j-0003wj...@fasolo.debian.org>
and subject line Bug#1044136: fixed in clamav 1.0.2+dfsg-1
has caused the Debian Bug report #1044136,
regarding clamav-daemon: The server delivers "4.7.1 Tempfail- internal scan
engine error" when sending with file attachments
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1044136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1044136
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav-daemon
Version: 1.0.1+dfsg-2
Severity: important
Dear Maintainer,
* What led up to the situation?
Upgrading the dist from Debian 11 to Debian 12 results in the Clamav
daemon being executable but not running:
root@mx ~ # netstat -tulips | fgrep clamd
=> no output!
* What exactly did you do (or not do) that was effective (or
ineffective)?
In this edition
systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service;
enabled; preset: enabled)
Drop in: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: active (running) since Fri 2023-08-11 10:13:54 CEST; 1h
35min ago
TriggeredBy: ● clamav-daemon.socket
Docs: man:clamd(8)
man:clamd.conf(5)
https://docs.clamav.net/
...
you can clearly see that the service is triggered by the associated
socket! This was not the case with Debian Linux Bullseye!
The only currently working solution is this:
systemctl disable --now clamav-daemon.socket
systemctl enable --now clamav-daemon.service
For only one system upgrade, that's pretty sloppy. Why do I need the
socket here if it runs better without it?
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted = "yes"
StructuredCCOnly disabled
AlertEncryptedArchive = "yes"
AlertEncryptedDoc = "yes"
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 1.0.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
daily.cld: version 26999, sigs: 2039847, built on Sun Aug 13 09:36:35 2023
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cld: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
Total number of signatures: 8687365
Platform information
--------------------
uname: Linux 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1 (2023-07-14)
x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 12 (bookworm)
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a1a108000000000c0200
Build information
-----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 161, dconf: 161
--- data dir ---
total 645272
-rw-r--r-- 1 clamav clamav 1430528 Feb 22 23:02 bytecode.cld
-rw-r--r-- 1 clamav clamav 195230720 Aug 13 11:00 daily.cld
-rw-r--r-- 1 clamav clamav 69 May 16 2022 freshclam.dat
-rw-r--r-- 1 clamav clamav 464053248 Sep 16 2021 main.cld
-rw-r--r-- 1 root root 69 Aug 26 2021 mirrors.dat
drwxr-xr-x 2 clamav clamav 4096 Aug 14 2021 tmp.5ef74
drwxr-xr-x 2 clamav clamav 4096 Aug 15 2021 tmp.7368d
drwxr-xr-x 2 clamav clamav 4096 Aug 14 2021 tmp.7eecd
drwxr-xr-x 2 clamav clamav 4096 Aug 15 2021 tmp.8083e
drwxr-xr-x 2 clamav clamav 4096 Aug 17 2021 tmp.a8f83
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.134
ii clamav-base 1.0.1+dfsg-2
ii clamav-freshclam [clamav-data] 1.0.1+dfsg-2
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.22
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u1
ii libclamav11 1.0.1+dfsg-2
ii libcurl4 7.88.1-10
ii libncurses6 6.4-4
ii libsystemd0 252.12-1~deb12u1
ii libtinfo6 6.4-4
ii procps 2:4.0.2-3
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 1.0.1+dfsg-2
Versions of packages clamav-daemon suggests:
ii apparmor 3.0.8-3
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
-- debconf information:
clamav-daemon/TCPSocket: 3310
clamav-daemon/debconf: true
clamav-daemon/MaxThreads: 12
clamav-daemon/AllowAllMatchScan: true
clamav-daemon/AddGroups:
clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/LogSyslog: false
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/SelfCheck: 3600
clamav-daemon/Bytecode: true
clamav-daemon/LocalSocketGroup: clamav
clamav-daemon/TCPAddr: 127.0.0.1
clamav-daemon/MaxDirectoryRecursion: 15
clamav-daemon/User: clamav
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/ForceToDisk: false
clamav-daemon/LocalSocketMode: 666
clamav-daemon/FixStaleSocket: true
clamav-daemon/ScanSWF: true
clamav-daemon/BytecodeSecurity: TrustSigned
clamav-daemon/StreamMaxLength: 25
clamav-daemon/LogFile: /var/log/clamav/clamav.log
clamav-daemon/LogTime: true
clamav-daemon/DisableCertCheck: false
clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/LogRotate: true
clamav-daemon/ScanArchive: true
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
clamav-daemon/ReadTimeout: 180
clamav-daemon/MaxHTMLNormalize: 10M
clamav-daemon/FollowFileSymlinks: false
clamav-daemon/ScanMail: true
clamav-daemon/TcpOrLocal: TCP
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 1.0.2+dfsg-1
Done: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1044...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated clamav
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Aug 2023 19:07:32 +0200
Source: clamav
Architecture: source
Version: 1.0.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 949100 1030171 1044136 1050057
Changes:
clamav (1.0.2+dfsg-1) unstable; urgency=medium
.
