Package: clamav-freshclam
Version: 0.96.1+dfsg-1~volatile1
Severity: normal
File: /usr/bin/freshclam
type=AVC msg=audit(1278729355.797:22750): avc: denied { execmem } for
pid=2649 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0
tcontext=system_u:system_r:freshclam_t:s0 tclass=process
type=SYSCALL msg=audit(1278729355.797:22750): arch=c000003e syscall=9
success=no exit=-13 a0=0 a1=1000 a2=7 a3=22 items=0 ppid=1 pid=2649
auid=4294967295 uid=104 gid=108 euid=104 suid=104 fsuid=104 egid=108 sgid=108
fsgid=108 tty=(none) ses=4294967295 comm="freshclam" exe="/usr/bin/freshclam"
subj=system_u:system_r:freshclam_t:s0 key=(null)
The above messages are logged when running this on a SE Linux system. It
appears to work correctly anyway so it seems that the code has some fallback
option for if execmem is denied.
I can't think of a good reason for a program to have write/execute access to
memory when all it does is download data from the network. Allowing such
access makes it easier for an attacker to gain control of the process and we
don't want to allow it if we can avoid it.
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "10485760"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamukoScanOnAccess disabled
ClamukoScannerCount = "3"
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"
Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav/clamav-milter.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "180"
Foreground disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
MaxFileSize = "26214400"
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "/var/run/clamav/milter.ctl"
MilterSocketGroup = "clamav"
MilterSocketMode = "666"
LocalNet disabled
OnClean = "Accept"
OnInfected = "Reject"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "Replace"
ReportHostname disabled
VirusAction disabled
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected = "Off"
Software settings
-----------------
Version: devel-debian/0.95+dfsg-1-6274-g18d94d0
WARNING: Version mismatch: libclamav=devel-debian/0.95+dfsg-1-6274-g18d94d0,
clamconf=0.96.1
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2
JIT
Database directory: /var/lib/clamav/
WARNING: freshclam.conf and clamd.conf point to different database directories
main.cld: version 52, sigs: 704727, built on Mon Feb 15 14:54:51 2010
daily.cld: version 11347, sigs: 102318, built on Sat Jul 10 01:48:10 2010
bytecode.cld: version 31, sigs: 7, built on Thu Jul 8 16:46:51 2010
Platform information
--------------------
uname: Linux 2.6.18-194.3.1.el5xen #1 SMP Thu May 13 13:49:53 EDT 2010 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.3.3 (1.2.3.3), compile flags: a9
Build information
-----------------
GNU C: 4.3.2 (4.3.2)
GNU C++: 4.3.2 (4.3.2)
CPPFLAGS:
CFLAGS: -Wall -g -O2
CXXFLAGS: -Wall -g -O2
LDFLAGS:
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--
mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav' '--with-
dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav' '--enable-milter' '--
disable-clamuko' '--with-gnu-ld' '--enable-dns-fix' '--disable-unrar' '--
libdir=/usr/lib' '--with-system-tommath' '--with-ltdl-include=/usr/include'
'--with-ltdl-lib=/usr/lib' '--config-cache' 'build_alias=x86_64-linux-gnu'
'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='
--- data dir ---
total 61592
-rw-r--r-- 1 clamav clamav 73728 Jul 8 17:35 bytecode.cld
-rw-r--r-- 1 clamav clamav 6222848 Jul 10 02:35 daily.cld
-rw-r--r-- 1 clamav clamav 56671744 Feb 15 17:27 main.cld
-rw------- 1 clamav clamav 2756 Jul 10 04:35 mirrors.dat
-- System Information:
Debian Release: squeeze/sid
APT prefers lenny-backports
APT policy: (500, 'lenny-backports'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-194.3.1.el5xen (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.96.1+dfsg-1~volatile1 anti-virus utility for Unix -
base
ii debconf [debconf 1.5.24 Debian configuration management
sy
ii libc6 2.7-18lenny4 GNU C Library: Shared libraries
ii libclamav6 0.96.1+dfsg-1~volatile1 anti-virus utility for Unix -
libr
ii logrotate 3.7.1-5 Log rotation utility
ii lsb-base 3.2-20 Linux Standard Base 3.2 init
scrip
ii ucf 3.0016 Update Configuration File:
preserv
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
pn clamav-docs <none> (no description available)
-- debconf information:
clamav-freshclam/http_proxy:
clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/proxy_user:
clamav-freshclam/update_interval: 24
clamav-freshclam/NotifyClamd: false
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/internet_interface:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