* Import 1.0.2 (Closes: #1050057)
- CVE-2023-20197 (Possible DoS in HFS+ file parser).
- CVE-2023-20212 (Possible DoS in AutoIt file parser).
* Use cmake for xml2 detection (Closes: #949100).
* Replace tomsfastmath with OpenSSL's BN.
* Don't enable clamonacc by default (Closes: #1030171).
* Let the clamav-daemon.socket depend on the service file again
(Closes: #1044136).
Checksums-Sha1:
5e541601881d32c9c13913642b3a0d859e5eafd1 2817 clamav_1.0.2+dfsg-1.dsc
c845d2c777adda943e7421c601924e1bee1864a8 14134372 clamav_1.0.2+dfsg.orig.tar.xz
035375a7d331d1f495660a66b13231c0073fcf2d 230348
clamav_1.0.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
dd85b3d5a1215df84cfff2bb086ead0fa1ff9dfdb1025e9908264b97e4362a34 2817
clamav_1.0.2+dfsg-1.dsc
5b641fef85e25e0457edbeaa0e45bf94da6f9ad0fb1dfe7166dbd50ce0f34a00 14134372
clamav_1.0.2+dfsg.orig.tar.xz
55a97ecb2aa4255847e300da90bbf4093cadf2244f328e6297cc8b7ea6679bdc 230348
clamav_1.0.2+dfsg-1.debian.tar.xz
Files:
e0a77dee4cb185153a3b9ff2ab691522 2817 utils optional clamav_1.0.2+dfsg-1.dsc
73ff8d63727171ca7f586e2460b86caf 14134372 utils optional
clamav_1.0.2+dfsg.orig.tar.xz
e7ae924260306d03ff08f5c95aa0ffec 230348 utils optional
clamav_1.0.2+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmTg/x4ACgkQBWQfF1cS
+lt9Dwv/RIahUcqWdqvPHE54LQFJIGllcdMpQTXF/ltGpfmvE0amm8D8imgUVBx2
dHQ4vktDr6eIHfg9ZKg+vxKQtqkcuw5vdfmg67/1FLW1oYcKr+itl+7REPy8EoYF
k1jExXlOBTer84hyJ127pju+G54y7aroDwAc3trkEMC6xj1+TdjI00HZFqLzRFci
GldbLfTFSyYS2yY7loGO14aaj36cM6IGIFtFdAeAyYPN4YSfB9+Oyay3DaruU9CZ
WlOoiPGhow+aw8fM7121hhp9Fk4SdYByqw33uZrbQigGI+a1ffQHjaCD2sVJLFGO
aFjCJBS082OvIqBdqDBU6j/eZHLcYVv3Wx4dud5fIydCYR2KqIBsba/46XFstGiD
Bt1sbTRxy225TX/T8ohm+IkW12oDOm8S2M1WBWITj4JWBpiF23HfFUPwgbqeSAts
3ETgmugAswkJwSD6FWUc/h5cosIf9AMCmqk0QhitlnIoDnV62w7ld4praAjdN6zd
RGBcboPJ
=1UY3
-----END PGP SIGNATURE-----
--- End Message ---
